From 76cba442805ef41ad0e0e48e27fb82377ca1451e Mon Sep 17 00:00:00 2001 From: cajus Date: Mon, 15 Oct 2007 15:19:34 +0000 Subject: [PATCH] Updated password methods to announce their hash git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7558 594d385d-05f5-0310-b6e9-bd551577e9d8 --- include/class_location.inc | 2 +- include/class_password-methods-clear.inc | 7 ++ include/class_password-methods-crypt.inc | 7 ++ include/class_password-methods-heimdal.inc | 72 +++++++++++++++++++++ include/class_password-methods-kerberos.inc | 14 ++-- include/class_password-methods-md5.inc | 6 ++ include/class_password-methods-sha.inc | 13 ++-- include/class_password-methods-smd5.inc | 6 ++ include/class_password-methods-ssha.inc | 7 ++ include/class_password-methods.inc | 12 ++-- include/functions.inc | 3 +- 11 files changed, 132 insertions(+), 17 deletions(-) create mode 100644 include/class_password-methods-heimdal.inc diff --git a/include/class_location.inc b/include/class_location.inc index c5bab8115..07ef318d0 100644 --- a/include/class_location.inc +++ b/include/class_location.inc @@ -28,7 +28,6 @@ $class_mapping= array( "passwordMethodssha" => "include/class_password-methods-ssha.inc", "ppdManager" => "include/class_ppdManager.inc", "passwordMethodkerberos" => "include/class_password-methods-kerberos.inc", - "passwordMethodsasl" => "include/class_password-methods-kerberos.inc", "mailMethodSendmailCyrus" => "include/class_mail-methods-sendmail-cyrus.inc", "LDAP" => "include/class_ldap.inc", "mailMethod" => "include/class_mail-methods.inc", @@ -47,6 +46,7 @@ $class_mapping= array( "pluglist" => "include/class_pluglist.inc", "divSelectBox" => "include/class_divSelectBox.inc", "userinfo" => "include/class_userinfo.inc", + "passwordMethodheimdal" => "include/class_password-methods-heimdal.inc", "sieve_block_start" => "include/sieve/class_sieveElement_Block_Start.inc", "Semantics" => "include/sieve/class_semantics.inc", "sieve_keep" => "include/sieve/class_sieveElement_Keep.inc", diff --git a/include/class_password-methods-clear.inc b/include/class_password-methods-clear.inc index e4d28e993..89e6c7b9e 100644 --- a/include/class_password-methods-clear.inc +++ b/include/class_password-methods-clear.inc @@ -35,6 +35,13 @@ class passwordMethodClear extends passwordMethod { return $pwd; } + + + function get_hash_name() + { + return ("clear"); + } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/include/class_password-methods-crypt.inc b/include/class_password-methods-crypt.inc index 28cda87e0..2c979aa9e 100644 --- a/include/class_password-methods-crypt.inc +++ b/include/class_password-methods-crypt.inc @@ -38,6 +38,13 @@ class passwordMethodCrypt extends passwordMethod { return "{CRYPT}".crypt($pwd, substr(session_id(),0,2)); } + + + function get_hash_name() + { + return "crypt"; + } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/include/class_password-methods-heimdal.inc b/include/class_password-methods-heimdal.inc new file mode 100644 index 000000000..4a83d26b2 --- /dev/null +++ b/include/class_password-methods-heimdal.inc @@ -0,0 +1,72 @@ +config= $config; + } + + + function is_available() + { + # Check if heimdal information is available + # in configuration and return true/false + return true; + } + + + function generate_hash($pwd) + { + $mode= "kerberos"; + if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){ + $mode= "sasl"; + } + + return "{".$mode."}".$this->attrs['uid'][0]."@".$cfg= $this->config->data['SERVERS']['KERBEROS']['REALM']; + } + + + function remove_from_parent() + { + # Find and remove kerberos entry below $this->dn + } + + + function set_password() + { + # Add or modify kerberos entry below $this->dn + } + + + function get_hash_name() + { + $mode= "kerberos"; + if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){ + $mode= "sasl"; + } + return "$mode"; + } +} + +// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: +?> diff --git a/include/class_password-methods-kerberos.inc b/include/class_password-methods-kerberos.inc index af48ee998..24240bad5 100644 --- a/include/class_password-methods-kerberos.inc +++ b/include/class_password-methods-kerberos.inc @@ -66,7 +66,7 @@ class passwordMethodkerberos extends passwordMethod if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){ $mode= "sasl"; } - $newpass= "{$mode}".$this->attrs['uid'][0]."@".$cfg['REALM']; + $newpass= "{".$mode."}".$this->attrs['uid'][0]."@".$cfg['REALM']; return $newpass; } @@ -110,11 +110,15 @@ class passwordMethodkerberos extends passwordMethod } } -} + function get_hash_name() + { + $mode= "kerberos"; + if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){ + $mode= "sasl"; + } + return "$mode"; + } -/* Dummy class for OpenLDAP Kerberos/SASL change */ -class passwordMethodsasl extends passwordMethodkerberos -{ } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/include/class_password-methods-md5.inc b/include/class_password-methods-md5.inc index 43b3ec74c..ea16ce99c 100644 --- a/include/class_password-methods-md5.inc +++ b/include/class_password-methods-md5.inc @@ -40,6 +40,12 @@ class passwordMethodMd5 extends passwordMethod { return "{MD5}".base64_encode( pack('H*', md5($pwd))); } + + + function get_hash_name() + { + return "md5"; + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/include/class_password-methods-sha.inc b/include/class_password-methods-sha.inc index 0780a76e0..5a6d266ab 100644 --- a/include/class_password-methods-sha.inc +++ b/include/class_password-methods-sha.inc @@ -30,8 +30,6 @@ class passwordMethodsha extends passwordMethod return(true); }elseif(function_exists('mhash')){ return true; - }elseif(function_exists('crypt')){ - return true; }else{ return false; } @@ -44,15 +42,20 @@ class passwordMethodsha extends passwordMethod $hash = "{SHA}" . base64_encode(pack("H*",sha1($password))); }elseif (function_exists('mhash')) { $hash = "{SHA}" . base64_encode(mHash(MHASH_SHA1, $password)); - }elseif(function_exists('crypt')) { - $hash = "{CRYPT}" . crypt($password); }else{ - print_red(_("Can't use sha for encryption, missing function sha1 / mhash / crypt")); + print_red(_("Can't use sha for encryption, missing function sha1 / mhash")); return false; } return $hash; } + + + function get_hash_name() + { + return "sha"; + } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/include/class_password-methods-smd5.inc b/include/class_password-methods-smd5.inc index fea58f699..dff236255 100644 --- a/include/class_password-methods-smd5.inc +++ b/include/class_password-methods-smd5.inc @@ -42,6 +42,12 @@ class passwordMethodsmd5 extends passwordMethod $hash = "{SMD5}".base64_encode(pack("H*",md5($pwd . $salt)) . $salt); return $hash; } + + function get_hash_name() + { + return "smd5"; + } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/include/class_password-methods-ssha.inc b/include/class_password-methods-ssha.inc index 1f6819272..34cb303fe 100644 --- a/include/class_password-methods-ssha.inc +++ b/include/class_password-methods-ssha.inc @@ -53,6 +53,13 @@ class passwordMethodssha extends passwordMethod } return $pwd; } + + + function get_hash_name() + { + return "ssha"; + } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/include/class_password-methods.inc b/include/class_password-methods.inc index a23e55e07..f4a3c0b72 100644 --- a/include/class_password-methods.inc +++ b/include/class_password-methods.inc @@ -29,6 +29,11 @@ class passwordMethod { } + + function get_hash_name() + { + } + // Loads Methods in annother way as get_available_methods do, (For setup ..) // and loads them,. function get_available_methods_if_not_loaded($path_to_load="../include") @@ -47,7 +52,6 @@ class passwordMethod - // Crypts a single string, with given Method function crypt_single_str($string,$method) { @@ -66,15 +70,15 @@ class passwordMethod // this function returns all loaded classes for password encryption static function get_available_methods() { - global $class_mapping; + global $class_mapping, $config; $ret =false; $i =0; foreach($class_mapping as $class => $path) { if(preg_match('/passwordMethod/i', $class) && !preg_match("/^passwordMethod$/i", $class)){ $name = preg_replace ("/passwordMethod/i", "", $class); - $test = new $class(false); + $test = new $class($config); if($test->is_available()) { - $plugname= strtolower(preg_replace ("/passwordMethod/i","",$class)); + $plugname= $test->get_hash_name(); $ret['name'][$i]= $plugname; $ret['class'][$i]=$class; $ret[$i]['name']= $plugname; diff --git a/include/functions.inc b/include/functions.inc index 2d5dd7b6d..7b36499ab 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -2429,18 +2429,17 @@ function change_password ($dn, $password, $mode=0, $hash= "") } $test = new $available[$hash]($config); - $newpass = $test->generate_hash($password); } else { // User MD5 by default $hash= "md5"; $test = new $available['md5']($config); - $newpass = $test->generate_hash($password); } /* Feed password backends with information */ $test->dn= $dn; $test->attrs= $attrs; + $newpass= $test->generate_hash($password); // Update shadow timestamp? if (isset($attrs["shadowLastChange"][0])){ -- 2.30.2