From a3ada52adfb8a5ce5bed32ac7b24f590845751a7 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Thu, 29 Mar 2012 18:33:33 +0000 Subject: [PATCH] * Admin/ImportExport: fixed import of already hashed passwords --- admin/inc/class.admin_cmd_edit_user.inc.php | 7 ++- .../inc/class.admin_import_users_csv.inc.php | 49 +++++++++---------- phpgwapi/inc/class.accounts_ldap.inc.php | 6 ++- setup/inc/class.setup_cmd_ldap.inc.php | 4 ++ 4 files changed, 38 insertions(+), 28 deletions(-) diff --git a/admin/inc/class.admin_cmd_edit_user.inc.php b/admin/inc/class.admin_cmd_edit_user.inc.php index 4e9260ee32..31cd3562a6 100644 --- a/admin/inc/class.admin_cmd_edit_user.inc.php +++ b/admin/inc/class.admin_cmd_edit_user.inc.php @@ -165,8 +165,11 @@ class admin_cmd_edit_user extends admin_cmd_change_pw admin_cmd::$acl->delete_repository('preferences','nopasswordchange',$data['account_id']); } } - // for existing accounts we have to change the password explicitly (at least that's what the old UI does) - if($this->account && !is_null($this->password)) + // if we have a password and it's not a hash, and auth_type != account_repository + if (!is_null($this->password) && + !preg_match('/^\\{[a-z5]{3,5}\\}.+/i',$this->password) && + !preg_match('/^[0-9a-f]{32}$/',$this->password) && // md5 hash + admin_cmd::$accounts->config['auth_type'] != admin_cmd::$accounts->config['account_repository']) { admin_cmd_change_pw::exec(); // calling the exec method of the admin_cmd_change_pw } diff --git a/admin/inc/class.admin_import_users_csv.inc.php b/admin/inc/class.admin_import_users_csv.inc.php index 10fcce3563..5598881947 100644 --- a/admin/inc/class.admin_import_users_csv.inc.php +++ b/admin/inc/class.admin_import_users_csv.inc.php @@ -79,9 +79,9 @@ class admin_import_users_csv implements importexport_iface_import_plugin { protected $errors = array(); /** - * List of actions, and how many times that action was taken - */ - protected $results = array(); + * List of actions, and how many times that action was taken + */ + protected $results = array(); /** * imports entries according to given definition object. @@ -126,7 +126,7 @@ class admin_import_users_csv implements importexport_iface_import_plugin { $this->errors = array(); $lookups = array( - 'account_status' => array('A' => lang('Active'), '' => lang('Disabled'), 'D' => lang('Disabled')), + 'account_status' => array('A' => lang('Active'), '' => lang('Disabled'), 'D' => lang('Disabled')), ); while ( $record = $import_csv->get_record() ) { @@ -217,7 +217,7 @@ class admin_import_users_csv implements importexport_iface_import_plugin { return true; default: throw new egw_exception('Unsupported action'); - + } } @@ -286,27 +286,26 @@ class admin_import_users_csv implements importexport_iface_import_plugin { } /** - * Returns errors that were encountered during importing - * Maximum of one error message per record, but you can append if you need to - * - * @return Array ( - * record_# => error message - * ) - */ - public function get_errors() { + * Returns errors that were encountered during importing + * Maximum of one error message per record, but you can append if you need to + * + * @return Array ( + * record_# => error message + * ) + */ + public function get_errors() { return $this->errors; } /** - * Returns a list of actions taken, and the number of records for that action. - * Actions are things like 'insert', 'update', 'delete', and may be different for each plugin. - * - * @return Array ( - * action => record count - * ) - */ - public function get_results() { - return $this->results; - } -} // end of iface_export_plugin -?> + * Returns a list of actions taken, and the number of records for that action. + * Actions are things like 'insert', 'update', 'delete', and may be different for each plugin. + * + * @return Array ( + * action => record count + * ) + */ + public function get_results() { + return $this->results; + } +} diff --git a/phpgwapi/inc/class.accounts_ldap.inc.php b/phpgwapi/inc/class.accounts_ldap.inc.php index 674b19e49f..a593f9bce6 100644 --- a/phpgwapi/inc/class.accounts_ldap.inc.php +++ b/phpgwapi/inc/class.accounts_ldap.inc.php @@ -569,7 +569,11 @@ class accounts_ldap $utc_diff = date('Z'); if (isset($data['account_passwd']) && $data['account_passwd']) { - if (!preg_match('/^\\{[a-z5]{3,5}\\}.+/i',$data['account_passwd'])) // if it's not already entcrypted, do so now + if (preg_match('/^[a-f0-9]{32}$/', $data['account_passwd'])) // md5 --> ldap md5 + { + $data['account_passwd'] = setup_cmd_ldap::hash_sql2ldap($data['account_passwd']); + } + elseif (!preg_match('/^\\{[a-z5]{3,5}\\}.+/i',$data['account_passwd'])) // if it's not already entcrypted, do so now { $data['account_passwd'] = auth::encrypt_ldap($data['account_passwd']); } diff --git a/setup/inc/class.setup_cmd_ldap.inc.php b/setup/inc/class.setup_cmd_ldap.inc.php index ec3b0a6572..7684f6f8a4 100644 --- a/setup/inc/class.setup_cmd_ldap.inc.php +++ b/setup/inc/class.setup_cmd_ldap.inc.php @@ -274,6 +274,10 @@ class setup_cmd_ldap extends setup_cmd { list(,$type,$hash) = $matches; } + elseif (preg_match('/^[0-9a-f]{32}$/',$hash)) + { + $type = 'md5'; + } switch(strtolower($type)) { case 'plain':