mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-22 07:53:39 +01:00
- fixed with ssha not working migration from sql <--> ldap
- using 16 char salt for ssha and smd5 as eclipse ldap admin does - remove auth::hash_sql2ldap() method, as it is now in setup/inc/class.setup_cmd_ldap.inc.php - added ability to create uid dn in setup_cmd_ldap subcommand create_ldap
This commit is contained in:
Ralf Becker
parent
457e79454d
commit
57fc9c63fc
@ -319,12 +319,14 @@ class auth
|
||||
* uses the encryption type set in setup and calls the appropriate encryption functions
|
||||
*
|
||||
* @param $password password to encrypt
|
||||
* @param $type=null default to $GLOBALS['egw_info']['server']['ldap_encryption_type']
|
||||
* @return string
|
||||
*/
|
||||
static function encrypt_ldap($password)
|
||||
static function encrypt_ldap($password, $type=null)
|
||||
{
|
||||
$type = strtolower($GLOBALS['egw_info']['server']['ldap_encryption_type']);
|
||||
if (is_null($type)) $type = $GLOBALS['egw_info']['server']['ldap_encryption_type'];
|
||||
$salt = '';
|
||||
switch($type)
|
||||
switch(strtolower($type))
|
||||
{
|
||||
default: // eg. setup >> config never saved
|
||||
case 'des':
|
||||
@ -366,7 +368,7 @@ class auth
|
||||
$e_password = '{md5}' . base64_encode(pack("H*",md5($password)));
|
||||
break;
|
||||
case 'smd5':
|
||||
$salt = self::randomstring(8);
|
||||
$salt = self::randomstring(16);
|
||||
$hash = md5($password . $salt,true);
|
||||
$e_password = '{SMD5}' . base64_encode($hash . $salt);
|
||||
break;
|
||||
@ -374,7 +376,7 @@ class auth
|
||||
$e_password = '{SHA}' . base64_encode(sha1($password,true));
|
||||
break;
|
||||
case 'ssha':
|
||||
$salt = self::randomstring(8);
|
||||
$salt = self::randomstring(16);
|
||||
$hash = sha1($password . $salt,true);
|
||||
$e_password = '{SSHA}' . base64_encode($hash . $salt);
|
||||
break;
|
||||
@ -386,35 +388,6 @@ class auth
|
||||
return $e_password;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an ldap hash from an sql hash
|
||||
*
|
||||
* @param string $hash
|
||||
*/
|
||||
static function hash_sql2ldap($hash)
|
||||
{
|
||||
switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
|
||||
{
|
||||
case '': // not set sql_encryption_type
|
||||
case 'md5':
|
||||
$hash = '{md5}' . base64_encode(pack("H*",$hash));
|
||||
break;
|
||||
case 'crypt':
|
||||
$hash = '{crypt}' . $hash;
|
||||
break;
|
||||
case 'plain':
|
||||
$saved_h = $hash;
|
||||
if (preg_match('/^\\{([a-z_5]+)\\}(.+)$/i',$hash,$matches))
|
||||
{
|
||||
$hash= $matches[2];
|
||||
} else {
|
||||
$hash = $saved_h;
|
||||
}
|
||||
break;
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a password for storage in the accounts table
|
||||
*
|
||||
@ -466,13 +439,13 @@ class auth
|
||||
self::$error = 'no ext crypt';
|
||||
break;
|
||||
case 'smd5':
|
||||
$salt = self::randomstring(8);
|
||||
$salt = self::randomstring(16);
|
||||
$hash = md5($password . $salt,true);
|
||||
return '{SMD5}' . base64_encode($hash . $salt);
|
||||
case 'sha':
|
||||
return '{SHA}' . base64_encode(sha1($password,true));
|
||||
case 'ssha':
|
||||
$salt = self::randomstring(8);
|
||||
$salt = self::randomstring(16);
|
||||
$hash = sha1($password . $salt,true);
|
||||
return '{SSHA}' . base64_encode($hash . $salt);
|
||||
case 'md5':
|
||||
|
||||
@ -30,31 +30,6 @@ $setup_tpl->set_file(array(
|
||||
'T_alert_msg' => 'msg_alert_msg.tpl'
|
||||
));
|
||||
|
||||
function hash_sql2ldap($hash)
|
||||
{
|
||||
$type = $GLOBALS['egw_info']['server']['sql_encryption_type'];
|
||||
|
||||
if (preg_match('/^\\{(.*)\\}(.*)$/',$hash,$matches))
|
||||
{
|
||||
$type = $matches[1];
|
||||
$hash = $matches[2];
|
||||
}
|
||||
switch(strtolower($type))
|
||||
{
|
||||
case '': // not set sql_encryption_type
|
||||
case 'md5':
|
||||
$hash = '{md5}' . base64_encode(pack("H*",$hash));
|
||||
break;
|
||||
case 'crypt':
|
||||
$hash = '{crypt}' . $hash;
|
||||
break;
|
||||
|
||||
case 'plain':
|
||||
break;
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
|
||||
// determine from where we migrate to what
|
||||
if (!is_object($GLOBALS['egw_setup']->db))
|
||||
{
|
||||
|
||||
@ -46,7 +46,7 @@ class setup_cmd_ldap extends setup_cmd
|
||||
* @param string $ldap_context=null ou for accounts, default "ou=accounts,$base"
|
||||
* @param string $ldap_search_filter=null search-filter for accounts, default "(uid=%user)"
|
||||
* @param string $ldap_group_context=null ou for groups, default "ou=groups,$base"
|
||||
* @param string $sub_command='create_ldap' 'create_ldap', 'test_ldap', 'test_ldap_root'
|
||||
* @param string $sub_command='create_ldap' 'create_ldap', 'test_ldap', 'test_ldap_root', see exec method
|
||||
* @param string $ldap_encryption_type='des'
|
||||
*/
|
||||
function __construct($domain,$ldap_host=null,$ldap_suffix=null,$ldap_admin=null,$ldap_admin_pw=null,
|
||||
@ -268,25 +268,23 @@ class setup_cmd_ldap extends setup_cmd
|
||||
*/
|
||||
public static function hash_sql2ldap($hash)
|
||||
{
|
||||
$type = $GLOBALS['egw_info']['server']['sql_encryption_type'];
|
||||
if (!($type = $GLOBALS['egw_info']['server']['sql_encryption_type'])) $type = 'md5';
|
||||
|
||||
if (preg_match('/^\\{(.*)\\}(.*)$/',$hash,$matches))
|
||||
{
|
||||
$type = $matches[1];
|
||||
$hash = $matches[2];
|
||||
list(,$type,$hash) = $matches;
|
||||
}
|
||||
switch(strtolower($type))
|
||||
{
|
||||
case '': // not set sql_encryption_type
|
||||
case 'md5':
|
||||
$hash = '{md5}' . base64_encode(pack("H*",$hash));
|
||||
break;
|
||||
case 'crypt':
|
||||
$hash = '{crypt}' . $hash;
|
||||
case 'plain':
|
||||
// ldap stores plaintext passwords without {plain} prefix
|
||||
break;
|
||||
|
||||
case 'plain':
|
||||
break;
|
||||
case 'md5':
|
||||
$hash = base64_encode(pack("H*",$hash));
|
||||
// fall through
|
||||
default:
|
||||
$hash = '{'.strtoupper($type).'}'.$hash;
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
@ -445,7 +443,7 @@ class setup_cmd_ldap extends setup_cmd
|
||||
$this->ldap_base => array(),
|
||||
$this->ldap_context => array(),
|
||||
$this->ldap_group_context => array(),
|
||||
$this->ldap_root_dn => array('userPassword' => '{crypt}'.crypt($this->ldap_root_pw)),
|
||||
$this->ldap_root_dn => array('userPassword' => auth::encrypt_ldap($this->ldap_root_pw,'ssha')),
|
||||
) as $dn => $extra)
|
||||
{
|
||||
if (!$this->_create_node($dn,$extra,$check_only) && $dn == $this->ldap_root_dn)
|
||||
@ -584,6 +582,7 @@ class setup_cmd_ldap extends setup_cmd
|
||||
'o' => 'organization',
|
||||
'ou' => 'organizationalUnit',
|
||||
'cn' => array('organizationalRole','simpleSecurityObject'),
|
||||
'uid' => array('uidObject','organizationalRole','simpleSecurityObject'),
|
||||
'dc' => array('organization','dcObject'),
|
||||
);
|
||||
|
||||
@ -597,7 +596,7 @@ class setup_cmd_ldap extends setup_cmd
|
||||
*/
|
||||
private function _create_node($dn,$extra=array())
|
||||
{
|
||||
//echo "<p>_create_node($dn,".print_r($extra,true).")</p>\n";
|
||||
//echo "<p>_create_node($dn,".array2string($extra).")</p>\n";
|
||||
// check if the node already exists and return if it does
|
||||
if (@ldap_read($this->test_ldap->ds,$dn,'objectClass=*'))
|
||||
{
|
||||
@ -618,6 +617,7 @@ class setup_cmd_ldap extends setup_cmd
|
||||
lang('Supported node types:').implode(', ',array_keys(self::$requiredObjectclasses)));
|
||||
}
|
||||
if ($name == 'dc') $extra['o'] = $value; // required by organisation
|
||||
if ($name == 'uid') $extra['cn'] = $value; // required by organizationalRole
|
||||
|
||||
if (!@ldap_add($this->test_ldap->ds,$dn,$attr = array(
|
||||
$name => $value,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user