projects / webmin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49c517e)
SSHA support
authorJamie Cameron <jcameron@webmin.com>
Fri, 21 Mar 2008 22:13:15 +0000 (22:13 +0000)
committerJamie Cameron <jcameron@webmin.com>
Fri, 21 Mar 2008 22:13:15 +0000 (22:13 +0000)
ldap-useradmin/CHANGELOG patch | blob | history
ldap-useradmin/config.info patch | blob | history
ldap-useradmin/index.cgi patch | blob | history
ldap-useradmin/ldap-useradmin-lib.pl patch | blob | history
ldap-useradmin/save_group.cgi patch | blob | history
ldap-useradmin/save_user.cgi patch | blob | history

diff --git a/ldap-useradmin/CHANGELOG b/ldap-useradmin/CHANGELOG
index 3c02722..ae13867 100644 (file)
--- a/ldap-useradmin/CHANGELOG
+++ b/ldap-useradmin/CHANGELOG
@@ -57,3 +57,4 @@ Added access control options to prevent use of the same UID or GID.
 Added locking to prevent concurrent writes to the LDAP database, to prevent UID collisions.
 ---- Changes since 1.400 ----
 By default, all new Unix users are given the person object class too, as this seems to be needed in most new LDAP schemas.
+Added support for LDAP SSHA passwords, thanks to Bill Moyers and John Gray.
diff --git a/ldap-useradmin/config.info b/ldap-useradmin/config.info
index 7820386..26da513 100644 (file)
--- a/ldap-useradmin/config.info
+++ b/ldap-useradmin/config.info
@@ -33,7 +33,7 @@ home_style=Automatic home directory style,4,0-home/username,1-home/u/username,2-
 line6=New user options,11
 base_uid=Lowest UID for new users,3,From Users and Groups module
 base_gid=Lowest GID for new groups,3,From Users and Groups module
-md5=Encryption method for passwords,1,3-LDAP MD5,1-Unix MD5,0-crypt,2-Plain text
+md5=Encryption method for passwords,1,3-LDAP MD5,1-Unix MD5,0-crypt,2-Plain text,4-LDAP SSHA
 shells=Build list of shells from,2,fixed-Builtin list,passwd-System users,shells-/etc/shells
 
 line7=New user defaults,11
diff --git a/ldap-useradmin/index.cgi b/ldap-useradmin/index.cgi
index 7ae6acf..fedb068 100755 (executable)
--- a/ldap-useradmin/index.cgi
+++ b/ldap-useradmin/index.cgi
@@ -99,7 +99,7 @@ if ($config{'md5'} == 1) {
                exit;
                }
        }
-elsif ($config{'md5'} == 3) {
+elsif ($config{'md5'} == 3 || $config{'md5'} == 4) {
        # Check if slappasswd is installed
        if (!&has_command($config{'slappasswd'})) {
                print &text('index_eslappasswd',
diff --git a/ldap-useradmin/ldap-useradmin-lib.pl b/ldap-useradmin/ldap-useradmin-lib.pl
index 622a0e5..9ecf01f 100644 (file)
--- a/ldap-useradmin/ldap-useradmin-lib.pl
+++ b/ldap-useradmin/ldap-useradmin-lib.pl
@@ -191,6 +191,12 @@ sub encrypt_password
 {
 local ($pass, $salt) = @_;
 &seed_random();
+if ($config{'md5'} == 4) {
+       # LDAP SSHA encryption
+       local $qp = quotemeta($pass);
+       local $out = `$config{'slappasswd'} -h '{ssha}' -s $qp 2>/dev/null`;
+       return $out;
+       }
 if ($config{'md5'} == 3) {
        # LDAP MD5 encryption
        local $qp = quotemeta($pass);
@@ -453,13 +459,15 @@ sub user_to_dn
 {
 local $pfx = $_[0]->{'pass'} =~ /^\{[a-z0-9]+\}/i ? undef :
             $config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" :
+            $config{'md5'} == 4 ? "{ssha}" : 
             $config{'md5'} == 0 ? "{crypt}" : "";
 local $pass = $_[0]->{'pass'};
 local $disabled;
 if ($pass =~ s/^\!//) {
        $disabled = "!";
        }
-return ( "cn" => $_[0]->{'real'},
+$cn = $_[0]->{'real'} eq '' ? $_[0]->{'user'} : $_[0]->{'real'};
+return ( "cn" => $cn,
         "uid" => $_[0]->{'user'},
         "uidNumber" => $_[0]->{'uid'},
         "loginShell" => $_[0]->{'shell'},
@@ -475,7 +483,7 @@ return ( "cn" => $_[0]->{'real'},
         $_[0]->{'max'} eq '' ? ( ) :
                ( "shadowMax" => $_[0]->{'max'} ),
         $_[0]->{'warn'} eq '' ? ( ) :
-               ( "shadowWarn" => $_[0]->{'warn'} ),
+               ( "shadowWarning" => $_[0]->{'warn'} ),
         $_[0]->{'inactive'} eq '' ? ( ) :
                ( "shadowInactive" => $_[0]->{'inactive'} )
        );
diff --git a/ldap-useradmin/save_group.cgi b/ldap-useradmin/save_group.cgi
index 0a6256e..d9f1f03 100755 (executable)
--- a/ldap-useradmin/save_group.cgi
+++ b/ldap-useradmin/save_group.cgi
@@ -139,6 +139,7 @@ if ($in{'new'} && !$access{'gmultiple'}) {
        }
 
 $pfx = $config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" :
+       $config{'md5'} == 4 ? "{ssha}" :
        $config{'md5'} == 0 ? "{crypt}" : "";
 if ($in{'passmode'} == 0) {
        $pass = "";
diff --git a/ldap-useradmin/save_user.cgi b/ldap-useradmin/save_user.cgi
index a450145..d0337b5 100755 (executable)
--- a/ldap-useradmin/save_user.cgi
+++ b/ldap-useradmin/save_user.cgi
@@ -240,6 +240,7 @@ else {
                }
 
        local $pfx = $config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" :
+                    $config{'md5'} == 4 ? "{ssha}" :
                     $config{'md5'} == 0 ? "{crypt}" : "";
        if ($in{'passmode'} == 0) {
                # Password is blank
Webmin PERL server management