summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am3
-rw-r--r--php/admin/include/passwd.php26
-rw-r--r--www/admin/administrator/admin.php.in4
-rw-r--r--www/admin/domainmaintainer/domainmaintainer.php.in4
-rw-r--r--www/admin/maintainer/maintainer.php.in4
-rw-r--r--www/admin/user/user.php.in4
6 files changed, 36 insertions, 9 deletions
diff --git a/Makefile.am b/Makefile.am
index 7b1bbea..dea7d3c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -103,7 +103,8 @@ PHP_INCLUDES = php/admin/include/menu.php \
php/admin/include/sieveutils.class.php \
php/admin/include/authenticate.php \
php/admin/include/locale.php \
- php/admin/include/Sieve.php
+ php/admin/include/Sieve.php \
+ php/admin/include/passwd.php
phpincludesdir = $(phpkolabdir)/include
phpincludes_DATA = $(PHP_INCLUDES) \
diff --git a/php/admin/include/passwd.php b/php/admin/include/passwd.php
new file mode 100644
index 0000000..7fa02af
--- /dev/null
+++ b/php/admin/include/passwd.php
@@ -0,0 +1,26 @@
+<?php
+/* -------------------------------------------------------------------
+ Copyright (C) 2007 by Intevation GmbH
+ Author(s):
+ Sascha Wilde <wilde@intevation.de>
+
+ This program is free software under the GNU GPL (>=v2)
+ Read the file COPYING coming with the software for details.
+ ------------------------------------------------------------------- */
+
+// Generate OpenLDAP style SSHA password strings
+function ssha($string, $salt)
+{
+ return "{SSHA}" . base64_encode(pack("H*", sha1($string . $salt)) . $salt);
+}
+
+// return 4 random bytes
+function gensalt()
+{
+ $salt = '';
+ while (strlen($salt) < 4)
+ $salt = $salt . chr(mt_rand(0,255));
+ return $salt;
+}
+
+?> \ No newline at end of file
diff --git a/www/admin/administrator/admin.php.in b/www/admin/administrator/admin.php.in
index ec5de31..1e89b57 100644
--- a/www/admin/administrator/admin.php.in
+++ b/www/admin/administrator/admin.php.in
@@ -23,6 +23,7 @@ require_once('@kolab_php_module_prefix@admin/include/headers.php');
require_once('@kolab_php_module_prefix@admin/include/locale.php');
require_once('@kolab_php_module_prefix@admin/include/authenticate.php');
require_once('@kolab_php_module_prefix@admin/include/form.class.php');
+require_once('@kolab_php_module_prefix@admin/include/passwd.php');
/**** Functions ***/
function comment( $s ) {
@@ -205,8 +206,7 @@ switch( $action ) {
$ldap_object['sn'] = trim($_POST['lastname']);
$ldap_object['cn'] = trim($_POST['firstname']).' '.$ldap_object['sn'];
if( !empty( $_POST['password_0'] ) ) {
- $ldap_object['userPassword'] = '{sha}'.base64_encode( pack('H*',
- sha1( $_POST['password_0'])));
+ $ldap_object['userPassword'] = ssha( $_POST['password_0'], gensalt());
}
if( $action == 'firstsave' ) $ldap_object['uid'] = trim( strtolower( $_POST['uid'] ) );
diff --git a/www/admin/domainmaintainer/domainmaintainer.php.in b/www/admin/domainmaintainer/domainmaintainer.php.in
index 715445b..f03cc30 100644
--- a/www/admin/domainmaintainer/domainmaintainer.php.in
+++ b/www/admin/domainmaintainer/domainmaintainer.php.in
@@ -23,6 +23,7 @@ require_once('@kolab_php_module_prefix@admin/include/headers.php');
require_once('@kolab_php_module_prefix@admin/include/locale.php');
require_once('@kolab_php_module_prefix@admin/include/authenticate.php');
require_once('@kolab_php_module_prefix@admin/include/form.class.php');
+require_once('@kolab_php_module_prefix@admin/include/passwd.php');
/**** Functions ***/
function comment( $s ) {
@@ -186,8 +187,7 @@ switch( $action ) {
$ldap_object['sn'] = trim($_POST['lastname']);
$ldap_object['cn'] = trim($_POST['firstname']).' '.$ldap_object['sn'];
if( !empty( $_POST['password_0'] ) ) {
- $ldap_object['userPassword'] = '{sha}'.base64_encode( pack('H*',
- sha1( $_POST['password_0'])));
+ $ldap_object['userPassword'] = ssha( $_POST['password_0'], gensalt());
}
if( $action == 'firstsave' ) $ldap_object['uid'] = trim( strtolower( $_POST['uid'] ) );
diff --git a/www/admin/maintainer/maintainer.php.in b/www/admin/maintainer/maintainer.php.in
index 298a6e8..28cc461 100644
--- a/www/admin/maintainer/maintainer.php.in
+++ b/www/admin/maintainer/maintainer.php.in
@@ -23,6 +23,7 @@ require_once('@kolab_php_module_prefix@admin/include/headers.php');
require_once('@kolab_php_module_prefix@admin/include/locale.php');
require_once('@kolab_php_module_prefix@admin/include/authenticate.php');
require_once('@kolab_php_module_prefix@admin/include/form.class.php');
+require_once('@kolab_php_module_prefix@admin/include/passwd.php');
/**** Functions ***/
function comment( $s ) {
@@ -202,8 +203,7 @@ switch( $action ) {
$ldap_object['sn'] = trim($_POST['lastname']);
$ldap_object['cn'] = trim($_POST['firstname']).' '.$ldap_object['sn'];
if( !empty( $_POST['password_0'] ) ) {
- $ldap_object['userPassword'] = '{sha}'.base64_encode( pack('H*',
- sha1( $_POST['password_0'])));
+ $ldap_object['userPassword'] = ssha( $_POST['password_0'], gensalt());
}
if( $action == 'firstsave' ) $ldap_object['uid'] = trim( strtolower( $_POST['uid'] ) );
diff --git a/www/admin/user/user.php.in b/www/admin/user/user.php.in
index 994fc76..ed7eda6 100644
--- a/www/admin/user/user.php.in
+++ b/www/admin/user/user.php.in
@@ -11,6 +11,7 @@ require_once('@kolab_php_module_prefix@admin/include/headers.php');
require_once('@kolab_php_module_prefix@admin/include/locale.php');
require_once('@kolab_php_module_prefix@admin/include/authenticate.php');
require_once('@kolab_php_module_prefix@admin/include/form.class.php');
+require_once('@kolab_php_module_prefix@admin/include/passwd.php');
/**** Functions ***/
function comment( $s ) {
@@ -491,8 +492,7 @@ switch( $action ) {
$ldap_object['cn'] = trim($_POST['givenname']).' '.$ldap_object['sn'];
$ldap_object['givenName'] = trim($_POST['givenname']);
if( !empty( $_POST['password_0'] ) ) {
- $ldap_object['userPassword'] = '{sha}'.base64_encode( pack('H*',
- sha1( $_POST['password_0'])));
+ $ldap_object['userPassword'] = ssha( $_POST['password_0'], gensalt());
if( $action == 'save' && $auth->dn() == $dn ) {
// We are editing our own password, let's update the session!
$auth->setPassword($_POST['password_0']);