[horde] [PATCH] for passwd to support shadow style password
Luc de Louw
luc at delouw.ch
Sun Dec 8 14:07:48 PST 2002
Hi all,
I just made some changes to Hordes passwd/Drivers/sql.php to enable
usage of shadow encrypted passwords.
The change is actually, that first the encyrpted password is queried
from the db to have the needed salt
http://www.stanford.edu/group/itss-ccs/security/unix/Linux/Shadow-Password-HOWTO-2.html
is a source what I tought making this.
This makes sense if people had migrated from oldstyle unix-accounts to
a SQL based authentication using a virtual system. So no new passwords
are needed
for the clients. Just a script needs to be done to import the passwords
from /etc/shadow to
the database.
I'll do also the same for mysql-style encryption.
If there is a general interest, I'll also clean up the stuff a bit.
Hopefully I did not overseen somthing grave in terms of security, please
have a look.
Feedback is welcome
rgds
Luc
-------------- next part --------------
diff -Naur passwd-2.1/lib/Driver/sql.php passwd/lib/Driver/sql.php
--- passwd-2.1/lib/Driver/sql.php 2002-10-09 10:51:02.000000000 -0700
+++ passwd/lib/Driver/sql.php 2002-12-07 19:26:40.000000000 -0800
@@ -129,10 +129,22 @@
/* _connect() will die with Horde::fatal() upon failure. */
// $this->_connect();
+ /* First get the encrypted password out of the database to have the salt */
+
+ $query = 'SELECT ' . $this->params['pass_col'] . ' FROM ' . $this->params['table'];
+ $query .= ' WHERE ' . $this->params['user_col'] . ' = ' . $this->db->quote($user);
+
+ $result = $this->db->query($query);
+
+ if (!DB::isError($result)) {
+ $row=$result->fetchRow($result,0,$this->params['pass_col']);
+ $oldPassword = trim(crypt($oldPassword,$row[0]));
+ }
+
/* Build the SQL query. */
$query = 'SELECT ' . $this->params['user_col'] . ' FROM ' . $this->params['table'];
$query .= ' WHERE ' . $this->params['user_col'] . ' = ' . $this->db->quote($user);
- $query .= ' AND ' . $this->params['pass_col'] . ' = ' . $this->db->quote(md5($oldPassword));
+ $query .= ' AND ' . $this->params['pass_col'] . ' = ' . $this->db->quote($oldPassword);
/* Execute the query. */
$result = $this->db->query($query);
@@ -183,7 +195,8 @@
break;
case "crypt":
// The salt is left out, generated by php
- $change_info["userPassword"] = "{crypt}" . crypt($newPassword);
+ $change_info["userPassword"] = crypt($newPassword,substr($newPassword,0,2));
+ $newPassword = crypt($newPassword,substr($newPassword,0,2));
break;
case "md5":
$change_info["userPassword"] = md5($newPassword);
@@ -199,7 +212,7 @@
// now that we know that user exist and old password is correct, change the password
/* Build the SQL query. */
$query = 'UPDATE ' . $this->params['table'];
- $query .= ' set ' . $this->params['pass_col'] . ' = ' . $this->db->quote(md5($newPassword));
+ $query .= ' set ' . $this->params['pass_col'] . ' = ' . $this->db->quote($newPassword);
$query .= ' WHERE ' . $this->params['user_col'] . ' = ' . $this->db->quote($user);
/* Execute the query. */
More information about the horde
mailing list