gunnar: server/perl-kolab/sbin kolab_bootstrap.in,1.11,1.12

cvs at kolab.org cvs at kolab.org
Mon Nov 23 23:47:07 CET 2009 

Author: gunnar

Update of /kolabrepository/server/perl-kolab/sbin
In directory doto:/tmp/cvs-serv29371/perl-kolab/sbin

Modified Files:
	kolab_bootstrap.in 
Log Message:
MFB:         kolab/issue919 (kolab server has problems with some characters in
        passwords)


Index: kolab_bootstrap.in
===================================================================
RCS file: /kolabrepository/server/perl-kolab/sbin/kolab_bootstrap.in,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- kolab_bootstrap.in	17 Jul 2009 14:52:24 -0000	1.11
+++ kolab_bootstrap.in	23 Nov 2009 22:47:05 -0000	1.12
@@ -63,6 +63,8 @@
 use Term::ReadKey;
 use Time::Local;
 use Time::localtime;
+use Digest::SHA1;
+use MIME::Base64;
 
 # Reload only kolab.globals into our configuration.
 Kolab::reloadConfig("@CONFIG_DIR@/kolab.globals", 1);
@@ -123,6 +125,36 @@
   return $hashpw;
 }
 
+# Taken from Crypt::SaltedHash
+sub __generate_hex_salt {
+
+    my @keychars = (
+        "0", "1", "2", "3", "4", "5", "6", "7",
+        "8", "9", "a", "b", "c", "d", "e", "f"
+    );
+    my $length = shift || 8;
+
+    my $salt = '';
+    my $max  = scalar @keychars;
+    for my $i ( 0 .. $length - 1 ) {
+        my $skip = $i == 0 ? 1 : 0;    # don't let the first be 0
+        $salt .= $keychars[ $skip + int( rand( $max - $skip ) ) ];
+    }
+
+    return pack( "H*", $salt);
+}
+
+# Hash a password without using slappasswd
+sub hashPassword2 {
+  my $pw = shift;
+  my $ctx = Digest::SHA1->new;
+  my $salt = __generate_hex_salt();
+  $ctx->add($pw);
+  $ctx->add($salt);
+  my $hashpw = '{SSHA}' . encode_base64($ctx->digest . $salt ,'');
+  return $hashpw;
+}
+
 # Ask the user a question
 sub getUserInput {
   my $text = shift;
@@ -276,7 +308,7 @@
 my $is_master = $kolab_config{'is_master'} || "true";
 my $bind_dn = $kolab_config{'bind_dn'} || die "could not read bind_dn from $kolab_config";
 my $bind_pw = $kolab_config{'bind_pw'} || die "could not read bind_pw from $kolab_config";
-my $bind_pw_hash = $kolab_config{'bind_pw_hash'} || hashPassword( $bind_pw );
+my $bind_pw_hash = $kolab_config{'bind_pw_hash'} || hashPassword2( $bind_pw );
 my $ldap_uri = $kolab_config{'ldap_uri'} || die "could not read ldap_uri from $kolab_config";
 my $base_dn = $kolab_config{'base_dn'} || die "could not read base_dn from $kolab_config";
 my $php_dn = $kolab_config{'php_dn'} || die "could not read php_dn from $kolab_config";
@@ -354,7 +386,7 @@
       chomp $bind_pw;
       $bind_pw = getUserInput("Please choose a manager password", $bind_pw);
       print " bind_pw : $bind_pw\n";
-      $bind_pw_hash = hashPassword($bind_pw);
+      $bind_pw_hash = hashPassword2($bind_pw);
     }
 
     # Generate passwords
@@ -430,7 +462,7 @@
       $Kolab::config{'directory_replication_mode_is_syncrepl'} = 'true' if ($Kolab::config{'directory_mode'} eq 'syncrepl');
       $Kolab::config{"base_dn"} = $base_dn;
       $Kolab::config{"bind_dn"} = $bind_dn;
-      $Kolab::config{"bind_pw_hash"} = $bind_pw;
+      $Kolab::config{"bind_pw_hash"} = $bind_pw_hash;
       $Kolab::config{"slurpd_addr"} = $slurpd_addr;
       $Kolab::config{"slurpd_port"} = $slurpd_port;
 
@@ -556,7 +588,7 @@
       # create php read-only user
       $ldapobject = newOrExistingLDAPEntry( $ldap, "cn=nobody,cn=internal,$base_dn" );
       $ldapobject->replace('cn' => 'nobody', 'sn' => 'n/a n/a', 'uid' => 'nobody',
-                           'userPassword' => hashPassword($php_pw),
+                           'userPassword' => hashPassword2($php_pw),
                            'objectclass' => ['top','inetorgperson','kolabinetorgperson']);
       $ldapobject->dn("cn=nobody,cn=internal,$base_dn");
       $mesg = $ldapobject->update($ldap);
@@ -566,7 +598,7 @@
       # create calendar user
       $ldapobject = newOrExistingLDAPEntry( $ldap, "cn=$calendar_id@" . $domain . ",cn=internal,$base_dn" );
       $ldapobject->replace('cn' => $calendar_id . '@' . $domain, 'sn' => 'n/a n/a', 'uid' => $calendar_id . '@' . $domain,
-                           'userPassword' => hashPassword($calendar_pw),
+                           'userPassword' => hashPassword2($calendar_pw),
                            'objectclass' => ['top','inetorgperson','kolabinetorgperson']);
       $ldapobject->dn("cn=$calendar_id@" . $domain . ",cn=internal,$base_dn");
       $mesg = $ldapobject->update($ldap);
@@ -693,7 +725,7 @@
 
   $bind_dn = "cn=manager,cn=internal,$base_dn";
   $bind_pw = getUserInput("Manager password");
-  $bind_pw_hash = hashPassword($bind_pw);
+  $bind_pw_hash = hashPassword2($bind_pw);
 
   my $confname = "$Kolab::config{'sasl_smtpconffile'}";
   copy("@CONFIG_DIR@/templates/smtpd.conf.template", $confname) || die "could not write to $confname";

More information about the commits mailing list