gunnar: server/perl-kolab/sbin kolab_bootstrap.in,1.7.2.1,1.7.2.2
cvs at kolab.org
cvs at kolab.org
Tue Nov 17 18:12:37 CET 2009
Author: gunnar
Update of /kolabrepository/server/perl-kolab/sbin
In directory doto:/tmp/cvs-serv19710/perl-kolab/sbin
Modified Files:
Tag: kolab_2_2_branch
kolab_bootstrap.in
Log Message:
kolab/issue919 (kolab server has problems with some characters in passwords)
Index: kolab_bootstrap.in
===================================================================
RCS file: /kolabrepository/server/perl-kolab/sbin/kolab_bootstrap.in,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -d -r1.7.2.1 -r1.7.2.2
--- kolab_bootstrap.in 17 Jul 2009 14:44:27 -0000 1.7.2.1
+++ kolab_bootstrap.in 17 Nov 2009 17:12:35 -0000 1.7.2.2
@@ -63,6 +63,8 @@
use Term::ReadKey;
use Time::Local;
use Time::localtime;
+use Digest::SHA1;
+use MIME::Base64;
# Reload only kolab.globals into our configuration.
Kolab::reloadConfig("@CONFIG_DIR@/kolab.globals", 1);
@@ -123,6 +125,36 @@
return $hashpw;
}
+# Taken from Crypt::SaltedHash
+sub __generate_hex_salt {
+
+ my @keychars = (
+ "0", "1", "2", "3", "4", "5", "6", "7",
+ "8", "9", "a", "b", "c", "d", "e", "f"
+ );
+ my $length = shift || 8;
+
+ my $salt = '';
+ my $max = scalar @keychars;
+ for my $i ( 0 .. $length - 1 ) {
+ my $skip = $i == 0 ? 1 : 0; # don't let the first be 0
+ $salt .= $keychars[ $skip + int( rand( $max - $skip ) ) ];
+ }
+
+ return pack( "H*", $salt);
+}
+
+# Hash a password without using slappasswd
+sub hashPassword2 {
+ my $pw = shift;
+ my $ctx = Digest::SHA1->new;
+ my $salt = __generate_hex_salt();
+ $ctx->add($pw);
+ $ctx->add($salt);
+ my $hashpw = '{SSHA}' . encode_base64($ctx->digest . $salt ,'');
+ return $hashpw;
+}
+
# Ask the user a question
sub getUserInput {
my $text = shift;
@@ -276,7 +308,7 @@
my $is_master = $kolab_config{'is_master'} || "true";
my $bind_dn = $kolab_config{'bind_dn'} || die "could not read bind_dn from $kolab_config";
my $bind_pw = $kolab_config{'bind_pw'} || die "could not read bind_pw from $kolab_config";
-my $bind_pw_hash = $kolab_config{'bind_pw_hash'} || hashPassword( $bind_pw );
+my $bind_pw_hash = $kolab_config{'bind_pw_hash'} || hashPassword2( $bind_pw );
my $ldap_uri = $kolab_config{'ldap_uri'} || die "could not read ldap_uri from $kolab_config";
my $base_dn = $kolab_config{'base_dn'} || die "could not read base_dn from $kolab_config";
my $php_dn = $kolab_config{'php_dn'} || die "could not read php_dn from $kolab_config";
@@ -354,7 +386,7 @@
chomp $bind_pw;
$bind_pw = getUserInput("Please choose a manager password", $bind_pw);
print " bind_pw : $bind_pw\n";
- $bind_pw_hash = hashPassword($bind_pw);
+ $bind_pw_hash = hashPassword2($bind_pw);
}
# Generate passwords
@@ -430,7 +462,7 @@
$Kolab::config{'directory_replication_mode_is_syncrepl'} = 'true' if ($Kolab::config{'directory_mode'} eq 'syncrepl');
$Kolab::config{"base_dn"} = $base_dn;
$Kolab::config{"bind_dn"} = $bind_dn;
- $Kolab::config{"bind_pw_hash"} = $bind_pw;
+ $Kolab::config{"bind_pw_hash"} = $bind_pw_hash;
$Kolab::config{"slurpd_addr"} = $slurpd_addr;
$Kolab::config{"slurpd_port"} = $slurpd_port;
@@ -556,7 +588,7 @@
# create php read-only user
$ldapobject = newOrExistingLDAPEntry( $ldap, "cn=nobody,cn=internal,$base_dn" );
$ldapobject->replace('cn' => 'nobody', 'sn' => 'n/a n/a', 'uid' => 'nobody',
- 'userPassword' => hashPassword($php_pw),
+ 'userPassword' => hashPassword2($php_pw),
'objectclass' => ['top','inetorgperson','kolabinetorgperson']);
$ldapobject->dn("cn=nobody,cn=internal,$base_dn");
$mesg = $ldapobject->update($ldap);
@@ -566,7 +598,7 @@
# create calendar user
$ldapobject = newOrExistingLDAPEntry( $ldap, "cn=$calendar_id@" . $domain . ",cn=internal,$base_dn" );
$ldapobject->replace('cn' => $calendar_id . '@' . $domain, 'sn' => 'n/a n/a', 'uid' => $calendar_id . '@' . $domain,
- 'userPassword' => hashPassword($calendar_pw),
+ 'userPassword' => hashPassword2($calendar_pw),
'objectclass' => ['top','inetorgperson','kolabinetorgperson']);
$ldapobject->dn("cn=$calendar_id@" . $domain . ",cn=internal,$base_dn");
$mesg = $ldapobject->update($ldap);
@@ -693,7 +725,7 @@
$bind_dn = "cn=manager,cn=internal,$base_dn";
$bind_pw = getUserInput("Manager password");
- $bind_pw_hash = hashPassword($bind_pw);
+ $bind_pw_hash = hashPassword2($bind_pw);
my $confname = "$Kolab::config{'sasl_smtpconffile'}";
copy("@CONFIG_DIR@/templates/smtpd.conf.template", $confname) || die "could not write to $confname";
More information about the commits
mailing list