diff options
| author | ivan <ivan> | 2005-05-19 10:26:56 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2005-05-19 10:26:56 +0000 |
| commit | 30925e53c865e27db217a3d8cdaa529970cda4c6 (patch) | |
| tree | a2600e48f7fad3653f4cb32a6b9d126b14d85305 | |
| parent | 3d4a3ffa131e07e53d40908a8bed38906c73445d (diff) | |
fix shellcommands export encrypting "magic" shadow values * NP *LK*
| -rw-r--r-- | FS/FS/part_export/acct_sql.pm | 2 | ||||
| -rw-r--r-- | FS/FS/part_export/shellcommands.pm | 33 | ||||
| -rw-r--r-- | FS/FS/part_export/shellcommands_withdomain.pm | 6 | ||||
| -rw-r--r-- | FS/FS/svc_acct.pm | 6 |
4 files changed, 20 insertions, 27 deletions
diff --git a/FS/FS/part_export/acct_sql.pm b/FS/FS/part_export/acct_sql.pm index 1092ee606..b309b724c 100644 --- a/FS/FS/part_export/acct_sql.pm +++ b/FS/FS/part_export/acct_sql.pm @@ -1,6 +1,6 @@ package FS::part_export::acct_sql; -use vars qw(@ISA %info @saltset); +use vars qw(@ISA %info) use Tie::IxHash; #use Digest::MD5 qw(md5_hex); use FS::Record; #qw(qsearchs); diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm index 665ec473f..53b814e8b 100644 --- a/FS/FS/part_export/shellcommands.pm +++ b/FS/FS/part_export/shellcommands.pm @@ -1,6 +1,6 @@ package FS::part_export::shellcommands; -use vars qw(@ISA %info @saltset); +use vars qw(@ISA %info) use Tie::IxHash; use String::ShellQuote; use FS::part_export; @@ -53,6 +53,10 @@ tie my %options, 'Tie::IxHash', 'unsuspend_stdin' => { label=>'Unsuspension command STDIN', default=>'', }, + 'crypt' => { label => 'Default password encryption', + type=>'select', options=>[qw(crypt md5)], + default => 'crypt', + }, ; %info = ( @@ -145,7 +149,7 @@ old_ for replace operations): <LI><code>$username</code> <LI><code>$_password</code> <LI><code>$quoted_password</code> - unencrypted password quoted for the shell - <LI><code>$crypt_password</code> - encrypted password + <LI><code>$crypt_password</code> - encrypted password (quoted for the shell) <LI><code>$uid</code> <LI><code>$gid</code> <LI><code>$finger</code> - GECOS, already quoted for the shell (do not add additional quotes) @@ -160,8 +164,6 @@ old_ for replace operations): END ); -@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' ); - sub rebless { shift; } sub _export_insert { @@ -229,16 +231,8 @@ sub _export_command { $quoted_password = shell_quote $_password; $domain = $svc_acct->domain; - #eventually should check a "password-encoding" field - if ( length($svc_acct->_password) == 13 - || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) { - $crypt_password = shell_quote $svc_acct->_password; - } else { - $crypt_password = crypt( - $svc_acct->_password, - $saltset[int(rand(64))].$saltset[int(rand(64))] - ); - } + $crypt_password = + shell_quote( $svc_acct->crypt_password( $self->option('crypt') ) ); @radius_groups = $svc_acct->radius_groups; @@ -270,15 +264,8 @@ sub _export_replace { $old_domain = $old->domain; $new_domain = $new->domain; - #eventuall should check a "password-encoding" field - if ( length($new->_password) == 13 - || $new->_password =~ /^\$(1|2a?)\$/ ) { - $new_crypt_password = shell_quote $new->_password; - } else { - $new_crypt_password = - crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))] - ); - } + $new_crypt_password = + shell_quote( $new->crypt_password( $self->option('crypt') ) ); @old_radius_groups = $old->radius_groups; @new_radius_groups = $new->radius_groups; diff --git a/FS/FS/part_export/shellcommands_withdomain.pm b/FS/FS/part_export/shellcommands_withdomain.pm index 89ee95fa3..61cea79ed 100644 --- a/FS/FS/part_export/shellcommands_withdomain.pm +++ b/FS/FS/part_export/shellcommands_withdomain.pm @@ -44,6 +44,10 @@ tie my %options, 'Tie::IxHash', 'unsuspend_stdin' => { label=>'Unsuspension command STDIN', default=>'', }, + 'crypt' => { label => 'Default password encryption', + type=>'select', options=>[qw(crypt md5)], + default => 'crypt', + }, ; %info = ( @@ -86,7 +90,7 @@ The following variables are available for interpolation (prefixed with <LI><code>$domain</code> <LI><code>$_password</code> <LI><code>$quoted_password</code> - unencrypted password quoted for the shell - <LI><code>$crypt_password</code> - encrypted password + <LI><code>$crypt_password</code> - encrypted password (quoted for the shell) <LI><code>$uid</code> <LI><code>$gid</code> <LI><code>$finger</code> - GECOS, already quoted for the shell (do not add additional quotes) diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm index 0a0f9f9a8..c9af56ac2 100644 --- a/FS/FS/svc_acct.pm +++ b/FS/FS/svc_acct.pm @@ -1319,10 +1319,12 @@ database. sub crypt_password { my $self = shift; - #false laziness w/shellcommands.pm #eventually should check a "password-encoding" field if ( length($self->_password) == 13 - || $self->_password =~ /^\$(1|2a?)\$/ ) { + || $self->_password =~ /^\$(1|2a?)\$/ + || $self->_password =~ /^(\*|NP|\*LK\*)$/ + ) + { $self->_password; } else { my $encryption = scalar(@_) ? shift : 'crypt'; |