+ if($encoding eq 'legacy') {
+ # The legacy behavior from check():
+ # If the password is blank, randomize it and set encoding to 'plain'.
+ if(!defined($pass) or (length($pass) == 0 and $passwordmin)) {
+ $pass = join('',map($pw_set[ int(rand $#pw_set) ], (0..7) ) );
+ $self->_password_encoding('plain');
+ }
+ else {
+ # Prefix + valid-length password
+ if ( $pass =~ /^((\*SUSPENDED\* |!!?)?)([^\t\n]{$passwordmin,$passwordmax})$/ ) {
+ $pass = $1.$3;
+ $self->_password_encoding('plain');
+ }
+ # Prefix + crypt string
+ elsif ( $pass =~ /^((\*SUSPENDED\* |!!?)?)([\w\.\/\$\;\+]{13,64})$/ ) {
+ $pass = $1.$3;
+ $self->_password_encoding('crypt');
+ }
+ # Various disabled crypt passwords
+ elsif ( $pass eq '*' or
+ $pass eq '!' or
+ $pass eq '!!' ) {
+ $self->_password_encoding('crypt');
+ }
+ else {
+ # do nothing; check() will recognize this as an error
+ }
+ }
+ }
+ elsif($encoding eq 'crypt') {
+ if($encryption eq 'md5') {
+ $pass = unix_md5_crypt($pass);
+ }
+ elsif($encryption eq 'des') {
+ $pass = crypt($pass, $saltset[int(rand(64))].$saltset[int(rand(64))]);
+ }
+ }
+ elsif($encoding eq 'ldap') {
+ if($encryption eq 'md5') {
+ $pass = md5_base64($pass);
+ }
+ elsif($encryption eq 'sha1') {
+ $pass = sha1_base64($pass);
+ }
+ elsif($encryption eq 'crypt') {
+ $pass = crypt($pass, $saltset[int(rand(64))].$saltset[int(rand(64))]);
+ }
+ # else $encryption eq 'plain', do nothing
+ $pass = '{'.uc($encryption).'}'.$pass;
+ }
+ # else encoding eq 'plain'