From 30925e53c865e27db217a3d8cdaa529970cda4c6 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Thu, 19 May 2005 10:26:56 +0000
Subject: [PATCH] fix shellcommands export encrypting "magic" shadow values *
 NP *LK*

---
 FS/FS/part_export/acct_sql.pm                 |  2 +-
 FS/FS/part_export/shellcommands.pm            | 33 ++++++++-------------------
 FS/FS/part_export/shellcommands_withdomain.pm |  6 ++++-
 FS/FS/svc_acct.pm                             |  6 +++--
 4 files changed, 20 insertions(+), 27 deletions(-)

diff --git a/FS/FS/part_export/acct_sql.pm b/FS/FS/part_export/acct_sql.pm
index 1092ee606..b309b724c 100644
--- a/FS/FS/part_export/acct_sql.pm
+++ b/FS/FS/part_export/acct_sql.pm
@@ -1,6 +1,6 @@
 package FS::part_export::acct_sql;
 
-use vars qw(@ISA %info @saltset);
+use vars qw(@ISA %info)
 use Tie::IxHash;
 #use Digest::MD5 qw(md5_hex);
 use FS::Record; #qw(qsearchs);
diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm
index 665ec473f..53b814e8b 100644
--- a/FS/FS/part_export/shellcommands.pm
+++ b/FS/FS/part_export/shellcommands.pm
@@ -1,6 +1,6 @@
 package FS::part_export::shellcommands;
 
-use vars qw(@ISA %info @saltset);
+use vars qw(@ISA %info)
 use Tie::IxHash;
 use String::ShellQuote;
 use FS::part_export;
@@ -53,6 +53,10 @@ tie my %options, 'Tie::IxHash',
   'unsuspend_stdin' => { label=>'Unsuspension command STDIN',
                          default=>'',
                        },
+  'crypt' => { label   => 'Default password encryption',
+               type=>'select', options=>[qw(crypt md5)],
+               default => 'crypt',
+             },
 ;
 
 %info = (
@@ -145,7 +149,7 @@ old_ for replace operations):
   <LI><code>$username</code>
   <LI><code>$_password</code>
   <LI><code>$quoted_password</code> - unencrypted password quoted for the shell
-  <LI><code>$crypt_password</code> - encrypted password
+  <LI><code>$crypt_password</code> - encrypted password (quoted for the shell)
   <LI><code>$uid</code>
   <LI><code>$gid</code>
   <LI><code>$finger</code> - GECOS, already quoted for the shell (do not add additional quotes)
@@ -160,8 +164,6 @@ old_ for replace operations):
 END
 );
 
-@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
-
 sub rebless { shift; }
 
 sub _export_insert {
@@ -229,16 +231,8 @@ sub _export_command {
   $quoted_password = shell_quote $_password;
   $domain = $svc_acct->domain;
 
-  #eventually should check a "password-encoding" field
-  if ( length($svc_acct->_password) == 13
-       || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) {
-    $crypt_password = shell_quote $svc_acct->_password;
-  } else {
-    $crypt_password = crypt(
-      $svc_acct->_password,
-      $saltset[int(rand(64))].$saltset[int(rand(64))]
-    );
-  }
+  $crypt_password =
+    shell_quote( $svc_acct->crypt_password( $self->option('crypt') ) );
 
   @radius_groups = $svc_acct->radius_groups;
 
@@ -270,15 +264,8 @@ sub _export_replace {
   $old_domain = $old->domain;
   $new_domain = $new->domain;
 
-  #eventuall should check a "password-encoding" field
-  if ( length($new->_password) == 13
-       || $new->_password =~ /^\$(1|2a?)\$/ ) {
-    $new_crypt_password = shell_quote $new->_password;
-  } else {
-    $new_crypt_password =
-      crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))]
-    );
-  }
+  $new_crypt_password =
+    shell_quote( $new->crypt_password( $self->option('crypt') ) );
 
   @old_radius_groups = $old->radius_groups;
   @new_radius_groups = $new->radius_groups;
diff --git a/FS/FS/part_export/shellcommands_withdomain.pm b/FS/FS/part_export/shellcommands_withdomain.pm
index 89ee95fa3..61cea79ed 100644
--- a/FS/FS/part_export/shellcommands_withdomain.pm
+++ b/FS/FS/part_export/shellcommands_withdomain.pm
@@ -44,6 +44,10 @@ tie my %options, 'Tie::IxHash',
   'unsuspend_stdin' => { label=>'Unsuspension command STDIN',
                          default=>'',
                        },
+  'crypt' => { label   => 'Default password encryption',
+               type=>'select', options=>[qw(crypt md5)],
+               default => 'crypt',
+             },
 ;
 
 %info = (
@@ -86,7 +90,7 @@ The following variables are available for interpolation (prefixed with
   <LI><code>$domain</code>
   <LI><code>$_password</code>
   <LI><code>$quoted_password</code> - unencrypted password quoted for the shell
-  <LI><code>$crypt_password</code> - encrypted password
+  <LI><code>$crypt_password</code> - encrypted password (quoted for the shell)
   <LI><code>$uid</code>
   <LI><code>$gid</code>
   <LI><code>$finger</code> - GECOS, already quoted for the shell (do not add additional quotes)
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm
index 0a0f9f9a8..c9af56ac2 100644
--- a/FS/FS/svc_acct.pm
+++ b/FS/FS/svc_acct.pm
@@ -1319,10 +1319,12 @@ database.
 
 sub crypt_password {
   my $self = shift;
-  #false laziness w/shellcommands.pm
   #eventually should check a "password-encoding" field
   if ( length($self->_password) == 13
-       || $self->_password =~ /^\$(1|2a?)\$/ ) {
+       || $self->_password =~ /^\$(1|2a?)\$/
+       || $self->_password =~ /^(\*|NP|\*LK\*)$/
+     )
+  {
     $self->_password;
   } else {
     my $encryption = scalar(@_) ? shift : 'crypt';
-- 
2.11.0