From: skodak Date: Thu, 29 Mar 2007 19:50:53 +0000 (+0000) Subject: MDL-3339 support md5 and sha1 in ldap when adding or changing passwords; merged from... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=344514fca5619a691e2f85aaac914d5d0c3fb285;p=moodle.git MDL-3339 support md5 and sha1 in ldap when adding or changing passwords; merged from MOODLE_18_STABLE --- diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 85c221e4b3..8ec2bd7089 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -232,6 +232,18 @@ class auth_plugin_ldap extends auth_plugin_base { $extusername = $textlib->convert(stripslashes($userobject->username), 'utf-8', $this->config->ldapencoding); $extpassword = $textlib->convert(stripslashes($plainpass), 'utf-8', $this->config->ldapencoding); + switch ($this->config->passtype) { + case 'md5': + $extpassword = '{MD5}' . base64_encode(pack('H*', md5($extpassword))); + break; + case 'sha1': + $extpassword = '{SHA}' . base64_encode(pack('H*', sha1($extpassword))); + break; + case 'plaintext': + default: + break; // plaintext + } + $ldapconnection = $this->ldap_connect(); $attrmap = $this->ldap_attributes(); @@ -974,6 +986,18 @@ class auth_plugin_ldap extends auth_plugin_base { $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding); $extpassword = $textlib->convert(stripslashes($newpassword), 'utf-8', $this->config->ldapencoding); + switch ($this->config->passtype) { + case 'md5': + $extpassword = '{MD5}' . base64_encode(pack('H*', md5($extpassword))); + break; + case 'sha1': + $extpassword = '{SHA}' . base64_encode(pack('H*', sha1($extpassword))); + break; + case 'plaintext': + default: + break; // plaintext + } + $ldapconnection = $this->ldap_connect(); $user_dn = $this->ldap_find_userdn($ldapconnection, $extusername); @@ -1596,7 +1620,9 @@ class auth_plugin_ldap extends auth_plugin_base { if (!isset($config->forcechangepassword)) {$config->forcechangepassword = 0; } if (!isset($config->stdchangepassword)) - {$config->stdchangepassword = 0; } + {$config->forcechangepassword = 0; } + if (!isset($config->passtype)) + {$config->passtype = 'plaintext'; } if (!isset($config->changepasswordurl)) {$config->changepasswordurl = ''; } if (!isset($config->removeuser)) @@ -1628,6 +1654,7 @@ class auth_plugin_ldap extends auth_plugin_base { set_config('auth_user_create', $config->auth_user_create, 'auth/ldap'); set_config('forcechangepassword', $config->forcechangepassword, 'auth/ldap'); set_config('stdchangepassword', $config->stdchangepassword, 'auth/ldap'); + set_config('passtype', $config->passtype, 'auth/ldap'); set_config('changepasswordurl', $config->changepasswordurl, 'auth/ldap'); set_config('removeuser', $config->removeuser, 'auth/ldap'); diff --git a/auth/ldap/config.html b/auth/ldap/config.html index 4b729d463f..a1a1f24fe9 100644 --- a/auth/ldap/config.html +++ b/auth/ldap/config.html @@ -49,6 +49,8 @@ {$config->forcechangepassword = 0; } if (!isset($config->stdchangepassword)) {$config->stdchangepassword = 0; } + if (!isset($config->passtype)) + {$config->passtype = 'plaintext';} if (!isset($config->changepasswordurl)) {$config->changepasswordurl = ''; } if (!isset($config->removeuser)) @@ -271,6 +273,21 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there? + + + + passtype, ''); + + ?> + + + + diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php index 6d3b7a8613..dd85a3879b 100644 --- a/lang/en_utf8/auth.php +++ b/lang/en_utf8/auth.php @@ -159,6 +159,7 @@ $string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribut $string['auth_ldap_memberattribute_isdn'] = 'Optional: Overrides handling of member attribute values, either 0 or 1'; $string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.'; $string['auth_ldap_opt_deref'] = 'Determines how aliases are handled during search. Select one of the following values: \"No\" (LDAP_DEREF_NEVER) or \"Yes\" (LDAP_DEREF_ALWAYS)'; +$string['auth_ldap_passtype'] = 'Specify the format of new or changed passwords in LDAP server.'; $string['auth_ldap_passwdexpire_settings'] = 'LDAP password expiration settings.'; $string['auth_ldap_preventpassindb'] = 'Select yes to prevent passwords from being stored in Moodle\'s DB.'; $string['auth_ldap_search_sub'] = 'Search users from subcontexts.'; @@ -191,6 +192,7 @@ $string['auth_ldap_user_attribute_key'] = 'User attribute'; $string['auth_ldap_memberattribute_key'] = 'Member attribute'; $string['auth_ldap_memberattribute_isdn_key'] = 'Member attribute uses dn'; $string['auth_ldap_objectclass_key'] = 'Object class'; +$string['auth_ldap_passtype_key'] = 'Password format'; $string['auth_ldap_changepasswordurl_key'] = 'Password-change URL'; $string['auth_ldap_expiration_key'] = 'Expiration'; $string['auth_ldap_expiration_warning_key'] = 'Expiration warning';