Commits

Zhang Huangbin committed 92815c6

[ldap] Able to choose addition password scheme as default one in OpenLDAP backend: SSHA512, MD5.

  • Participants
  • Parent commits 0268d57

Comments (0)

Files changed (4)

 = 0.3 =
+    * Able to choose addition password scheme as default one in OpenLDAP
+      backend: SSHA512, MD5.
     * Use python source file as config file. You can convert old ini config
       file with script tools/convert_ini_to_py.py.
 

File libs/ldaplib/admin.py

 
         result = iredutils.verify_new_password(self.newpw, self.confirmpw)
         if result[0] is True:
-            self.passwd = ldaputils.generateLDAPPasswd(result[1])
+            self.passwd = ldaputils.generate_ldap_password(result[1])
         else:
             return result
 

File libs/ldaplib/ldaputils.py

 
 
 # Generate hashed password from plain text for LDAP value 'userPassword'.
-def generateLDAPPasswd(password, pwscheme=settings.LDAP_DEFAULT_PASSWD_SCHEME,):
+def generate_ldap_password(password, pwscheme=settings.LDAP_DEFAULT_PASSWD_SCHEME,):
     pwscheme = pwscheme.upper()
-    salt = os.urandom(8)
-    if sys.version_info[1] < 5:  # Python 2.5
-        import sha
-        if pwscheme == 'SSHA':
-            h = sha.new(password)
-            h.update(salt)
-            pw = "{SSHA}" + b64encode(h.digest() + salt)
-        elif pwscheme == 'SHA':
-            h = sha.new(password)
-            pw = "{SHA}" + b64encode(h.digest())
-        else:
-            pw = password
+
+    if pwscheme == 'SSHA512':
+        pw = iredutils.generate_ssha512_password(password)
+    elif pwscheme == 'SSHA':
+        pw = iredutils.generate_ssha_password(password)
+    elif pwscheme == 'MD5':
+        pw = iredutils.generate_md5_password(password)
     else:
-        import hashlib
-        if pwscheme == 'SSHA':
-            h = hashlib.sha1(password)
-            h.update(salt)
-            pw = "{SSHA}" + b64encode(h.digest() + salt)
-        elif pwscheme == 'SHA':
-            h = hashlib.sha1(password)
-            pw = "{SSHA}" + b64encode(h.digest())
-        else:
-            pw = password
+        pw = password
 
     return pw
 

File libs/ldaplib/user.py

                                          )
         if result[0] is True:
             if 'storePasswordInPlainText' in data and settings.STORE_PASSWORD_IN_PLAIN_TEXT:
-                self.passwd = ldaputils.generateLDAPPasswd(result[1], pwscheme='PLAIN')
+                self.passwd = ldaputils.generate_ldap_password(result[1], pwscheme='PLAIN')
             else:
-                self.passwd = ldaputils.generateLDAPPasswd(result[1])
+                self.passwd = ldaputils.generate_ldap_password(result[1])
         else:
             return result
 
             )
             if result[0] is True:
                 if 'storePasswordInPlainText' in data and settings.STORE_PASSWORD_IN_PLAIN_TEXT:
-                    self.passwd = ldaputils.generateLDAPPasswd(result[1], pwscheme='PLAIN')
+                    self.passwd = ldaputils.generate_ldap_password(result[1], pwscheme='PLAIN')
                 else:
-                    self.passwd = ldaputils.generateLDAPPasswd(result[1])
+                    self.passwd = ldaputils.generate_ldap_password(result[1])
                 mod_attrs += [(ldap.MOD_REPLACE, 'userPassword', self.passwd)]
                 mod_attrs += [(ldap.MOD_REPLACE, 'shadowLastChange', str(ldaputils.getDaysOfShadowLastChange()))]
             else: