aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2024-07-07 02:36:38 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2024-07-07 02:42:21 +0200
commit927ea90d2d0b16b510fc9dad618ccb9ac374c4cd (patch)
tree770f6008712412354d53ccb8a0a3776d4a79752d
parentc55d7e13d4e689f155f0483505181c4dd1ce5904 (diff)
downloadNix-927ea90d2d0b16b510fc9dad618ccb9ac374c4cd.tar.gz
Nix-927ea90d2d0b16b510fc9dad618ccb9ac374c4cd.tar.zst
Nix-927ea90d2d0b16b510fc9dad618ccb9ac374c4cd.zip
Fix ldap passwords
-rw-r--r--deploy/flake.lock4
-rw-r--r--flake.lock4
-rw-r--r--flakes/flake.lock2
-rw-r--r--systems/eldiron/base.nix2
-rw-r--r--systems/eldiron/websites/tools/landing/ldap_password.php2
5 files changed, 7 insertions, 7 deletions
diff --git a/deploy/flake.lock b/deploy/flake.lock
index c5cd82e..de358ff 100644
--- a/deploy/flake.lock
+++ b/deploy/flake.lock
@@ -2783,7 +2783,7 @@
2783 }, 2783 },
2784 "locked": { 2784 "locked": {
2785 "lastModified": 1, 2785 "lastModified": 1,
2786 "narHash": "sha256-mPLHIHp2ZF2MQSiKJhYj2SA9JTN3iKjyUkW6tF+uTsM=", 2786 "narHash": "sha256-DK32C6dLSeXBxrQx3B6RVyLnqIB6i9trlZlb0vkl7J4=",
2787 "path": "../flakes", 2787 "path": "../flakes",
2788 "type": "path" 2788 "type": "path"
2789 }, 2789 },
@@ -3903,7 +3903,7 @@
3903 }, 3903 },
3904 "locked": { 3904 "locked": {
3905 "lastModified": 1, 3905 "lastModified": 1,
3906 "narHash": "sha256-+wiHTKFrgD2yAUUioWhq3rnIX/Is37UsMpLb6YDfpIs=", 3906 "narHash": "sha256-IiNmTt+EL9aW6oEWp/JyUfjVLnLAu2MfX9e0b8J7/h0=",
3907 "path": "../systems/eldiron", 3907 "path": "../systems/eldiron",
3908 "type": "path" 3908 "type": "path"
3909 }, 3909 },
diff --git a/flake.lock b/flake.lock
index 3ae807d..2a51070 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2664,7 +2664,7 @@
2664 }, 2664 },
2665 "locked": { 2665 "locked": {
2666 "lastModified": 1, 2666 "lastModified": 1,
2667 "narHash": "sha256-mPLHIHp2ZF2MQSiKJhYj2SA9JTN3iKjyUkW6tF+uTsM=", 2667 "narHash": "sha256-DK32C6dLSeXBxrQx3B6RVyLnqIB6i9trlZlb0vkl7J4=",
2668 "path": "./flakes", 2668 "path": "./flakes",
2669 "type": "path" 2669 "type": "path"
2670 }, 2670 },
@@ -3919,7 +3919,7 @@
3919 }, 3919 },
3920 "locked": { 3920 "locked": {
3921 "lastModified": 1, 3921 "lastModified": 1,
3922 "narHash": "sha256-+wiHTKFrgD2yAUUioWhq3rnIX/Is37UsMpLb6YDfpIs=", 3922 "narHash": "sha256-IiNmTt+EL9aW6oEWp/JyUfjVLnLAu2MfX9e0b8J7/h0=",
3923 "path": "../systems/eldiron", 3923 "path": "../systems/eldiron",
3924 "type": "path" 3924 "type": "path"
3925 }, 3925 },
diff --git a/flakes/flake.lock b/flakes/flake.lock
index 1d7486d..e8924ee 100644
--- a/flakes/flake.lock
+++ b/flakes/flake.lock
@@ -3824,7 +3824,7 @@
3824 }, 3824 },
3825 "locked": { 3825 "locked": {
3826 "lastModified": 1, 3826 "lastModified": 1,
3827 "narHash": "sha256-+wiHTKFrgD2yAUUioWhq3rnIX/Is37UsMpLb6YDfpIs=", 3827 "narHash": "sha256-IiNmTt+EL9aW6oEWp/JyUfjVLnLAu2MfX9e0b8J7/h0=",
3828 "path": "../systems/eldiron", 3828 "path": "../systems/eldiron",
3829 "type": "path" 3829 "type": "path"
3830 }, 3830 },
diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix
index fa5e504..4535dcf 100644
--- a/systems/eldiron/base.nix
+++ b/systems/eldiron/base.nix
@@ -189,7 +189,7 @@
189 table = ldap_users 189 table = ldap_users
190 user_column = login 190 user_column = login
191 pw_type = function 191 pw_type = function
192 auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u 192 auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( convert_to(%p, 'UTF8') || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
193 #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u 193 #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u
194 ''; 194 '';
195 }; 195 };
diff --git a/systems/eldiron/websites/tools/landing/ldap_password.php b/systems/eldiron/websites/tools/landing/ldap_password.php
index efb4f57..b3b2f15 100644
--- a/systems/eldiron/websites/tools/landing/ldap_password.php
+++ b/systems/eldiron/websites/tools/landing/ldap_password.php
@@ -45,7 +45,7 @@ function changePasswordSQL($user_realm, $newPassword) {
45 } 45 }
46 } 46 }
47 $con = pg_connect(""); 47 $con = pg_connect("");
48 $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( $1 || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm)); 48 $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( convert_to($1, 'UTF8') || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm));
49 if (!$result) { 49 if (!$result) {
50 $message[] = "Error when accessing database"; 50 $message[] = "Error when accessing database";
51 return false; 51 return false;