diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2024-07-07 02:36:38 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2024-07-07 02:42:21 +0200 |
commit | 927ea90d2d0b16b510fc9dad618ccb9ac374c4cd (patch) | |
tree | 770f6008712412354d53ccb8a0a3776d4a79752d /systems/eldiron | |
parent | c55d7e13d4e689f155f0483505181c4dd1ce5904 (diff) | |
download | Nix-927ea90d2d0b16b510fc9dad618ccb9ac374c4cd.tar.gz Nix-927ea90d2d0b16b510fc9dad618ccb9ac374c4cd.tar.zst Nix-927ea90d2d0b16b510fc9dad618ccb9ac374c4cd.zip |
Fix ldap passwords
Diffstat (limited to 'systems/eldiron')
-rw-r--r-- | systems/eldiron/base.nix | 2 | ||||
-rw-r--r-- | systems/eldiron/websites/tools/landing/ldap_password.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix index fa5e504..4535dcf 100644 --- a/systems/eldiron/base.nix +++ b/systems/eldiron/base.nix | |||
@@ -189,7 +189,7 @@ | |||
189 | table = ldap_users | 189 | table = ldap_users |
190 | user_column = login | 190 | user_column = login |
191 | pw_type = function | 191 | pw_type = function |
192 | auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u | 192 | auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( convert_to(%p, 'UTF8') || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u |
193 | #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u | 193 | #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u |
194 | ''; | 194 | ''; |
195 | }; | 195 | }; |
diff --git a/systems/eldiron/websites/tools/landing/ldap_password.php b/systems/eldiron/websites/tools/landing/ldap_password.php index efb4f57..b3b2f15 100644 --- a/systems/eldiron/websites/tools/landing/ldap_password.php +++ b/systems/eldiron/websites/tools/landing/ldap_password.php | |||
@@ -45,7 +45,7 @@ function changePasswordSQL($user_realm, $newPassword) { | |||
45 | } | 45 | } |
46 | } | 46 | } |
47 | $con = pg_connect(""); | 47 | $con = pg_connect(""); |
48 | $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( $1 || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm)); | 48 | $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( convert_to($1, 'UTF8') || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm)); |
49 | if (!$result) { | 49 | if (!$result) { |
50 | $message[] = "Error when accessing database"; | 50 | $message[] = "Error when accessing database"; |
51 | return false; | 51 | return false; |