See ChangeLog - also updated the doc

Monotone-Parent: 05f7c7299403692e01480ce30ae2a612e6172f84 Monotone-Revision: 64559b055668abe30f492544f049160b05cf7ab9 Monotone-Author: ludovic@Sophos.ca Monotone-Date: 2012-01-26T16:22:28
2026-04-06 22:08:51 +00:00 · 2012-01-26 16:22:28 +00:00
parent aefadd691d
commit 2d03fb1055
4 changed files with 45 additions and 1 deletions
--- a/7
+++ b/7
@@ -1,3 +1,10 @@
+2012-01-26 Ludovic Marcotte  <lmarcotte@inverse.ca>
+
+    * SoObjects/SOGo/LDAPSource.{h,m} - now honor
+	userPasswordAlgorithm when changing the password with
+	no password-policy. It'll now be encrypted per your
+	preference. This fixes #755
+
 2012-01-25  Ludovic Marcotte  <lmarcotte@inverse.ca>

 	* SOPE/GDLContentStore/GCSFolder.m - we now use the proper
--- a/Documentation/SOGo
+++ b/Documentation/SOGo
--- a/SoObjects/SOGo/LDAPSource.h
+++ b/SoObjects/SOGo/LDAPSource.h
@@ -50,6 +50,7 @@
  NSString *encryption;
  NSString *_filter;
  NSString *_scope;
+  NSString *_userPasswordAlgorithm;

  NSString *baseDN;
  NSString *IDField;     // the first part of a user DN
--- a/SoObjects/SOGo/LDAPSource.m
+++ b/SoObjects/SOGo/LDAPSource.m
@@ -176,6 +176,7 @@ static NSArray *commonSearchFields;
      bindFields = nil;
      _scope = @"sub";
      _filter = nil;
+	  _userPasswordAlgorithm = nil;

      searchAttributes = nil;
      passwordPolicy = NO;
@@ -212,6 +213,7 @@ static NSArray *commonSearchFields;
  [IMAPLoginField release];
  [bindFields release];
  [_filter release];
+  [_userPasswordAlgorithm release];
  [sourceID release];
  [modulesConstraints release];
  [_scope release];
@@ -285,10 +287,14 @@ static NSArray *commonSearchFields;
      ASSIGN(modulesConstraints,
 	     [udSource objectForKey: @"ModulesConstraints"]);
      ASSIGN(_filter, [udSource objectForKey: @"filter"]);
+      ASSIGN(_userPasswordAlgorithm, [udSource objectForKey: @"userPasswordAlgorithm"]);
      ASSIGN(_scope, ([udSource objectForKey: @"scope"]
                       ? [udSource objectForKey: @"scope"]
                       : (id)@"sub"));

+      if (!_userPasswordAlgorithm)
+	_userPasswordAlgorithm = @"none";
+
      if ([udSource objectForKey: @"passwordPolicy"])
 	passwordPolicy = [[udSource objectForKey: @"passwordPolicy"] boolValue];

@@ -598,6 +604,36 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField
  return didBind;
 }

+/**
+ * Encrypts a string using this source password algorithm.
+ * @param plainPassword the unencrypted password.
+ * @return a new encrypted string.
+ * @see _isPassword:equalTo:
+ */
+- (NSString *) _encryptPassword: (NSString *) plainPassword
+{
+  if ([_userPasswordAlgorithm caseInsensitiveCompare: @"none"] == NSOrderedSame)
+    {
+      return plainPassword;
+    }
+  else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"crypt"] == NSOrderedSame)
+    {
+      return [NSString stringWithFormat: @"{CRYPT}%@", [plainPassword asCryptStringUsingSalt: [plainPassword asMD5String]]];
+    }
+  else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"md5"] == NSOrderedSame)
+    {
+      return [NSString stringWithFormat: @"{MD5}%@", [plainPassword asMD5String]];
+    }
+  else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"sha"] == NSOrderedSame)
+    {
+      return [NSString stringWithFormat: @"{SHA}%@", [plainPassword asSHA1String]];
+    }
+  
+  [self errorWithFormat: @"Unsupported user-password algorithm: %@", _userPasswordAlgorithm];
+  
+  return plainPassword;
+}
+
 //
 //
 //
@@ -638,7 +674,7 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField
 		    NSArray *changes;
 		    
 		    attr = [[NGLdapAttribute alloc] initWithAttributeName: @"userPassword"];
-		    [attr addStringValue: newPassword];
+		    [attr addStringValue: [self _encryptPassword: newPassword]];
 		    
 		    mod = [NGLdapModification replaceModification: attr];
 		    changes = [NSArray arrayWithObject: mod];