diff --git a/ChangeLog b/ChangeLog index 597d2403b..86d942303 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2012-01-26 Ludovic Marcotte + + * SoObjects/SOGo/LDAPSource.{h,m} - now honor + userPasswordAlgorithm when changing the password with + no password-policy. It'll now be encrypted per your + preference. This fixes #755 + 2012-01-25 Ludovic Marcotte * SOPE/GDLContentStore/GCSFolder.m - we now use the proper diff --git a/Documentation/SOGo Installation Guide.odt b/Documentation/SOGo Installation Guide.odt index 472c301dc..fa84f3def 100644 Binary files a/Documentation/SOGo Installation Guide.odt and b/Documentation/SOGo Installation Guide.odt differ diff --git a/SoObjects/SOGo/LDAPSource.h b/SoObjects/SOGo/LDAPSource.h index 0a302f0f6..82755953a 100644 --- a/SoObjects/SOGo/LDAPSource.h +++ b/SoObjects/SOGo/LDAPSource.h @@ -50,6 +50,7 @@ NSString *encryption; NSString *_filter; NSString *_scope; + NSString *_userPasswordAlgorithm; NSString *baseDN; NSString *IDField; // the first part of a user DN diff --git a/SoObjects/SOGo/LDAPSource.m b/SoObjects/SOGo/LDAPSource.m index b14362515..005574437 100644 --- a/SoObjects/SOGo/LDAPSource.m +++ b/SoObjects/SOGo/LDAPSource.m @@ -176,6 +176,7 @@ static NSArray *commonSearchFields; bindFields = nil; _scope = @"sub"; _filter = nil; + _userPasswordAlgorithm = nil; searchAttributes = nil; passwordPolicy = NO; @@ -212,6 +213,7 @@ static NSArray *commonSearchFields; [IMAPLoginField release]; [bindFields release]; [_filter release]; + [_userPasswordAlgorithm release]; [sourceID release]; [modulesConstraints release]; [_scope release]; @@ -285,10 +287,14 @@ static NSArray *commonSearchFields; ASSIGN(modulesConstraints, [udSource objectForKey: @"ModulesConstraints"]); ASSIGN(_filter, [udSource objectForKey: @"filter"]); + ASSIGN(_userPasswordAlgorithm, [udSource objectForKey: @"userPasswordAlgorithm"]); ASSIGN(_scope, ([udSource objectForKey: @"scope"] ? [udSource objectForKey: @"scope"] : (id)@"sub")); + if (!_userPasswordAlgorithm) + _userPasswordAlgorithm = @"none"; + if ([udSource objectForKey: @"passwordPolicy"]) passwordPolicy = [[udSource objectForKey: @"passwordPolicy"] boolValue]; @@ -598,6 +604,36 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField return didBind; } +/** + * Encrypts a string using this source password algorithm. + * @param plainPassword the unencrypted password. + * @return a new encrypted string. + * @see _isPassword:equalTo: + */ +- (NSString *) _encryptPassword: (NSString *) plainPassword +{ + if ([_userPasswordAlgorithm caseInsensitiveCompare: @"none"] == NSOrderedSame) + { + return plainPassword; + } + else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"crypt"] == NSOrderedSame) + { + return [NSString stringWithFormat: @"{CRYPT}%@", [plainPassword asCryptStringUsingSalt: [plainPassword asMD5String]]]; + } + else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"md5"] == NSOrderedSame) + { + return [NSString stringWithFormat: @"{MD5}%@", [plainPassword asMD5String]]; + } + else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"sha"] == NSOrderedSame) + { + return [NSString stringWithFormat: @"{SHA}%@", [plainPassword asSHA1String]]; + } + + [self errorWithFormat: @"Unsupported user-password algorithm: %@", _userPasswordAlgorithm]; + + return plainPassword; +} + // // // @@ -638,7 +674,7 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField NSArray *changes; attr = [[NGLdapAttribute alloc] initWithAttributeName: @"userPassword"]; - [attr addStringValue: newPassword]; + [attr addStringValue: [self _encryptPassword: newPassword]]; mod = [NGLdapModification replaceModification: attr]; changes = [NSArray arrayWithObject: mod];