diff options
Diffstat (limited to 'perl-install/authentication.pm')
| -rw-r--r-- | perl-install/authentication.pm | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm index 714e815e9..55491edfb 100644 --- a/perl-install/authentication.pm +++ b/perl-install/authentication.pm @@ -1,4 +1,4 @@ -package authentication; # $Id: authentication.pm 269894 2010-06-05 20:50:23Z tv $ +package authentication; use common; @@ -47,7 +47,7 @@ my %kind2nsswitch = ( winbind => ['winbind'], ); -my $lib = (arch() =~ /x86_64/ ? 'lib64' : 'lib'); +my $lib = get_libdir(); my %kind2packages = ( local => [], @@ -165,7 +165,7 @@ my %level = ( {}, { label => N("LDAP Server"), val => \$authentication->{LDAP_server}, disabled => sub { $authentication->{nsskrb} eq "1" } }, { label => N("Base dn"), val => \$authentication->{LDAPDOMAIN} , disabled => sub { $authentication->{nsskrb} eq "1" } }, - { val => N("Fecth base Dn "), type => 'button' , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 }, disabled => sub { $authentication->{nsskrb} eq "1" } }, + { val => N("Fetch base DN "), type => 'button' , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 }, disabled => sub { $authentication->{nsskrb} eq "1" } }, {}, { text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool',, disabled => sub { $authentication->{nsskrb} eq "1" } }, { val => N("Download CA Certificate "), type => 'button' , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 } }, @@ -272,6 +272,8 @@ sub get() { my $authentication = { blowfish => to_bool($system_auth =~ /\$2a\$/), md5 => to_bool($system_auth =~ /md5/), + sha256 => to_bool($system_auth =~ /sha256/), + sha512 => to_bool($system_auth =~ /sha512/), shadow => to_bool($system_auth =~ /shadow/), }; @@ -649,7 +651,7 @@ sub read_ldap_conf() { my %conf = map { s/^\s*#.*//; if_(_after_read_ldap_line($_) =~ /(\S+)\s+(.*)/, $1 => $2); - } cat_("$::prefix/etc/ldap.conf"); + } cat_("$::prefix/etc/nslcd.conf"); \%conf; } @@ -669,7 +671,7 @@ sub update_ldap_conf { $_ .= _pre_write_ldap_line("$cmd $val\n"); } } - } "$::prefix/etc/ldap.conf"; + } "$::prefix/etc/nslcd.conf"; } sub configure_krb5_for_AD { @@ -810,9 +812,23 @@ sub user_crypted_passwd { require utf8; utf8::encode($u->{password}); #- we don't want perl to do "smart" things in crypt() - crypt($u->{password}, - !$authentication || $authentication->{blowfish} ? '$2a$08$' . salt(60) : - $authentication->{md5} ? '$1$' . salt(8) : salt(2)); + # Default to sha512 + $authentication = { sha512 => 1 } unless $authentication; + + my $salt; + if ($authentication->{blowfish}) { + $salt = '$2a$08$' . salt(60); + } elsif ($authentication->{md5}) { + $salt = '$1$' . salt(8); + } elsif ($authentication->{sha256}) { + $salt = '$5$' . salt(32); + } elsif ($authentication->{sha512}) { + $salt = '$6$' . salt(64); + } else { + $salt = salt(2); + } + + crypt($u->{password}, $salt); } else { $u->{pw} || ''; } @@ -897,23 +913,25 @@ sub fetch_dn { sub configure_nss_ldap { my ($authentication) = @_; update_ldap_conf( - host => $authentication->{LDAP_server}, + uri => $authentication->{cafile} eq '1' ? "ldaps://" . $authentication->{LDAP_server} . "/" : "ldap://" . $authentication->{LDAP_server} . "/", base => $authentication->{LDAPDOMAIN}, ); if ($authentication->{nssgrp} eq '1') { update_ldap_conf( - nss_base_shadow => $authentication->{nss_shadow} . "?sub", - nss_base_passwd => $authentication->{nss_pwd} . "?sub", - nss_base_group => $authentication->{nss_grp} . "?sub", + 'base shadow' => $authentication->{nss_shadow}, + 'base passwd' => $authentication->{nss_pwd}, + 'base group' => $authentication->{nss_grp}, + scope => "sub", ); } else { update_ldap_conf( - nss_base_shadow => $authentication->{LDAPDOMAIN} . "?sub", - nss_base_passwd => $authentication->{LDAPDOMAIN} . "?sub", - nss_base_group => $authentication->{LDAPDOMAIN} . "?sub", + 'base shadow' => $authentication->{LDAPDOMAIN}, + 'base passwd' => $authentication->{LDAPDOMAIN}, + 'base group' => $authentication->{LDAPDOMAIN}, + scope => "sub", ); } if ($authentication->{anonymous} eq '1') { @@ -926,7 +944,7 @@ sub configure_nss_ldap { if ($authentication->{cafile} eq '1') { update_ldap_conf( ssl => "on", - tls_checkpeer => "yes", + tls_reqcert => "allow", tls_cacertfile => $authentication->{file}, ); } |