Implemented combined authentication Kerberos/File
SVN revision: 2370
This commit is contained in:
@@ -10,7 +10,7 @@ cl /O2 /Ob2 /Oi /Ot /I "\mxml" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SEC
|
||||
cl /O2 /Ob2 /Oi /Ot /I "\mxml" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SECURE_NO_DEPRECATE" /D "_CRT_NONSTDC_NO_DEPRECATE" /D "_VC80_UPGRADE=0x0710" /D "_MBCS" /GF /FD /EHsc /MT /Gy /Fo".\NT\Release/" /W3 /nologo /c /Zi /TC \mxml\mxml.c
|
||||
cl /O2 /Ob2 /Oi /Ot /I "\mxml" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SECURE_NO_DEPRECATE" /D "_CRT_NONSTDC_NO_DEPRECATE" /D "_VC80_UPGRADE=0x0710" /D "_MBCS" /GF /FD /EHsc /MT /Gy /Fo".\NT\Release/" /W3 /nologo /c /Zi /TC \mxml\strlcpy.c
|
||||
|
||||
link "/OUT:.\NT\Release/elogd.exe" /INCREMENTAL:NO /DEBUG /SUBSYSTEM:CONSOLE /STACK:4000000 /MACHINE:X86 wsock32.lib advapi32.lib ".\NT\Release\elogd.obj" ".\NT\Release\mxml.obj" ".\NT\Release\regex.obj" ".\NT\Release\crypt.obj" ".\NT\Release\strlcpy.obj" "\openssl\lib\vc\ssleay32MD.lib" "\openssl\lib\vc\libeay32MD.lib"
|
||||
link "/OUT:.\NT\Release/elogd.exe" /INCREMENTAL:NO /DEBUG /SUBSYSTEM:CONSOLE /STACK:4000000 /MACHINE:X86 wsock32.lib advapi32.lib ".\NT\Release\elogd.obj" ".\NT\Release\mxml.obj" ".\NT\Release\regex.obj" ".\NT\Release\crypt.obj" ".\NT\Release\strlcpy.obj" "\openssl\lib\vc\ssleay32MD.lib" "\openssl\lib\vc\libeay32MD.lib" "\krb5\lib\i386\krb5_32.lib"
|
||||
|
||||
cl /O2 /Ob2 /Oi /Ot /I "\mxml" /I "\openssl\include" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SECURE_NO_DEPRECATE" /D "_CRT_NONSTDC_NO_DEPRECATE" /D "_VC80_UPGRADE=0x0710" /D "_MBCS" /D "HAVE_SSL" /GF /FD /EHsc /MT /Gy /Fo".\NT\Release/" /W3 /nologo /c /Zi /TC src\elog.c
|
||||
link "/OUT:.\NT\Release/elog.exe" /INCREMENTAL:NO /DEBUG /SUBSYSTEM:CONSOLE /MACHINE:X86 wsock32.lib ".\NT\Release\elog.obj" ".\NT\Release\crypt.obj" "\openssl\lib\vc\ssleay32MD.lib" "\openssl\lib\vc\libeay32MD.lib"
|
||||
|
||||
+22
-9
@@ -72,7 +72,8 @@ int auth_verify_password_krb5(LOGBOOK *lbs, const char *user, const char *passwo
|
||||
krb5_get_init_creds_opt_free(context, &options);
|
||||
krb5_free_context(context);
|
||||
|
||||
if (error && error != KRB5KDC_ERR_PREAUTH_FAILED) {
|
||||
if (error && error != KRB5KDC_ERR_PREAUTH_FAILED &&
|
||||
error != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) {
|
||||
strlcpy(error_str, "<b>Kerberos error:</b><br>", error_size);
|
||||
strlcat(error_str, krb5_get_error_message(context, error), error_size);
|
||||
strlcat(error_str, ".<br>Please check your Kerberos configuration.", error_size);
|
||||
@@ -186,7 +187,7 @@ int auth_verify_password_file(LOGBOOK *lbs, const char *user, const char *passwo
|
||||
|
||||
int auth_change_password_file(LOGBOOK *lbs, const char *user, const char *old_pwd, const char *new_pwd, char *error_str, int error_size)
|
||||
{
|
||||
char str[256], file_name[256];
|
||||
char str[256], file_name[256], enc_pwd[256];
|
||||
PMXML_NODE node;
|
||||
|
||||
if (lbs == NULL)
|
||||
@@ -200,7 +201,8 @@ int auth_change_password_file(LOGBOOK *lbs, const char *user, const char *old_pw
|
||||
if (node == NULL)
|
||||
return FALSE;
|
||||
|
||||
mxml_replace_node_value(node, new_pwd);
|
||||
do_crypt(new_pwd, enc_pwd, sizeof(enc_pwd));
|
||||
mxml_replace_node_value(node, enc_pwd);
|
||||
|
||||
if (get_password_file(lbs, file_name, sizeof(file_name)))
|
||||
mxml_write_tree(file_name, lbs->pwd_xml_tree);
|
||||
@@ -213,29 +215,40 @@ int auth_change_password_file(LOGBOOK *lbs, const char *user, const char *old_pw
|
||||
int auth_verify_password(LOGBOOK *lbs, const char *user, const char *password, char *error_str, int error_size)
|
||||
{
|
||||
char str[256];
|
||||
BOOL verified;
|
||||
|
||||
error_str[0] = 0;
|
||||
verified = FALSE;
|
||||
getcfg(lbs->name, "Authentication", str, sizeof(str));
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
if (stricmp(str, "Kerberos") == 0)
|
||||
return auth_verify_password_krb5(lbs, user, password, error_str, error_size);
|
||||
if (stristr(str, "Kerberos"))
|
||||
verified = auth_verify_password_krb5(lbs, user, password, error_str, error_size);
|
||||
if (verified)
|
||||
return TRUE;
|
||||
#endif
|
||||
|
||||
return auth_verify_password_file(lbs, user, password, error_str, error_size);
|
||||
if (str[0] == 0 || stristr(str, "File"))
|
||||
verified = auth_verify_password_file(lbs, user, password, error_str, error_size);
|
||||
|
||||
return verified;
|
||||
}
|
||||
|
||||
int auth_change_password(LOGBOOK *lbs, const char *user, const char *old_pwd, const char *new_pwd, char *error_str, int error_size)
|
||||
{
|
||||
int status;
|
||||
char str[256];
|
||||
|
||||
error_str[0] = 0;
|
||||
getcfg(lbs->name, "Authentication", str, sizeof(str));
|
||||
|
||||
if (str[0] == 0 || stristr(str, "File"))
|
||||
status = auth_change_password_file(lbs, user, old_pwd, new_pwd, error_str, error_size);
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
if (stricmp(str, "Kerberos") == 0)
|
||||
return auth_change_password_krb5(lbs, user, old_pwd, new_pwd, error_str, error_size);
|
||||
if (stristr(str, "Kerberos"))
|
||||
status = auth_change_password_krb5(lbs, user, old_pwd, new_pwd, error_str, error_size);
|
||||
#endif
|
||||
|
||||
return auth_change_password_file(lbs, user, old_pwd, new_pwd, error_str, error_size);
|
||||
return status;
|
||||
}
|
||||
|
||||
+16
-28
@@ -8514,22 +8514,12 @@ void show_change_pwd_page(LOGBOOK * lbs)
|
||||
|
||||
old_pwd[0] = new_pwd[0] = new_pwd2[0] = 0;
|
||||
|
||||
if (stricmp(auth, "Kerberos") == 0) {
|
||||
if (isparam("oldpwd"))
|
||||
strlcpy(old_pwd, getparam("oldpwd"), sizeof(old_pwd));
|
||||
if (isparam("newpwd"))
|
||||
strlcpy(new_pwd, getparam("newpwd"), sizeof(new_pwd));
|
||||
if (isparam("newpwd2"))
|
||||
strlcpy(new_pwd2, getparam("newpwd2"), sizeof(new_pwd2));
|
||||
|
||||
} else {
|
||||
if (isparam("oldpwd"))
|
||||
do_crypt(getparam("oldpwd"), old_pwd, sizeof(old_pwd));
|
||||
if (isparam("newpwd"))
|
||||
do_crypt(getparam("newpwd"), new_pwd, sizeof(new_pwd));
|
||||
if (isparam("newpwd2"))
|
||||
do_crypt(getparam("newpwd2"), new_pwd2, sizeof(new_pwd2));
|
||||
}
|
||||
if (isparam("oldpwd"))
|
||||
strlcpy(old_pwd, getparam("oldpwd"), sizeof(old_pwd));
|
||||
if (isparam("newpwd"))
|
||||
strlcpy(new_pwd, getparam("newpwd"), sizeof(new_pwd));
|
||||
if (isparam("newpwd2"))
|
||||
strlcpy(new_pwd2, getparam("newpwd2"), sizeof(new_pwd2));
|
||||
|
||||
strlcpy(user, isparam("unm") ? getparam("unm") : "", sizeof(user));
|
||||
if (isparam("config")) {
|
||||
@@ -8549,9 +8539,9 @@ void show_change_pwd_page(LOGBOOK * lbs)
|
||||
}
|
||||
|
||||
if (old_pwd[0] || new_pwd[0]) {
|
||||
if (user[0] && get_user_line(lbs, user, act_pwd, full_user, NULL, NULL, NULL, NULL)) {
|
||||
if (user[0]) {
|
||||
|
||||
if (stricmp(auth, "Kerberos") == 0) {
|
||||
if (stristr(auth, "Kerberos")) {
|
||||
if (strcmp(new_pwd, new_pwd2) != 0)
|
||||
wrong_pwd = 2;
|
||||
} else {
|
||||
@@ -8560,7 +8550,7 @@ void show_change_pwd_page(LOGBOOK * lbs)
|
||||
&& stricmp(getparam("unm"), user) != 0)
|
||||
wrong_pwd = 0;
|
||||
else {
|
||||
if (strcmp(old_pwd, act_pwd) != 0)
|
||||
if (!auth_verify_password(lbs, user, old_pwd, str, sizeof(str)))
|
||||
wrong_pwd = 1;
|
||||
}
|
||||
|
||||
@@ -12700,7 +12690,7 @@ int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
|
||||
|
||||
/* check for blank password if not external authentication*/
|
||||
getcfg(lbs->name, "Authentication", auth, sizeof(auth));
|
||||
if (stricmp(auth, "Kerberos") != 0) {
|
||||
if (stristr(auth, "Kerberos") == NULL) {
|
||||
if (isparam("newpwd")) {
|
||||
strlcpy(str, getparam("newpwd"), sizeof(str));
|
||||
if (str[0] == 0) {
|
||||
@@ -12720,7 +12710,7 @@ int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
|
||||
self_register = atoi(str);
|
||||
|
||||
new_pwd[0] = 0;
|
||||
if (stricmp(auth, "Kerberos") != 0) {
|
||||
if (stristr(auth, "Kerberos") == NULL) {
|
||||
/* check if passwords match */
|
||||
if (isparam("newpwd") && isparam("newpwd2")) {
|
||||
do_crypt(getparam("newpwd"), new_pwd, sizeof(new_pwd));
|
||||
@@ -13424,7 +13414,7 @@ void show_forgot_pwd_page(LOGBOOK * lbs)
|
||||
{
|
||||
int i;
|
||||
char str[1000], str2[1000], login_name[256], full_name[256], user_email[256], name[256], pwd[256],
|
||||
redir[256], pwd_encrypted[256], smtp_host[256], mail_from[256], mail_from_name[256], subject[256],
|
||||
redir[256], smtp_host[256], mail_from[256], mail_from_name[256], subject[256],
|
||||
mail_text[1000], url[1000], error[1000];
|
||||
|
||||
if (isparam("login_name")) {
|
||||
@@ -13447,11 +13437,9 @@ void show_forgot_pwd_page(LOGBOOK * lbs)
|
||||
}
|
||||
|
||||
/* create random password */
|
||||
for (i = 0; i < 8; i++)
|
||||
str[i] = 'A' + (rand() % 25);
|
||||
str[i] = 0;
|
||||
base64_encode((unsigned char *) str, (unsigned char *) pwd, sizeof(pwd));
|
||||
do_crypt(pwd, pwd_encrypted, sizeof(pwd_encrypted));
|
||||
for (i = 0; i < 16; i++)
|
||||
pwd[i] = 'A' + (rand() % 25);
|
||||
pwd[i] = 0;
|
||||
|
||||
/* send email with new password */
|
||||
if (!getcfg("global", "SMTP host", smtp_host, sizeof(smtp_host))) {
|
||||
@@ -13515,7 +13503,7 @@ void show_forgot_pwd_page(LOGBOOK * lbs)
|
||||
|
||||
if (sendmail(lbs, smtp_host, mail_from, user_email, mail_text, error, sizeof(error)) != -1) {
|
||||
/* save new password */
|
||||
auth_change_password(lbs, login_name, NULL, pwd_encrypted, str, sizeof(str));
|
||||
auth_change_password(lbs, login_name, NULL, pwd, str, sizeof(str));
|
||||
|
||||
/* show notification web page */
|
||||
show_standard_header(lbs, FALSE, loc("ELOG password recovery"), "", FALSE, NULL, NULL);
|
||||
|
||||
@@ -286,6 +286,7 @@ void show_elog_entry(LOGBOOK * lbs, char *dec_path, char *command);
|
||||
char *loc(char *orig);
|
||||
void strencode(char *text);
|
||||
void strencode_nouml(char *text);
|
||||
char *stristr(const char *str, const char *pattern);
|
||||
int scan_attributes(char *logbook);
|
||||
int is_inline_attachment(char *encoding, int message_id, char *text, int i, char *att);
|
||||
int setgroup(char *str);
|
||||
|
||||
Reference in New Issue
Block a user