6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
10/16/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#1223] hash generation change to smbldap driver
*
Your Email Address
*
Spam protection
Enter the letters below:
. .__ .__ __.. . | [ __[__)(__ |\/| |___[_./| \.__)| |
Comment
> I discovered quickly as I was looking at the php code that > > the NT and Lan Manager hashes were being generated by an exec() call to a > > program that took the password on the commandline and spit out the hashes > > with a colon in between them. This caused some trouble for me because > > there was text being read in that was being passed to the external program > > without escaping shell characters before being called. This had the effect > > of when a character, such as a single quote, was used in the password, the > > attempt to change the password returned errors...I didn't try a backtick, > > but I'm sure that could be a rather fun experiment for an enterprising > > individual. Rather than escape the text, I thought incorporating the > > hashing function inside the horde code was better (and likely much more > > portable). > > > > So, I started to look to see what I could do about it. lo and behold there > > was a pear module Crypt_CHAP that would generate the hashes for me. So, > > I installed it and changed a couple of lines of code in the > > lib/Drivers/smbldap.php code segment. then I realized that the > > sambaPwdLastSet and sambaPwdMustChange attributes also weren't getting > > set. So I added that code. > > > > Since I had to add a new pear module, I shamelessly stole the > > accounts/test.php code and modified it to be the passwd/test.php to check > > for the PEAR module Crypt_CHAP and its php prerequisites mhash and mcrypt. > > > > Features that are modified/added by the attached patches are: > > - Crypt_CHAP replaces external mkntpwd program to generate LM and NT > > hashes > > - added config attributes pw_set_attribute, pw_expire_attribute, and > > pw_expire_time to backends.php.dist > > - pw_set_attribute (sambaPwdLastSet) timestamp is updated when password > > changed > > - pw_expire_attribute (sambaPwdMustChange) timestamp is generated from > > current timestamp + pw_expire_time attribute * 86400 > > - added test.php to test for additional modules needed
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers