projects
/
mirror
/
userdir-ldap-cgi.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use the correct cert when connecting to the LDAP server
[mirror/userdir-ldap-cgi.git]
/
Util.pm
diff --git
a/Util.pm
b/Util.pm
index
2b230ab
..
92ea455
100644
(file)
--- a/
Util.pm
+++ b/
Util.pm
@@
-33,27
+33,26
@@
sub CreateKey {
}
sub CreateCryptSalt {
}
sub CreateCryptSalt {
+ # CreateCryptSalt(type = 0, skip_header = 0)
# this can create either a DES type salt or a MD5 salt
# this can create either a DES type salt or a MD5 salt
- # 0 for DES, 1 for MD5 salt and 2 for apache MD5 salt
- my $type = shift;
+ # 0 for DES, 1 for MD5 salt
+ # if skip_header is 0, does not add $1$ for md5 salts.
+ my $md5 = shift; # do we want a MD5 salt?
+ my $no_crypttype_header = shift;
my $validstr = './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
my @valid = split(//,$validstr);
my ($in, $out);
my $validstr = './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
my @valid = split(//,$validstr);
my ($in, $out);
-
- my $cryptsaltlen = 2;
- if (($type == 1)||($type == 2)) {
- $cryptsaltlen = 8;
- }
-
+
+ my $cryptsaltlen = ($md5 ? 8 : 2);
+
open (F, "</dev/urandom") || die &HTMLError("No /dev/urandom found!");
foreach (1..$cryptsaltlen) {
read(F, $in, 1);
$out .= $valid[ord($in) % ($#valid + 1)];
}
close F;
open (F, "</dev/urandom") || die &HTMLError("No /dev/urandom found!");
foreach (1..$cryptsaltlen) {
read(F, $in, 1);
$out .= $valid[ord($in) % ($#valid + 1)];
}
close F;
- my $md5 = $out;
- if ($type == 1) { $md5 = "\$1\$$out\$"; }
- return $md5
+ if ($md5 == 1 && !$no_crypttype_header) { $out = "\$1\$$out\$"; }
+ return $out
}
sub Encrypt {
}
sub Encrypt {
@@
-360,7
+359,9
@@
sub UpgradeConnection($) {
my ($ldap) = @_;
my $mesg = $ldap->start_tls(
verify => 'require',
my ($ldap) = @_;
my $mesg = $ldap->start_tls(
verify => 'require',
- cafile => '/etc/ssl/certs/spi-cacert-2008.pem'
+ # Cannot specify the server cert, must specify the CA cert
+ #cafile => '/etc/ssl/servicecerts/db.debian.org.crt'
+ cafile => '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem'
);
$mesg->sync;
if ($mesg->code != LDAP_SUCCESS) {
);
$mesg->sync;
if ($mesg->code != LDAP_SUCCESS) {