\n";
$sudopassword .= $e;
if ($status eq 'unconfirmed') {
- my $data = join(':', 'confirm-new-password', $uuid, $hosts, $crypted);
+ my $data = join(':', 'confirm-new-password', 'sudo', $data{'uid'}, $uuid, $hosts, $crypted);
my $hmac = hmac_sha1_hex( $data, $hmac_key);
- $confirmstring .= "confirm sudopassword $uuid $hosts $hmac\n";
+ $confirmstring .= CGI::escapeHTML("confirm sudopassword $uuid $hosts $hmac\n");
}
};
if ($confirmstring ne '') {
@@ -165,10 +175,21 @@ if (!($query->param('doupdate'))) {
}
close F;
} else {
+ my @ldapinfo_for_pwcheck;
+ for my $a (qw{cn sn md gecos uid}) {
+ for my $e (@{$entry->{$a}}) {
+ push @ldapinfo_for_pwcheck, $e;
+ }
+ }
+
+
# Actually update stuff...
my ($newpassword, $newstaddress);
- &Util::FixParams($query);
+ # Good god, why would we want to do that here? it breaks password setting
+ # etc, and it doesn't prevent people from setting eveil stuff in ldap
+ # directly.
+ # &Util::FixParams($query);
if (($query->param('labeleduri')) &&
($query->param('labeleduri') !~ /^https?:\/\//i)) {
@@ -179,7 +200,13 @@ if (!($query->param('doupdate'))) {
if ($query->param('newpass') ne $query->param('newpassvrfy')) {
# passwords don't match...
&Util::HTMLError("The passwords you specified do not match. Please go back and try again.");
- }
+ }
+
+ my ($r, $msg) = &Util::checkPasswordQuality($query->param('newpass'), undef, [@ldapinfo_for_pwcheck]);
+ if ($r) {
+ &Util::HTMLError("Password check failed: $msg. Please go back and try again.");
+ }
+
# create a md5 crypted password
$newpassword = '{crypt}'.crypt($query->param('newpass'), &Util::CreateCryptSalt(1));
@@ -237,13 +264,23 @@ if (!($query->param('doupdate'))) {
my $newsudo;
my $newsudo_hosts;
if ($query->param('newsudopass') && $query->param('newsudopassvrfy')) {
- if ($query->param('newsudopass') ne $query->param('newsudopassvrfy')) {
- &Util::HTMLError("The sudo passwords you specified do not match. Please go back and try again.");
- }
my $host = $query->param('newsudopass-host');
if ($host =~ /[^a-z0-9.-]/ and $host ne '*') {
&Util::HTMLError("The sudo host has weird characters '$host'.");
}
+
+ if ($query->param('newsudopass') ne $query->param('newsudopassvrfy')) {
+ &Util::HTMLError("The sudo passwords you specified do not match. Please go back and try again.");
+ }
+
+ my $ldappass = $password;
+ $ldappass = $query->param('newpass') if $query->param('newpass');
+ push @ldapinfo_for_pwcheck, $host, split(/\./, $host);
+ my ($r, $msg) = &Util::checkPasswordQuality($query->param('newsudopass'), $ldappass, [@ldapinfo_for_pwcheck]);
+ if ($r) {
+ &Util::HTMLError("Password check failed for new sudo pass: $msg. Please go back and try again.");
+ }
+
# create a md5 crypted password
my $newsudopassword = crypt($query->param('newsudopass'), &Util::CreateCryptSalt(1));
my $ug = new Data::UUID;