-userdir-ldap-cgi (0.3.38~20130906+1) UNRELEASED; urgency=low
+userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low
[ Moritz Naumann ]
* Fix XSS bug in search.cgi
- -- Martin Zobel-Helas <zobel@debian.org> Fri, 06 Sep 2013 19:12:36 +0200
+ [ Luca Filipozzi ]
+ * rename voipPassword to rtcPassword
+ * store as HA1 hash rather than as plaintext
+
+ -- Luca Filipozzi <lfilipoz@emyr.net> Thu, 16 Jan 2014 23:22:03 +0000
userdir-ldap-cgi (0.3.37) unstable; urgency=low
</td></tr>
<tr><td class=right>
- <b>Change voip password:</b><br><font size="-1">(re-enter to verify)</font>
+ <b>Change rtc password:</b><br><font size="-1">(re-enter to verify)</font>
</td><td>
- <input size=30 name=newvoippass type=password><br>
- <input size=30 name=newvoippassvrfy type=password>
+ <input size=30 name=newrtcpass type=password><br>
+ <input size=30 name=newrtcpassvrfy type=password>
</td></tr>
<tr><td class="left" colspan=2>
# Actually update stuff...
- my ($newpassword, $newstaddress, $newwebpassword, $newvoippassword);
+ my ($newpassword, $newstaddress, $newwebpassword, $newrtcpassword);
# Good god, why would we want to do that here? it breaks password setting
# etc, and it doesn't prevent people from setting eveil stuff in ldap
&Util::LDAPUpdate($ldap, $editdn, 'webPassword', $newwebpassword);
}
- if ($query->param('newvoippass') && $query->param('newvoippassvrfy')) {
- if ($query->param('newvoippass') ne $query->param('newvoippassvrfy')) {
+ if ($query->param('newrtcpass') && $query->param('newrtcpassvrfy')) {
+ if ($query->param('newrtcpass') ne $query->param('newrtcpassvrfy')) {
# passwords don't match...
- &Util::HTMLError("The voip-passwords you specified do not match. Please go back and try again.");
+ &Util::HTMLError("The rtc-passwords you specified do not match. Please go back and try again.");
}
- my ($r, $msg) = &Util::checkPasswordQuality($query->param('newvoippass'), undef, [@ldapinfo_for_pwcheck]);
+ my ($r, $msg) = &Util::checkPasswordQuality($query->param('newrtcpass'), undef, [@ldapinfo_for_pwcheck]);
if ($r) {
- &Util::HTMLError("Password check failed for voip-password: $msg. Please go back and try again.");
+ &Util::HTMLError("Password check failed for rtc-password: $msg. Please go back and try again.");
}
# create a md5 crypted password
- $newvoippassword = &md5_hex( ldap_explode_dn($editid)->[0]{UID} . '@debian.org:sip.debian.org:' . $query->param('newvoippass') );
+ $newrtcpassword = &md5_hex( ldap_explode_dn($editid)->[0]{UID} . '@debian.org:rtc.debian.org:' . $query->param('newrtcpass') );
- &Util::LDAPUpdate($ldap, $editdn, 'voipPassword', $newvoippassword);
+ &Util::LDAPUpdate($ldap, $editdn, 'rtcPassword', $newrtcpassword);
}
$newstaddress = $query->param('staddress');