- Timestamp:
- 04/03/15 18:36:34 (9 years ago)
- Location:
- trunk/LATMOS-Accounts
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LATMOS-Accounts/bin/la-sql-crypt-passwd
r1309 r1314 24 24 'genkey' => \my $genkey, 25 25 'regen' => \my $regen, 26 'delkey' => \my $delkey, 26 27 'set=s' => \my $set, 27 28 'base=s' => \my $base, … … 47 48 Like --genkey but a new key will replace the current one if already present. 48 49 Stored password will be read and encrypted again using the new key. 50 51 =item --delkey 52 53 Delete the current peer key and all encrypted password stored. 49 54 50 55 =item --base base … … 81 86 ReadMode 0; 82 87 print "\n"; 88 printf "Trying to get current stored password (%d)\n", scalar(keys %encpasswd); 83 89 my $private_key = $labase->private_key($password) or 84 90 die "Cannot get private key\n"; … … 94 100 $clear_passwd{$_} = $clearp; 95 101 } else { 96 die "Cannot get password for $_, crypt module said :" . $rsa->errstr(); 102 die "Cannot get password for $_, crypt module said :" . $rsa->errstr() . 103 "Was the password correct ?\n"; 97 104 } 98 105 } … … 129 136 130 137 my $clearpasswd = get_clear_password(); 131 ReadMode('noecho'); 132 print "Enter password for new key: "; 133 my $password = ReadLine(0); 134 ReadMode 0; 135 print "\n"; 138 139 my $password; 140 while (1) { 141 ReadMode('noecho'); 142 print "Enter password for new key: "; 143 $password = ReadLine(0); 144 print "\n"; 145 print "Enter password again for new key: "; 146 my $password2 = ReadLine(0); 147 ReadMode 0; 148 print "\n"; 149 if ($password eq $password2) { 150 last; 151 } else { 152 print "Password mismatch, try again:\n"; 153 } 154 } 155 156 print "Generating new RSA key...\n"; 136 157 my ($public, $private) = $labase->generate_rsa_key($password); 137 158 … … 139 160 foreach (keys %$clearpasswd) { 140 161 my $obj = $labase->get_object('user', $_); 141 $obj->set _password($clearpasswd->{$_});162 $obj->setCryptPassword($clearpasswd->{$_}); 142 163 } 164 $labase->commit; 165 } elsif ($delkey) { 166 if (! $labase->get_global_value('rsa_public_key')) { 167 die "There is no key in this base, not deleting nothing\n"; 168 } 169 my %encpasswd = $labase->get_rsa_password; 170 print "Deleting password...\n"; 171 foreach my $user (keys %encpasswd) { 172 my $ouser = $labase->get_object('user', $user) or next; 173 $ouser->set_c_fields('encryptedPassword' => undef) or 174 die "Cannot delete encryptedPassword attribute for $user\n"; 175 } 176 $labase->set_global_value('rsa_public_key', undef); 177 $labase->set_global_value('rsa_private_key', undef); 143 178 $labase->commit; 144 179 } else { -
trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/objects.pm
r1309 r1314 522 522 my $asymencrypted = 0; 523 523 if ($res) { 524 525 if (my $serialize = $self->base->get_global_value('rsa_public_key')) { 526 my $public = Crypt::RSA::Key::Public->new; 527 $public = $public->deserialize(String => [ $serialize ]); 528 my $rsa = new Crypt::RSA ES => 'PKCS1v15'; 529 my $rsa_password = $rsa->encrypt ( 530 Message => $clear_pass, 531 Key => $public, 532 Armour => 1, 533 ) || die $rsa->errstr(); 534 if (!$self->_set_c_fields('encryptedPassword', $rsa_password)) { 535 $self->log(LA_ERR, 536 "Cannot set 'encryptedPassword' attribute for object %s/%s", 537 $self->type, $self->id, 538 ); 539 return; 540 } 541 $asymencrypted = 1; 524 if ($self->base->get_global_value('rsa_public_key')) { 525 $self->setCryptPassword($clear_pass) or return; 542 526 } 543 $self->base->log(LA_NOTICE,544 'Mot de passe changé pour %s', 545 $self->id546 );547 $self-> ReportChange('Password', 'Password stored using internal key');548 return 1;549 }527 } 528 529 $self->base->log(LA_NOTICE, 530 'Mot de passe changé pour %s', 531 $self->id 532 ); 533 return $res; 550 534 } else { 551 535 $self->log(LA_WARN, … … 553 537 } 554 538 } 539 540 =head2 setCryptPassword($clear_pass) 541 542 Store password encrypted using RSA encryption. 543 544 =cut 545 546 sub setCryptPassword { 547 my ($self, $clear_pass) = @_; 548 if (my $serialize = $self->base->get_global_value('rsa_public_key')) { 549 my $public = Crypt::RSA::Key::Public->new; 550 $public = $public->deserialize(String => [ $serialize ]); 551 my $rsa = new Crypt::RSA ES => 'PKCS1v15'; 552 my $rsa_password = $rsa->encrypt ( 553 Message => $clear_pass, 554 Key => $public, 555 Armour => 1, 556 ) || die $rsa->errstr(); 557 if (!$self->_set_c_fields('encryptedPassword', $rsa_password)) { 558 $self->log(LA_ERR, 559 "Cannot set 'encryptedPassword' attribute for object %s/%s", 560 $self->type, $self->id, 561 ); 562 return; 563 } 564 } 565 $self->ReportChange('Password', 'Password stored using internal key'); 566 return 1; 567 } 568 555 569 556 570 sub search {
Note: See TracChangeset
for help on using the changeset viewer.