Let password-methods-sasl prompt for a password when a password-hook is configured

Hi,

i'm using fusiondirectory together with MIT-Kerberos and SASL. I have sasl as default password algorith, so the password string in LDAP is correctly set to "{sasl}uid@REALM". I can automatically add or delete krb-principles with scripts as user-postcreate or post-remove; which works pretty nicely.

The Problem is that i cannot change the user's password, the password dialog never opens up: i think this is because function need_password() from class_password-methods-sasl.inc returns false. I assume this behaviour is intended since the function from the parent class returns true.

I have written a small patch, which checks if a password hook is configured. If so, we can assume, that we want this script to modify the SASL password. If no password hook is configured, we assume that some other program is managing the kerberos principals and return FALSE

--- include/password-methods/class_password-methods-sasl.inc.orig       2015-05-10 10:51:21.373532583 +0200
+++ include/password-methods/class_password-methods-sasl.inc    2015-05-09 13:00:15.161445520 +0200
@@ -31,6 +31,7 @@
   var $uid    = ""; // uid, or exop specified field value
   var $realm  = "";
   var $exop   = "";
+  var $usehook = false;
 
   /*!
    * \brief passwordMethodsasl Constructor
@@ -45,6 +46,8 @@
       return;
     }
 
+    if($config->get_cfg_value('passwordhook') != '') $this->usehook = true; 
+
     $this->realm  = trim($config->get_cfg_value('saslRealm', ""));
     $this->exop   = trim($config->get_cfg_value('saslExop', ""));
     if (empty($this->realm) && empty($this->exop)) {
@@ -103,7 +106,12 @@
    */
   function need_password()
   {
+     if ($this->usehook == true)
+     {
+      return TRUE;
+     } else {
       return FALSE;
+     }
   }
 }
 ?>

I've tested this with fusiondirectory 1.0.8.5 under debian/jessie, fd from the fusiondirectory-repositories.

regards fwe

(from redmine: issue id 3757, created on 2015-05-10, closed on 2015-06-01)

• Relations:
  • relates #5593
• Changesets:
  • Revision f9be29b7 by Côme Chilliet on 2015-05-18T15:02:25.000Z:

Fixes #3757 Added an option to force password ask for SASL method

• Revision 2112fb78 by Côme Chilliet on 2015-05-18T15:02:56.000Z:

Fixes #3757 Added an option to force password ask for SASL method

• Revision d795a498 by Côme Chilliet on 2015-05-18T15:03:33.000Z:

Fixes #3757 Added an option to force password ask for SASL method

• Revision d18adbc0 by Côme Chilliet on 2015-06-01T10:36:56.000Z:

Fixes #3757 SASL method must not compare hashes

• Revision c42c25ed by Côme Chilliet on 2015-06-01T10:37:13.000Z:

Fixes #3757 SASL method must not compare hashes

• Revision d671d68d by Côme Chilliet on 2015-06-01T10:37:21.000Z:

Fixes #3757 SASL method must not compare hashes

• Custom Fields:
  • Bug in version: 1.0.8.5
• Uploads:
  • 0001-Fixes-3757-Added-an-option-to-force-password-ask-for.patch
  • 0002-Fixes-3757-SASL-method-must-not-compare-hashes.patch

hello,

patch worked on all branch, applied

Cheers

(from redmine: written on 2015-05-18)

By bmortier on 2017-09-02T15:19:06 (imported from GitLab)

When I try to change password I have this error.

Password is not being changed from existing value

(from redmine: written on 2015-06-01)

By Jonathan Swaelens on 2017-09-02T15:19:06 (imported from GitLab)

hello,

applied to 1.0.8.6-fixes, 1.0.9, develop

Cheers

(from redmine: written on 2015-06-01)

By bmortier on 2017-09-02T15:19:06 (imported from GitLab)

Close issue

(from redmine: written on 2015-06-01)

By Jonathan Swaelens on 2017-09-02T15:19:06 (imported from GitLab)

closed

By Jonathan Swaelens on 2017-09-02T15:19:07 (imported from GitLab)

added Added label

By bmortier on 2018-10-08T19:32:35 (imported from GitLab)

added user-manual label

By bmortier on 2018-10-08T19:32:45 (imported from GitLab)

added fusiondirectory-core label

By bmortier on 2018-10-08T19:32:52 (imported from GitLab)