tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-8297-Mejoras-en-gestion-de-acceso-a-pandora-MD5-SHA256-y-Salt-opcional' into 'develop' 

Ent 8297 mejoras en gestion de acceso a pandora md5 sha256 y salt opcional

See merge request artica/pandorafms!5343
This commit is contained in:
Daniel Rodriguez 2022-12-22 15:38:45 +00:00
parent 0914327a08 5520daead9
commit b64ce98241
4 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/extras/mr/60.sql
View File

File diff suppressed because one or more lines are too long

33
pandora_console/include/auth/mysql.php
View File

@ -213,10 +213,16 @@ function process_user_login_local($login, $pass, $api=false)
$row = db_get_row_sql($sql);
// Check that row exists, that password is not empty and that password is the same hash
if ($row !== false && $row['password'] !== md5('')
&& $row['password'] == md5($pass)
) {
// Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
if (strlen($row['password']) === 32) {
// MD5.
$credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
} else {
// Bcrypt.
$credentials_check = password_verify($pass, $row['password']);
}
if ($credentials_check === true) {
// Login OK
// Nick could be uppercase or lowercase (select in MySQL
// is not case sensitive)
@ -231,6 +237,11 @@ function process_user_login_local($login, $pass, $api=false)
return false;
}
// Override password to use Bcrypt encryption.
if (strlen($row['password']) === 32) {
update_user_password($login, $pass);
}
return $row['id_user'];
} else {
if (!user_can_login($login)) {
@ -656,7 +667,7 @@ function create_user($id_user, $password, $user_info)
{
$values = $user_info;
$values['id_user'] = $id_user;
$values['password'] = md5($password);
$values['password'] = password_hash($password, PASSWORD_BCRYPT);
$values['last_connect'] = 0;
$values['registered'] = get_system_time();
@ -747,7 +758,7 @@ function delete_user(string $id_user)
/**
* Update the password in MD5 for user pass as id_user with
* Update the password using BCRYPT algorithm for specific id_user passing
* password in plain text.
*
* @param string $user User ID.
@ -766,7 +777,7 @@ function update_user_password(string $user, string $password_new)
if (isset($config['auth']) === true && $config['auth'] === 'pandora') {
$sql = sprintf(
"UPDATE tusuario SET password = '".md5($password_new)."', last_pass_change = '".date('Y-m-d H:i:s', get_system_time())."' WHERE id_user = '".$user."'"
"UPDATE tusuario SET password = '".password_hash($password_new, PASSWORD_BCRYPT)."', last_pass_change = '".date('Y-m-d H:i:s', get_system_time())."' WHERE id_user = '".$user."'"
);
$connection = mysql_connect_db(
@ -786,7 +797,7 @@ function update_user_password(string $user, string $password_new)
return db_process_sql_update(
'tusuario',
[
'password' => md5($password_new),
'password' => password_hash($password_new, PASSWORD_BCRYPT),
'last_pass_change' => date('Y/m/d H:i:s', get_system_time()),
],
['id_user' => $user]
@ -1050,7 +1061,7 @@ function create_user_and_permisions_ldap(
$values['id_user'] = $id_user;
if ($config['ldap_save_password'] || $config['ad_save_password']) {
$values['password'] = md5($password);
$values['password'] = password_hash($password, PASSWORD_BCRYPT);
}
$values['last_connect'] = 0;
@ -1482,9 +1493,9 @@ function change_local_user_pass_ldap($id_user, $password)
$local_user_pass = db_get_value_filter('password', 'tusuario', ['id_user' => $id_user]);
$return = false;
if (md5($password) !== $local_user_pass) {
if (password_hash($password, PASSWORD_BCRYPT) !== $local_user_pass) {
$values_update = [];
$values_update['password'] = md5($password);
$values_update['password'] = password_hash($password, PASSWORD_BCRYPT);
$return = db_process_sql_update('tusuario', $values_update, ['id_user' => $id_user]);
}

2
pandora_console/pandoradb.sql
View File

@ -1275,7 +1275,7 @@ CREATE TABLE IF NOT EXISTS `tusuario` (
`firstname` VARCHAR(255) NOT NULL,
`lastname` VARCHAR(255) NOT NULL,
`middlename` VARCHAR(255) NOT NULL,
`password` VARCHAR(45) DEFAULT NULL,
`password` VARCHAR(60) DEFAULT NULL,
`comments` VARCHAR(200) DEFAULT NULL,
`last_connect` BIGINT NOT NULL DEFAULT 0,
`registered` BIGINT NOT NULL DEFAULT 0,

2
pandora_console/pandoradb_data.sql
View File

@ -345,7 +345,7 @@ INSERT INTO `tmodule_inventory` (`id_module_inventory`, `id_os`, `name`, `descri
-- Dumping data for table `tusuario`
--
INSERT INTO `tusuario` (`id_user`, `fullname`, `firstname`, `lastname`, `middlename`, `password`, `comments`, `last_connect`, `registered`, `email`, `phone`, `is_admin`, `language`, `block_size`, `section`, `data_section`, `metaconsole_access`, `local_user`) VALUES
('admin', 'Pandora', 'Pandora', 'Admin', '', '1da7ee7d45b96d0e1f45ee4ee23da560', 'Admin Pandora', 1232642121, 0, 'admin@example.com', '555-555-5555', 1, 'default', 0, 'Default', '', 'advanced', 1);
('admin', 'Pandora', 'Pandora', 'Admin', '', '$2y$10$Wv/xoxjI2VAkthJhk/PzeeGIhBKYU/K.TMgUdmW7fEP2NQkdWlB9K', 'Admin Pandora', 1232642121, 0, 'admin@example.com', '555-555-5555', 1, 'default', 0, 'Default', '', 'advanced', 1);
--
-- Dumping data for table `tusuario_perfil`