create-user .. --encpass bug

Hello,

please consider this forum topic as a bug

https://www.virtualmin.com/node/20660

I need to solve it quite quickly.

Thank you

Status: 
Active

Comments

Are you creating this user from the command line?

If so, make sure you quote the value of the --encpass parameter if it contains special characters like $.

Hello,

sure it contains $, as I wrote to the forum post.

I addedd debug print $encpass to line 96 of create-user.pl.

When I don't escape $s (only put the password to "..."), it takes only half of the hash.

When I escape $s, (\$), printed hash looks good, but it still does not work.

Try it:

virtualmin create-user --domain domain.tld --user user --encpass \$1\$d4307605\$wL5l4z1.5bus0YvEUzKZL0

Unencrypted password is UQe7AnELA7aGEQA6

Then i test

telnet localhost 110 user user@domain.tld pass UQe7AnELA7aGEQA6

Michal

virtualmin create-user --domain easyczech.com --user info --encpass '$1$d4307605$wL5l4z1.5bus0YvEUzKZL0'

does the same

Can you check if the user's entry in the /etc/shadow file is getting the same encrypted password as you are specifying on the command line?

Passwords are stored in LDAP.

dn: uid=user-domain.tld,dc=Users,dc=provider,dc=net cn: user-domain.tld uid: user-domain.tld uidNumber: 1646 loginShell: /dev/null homeDirectory: /home/domain/homes/user gidNumber: 1237 userPassword:: e3NzaGF9JDEkMzl0anJuejEkdzIwbnB0emtic3J0My52NmVlMWU4MQ== objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person sn: user-domain.tld structuralObjectClass: inetOrgPerson entryUUID: 259ac554-d007-1030-97ef-6dd64d4db36d creatorsName: cn=manager,dc=provider,dc=net createTimestamp: 20120110184627Z entryCSN: 20120110184627.135994Z#000000#000#000000 modifiersName: cn=manager,dc=provider,dc=net modifyTimestamp: 20120110184627Z

dn: mailLocalAddress=user@domain.tld,dc=Virtual,dc=provider,dc=net objectClass: inetLocalMailRecipient mailLocalAddress: user@domain.tld mailRoutingAddress: user-domain.tld structuralObjectClass: inetLocalMailRecipient entryUUID: 259bc918-d007-1030-97f0-6dd64d4db36d creatorsName: cn=admin,dc=provider,dc=net createTimestamp: 20120110184627Z entryCSN: 20120110184627.142647Z#000000#000#000000 modifiersName: cn=admin,dc=provider,dc=net modifyTimestamp: 20120110184627Z

In this case, the hash is '$1$39tjrnz1$w20nptzkbsrt3.v6ee1e81', the plaintext password is the same.

Ok, the use of LDAP is probably the issue here - try prefixing your encrypted password with {md5} , as this is the format used in the LDAP database.

no way

vm1:~# virtualmin create-user --domain domain.tld --user user --encpass '{md5}$1$39tjrnz1$w20nptzkbsrt3.v6ee1e81'

does not work

What is being put into ldap when you use the {md5} prefix?

'{md5}$1$d4307605$wL5l4z1.5bus0YvEUzKZL0'

userPassword:: e21kNX0kMSRkNDMwNzYwNSR3TDVsNHoxLjVidXMwWXZFVXpLWkww

even {smd5} not working

ok, {crypt} worked. My pain in the head is removed.

That is really odd .. so when you use the {crypt} prefix, what gets stored in the userPassword: field?

It almost seems like the LDAP server is modifying the value Virtualmin inserts.

userPassword:: e2NyeXB0fSQxJGQ0MzA3NjA1JHdMNWw0ejEuNWJ1czBZdkVVektaTDA=

What program are you using the display the contents of your LDAP database?

If you use Webmin's LDAP Client module to browser the server, does it show the password in the same format?

no, this one base64-d's it.

userPassword : {crypt}$1$d4307605$wL5l4z1.5bus0YvEUzKZL0

That looks a little better. Although it seems you are using the {crypt} prefix even though the password is in md5 hash format.