Improve password hash handling

This adds support for more hash algorithms. Also a stored password will
be updated to SSHA512 upon a successful bind. It will also automatically
hash a cleartext password if the `userpassword` field is modified with
a cleartext one.

Hashes supported:
* SSHA
* SSHA256
* SSHA512

1 files changed, 21 insertions, 2 deletions

diff --git a/write.go b/write.go
index 2dd42c6..55ab5e0 100644
--- a/write.go
+++ b/write.go
@@ -7,8 +7,9 @@ import (
 
 	ldap "bottin/ldapserver"
 
-	consul "github.com/hashicorp/consul/api"
 	message "bottin/goldap"
+
+	consul "github.com/hashicorp/consul/api"
 )
 
 // Generic item modification function --------
@@ -38,7 +39,7 @@ func (server *Server) putAttributes(dn string, attrs Entry) error {
 
 	// Retreieve previously existing attributes, which we will use to delete
 	// entries with the wrong case
-	previous_pairs, _, err := server.kv.List(prefix + "/attribute=", &server.readOpts)
+	previous_pairs, _, err := server.kv.List(prefix+"/attribute=", &server.readOpts)
 	if err != nil {
 		return err
 	}
@@ -65,6 +66,24 @@ func (server *Server) putAttributes(dn string, attrs Entry) error {
 			}
 		}
 
+		// if the password is not yet hashed we hash it
+		if k == ATTR_USERPASSWORD {
+			tmpValues := []string{}
+			for _, pw := range values {
+				_, err := determineHashType(pw)
+				if err != nil {
+					encodedPassword, err := SSHAEncode(pw)
+					if err != nil {
+						return err
+					}
+					tmpValues = append(tmpValues, encodedPassword)
+				} else {
+					tmpValues = append(tmpValues, pw)
+				}
+			}
+			values = tmpValues
+		}
+
 		// If we have zero values, delete associated k/v pair
 		// Otherwise, write new values
 		if len(values) == 0 {