Threaded Mode | Linear Mode

saturnsuper · 11-27-2008 05:46 PM

Sorry for my bad english...
I use IspCP 1.0.0 RC6.
It works fine, but I have a problem:
When I add a ftp user to any domain, I get *0 at field "passwd" in table "ftp_user".
If I change this field by phpMyAdmin with use function "encrypt" I can login ftp.
I try more 20 passwords and always get *0

How I can fix it ?

**joximu** · 11-27-2008 07:22 PM

Your OS?
Maybe you need some crypt libraries for PHP...?

/J

saturnsuper · 12-04-2008 07:35 PM

my OS is OpenSuSE 11.0
I have installed all crypt modules for PHP !
This error in passwd is only for ftp user! Sql user and other crypt passwd normaly!

**joximu** · 12-04-2008 08:26 PM

the ftp passwords are crypted in a different way... :-)

you should have a closer lok at:
gui/include/calc-functions.php:
function crypt_user_ftp_pass
which calls:
function generate_rand_salt

i'd say, something is wrong with the salt generation in your system

/J

saturnsuper · 12-04-2008 09:50 PM

gui/include/calc-functions.php:

function crypt_user_ftp_pass($data) {
$res = crypt($data, generate_rand_salt());
return $res;
}

function generate_rand_salt($min = 46, $max = 126) {
if (CRYPT_BLOWFISH == 1) {
$length = 13;
$pre = '$2$';
} elseif (CRYPT_MD5 == 1) {
$length = 9;
$pre = '$1$';
} elseif (CRYPT_EXT_DES == 1) {
$length = 9;
$pre = '';
} elseif (CRYPT_STD_DES == 1) {
$length = 2;
$pre = '';
}

What's wrong?

**joximu** · 12-04-2008 10:52 PM

Well, nothing seems wrong. At least if the generate_rand... has another end:

Code:

function generate_rand_salt($min = 46, $max = 126) {

    if (CRYPT_BLOWFISH == 1) {

        $length = 13;

        $pre    = '$2$';

    } elseif (CRYPT_MD5 == 1) {

        $length = 9;

        $pre    = '$1$';

    } elseif (CRYPT_EXT_DES == 1) {

        $length = 9;

        $pre    = '';

    } elseif (CRYPT_STD_DES == 1) {

        $length = 2;

        $pre    = '';

    }

    $salt = $pre;

    for($i = 0; $i < $length; $i++) {

        $salt .= chr(mt_rand($min, $max));

    }

    return $salt;

}

The question is: what happens inside this function when you set the ftp password???

Which CONST is 1 on your system?

/J

saturnsuper · 12-04-2008 11:06 PM

How can I know it?

**joximu** · 12-04-2008 11:14 PM

make a copy of the file, then change to:

Code:

if (CRYPT_BLOWFISH == 1) {

        $length = 13;

        $pre    = '$2$';

user_error('blowfish');

    } elseif (CRYPT_MD5 == 1) {

        $length = 9;

        $pre    = '$1$';

user_error('md5');

    } elseif (CRYPT_EXT_DES == 1) {

        $length = 9;

        $pre    = '';

user_error('ext_des');

    } elseif (CRYPT_STD_DES == 1) {

        $length = 2;

        $pre    = '';

user_error('stddes');

    }

and then see at the error.log from php/apache (or on the display?)

Hope we come closer..

saturnsuper · 12-06-2008 07:48 AM

no errors!
But password is *0 yet!

**joximu** · 12-06-2008 09:26 AM

Hm, very strange.

I found something:
http://ch2.php.net/manual/en/function.crypt.php#71748
***
Blowfish doesn't use a sixteen character salt, it uses sixteen *bytes* of salt. So (courtesy of the docs for the Crypt::Eksblowfish::Bcrypt Perl module), it's:

"$2", optional "a", "$", two digits, "$", and 22 base 64 digits

If the salt is not long enough, crypt will return "*0" and you will have no idea what is wrong. Interestingly, the example in the documentation with a trailing '$' in the salt does not work. Replace the '$' with a '.', and the output appears as advertised.
***

So, try to set
--
if (CRYPT_BLOWFISH == 1) {
$length = 16;
$pre = '$2$';
--

maybe this improves the blowfish encryption on your system.

It seems you have to play a bit... :-)

Hope this helps

/J

Threaded Mode \| Linear Mode *ftp passwd= 0**
Author	Message