+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: ftp passwd= *0 (/thread-5019.html)
Pages: 1 2
ftp passwd= *0 - saturnsuper - 11-27-2008 05:46 PM
Sorry for my bad english...
I use IspCP 1.0.0 RC6.
It works fine, but I have a problem:
When I add a ftp user to any domain, I get *0 at field "passwd" in table "ftp_user".
If I change this field by phpMyAdmin with use function "encrypt" I can login ftp.
I try more 20 passwords and always get *0
How I can fix it ?
RE: ftp passwd= *0 - joximu - 11-27-2008 07:22 PM
Your OS?
Maybe you need some crypt libraries for PHP...?
/J
RE: ftp passwd= *0 - saturnsuper - 12-04-2008 07:35 PM
my OS is OpenSuSE 11.0
I have installed all crypt modules for PHP !
This error in passwd is only for ftp user! Sql user and other crypt passwd normaly!
RE: ftp passwd= *0 - joximu - 12-04-2008 08:26 PM
the ftp passwords are crypted in a different way... :-)
you should have a closer lok at:
gui/include/calc-functions.php:
function crypt_user_ftp_pass
which calls:
function generate_rand_salt
i'd say, something is wrong with the salt generation in your system
/J
RE: ftp passwd= *0 - saturnsuper - 12-04-2008 09:50 PM
gui/include/calc-functions.php:
function crypt_user_ftp_pass($data) {
$res = crypt($data, generate_rand_salt());
return $res;
}
function generate_rand_salt($min = 46, $max = 126) {
if (CRYPT_BLOWFISH == 1) {
$length = 13;
$pre = '$2$';
} elseif (CRYPT_MD5 == 1) {
$length = 9;
$pre = '$1$';
} elseif (CRYPT_EXT_DES == 1) {
$length = 9;
$pre = '';
} elseif (CRYPT_STD_DES == 1) {
$length = 2;
$pre = '';
}
What's wrong?
RE: ftp passwd= *0 - joximu - 12-04-2008 10:52 PM
Well, nothing seems wrong. At least if the generate_rand... has another end:
Code:
function generate_rand_salt($min = 46, $max = 126) {
if (CRYPT_BLOWFISH == 1) {
$length = 13;
$pre = '$2$';
} elseif (CRYPT_MD5 == 1) {
$length = 9;
$pre = '$1$';
} elseif (CRYPT_EXT_DES == 1) {
$length = 9;
$pre = '';
} elseif (CRYPT_STD_DES == 1) {
$length = 2;
$pre = '';
}
$salt = $pre;
for($i = 0; $i < $length; $i++) {
$salt .= chr(mt_rand($min, $max));
}
return $salt;
}The question is: what happens inside this function when you set the ftp password???
Which CONST is 1 on your system?
/J
RE: ftp passwd= *0 - saturnsuper - 12-04-2008 11:06 PM
How can I know it?
RE: ftp passwd= *0 - joximu - 12-04-2008 11:14 PM
make a copy of the file, then change to:
Code:
if (CRYPT_BLOWFISH == 1) {
$length = 13;
$pre = '$2$';
user_error('blowfish');
} elseif (CRYPT_MD5 == 1) {
$length = 9;
$pre = '$1$';
user_error('md5');
} elseif (CRYPT_EXT_DES == 1) {
$length = 9;
$pre = '';
user_error('ext_des');
} elseif (CRYPT_STD_DES == 1) {
$length = 2;
$pre = '';
user_error('stddes');
}and then see at the error.log from php/apache (or on the display?)
Hope we come closer..
RE: ftp passwd= *0 - saturnsuper - 12-06-2008 07:48 AM
no errors!
But password is *0 yet!
RE: ftp passwd= *0 - joximu - 12-06-2008 09:26 AM
Hm, very strange.
I found something:
http://ch2.php.net/manual/en/function.crypt.php#71748
***
Blowfish doesn't use a sixteen character salt, it uses sixteen *bytes* of salt. So (courtesy of the docs for the Crypt::Eksblowfish::Bcrypt Perl module), it's:
"$2", optional "a", "$", two digits, "$", and 22 base 64 digits
If the salt is not long enough, crypt will return "*0" and you will have no idea what is wrong. Interestingly, the example in the documentation with a trailing '$' in the salt does not work. Replace the '$' with a '.', and the output appears as advertised.
***
So, try to set
--
if (CRYPT_BLOWFISH == 1) {
$length = 16;
$pre = '$2$';
--
maybe this improves the blowfish encryption on your system.
It seems you have to play a bit... :-)
Hope this helps
/J