Current time: 11-16-2024, 08:35 PM Hello There, Guest! (LoginRegister)


Post Reply 
ftp passwd= *0
Author Message
saturnsuper Offline
Newbie
*

Posts: 7
Joined: Nov 2008
Reputation: 0
Post: #1
ftp passwd= *0
Sorry for my bad english...
I use IspCP 1.0.0 RC6.
It works fine, but I have a problem:
When I add a ftp user to any domain, I get *0 at field "passwd" in table "ftp_user".
If I change this field by phpMyAdmin with use function "encrypt" I can login ftp.
I try more 20 passwords and always get *0

How I can fix it ?
11-27-2008 05:46 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #2
RE: ftp passwd= *0
Your OS?
Maybe you need some crypt libraries for PHP...?

/J
11-27-2008 07:22 PM
Visit this user's website Find all posts by this user Quote this message in a reply
saturnsuper Offline
Newbie
*

Posts: 7
Joined: Nov 2008
Reputation: 0
Post: #3
RE: ftp passwd= *0
my OS is OpenSuSE 11.0
I have installed all crypt modules for PHP !
This error in passwd is only for ftp user! Sql user and other crypt passwd normaly!
12-04-2008 07:35 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #4
RE: ftp passwd= *0
the ftp passwords are crypted in a different way... :-)

you should have a closer lok at:
gui/include/calc-functions.php:
function crypt_user_ftp_pass
which calls:
function generate_rand_salt

i'd say, something is wrong with the salt generation in your system

/J
(This post was last modified: 12-04-2008 08:27 PM by joximu.)
12-04-2008 08:26 PM
Visit this user's website Find all posts by this user Quote this message in a reply
saturnsuper Offline
Newbie
*

Posts: 7
Joined: Nov 2008
Reputation: 0
Post: #5
RE: ftp passwd= *0
gui/include/calc-functions.php:

function crypt_user_ftp_pass($data) {
$res = crypt($data, generate_rand_salt());
return $res;
}

function generate_rand_salt($min = 46, $max = 126) {
if (CRYPT_BLOWFISH == 1) {
$length = 13;
$pre = '$2$';
} elseif (CRYPT_MD5 == 1) {
$length = 9;
$pre = '$1$';
} elseif (CRYPT_EXT_DES == 1) {
$length = 9;
$pre = '';
} elseif (CRYPT_STD_DES == 1) {
$length = 2;
$pre = '';
}

What's wrong?
12-04-2008 09:50 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #6
RE: ftp passwd= *0
Well, nothing seems wrong. At least if the generate_rand... has another end:
Code:
function generate_rand_salt($min = 46, $max = 126) {
    if (CRYPT_BLOWFISH == 1) {
        $length = 13;
        $pre    = '$2$';
    } elseif (CRYPT_MD5 == 1) {
        $length = 9;
        $pre    = '$1$';
    } elseif (CRYPT_EXT_DES == 1) {
        $length = 9;
        $pre    = '';
    } elseif (CRYPT_STD_DES == 1) {
        $length = 2;
        $pre    = '';
    }

    $salt = $pre;

    for($i = 0; $i < $length; $i++) {
        $salt .= chr(mt_rand($min, $max));
    }

    return $salt;
}

The question is: what happens inside this function when you set the ftp password???

Which CONST is 1 on your system?

/J
12-04-2008 10:52 PM
Visit this user's website Find all posts by this user Quote this message in a reply
saturnsuper Offline
Newbie
*

Posts: 7
Joined: Nov 2008
Reputation: 0
Post: #7
RE: ftp passwd= *0
How can I know it?
12-04-2008 11:06 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #8
RE: ftp passwd= *0
make a copy of the file, then change to:

Code:
if (CRYPT_BLOWFISH == 1) {
        $length = 13;
        $pre    = '$2$';
user_error('blowfish');
    } elseif (CRYPT_MD5 == 1) {
        $length = 9;
        $pre    = '$1$';
user_error('md5');
    } elseif (CRYPT_EXT_DES == 1) {
        $length = 9;
        $pre    = '';
user_error('ext_des');
    } elseif (CRYPT_STD_DES == 1) {
        $length = 2;
        $pre    = '';
user_error('stddes');
    }

and then see at the error.log from php/apache (or on the display?)

Hope we come closer..
12-04-2008 11:14 PM
Visit this user's website Find all posts by this user Quote this message in a reply
saturnsuper Offline
Newbie
*

Posts: 7
Joined: Nov 2008
Reputation: 0
Post: #9
RE: ftp passwd= *0
no errors!
But password is *0 yet!
12-06-2008 07:48 AM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #10
RE: ftp passwd= *0
Hm, very strange.

I found something:
http://ch2.php.net/manual/en/function.crypt.php#71748
***
Blowfish doesn't use a sixteen character salt, it uses sixteen *bytes* of salt. So (courtesy of the docs for the Crypt::Eksblowfish::Bcrypt Perl module), it's:

"$2", optional "a", "$", two digits, "$", and 22 base 64 digits

If the salt is not long enough, crypt will return "*0" and you will have no idea what is wrong. Interestingly, the example in the documentation with a trailing '$' in the salt does not work. Replace the '$' with a '.', and the output appears as advertised.
***

So, try to set
--
if (CRYPT_BLOWFISH == 1) {
$length = 16;
$pre = '$2$';
--

maybe this improves the blowfish encryption on your system.

It seems you have to play a bit... :-)

Hope this helps

/J
12-06-2008 09:26 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)