From 4ccd51269ae8f3aabe1f5ce47bdc96c64f8a55b9 Mon Sep 17 00:00:00 2001 From: Jay Lee Date: Thu, 4 Jun 2020 15:59:06 -0400 Subject: [PATCH] Support base64-sha1 and base64-md5 user passwords This allows pulling md5 and sha-1 passwords stored in OpenLDAP format into G Suite. This example commands set user password to "helloworld". gam update user user@example.com password "{SHA}at+xg6SiyUovktq1redipHiJpaE=" base64-sha1 --- src/gam/__init__.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/gam/__init__.py b/src/gam/__init__.py index 7c5e053d..3aa24acc 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -6637,6 +6637,7 @@ def getUserAttributes(i, cd, updateCmd): i += 1 need_password = True need_to_hash_password = True + need_to_b64_decrypt_password = False while i < len(sys.argv): myarg = sys.argv[i].lower() if myarg in ['firstname', 'givenname']: @@ -6677,13 +6678,17 @@ def getUserAttributes(i, cd, updateCmd): body['includeInGlobalAddressList'] = getBoolean( sys.argv[i + 1], myarg) i += 2 - elif myarg in ['sha', 'sha1', 'sha-1']: + elif myarg in ['sha', 'sha1', 'sha-1', 'base64-sha1']: body['hashFunction'] = 'SHA-1' need_to_hash_password = False + if myarg == 'base64-sha1': + need_to_b64_decrypt_password = True i += 1 - elif myarg == 'md5': + elif myarg in ['md5', 'base64-md5']: body['hashFunction'] = 'MD5' need_to_hash_password = False + if myarg == 'base64-md5': + need_to_b64_decrypt_password = True i += 1 elif myarg == 'crypt': body['hashFunction'] = 'crypt' @@ -7157,6 +7162,10 @@ def getUserAttributes(i, cd, updateCmd): if 'password' in body and need_to_hash_password: body['password'] = gen_sha512_hash(body['password']) body['hashFunction'] = 'crypt' + elif 'password' in body and need_to_b64_decrypt_password: + if body['password'].lower()[:5] in ['{md5}', '{sha}']: + body['password'] = body['password'][5:] + body['password'] = base64.b64decode(body['password']).hex() return body