mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-07 08:34:42 +01:00
"encryption" type plain for sql and ldap, to allow to store the passwords readable
This commit is contained in:
Ralf Becker
parent
1509ae821e
commit
90f39cef39
@ -95,6 +95,7 @@
|
||||
case 'md5':
|
||||
$encrypted = implode('',unpack('H*',base64_decode($encrypted)));
|
||||
break;
|
||||
case 'plain':
|
||||
case 'crypt':
|
||||
// nothing to do
|
||||
break;
|
||||
@ -105,6 +106,12 @@
|
||||
}
|
||||
switch($type)
|
||||
{
|
||||
case 'plain':
|
||||
if(strcmp($cleartext,$encrypted) == 0)
|
||||
{
|
||||
return True;
|
||||
}
|
||||
return False;
|
||||
case 'smd5':
|
||||
return $this->smd5_compare($cleartext,$encrypted);
|
||||
case 'sha':
|
||||
@ -174,6 +181,10 @@
|
||||
$hash = mhash(MHASH_SHA1, $password . $salt);
|
||||
$e_password = '{SSHA}' . base64_encode($hash . $salt);
|
||||
break;
|
||||
case 'plain':
|
||||
// if plain no type is prepended
|
||||
$e_password =$password;
|
||||
break;
|
||||
}
|
||||
return $e_password;
|
||||
}
|
||||
@ -194,6 +205,15 @@
|
||||
case 'crypt':
|
||||
$hash = '{crypt}' . $hash;
|
||||
break;
|
||||
case 'plain':
|
||||
$saved_h = $hash;
|
||||
if (preg_match('/^\\{([a-z_5]+)\\}(.+)$/i',$hash,$matches))
|
||||
{
|
||||
$hash= $matches[2];
|
||||
} else {
|
||||
$hash = $saved_h;
|
||||
}
|
||||
break;
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
@ -212,6 +232,9 @@
|
||||
: 'md5';
|
||||
switch($type)
|
||||
{
|
||||
case 'plain':
|
||||
// since md5 is the default, type plain must be prepended, for eGroupware to understand
|
||||
return '{PLAIN}'.$password;
|
||||
case 'crypt':
|
||||
if(@defined('CRYPT_STD_DES') && CRYPT_STD_DES == 1)
|
||||
{
|
||||
|
||||
@ -48,7 +48,14 @@ $setup_tpl->set_file(array(
|
||||
|
||||
function hash_sql2ldap($hash)
|
||||
{
|
||||
switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
|
||||
$type = $GLOBALS['egw_info']['server']['sql_encryption_type'];
|
||||
|
||||
if (preg_match('/^\\{(.*)\\}(.*)$/',$hash,$matches))
|
||||
{
|
||||
$type = $matches[1];
|
||||
$hash = $matches[2];
|
||||
}
|
||||
switch(strtolower($type))
|
||||
{
|
||||
case '': // not set sql_encryption_type
|
||||
case 'md5':
|
||||
@ -57,6 +64,9 @@ function hash_sql2ldap($hash)
|
||||
case 'crypt':
|
||||
$hash = '{crypt}' . $hash;
|
||||
break;
|
||||
|
||||
case 'plain':
|
||||
break;
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
@ -192,9 +202,14 @@ else // do the migration
|
||||
}
|
||||
else
|
||||
{
|
||||
// ToDo migrate ldap password hashes to sql, not as easy as we dont store the hash-type in the password
|
||||
// maybe we should change sql to store passwords identical to ldap prefixed with {hash}
|
||||
$accounts[$account_id]['account_passwd'] = $accounts[$account_id]['account_pwd'];
|
||||
if ($accounts[$account_id]['account_pwd'][0] != '{') // plain has to be explicitly specified for sql, in ldap it's the default
|
||||
{
|
||||
$accounts[$account_id]['account_passwd'] = '{PLAIN}'.$accounts[$account_id]['account_pwd'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$accounts[$account_id]['account_passwd'] = $accounts[$account_id]['account_pwd'];
|
||||
}
|
||||
}
|
||||
unset($accounts[$account_id]['person_id']);
|
||||
|
||||
|
||||
@ -118,6 +118,9 @@
|
||||
'ssha' => 'ssha'
|
||||
);
|
||||
}
|
||||
$hashes += array(
|
||||
'plain' => 'plain',
|
||||
);
|
||||
|
||||
while(list($key, $value) = each($hashes))
|
||||
{
|
||||
@ -168,6 +171,9 @@
|
||||
'ssha' => 'ssha'
|
||||
);
|
||||
}
|
||||
$hashes += array(
|
||||
'plain' => 'plain',
|
||||
);
|
||||
|
||||
while(list($key, $value) = each($hashes))
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user