From b08b5717b110aba99884332d6b7f751786f7a4ec Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Tue, 14 May 2002 01:02:19 +0000 Subject: [PATCH] Add in sha passwd crypt for ldap (requires mhash to configure and use) ... Concept by Matt Pavlovich --- admin/inc/hook_config.inc.php | 40 +++++++++++++++++++++++++----- admin/templates/default/config.tpl | 3 +-- phpgwapi/inc/class.common.inc.php | 26 +++++++++++++++++-- 3 files changed, 59 insertions(+), 10 deletions(-) diff --git a/admin/inc/hook_config.inc.php b/admin/inc/hook_config.inc.php index 2a412a9dfd..e97d3dc922 100644 --- a/admin/inc/hook_config.inc.php +++ b/admin/inc/hook_config.inc.php @@ -24,13 +24,13 @@ $algos = @mcrypt_list_algorithms(); $found = False; - while (list ($key, $value) = each ($algos)) + while(list($key, $value) = each($algos)) { $found = True; /* Only show each once - seems this is a problem in some installs */ if(!in_array($value,$listed)) { - if ($config['mcrypt_algo'] == $value) + if($config['mcrypt_algo'] == $value) { $selected = ' selected'; } @@ -39,7 +39,7 @@ $selected = ''; } $descr = strtoupper($value); - + $out .= '' . "\n"; $listed[] = $value; } @@ -69,13 +69,13 @@ $modes = @mcrypt_list_modes(); $found = False; - while (list ($key, $value) = each ($modes)) + while(list($key, $value) = each($modes)) { $found = True; /* Only show each once - seems this is a problem in some installs */ if(!in_array($value,$listed)) { - if ($config['mcrypt_mode'] == $value) + if($config['mcrypt_mode'] == $value) { $selected = ' selected'; } @@ -84,7 +84,7 @@ $selected = ''; } $descr = strtoupper($value); - + $out .= '' . "\n"; $listed[] = $value; } @@ -101,4 +101,32 @@ } return $out; } + + function passwdhashes($config) + { + $hashes = array( + 'des' => 'des', + 'md5' => 'md5' + ); + if(@function_exists('mhash')) + { + $hashes += array('sha' => 'sha'); + } + + while(list($key, $value) = each($hashes)) + { + if($config['ldap_encryption_type'] == $value) + { + $selected = ' selected'; + } + else + { + $selected = ''; + } + $descr = strtoupper($value); + + $out .= '' . "\n"; + } + return $out; + } ?> diff --git a/admin/templates/default/config.tpl b/admin/templates/default/config.tpl index 9f0f926e44..40cad19983 100644 --- a/admin/templates/default/config.tpl +++ b/admin/templates/default/config.tpl @@ -144,8 +144,7 @@ {lang_LDAP_encryption_type}: diff --git a/phpgwapi/inc/class.common.inc.php b/phpgwapi/inc/class.common.inc.php index 4f3ade3e14..1b15aef924 100644 --- a/phpgwapi/inc/class.common.inc.php +++ b/phpgwapi/inc/class.common.inc.php @@ -1156,6 +1156,15 @@ return $ldappassword; } + + function sha_cryptpasswd($userpass) + { + $hash = base64_encode(mhash(MHASH_SHA1, $userpass)); + $ldappassword = sprintf('%s%s', '{SHA}', $hash); + + return $ldappassword; + } + /*! @function encrypt_password @abstract encrypt password @@ -1164,16 +1173,29 @@ */ function encrypt_password($password) { - if ($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'DES') + if($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'DES') { $salt = $this->randomstring(2); $e_password = $this->des_cryptpasswd($password, $salt); } - if ($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'MD5') + if($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'MD5') { $salt = $this->randomstring(8); $e_password = $this->md5_cryptpasswd($password, $salt); } + if($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'SHA') + { + if(@function_exists('mhash')) + { + $e_password = $this->sha_cryptpasswd($password); + } + else + { + /* this should error instead... */ + $salt = $this->randomstring(8); + $e_password = $this->md5_cryptpasswd($password, $salt); + } + } return $e_password; }