Add in sha passwd crypt for ldap (requires mhash to configure and use) ...

Concept by Matt Pavlovich <mpav@algx.net>

admin/inc/hook_config.inc.php

@@ -24,13 +24,13 @@
 			$algos = @mcrypt_list_algorithms();
 			$found = False;
 
-			while (list ($key, $value) = each ($algos))
+			while(list($key, $value) = each($algos))
 			{
 				$found = True;
 				/* Only show each once - seems this is a problem in some installs */
 				if(!in_array($value,$listed))
 				{
-					if ($config['mcrypt_algo'] == $value)
+					if($config['mcrypt_algo'] == $value)
 					{
 						$selected = ' selected';
 					}
@@ -69,13 +69,13 @@
 			$modes = @mcrypt_list_modes();
 			$found = False;
 
-			while (list ($key, $value) = each ($modes))
+			while(list($key, $value) = each($modes))
 			{
 				$found = True;
 				/* Only show each once - seems this is a problem in some installs */
 				if(!in_array($value,$listed))
 				{
-					if ($config['mcrypt_mode'] == $value)
+					if($config['mcrypt_mode'] == $value)
 					{
 						$selected = ' selected';
 					}
@@ -101,4 +101,32 @@
 		}
 		return $out;
 	}
+
+	function passwdhashes($config)
+	{
+		$hashes = array(
+			'des' => 'des',
+			'md5' => 'md5'
+		);
+		if(@function_exists('mhash'))
+		{
+			$hashes += array('sha' => 'sha');
+		}
+
+		while(list($key, $value) = each($hashes))
+		{
+			if($config['ldap_encryption_type'] == $value)
+			{
+				$selected = ' selected';
+			}
+			else
+			{
+				$selected = '';
+			}
+			$descr = strtoupper($value);
+
+			$out .= '<option value="' . $value . '"' . $selected . '>' . $descr . '</option>' . "\n";
+		}
+		return $out;
+	}
 ?>

admin/templates/default/config.tpl

@@ -144,8 +144,7 @@
     <td>{lang_LDAP_encryption_type}:</td>
     <td>
      <select name="newsettings[ldap_encryption_type]">
-      <option value="DES"{selected_ldap_encryption_type_DES}>DES</option>
+{hook_passwdhashes}
-      <option value="MD5"{selected_ldap_encryption_type_MD5}>MD5</option>
      </select>
     </td>
    </tr>

phpgwapi/inc/class.common.inc.php

@@ -1156,6 +1156,15 @@
 
 			return $ldappassword;
 		}
+
+		function sha_cryptpasswd($userpass)
+		{
+			$hash = base64_encode(mhash(MHASH_SHA1, $userpass));
+			$ldappassword = sprintf('%s%s', '{SHA}', $hash);
+
+			return $ldappassword;
+		}
+
 		/*!
 		@function encrypt_password
 		@abstract encrypt password
@@ -1164,16 +1173,29 @@
 		*/
 		function encrypt_password($password)
 		{
-			if ($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'DES')
+			if($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'DES')
 			{
 				$salt       = $this->randomstring(2);
 				$e_password = $this->des_cryptpasswd($password, $salt);
 			}
-			if ($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'MD5')
+			if($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'MD5')
 			{
 				$salt       = $this->randomstring(8);
 				$e_password = $this->md5_cryptpasswd($password, $salt);
 			}
+			if($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'SHA')
+			{
+				if(@function_exists('mhash'))
+				{
+					$e_password = $this->sha_cryptpasswd($password);
+				}
+				else
+				{
+					/* this should error instead... */
+					$salt       = $this->randomstring(8);
+					$e_password = $this->md5_cryptpasswd($password, $salt);
+				}
+			}
 			return $e_password;
 		}