mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-22 07:53:39 +01:00
* Setup: making SSHA (salted sha1) hashes the default password hash for SQL and LDAP
- fixing not working ssha hashes if mb_string.func_overload > 0 set
This commit is contained in:
parent
03cd666e8b
commit
457e79454d
@ -566,8 +566,8 @@ class auth
|
||||
$hash = base64_decode(substr($db_val,6));
|
||||
|
||||
/* SMD5 hashes are 16 bytes long */
|
||||
$orig_hash = substr($hash, 0, 16);
|
||||
$salt = substr($hash, 16);
|
||||
$orig_hash = cut_bytes($hash, 0, 16); // binary string need to use cut_bytes, not mb_substr(,,'utf-8')!
|
||||
$salt = cut_bytes($hash, 16);
|
||||
|
||||
$new_hash = md5($form_val . $salt,true);
|
||||
//echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
|
||||
@ -605,10 +605,11 @@ class auth
|
||||
$hash = base64_decode(substr($db_val, 6));
|
||||
|
||||
// SHA-1 hashes are 160 bits long
|
||||
$orig_hash = substr($hash, 0, 20);
|
||||
$salt = substr($hash, 20);
|
||||
$orig_hash = cut_bytes($hash, 0, 20); // binary string need to use cut_bytes, not mb_substr(,,'utf-8')!
|
||||
$salt = cut_bytes($hash, 20);
|
||||
$new_hash = sha1($form_val . $salt,true);
|
||||
|
||||
//error_log(__METHOD__."('$form_val', '$db_val') hash='$hash', orig_hash='$orig_hash', salt='$salt', new_hash='$new_hash' returning ".array2string(strcmp($orig_hash,$new_hash) == 0));
|
||||
return strcmp($orig_hash,$new_hash) == 0;
|
||||
}
|
||||
|
||||
|
@ -49,6 +49,27 @@ function bytes($str)
|
||||
return $func_overload & 2 ? mb_strlen($str,'ascii') : strlen($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* mbstring.func_overload safe substr
|
||||
*
|
||||
* @param string $data
|
||||
* @param int $offset
|
||||
* @param int $len
|
||||
* @return string
|
||||
*/
|
||||
function cut_bytes(&$data,$offset,$len=null)
|
||||
{
|
||||
static $func_overload;
|
||||
|
||||
if (is_null($func_overload)) $func_overload = extension_loaded('mbstring') ? ini_get('mbstring.func_overload') : 0;
|
||||
|
||||
if (is_null($len))
|
||||
{
|
||||
return $func_overload ? mb_substr($data,$offset,bytes($data),'ascii') : substr($data,$offset);
|
||||
}
|
||||
return $func_overload ? mb_substr($data,$offset,$len,'ascii') : substr($data,$offset,$len);
|
||||
}
|
||||
|
||||
/**
|
||||
* Format array or other types as (one-line) string, eg. for error_log statements
|
||||
*
|
||||
|
@ -294,6 +294,9 @@ class setup_process
|
||||
|
||||
$current_config['postpone_statistics_submit'] = time() + 2 * 30 * 3600; // ask user in 2 month from now, when he has something to report
|
||||
|
||||
// use ssha (salted sha1) password hashes by default
|
||||
$current_config['sql_encryption_type'] = $current_config['ldap_encryption_type'] = 'ssha';
|
||||
|
||||
if ($preset_config)
|
||||
{
|
||||
$current_config = array_merge($current_config,$preset_config);
|
||||
|
Loading…
Reference in New Issue
Block a user