From 90f39cef39818bc5d98426a6a7cb1eebd230e55b Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 6 Nov 2007 11:16:34 +0000 Subject: [PATCH] "encryption" type plain for sql and ldap, to allow to store the passwords readable --- phpgwapi/inc/class.auth.inc.php | 23 +++++++++++++++++++++++ setup/account_migration.php | 23 +++++++++++++++++++---- setup/inc/hook_config.inc.php | 6 ++++++ 3 files changed, 48 insertions(+), 4 deletions(-) diff --git a/phpgwapi/inc/class.auth.inc.php b/phpgwapi/inc/class.auth.inc.php index ca881379e0..0e8393e1ad 100644 --- a/phpgwapi/inc/class.auth.inc.php +++ b/phpgwapi/inc/class.auth.inc.php @@ -95,6 +95,7 @@ case 'md5': $encrypted = implode('',unpack('H*',base64_decode($encrypted))); break; + case 'plain': case 'crypt': // nothing to do break; @@ -105,6 +106,12 @@ } switch($type) { + case 'plain': + if(strcmp($cleartext,$encrypted) == 0) + { + return True; + } + return False; case 'smd5': return $this->smd5_compare($cleartext,$encrypted); case 'sha': @@ -174,6 +181,10 @@ $hash = mhash(MHASH_SHA1, $password . $salt); $e_password = '{SSHA}' . base64_encode($hash . $salt); break; + case 'plain': + // if plain no type is prepended + $e_password =$password; + break; } return $e_password; } @@ -194,6 +205,15 @@ case 'crypt': $hash = '{crypt}' . $hash; break; + case 'plain': + $saved_h = $hash; + if (preg_match('/^\\{([a-z_5]+)\\}(.+)$/i',$hash,$matches)) + { + $hash= $matches[2]; + } else { + $hash = $saved_h; + } + break; } return $hash; } @@ -212,6 +232,9 @@ : 'md5'; switch($type) { + case 'plain': + // since md5 is the default, type plain must be prepended, for eGroupware to understand + return '{PLAIN}'.$password; case 'crypt': if(@defined('CRYPT_STD_DES') && CRYPT_STD_DES == 1) { diff --git a/setup/account_migration.php b/setup/account_migration.php index df58b05bc8..a6f674ea8a 100644 --- a/setup/account_migration.php +++ b/setup/account_migration.php @@ -48,7 +48,14 @@ $setup_tpl->set_file(array( function hash_sql2ldap($hash) { - switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type'])) + $type = $GLOBALS['egw_info']['server']['sql_encryption_type']; + + if (preg_match('/^\\{(.*)\\}(.*)$/',$hash,$matches)) + { + $type = $matches[1]; + $hash = $matches[2]; + } + switch(strtolower($type)) { case '': // not set sql_encryption_type case 'md5': @@ -57,6 +64,9 @@ function hash_sql2ldap($hash) case 'crypt': $hash = '{crypt}' . $hash; break; + + case 'plain': + break; } return $hash; } @@ -192,9 +202,14 @@ else // do the migration } else { - // ToDo migrate ldap password hashes to sql, not as easy as we dont store the hash-type in the password - // maybe we should change sql to store passwords identical to ldap prefixed with {hash} - $accounts[$account_id]['account_passwd'] = $accounts[$account_id]['account_pwd']; + if ($accounts[$account_id]['account_pwd'][0] != '{') // plain has to be explicitly specified for sql, in ldap it's the default + { + $accounts[$account_id]['account_passwd'] = '{PLAIN}'.$accounts[$account_id]['account_pwd']; + } + else + { + $accounts[$account_id]['account_passwd'] = $accounts[$account_id]['account_pwd']; + } } unset($accounts[$account_id]['person_id']); diff --git a/setup/inc/hook_config.inc.php b/setup/inc/hook_config.inc.php index dee7c4ce9b..c1c70d0548 100644 --- a/setup/inc/hook_config.inc.php +++ b/setup/inc/hook_config.inc.php @@ -118,6 +118,9 @@ 'ssha' => 'ssha' ); } + $hashes += array( + 'plain' => 'plain', + ); while(list($key, $value) = each($hashes)) { @@ -168,6 +171,9 @@ 'ssha' => 'ssha' ); } + $hashes += array( + 'plain' => 'plain', + ); while(list($key, $value) = each($hashes)) {