[Tickets #330] NEW: add support for crypt-md5 encryption

Thu Jun 24 11:07:34 PDT 2004

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

-Ticket 330
-Queue: Passwd
-Created By: 


>From mario_vazq at hotmail.com (Thu Jun 24 11:07:33 2004):
When vpopmail is compiled with the --enable-md5-passwords=y  horde-passwd is
unable to change the user password since the crypt-md5 encryption is not
supported, the one vpopmail supports.

I backported the code currently on head (as of Jun 25,2004) that adds
support to crypt-md5 to current RELENG_2 tree.

While I cannot tell you how much the --enable-md5-passwords=y is used, but
at least on Gentoo it's used as the default.


The path to be applied is:

diff -ur passwd/lib/Driver.php passwd-new/lib/Driver.php

--- passwd/lib/Driver.php	2004-06-24 01:30:47.000000000 -0400
+++ passwd-new/lib/Driver.php	2004-06-24 01:16:46.000000000 -0400
@@ -104,8 +104,22 @@
                 }
                break;
             case 'crypt':
-                $encrypted = substr($encrypted, 7);
-                $salt = substr($encrypted , 0, 2);
+            case 'crypt-des':
+                $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+                $salt = substr($encrypted, 0, 2);
+                if ($encrypted == crypt($plaintext, $salt)) {
+                    return true;
+                }
+                break;
+            case 'crypt-md5':
+                $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+                $salt = substr($encrypted, 0, 12);
+                if ($encrypted == crypt($plaintext, $salt)) {
+                    return true;
+                }
+            case 'crypt-blowfish':
+                $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+                $salt = substr($encrypted, 0, 16);
                 if ($encrypted == crypt($plaintext, $salt)) {
                     return true;
                 }
@@ -113,14 +127,14 @@
             case 'sha':
                 $encrypted = substr($encrypted, 5);
                 if ($encrypted == base64_encode(mHash(MHASH_SHA1,
$plaintext)))
-{
+                {
                     return true;
                 }
                 break;
             case 'ssha':
                 $encrypted = substr($encrypted, 6);
                 $hash = base64_decode($encrypted);
-               $salt = substr($hash, 20);
+                $salt = substr($hash, 20);
                 if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
                     return true;
                 }
@@ -156,9 +170,18 @@
             case "sha":
                 $newPassword = "{SHA}" . base64_encode(mHash(MHASH_SHA1,
$newPassword));
                 break;
-            case "crypt":
-                // The salt is left out, generated by php
-                $newPassword = "{crypt}" . crypt($newPassword);
+            case 'crypt':
+            case 'crypt-des':
+                $salt = substr(md5(mt_rand()), 0, 2);
+                $newPassword = crypt($newPassword, $salt);
+                break;
+            case 'crypt-md5':
+                $salt = '$1$' . substr(md5(mt_rand()), 0, 8) . '$';
+                $newPassword = crypt($newPassword, $salt);
+                break;
+            case 'crypt-blowfish':
+                $salt = '$2$' . substr(md5(mt_rand()), 0, 12) . '$';
+                $newPassword = crypt($newPassword, $salt);
                 break;
             case "md5-hex":
                 $newPassword = md5($newPassword);




http://bugs.horde.org/details.php?id=330

-- 
