[dev] Patch against passwd/lib/Driver.php

Jeff Clark jeff@tmtrading.com
Fri Nov 22 17:16:55 2002


Adds support for SSHA and SMD5.

--Jeff
-------------- next part --------------
--- passwd/lib/Driver.php	Fri Nov 22 00:18:53 2002
+++ passwd/lib/Driver.php.new	Fri Nov 22 00:18:46 2002
@@ -96,24 +96,36 @@
                     return true;
                 }
                 break;
-            case 'cyrpt';
-                // this is not tested but seems right :-) remove this comment if it works for you.
-                if (strpos($encrypted, '{crypt}') !== false) {
-                    $encrypted = substr($encrypted, 7);
-                }
+            case 'crypt':
+                $encrypted = substr($encrypted, 7);
                 $salt = substr($encrypted , 0, 2);
                 if ($encrypted == crypt($plaintext, $salt)) {
                     return true;
                 }
+                break;
             case 'sha':
-                // I'm not sure how this one works.
-                if (strpos($encrypted, '{SHA}') !== false) {
-                    $encrypted = substr($encrypted, 5);
-                }
+                $encrypted = substr($encrypted, 5);
                 if ($encrypted == base64_encode(mHash(MHASH_SHA1, $plaintext))) {
                     return true;
                 }
-
+                break;
+            case 'ssha':
+                $encrypted = substr($encrypted, 6);
+                $hash = base64_decode($encrypted);
+		$salt = substr($hash, 20);
+                if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
+                    return true;
+                }
+                break;
+            case 'smd5':
+                $encrypted = substr($encrypted, 6);
+                $hash = base64_decode($encrypted);
+                $salt = substr($hash, 16);
+                if ($hash == mHash(MHASH_MD5, $plaintext . $salt)) {
+                   return true;
+                }
+                break;
+            default:
                 return PEAR::raiseError($this->_params['encryption'] . 'Enrcyption not implemented yet');
                 break;
         }
@@ -123,7 +135,9 @@
     /**
      * Format a password using the current encryption.
      *
-     * @return String   The formated password.
+     * @param  $newPassword  The plaintext password to encrypt.
+     *
+     * @return String        The formated password.
      */
     function encryptPassword($newPassword)
     {
@@ -141,6 +155,14 @@
             case "md5":
                 $newPassword = md5($newPassword);
                 break;
+            case "ssha":
+                $salt = mhash_keygen_s2k(MHASH_SHA1,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
+                $newPassword = "{SSHA}" . base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+                break;
+            case "smd5":
+                $salt = mhash_keygen_s2k(MHASH_MD5,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
+                $newPassword = "{SMD5}" . base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
+                break;
             default:
                 return PEAR::raiseError(_("Password module is not properly configured"));
                 break;


More information about the dev mailing list