[dev] Re: [cvs] commit: passwd/lib Driver.php
passwd/lib/Driver vpopmail.php
Marc Jauvin
marc at register4less.com
Thu Jun 26 14:33:31 PDT 2003
Eric Rostetter <eric.rostetter at physics.utexas.edu> wrote:
> Quoting Marko Djukic <tech at oblo.com>:
>
> > mdjukic 2003/06/25 19:44:32 PDT
> >
> > Modified files:
> > lib Driver.php
> > lib/Driver vpopmail.php
> > Log:
>
> First, thanks for all the work on passwd! :)
>
> > I have tweaked slightly how crypt() is handled. The biggest problem is
> the
> > appending of {crypt} string before the encrypted password, which I've tried
> > to figure out why this has been done in such a way but to no luck. It means
> > that sharing the SQL database with other apps such as PAM, SMTP-auth etc
> > becomes impossible if there are strings prefixed.
> > If someone has an idea why this is done and should stay I'll put it back
> > and script around it to make it optional, or something similar.
>
> See the mailing list archives, as this has been discussed a fair amount a
> month or two back. It's rather confusing, but it has been fairly well
> discussed. I think something needs to be done, but I don't think having
> it vs removing it is the issue. I think we need to somehow make a config
> item for it.
I DID add the option to show/hide the encryption type for SQL... Please see the
included patch.
--
Marc Jauvin
450-441-5458
http://register4less.com
-------------- next part --------------
? test.php
Index: config/backends.php.dist
===================================================================
RCS file: /repository/passwd/config/backends.php.dist,v
retrieving revision 1.18
diff -u -r1.18 backends.php.dist
--- config/backends.php.dist 26 Feb 2003 00:19:05 -0000 1.18
+++ config/backends.php.dist 20 Jun 2003 15:27:06 -0000
@@ -154,7 +154,8 @@
'database' => 'horde',
'table' => 'horde_users',
'user_col' => 'user_uid',
- 'pass_col' => 'user_pass'
+ 'pass_col' => 'user_pass',
+ 'show_encryption' => false
)
);
Index: lib/Driver.php
===================================================================
RCS file: /repository/passwd/lib/Driver.php,v
retrieving revision 1.22
diff -u -r1.22 Driver.php
--- lib/Driver.php 20 Apr 2003 16:34:28 -0000 1.22
+++ lib/Driver.php 20 Jun 2003 15:27:06 -0000
@@ -99,36 +99,45 @@
break;
case 'md5-base64':
if ($encrypted == base64_encode(mHash(MHASH_MD5, $plaintext))) {
- return true;
+ return true;
}
break;
case 'crypt':
- $encrypted = substr($encrypted, 7);
- $salt = substr($encrypted , 0, 2);
+ $encrypted = preg_replace('|{crypt}|', '', $encrypted);
+ if (preg_match('|^\$1\$|', $encrypted)) {
+ // CRYPT_MD5
+ $salt = substr($encrypted , 0, 12);
+ } elseif (preg_match('|^\$2\$|', $encrypted)) {
+ // CRYPT_BLOWFISH
+ $salt = substr($encrypted , 0, 16);
+ } else {
+ // CRYPT_DES
+ $salt = substr($encrypted , 0, 2);
+ }
if ($encrypted == crypt($plaintext, $salt)) {
return true;
}
break;
case 'sha':
- $encrypted = substr($encrypted, 5);
+ $encrypted = preg_replace('|{SHA}|', '', $encrypted);
if ($encrypted == base64_encode(mHash(MHASH_SHA1, $plaintext))) {
return true;
}
break;
case 'ssha':
- $encrypted = substr($encrypted, 6);
+ $encrypted = preg_replace('|{SSHA}|', '', $encrypted);
$hash = base64_decode($encrypted);
- $salt = substr($hash, 20);
+ $salt = substr($hash, 20);
if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
return true;
}
break;
case 'smd5':
- $encrypted = substr($encrypted, 6);
+ $encrypted = preg_replace('|{SMD5}|', '', $encrypted);
$hash = base64_decode($encrypted);
$salt = substr($hash, 16);
if ($hash == mHash(MHASH_MD5, $plaintext . $salt)) {
- return true;
+ return true;
}
break;
default:
@@ -145,33 +154,47 @@
*
* @return String The formated password.
*/
- function encryptPassword($newPassword)
+ function encryptPassword($newPassword, $show_encryption=true)
{
// Encrypt the password
switch ($this->_params['encryption']) {
case 'plain':
break;
case 'sha':
- $newPassword = '{SHA}' . base64_encode(mHash(MHASH_SHA1, $newPassword));
+ $newPassword = base64_encode(mHash(MHASH_SHA1, $newPassword));
+ if ($show_encryption) {
+ $newPassword = '{SHA}' . $newPassword;
+ }
break;
case 'crypt':
// The salt is left out, generated by php
- $newPassword = '{crypt}' . crypt($newPassword);
+ $newPassword = crypt($newPassword);
+ if ($show_encryption) {
+ $newPassword = '{crypt}' . $newPassword;
+ }
break;
case 'md5-hex':
$newPassword = md5($newPassword);
break;
case 'md5-base64':
- $newPassword = '{MD5}' . base64_encode(mHash(MHASH_MD5,
- $newPassword));
- break;
+ $newPassword = base64_encode(mHash(MHASH_MD5, $newPassword));
+ if ($show_encryption) {
+ $newPassword = '{MD5}' . $newPassword;
+ }
+ break;
case 'ssha':
$salt = mhash_keygen_s2k(MHASH_SHA1,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
- $newPassword = '{SSHA}' . base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+ $newPassword = base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+ if ($show_encryption) {
+ $newPassword = '{SSHA}' . $newPassword;
+ }
break;
case 'smd5':
$salt = mhash_keygen_s2k(MHASH_MD5,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
- $newPassword = '{SMD5}' . base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
+ $newPassword = base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
+ if ($show_encryption) {
+ $newPassword = '{SMD5}' . $newPassword;
+ }
break;
default:
return PEAR::raiseError(_("Password module is not properly configured"));
Index: lib/Driver/sql.php
===================================================================
RCS file: /repository/passwd/lib/Driver/sql.php,v
retrieving revision 1.12
diff -u -r1.12 sql.php
--- lib/Driver/sql.php 10 Jun 2003 19:05:12 -0000 1.12
+++ lib/Driver/sql.php 20 Jun 2003 15:27:06 -0000
@@ -50,6 +50,7 @@
$this->_params['encryption'] = array_key_exists('encryption', $params) ? $params['encryption'] : 'md5';
$this->_params['user_col'] = array_key_exists('user_col', $params) ? $params['user_col'] : 'user_uid';
$this->_params['pass_col'] = array_key_exists('pass_col', $params) ? $params['pass_col'] : 'user_pass';
+ $this->_params['show_encryption'] = array_key_exists('show_encryption', $params) ? $params['show_encryption'] : false;
}
/**
@@ -145,7 +146,7 @@
}
// Encrypt the password
- $newPassword = $this->encryptPassword($newPassword);
+ $newPassword = $this->encryptPassword($newPassword, $this->_params['show_encryption']);
// Build the SQL query.
$query = 'UPDATE ' . $this->_params['table'];
More information about the dev
mailing list