[dev] Re: [cvs] commit: passwd/lib Driver.php passwd/lib/Driver vpopmail.php

Marc Jauvin marc at register4less.com
Thu Jun 26 14:33:31 PDT 2003


Eric Rostetter <eric.rostetter at physics.utexas.edu> wrote:

> Quoting Marko Djukic <tech at oblo.com>:
>
> > mdjukic     2003/06/25 19:44:32 PDT
> >
> >   Modified files:
> >     lib                  Driver.php
> >     lib/Driver           vpopmail.php
> >   Log:
>
> First, thanks for all the work on passwd! :)
>
> >   I have tweaked slightly how crypt() is handled. The biggest problem is
> the
> > appending of {crypt} string before the encrypted password, which I've tried
> > to figure out why this has been done in such a way but to no luck. It means
> > that sharing the SQL database with other apps such as PAM, SMTP-auth etc
> > becomes impossible if there are strings prefixed.
> >   If someone has an idea why this is done and should stay I'll put it back
> > and script around it to make it optional, or something similar.
>
> See the mailing list archives, as this has been discussed a fair amount a
> month or two back.  It's rather confusing, but it has been fairly well
> discussed.  I think something needs to be done, but I don't think having
> it vs removing it is the issue.  I think we need to somehow make a config
> item for it.

I DID add the option to show/hide the encryption type for SQL... Please see the
included patch.


--
Marc Jauvin
450-441-5458
http://register4less.com
-------------- next part --------------
? test.php
Index: config/backends.php.dist
===================================================================
RCS file: /repository/passwd/config/backends.php.dist,v
retrieving revision 1.18
diff -u -r1.18 backends.php.dist
--- config/backends.php.dist	26 Feb 2003 00:19:05 -0000	1.18
+++ config/backends.php.dist	20 Jun 2003 15:27:06 -0000
@@ -154,7 +154,8 @@
         'database'   => 'horde',
         'table'      => 'horde_users',
         'user_col'   => 'user_uid',
-        'pass_col'   => 'user_pass'
+        'pass_col'   => 'user_pass',
+        'show_encryption' => false
     )
 );
 
Index: lib/Driver.php
===================================================================
RCS file: /repository/passwd/lib/Driver.php,v
retrieving revision 1.22
diff -u -r1.22 Driver.php
--- lib/Driver.php	20 Apr 2003 16:34:28 -0000	1.22
+++ lib/Driver.php	20 Jun 2003 15:27:06 -0000
@@ -99,36 +99,45 @@
                 break;
             case 'md5-base64':
                 if ($encrypted == base64_encode(mHash(MHASH_MD5, $plaintext))) {
-                   return true;
+                    return true;
                 }
                 break;
             case 'crypt':
-                $encrypted = substr($encrypted, 7);
-                $salt = substr($encrypted , 0, 2);
+                $encrypted = preg_replace('|{crypt}|', '', $encrypted);
+                if (preg_match('|^\$1\$|', $encrypted)) {
+                    // CRYPT_MD5
+                    $salt = substr($encrypted , 0, 12);
+                } elseif (preg_match('|^\$2\$|', $encrypted)) {
+                    // CRYPT_BLOWFISH
+                    $salt = substr($encrypted , 0, 16);
+                } else {
+                    // CRYPT_DES
+                    $salt = substr($encrypted , 0, 2);
+                }
                 if ($encrypted == crypt($plaintext, $salt)) {
                     return true;
                 }
                 break;
             case 'sha':
-                $encrypted = substr($encrypted, 5);
+                $encrypted = preg_replace('|{SHA}|', '', $encrypted);
                 if ($encrypted == base64_encode(mHash(MHASH_SHA1, $plaintext))) {
                     return true;
                 }
                 break;
             case 'ssha':
-                $encrypted = substr($encrypted, 6);
+                $encrypted = preg_replace('|{SSHA}|', '', $encrypted);
                 $hash = base64_decode($encrypted);
-               $salt = substr($hash, 20);
+                $salt = substr($hash, 20);
                 if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
                     return true;
                 }
                 break;
             case 'smd5':
-                $encrypted = substr($encrypted, 6);
+                $encrypted = preg_replace('|{SMD5}|', '', $encrypted);
                 $hash = base64_decode($encrypted);
                 $salt = substr($hash, 16);
                 if ($hash == mHash(MHASH_MD5, $plaintext . $salt)) {
-                   return true;
+                    return true;
                 }
                 break;
             default:
@@ -145,33 +154,47 @@
      *
      * @return String        The formated password.
      */
-    function encryptPassword($newPassword)
+    function encryptPassword($newPassword, $show_encryption=true)
     {
         // Encrypt the password
         switch ($this->_params['encryption']) {
             case 'plain':
                 break;
             case 'sha':
-                $newPassword = '{SHA}' . base64_encode(mHash(MHASH_SHA1, $newPassword));
+                $newPassword = base64_encode(mHash(MHASH_SHA1, $newPassword));
+                if ($show_encryption) {
+                    $newPassword = '{SHA}' . $newPassword;
+                }
                 break;
             case 'crypt':
                 // The salt is left out, generated by php
-                $newPassword = '{crypt}' . crypt($newPassword);
+                $newPassword = crypt($newPassword);
+                if ($show_encryption) {
+                    $newPassword = '{crypt}' . $newPassword;
+                }
                 break;
             case 'md5-hex':
                 $newPassword = md5($newPassword);
                 break;
             case 'md5-base64':
-                $newPassword = '{MD5}' . base64_encode(mHash(MHASH_MD5,
-                         $newPassword));
-                 break;
+                $newPassword = base64_encode(mHash(MHASH_MD5, $newPassword));
+                if ($show_encryption) {
+                    $newPassword = '{MD5}' . $newPassword;
+                }
+                break;
             case 'ssha':
                 $salt = mhash_keygen_s2k(MHASH_SHA1,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
-                $newPassword = '{SSHA}' . base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+                $newPassword = base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+                if ($show_encryption) {
+                    $newPassword = '{SSHA}' . $newPassword;
+                }
                 break;
             case 'smd5':
                 $salt = mhash_keygen_s2k(MHASH_MD5,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
-                $newPassword = '{SMD5}' . base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
+                $newPassword = base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
+                if ($show_encryption) {
+                    $newPassword = '{SMD5}' . $newPassword;
+                }
                 break;
             default:
                 return PEAR::raiseError(_("Password module is not properly configured"));
Index: lib/Driver/sql.php
===================================================================
RCS file: /repository/passwd/lib/Driver/sql.php,v
retrieving revision 1.12
diff -u -r1.12 sql.php
--- lib/Driver/sql.php	10 Jun 2003 19:05:12 -0000	1.12
+++ lib/Driver/sql.php	20 Jun 2003 15:27:06 -0000
@@ -50,6 +50,7 @@
         $this->_params['encryption'] = array_key_exists('encryption', $params) ? $params['encryption'] : 'md5';
         $this->_params['user_col']   = array_key_exists('user_col', $params)   ? $params['user_col'] : 'user_uid';
         $this->_params['pass_col']   = array_key_exists('pass_col', $params)   ? $params['pass_col'] : 'user_pass';
+        $this->_params['show_encryption'] = array_key_exists('show_encryption', $params) ? $params['show_encryption'] : false;
     }
 
     /**
@@ -145,7 +146,7 @@
         }
 
         // Encrypt the password
-        $newPassword = $this->encryptPassword($newPassword);
+        $newPassword = $this->encryptPassword($newPassword, $this->_params['show_encryption']);
 
         // Build the SQL query.
         $query = 'UPDATE ' . $this->_params['table'];


More information about the dev mailing list