[sork] patch: Add SMD5 and SSHA to passwd module

Mon Nov 25 17:08:35 2002

I'm not sure if anyone is getting this patch.  I posted it to the devel 
list last week but received no responses.

Simply adds 'smd5' and 'ssha' to Driver.php.  These are most useful for 
LDAP authentication.

--
Jeff Clark
-------------- next part --------------
Index: lib/Driver.php
===================================================================
RCS file: /repository/passwd/lib/Driver.php,v
retrieving revision 1.6
diff -u -r1.6 Driver.php

--- lib/Driver.php      13 Nov 2002 02:09:24 -0000      1.6
+++ lib/Driver.php      25 Nov 2002 17:05:09 -0000
@@ -96,24 +96,36 @@
                     return true;
                 }
                 break;
-            case 'cyrpt';
-                // this is not tested but seems right :-) remove this comment if it works for you.
-                if (strpos($encrypted, '{crypt}') !== false) {
-                    $encrypted = substr($encrypted, 7);
-                }
+            case 'crypt':
+                $encrypted = substr($encrypted, 7);
                 $salt = substr($encrypted , 0, 2);
                 if ($encrypted == crypt($plaintext, $salt)) {
                     return true;
                 }
+                break;
             case 'sha':
-                // I'm not sure how this one works.
-                if (strpos($encrypted, '{SHA}') !== false) {
-                    $encrypted = substr($encrypted, 5);
-                }
+                $encrypted = substr($encrypted, 5);
                 if ($encrypted == base64_encode(mHash(MHASH_SHA1, $plaintext))) {
                     return true;
                 }
-
+                break;
+            case 'ssha':
+                $encrypted = substr($encrypted, 6);
+                $hash = base64_decode($encrypted);
+               $salt = substr($hash, 20);
+                if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
+                    return true;
+                }
+                break;
+            case 'smd5':
+                $encrypted = substr($encrypted, 6);
+                $hash = base64_decode($encrypted);
+                $salt = substr($hash, 16);
+                if ($hash == mHash(MHASH_MD5, $plaintext . $salt)) {
+                   return true;
+                }
+                break;
+            default:
                 return PEAR::raiseError($this->_params['encryption'] . 'Enrcyption not implemented yet');
                 break;
         }
@@ -123,7 +135,9 @@
     /**
      * Format a password using the current encryption.
      *
-     * @return String   The formated password.
+     * @param  $newPassword  The plaintext password to encrypt.
+     *
+     * @return String        The formated password.
      */
     function encryptPassword($newPassword)
     {
@@ -140,6 +154,14 @@
                 break;
             case "md5":
                 $newPassword = md5($newPassword);
+                break;
+            case "ssha":
+                $salt = mhash_keygen_s2k(MHASH_SHA1,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
+                $newPassword = "{SSHA}" . base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+                break;
+            case "smd5":
+                $salt = mhash_keygen_s2k(MHASH_MD5,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
+                $newPassword = "{SMD5}" . base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
                 break;
             default:
                 return PEAR::raiseError(_("Password module is not properly configured"));
