support CRYPT-SHA512
This commit is contained in:
Roland Gruber
parent
1e60d37775
commit
15984ad7f1
|
|
@ -162,12 +162,12 @@ function ntPassword($password) {
|
|||
|
||||
|
||||
/**
|
||||
* Returns the hash value of a plain text password
|
||||
* the hash algorithm depends on the configuration file
|
||||
* Returns the hash value of a plain text password.
|
||||
* @see getSupportedHashTypes()
|
||||
*
|
||||
* @param string $password the password string
|
||||
* @param boolean $enabled marks the hash as enabled/disabled (e.g. by prefixing "!")
|
||||
* @param string $hashType password hash type (CRYPT, SHA, SSHA, MD5, SMD5, PLAIN)
|
||||
* @param string $hashType password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN)
|
||||
* @return string the password hash
|
||||
*/
|
||||
function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
||||
|
|
@ -188,12 +188,14 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
|||
case 'CRYPT':
|
||||
$hash = "{CRYPT}" . crypt($password);
|
||||
break;
|
||||
case 'CRYPT-SHA512':
|
||||
$hash = "{CRYPT}" . crypt($password, '$6$' . generateSalt(16));
|
||||
break;
|
||||
case 'MD5':
|
||||
$hash = "{MD5}" . base64_encode(convertHex2bin(md5($password)));
|
||||
break;
|
||||
case 'SMD5':
|
||||
$salt0 = substr(pack("h*", md5($rand)), 0, 8);
|
||||
$salt = substr(pack("H*", md5($salt0 . $password)), 0, 4);
|
||||
$salt = generateSalt(4);
|
||||
$hash = "{SMD5}" . base64_encode(convertHex2bin(md5($password . $salt)) . $salt);
|
||||
break;
|
||||
case 'SHA':
|
||||
|
|
@ -204,8 +206,7 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
|||
break;
|
||||
case 'SSHA':
|
||||
default: // use SSHA if the setting is invalid
|
||||
$salt0 = substr(pack("h*", md5($rand)), 0, 8);
|
||||
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
|
||||
$salt = generateSalt(4);
|
||||
$hash = "{SSHA}" . base64_encode(convertHex2bin(sha1($password . $salt)) . $salt);
|
||||
break;
|
||||
}
|
||||
|
|
@ -214,6 +215,36 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
|||
else return $hash;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the list of supported hash types (e.g. SSHA).
|
||||
*
|
||||
* @return array hash types
|
||||
*/
|
||||
function getSupportedHashTypes() {
|
||||
if (version_compare(phpversion(), '5.3.2') < 0) {
|
||||
// CRYPT-SHA512 requires PHP 5.3.2 or higher
|
||||
return array('CRYPT', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN');
|
||||
}
|
||||
return array('CRYPT', 'CRYPT-SHA512', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN');
|
||||
}
|
||||
|
||||
/**
|
||||
* Calculates a password salt of the given legth.
|
||||
*
|
||||
* @param int $len salt length
|
||||
* @return String the salt string
|
||||
*
|
||||
*/
|
||||
function generateSalt($len) {
|
||||
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./';
|
||||
$salt = '';
|
||||
for ($i = 0; $i < $len; $i++) {
|
||||
$pos= mt_rand(0, strlen($chars)-1);
|
||||
$salt .= $chars{$pos};
|
||||
}
|
||||
return $salt;
|
||||
}
|
||||
|
||||
/**
|
||||
* Marks an password hash as enabled and returns the new hash string
|
||||
*
|
||||
|
|
|
|||
|
|
@ -288,10 +288,9 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
// add password hash type if posixAccount is inactive
|
||||
$confActiveUnixModules = array_merge($_SESSION['conf_config']->get_AccountModules('user'), $_SESSION['conf_config']->get_AccountModules('host'), $_SESSION['conf_config']->get_AccountModules('group'));
|
||||
if (!in_array('posixAccount', $confActiveUnixModules) && !in_array('posixGroup', $confActiveUnixModules)) {
|
||||
$options = array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN");
|
||||
$optionsSelected = array('SSHA');
|
||||
$hashOption = new htmlTable();
|
||||
$hashOption->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', $options, $optionsSelected, _("Password hash type"), 'pwdHash'));
|
||||
$hashOption->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(), $optionsSelected, _("Password hash type"), 'pwdHash'));
|
||||
$configContainer->addElement($hashOption);
|
||||
}
|
||||
}
|
||||
|
|
@ -772,7 +771,7 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
),
|
||||
'pwdHash' => array(
|
||||
"Headline" => _("Password hash type"),
|
||||
"Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||
),
|
||||
'o' => array(
|
||||
"Headline" => _("Organisation"), 'attr' => 'o',
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$return['selfServiceReadOnlyFields'] = array('cn', 'loginShell');
|
||||
// self service configuration settings
|
||||
$selfServiceContainer = new htmlTable();
|
||||
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"),
|
||||
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
|
||||
array('SSHA'), _("Password hash type")));
|
||||
$selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this)));
|
||||
$return['selfServiceSettings'] = $selfServiceContainer;
|
||||
|
|
@ -192,7 +192,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$return['config_options']['host'] = $configHostContainer;
|
||||
$configOptionsContainer = new htmlTable();
|
||||
$configOptionsContainer->addElement(new htmlSubTitle(_('Options')), true);
|
||||
$configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"),
|
||||
$configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
|
||||
array('SSHA'), _("Password hash type"), 'pwdHash'), true);
|
||||
$configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'));
|
||||
$return['config_options']['all'] = $configOptionsContainer;
|
||||
|
|
@ -350,7 +350,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
),
|
||||
'pwdHash' => array(
|
||||
"Headline" => _("Password hash type"),
|
||||
"Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||
),
|
||||
'uidNumber' => array(
|
||||
"Headline" => _("UID number"), 'attr' => 'uidNumber',
|
||||
|
|
|
|||
|
|
@ -418,7 +418,7 @@ class posixGroup extends baseModule implements passwordService {
|
|||
),
|
||||
'pwdHash' => array(
|
||||
"Headline" => _("Password hash type"),
|
||||
"Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||
),
|
||||
'cn' => array(
|
||||
"Headline" => _("Group name"), 'attr' => 'cn',
|
||||
|
|
@ -445,7 +445,7 @@ class posixGroup extends baseModule implements passwordService {
|
|||
$return = parent::get_configOptions($scopes, $allScopes);
|
||||
// display password hash option only if posixAccount module is not used
|
||||
if (!isset($allScopes['posixAccount'])) {
|
||||
$return[0]->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"), array('SSHA'), _("Password hash type"), 'pwdHash'));
|
||||
$return[0]->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(), array('SSHA'), _("Password hash type"), 'pwdHash'));
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue