PPolicy: password history check

This commit is contained in:
Roland Gruber 2013-07-26 19:04:56 +00:00
parent 47f37858cc
commit 6ecbf53b08
2 changed files with 53 additions and 0 deletions

View File

@ -1,4 +1,6 @@
18.06.2013 4.2.1
- LAM Pro:
-> PPolicy: check password history for password reuse
- fixed bugs:
-> Unix: suggested user name must be lower case
-> Quota: profile editor does not work in some cases

View File

@ -318,6 +318,57 @@ function generateRandomPassword() {
return $password;
}
/**
* Checks if the given password mathes the crypto hash.
*
* @param String type hash type (must be one of getSupportedHashTypes())
* @param unknown_type $hash password hash value
* @param unknown_type $password plain text password to check
* @see getSupportedHashTypes()
*/
function checkPasswordHash($type, $hash, $password) {
switch ($type) {
case 'SSHA':
$bin = base64_decode($hash);
$salt = substr($bin, 20);
$pwdHash = base64_encode(convertHex2bin(sha1($password . $salt)) . $salt);
return (strcmp($hash, $pwdHash) == 0);
break;
case 'SHA':
return (strcmp($hash, base64_encode(convertHex2bin(sha1($password)))) == 0);
break;
case 'SMD5':
$bin = base64_decode($hash);
$salt = substr($bin, 16);
$pwdHash = base64_encode(convertHex2bin(md5($password . $salt)) . $salt);
return (strcmp($hash, $pwdHash) == 0);
break;
case 'MD5':
return (strcmp($hash, base64_encode(convertHex2bin(md5($password)))) == 0);
break;
case 'CRYPT':
$parts = explode('$', $hash);
if (sizeof($parts) == 4) {
$version = $parts[1];
$salt = $parts[2];
$pwdHash = crypt($password, '$' . $version . '$' . $salt);
return (strcmp($hash, $pwdHash) == 0);
}
elseif (sizeof($parts) == 5) {
$version = $parts[1];
$rounds = $parts[2];
$salt = $parts[3];
$pwdHash = crypt($password, '$' . $version . '$' . $rounds . '$' . $salt);
return (strcmp($hash, $pwdHash) == 0);
}
return false;
break;
default:
return false;
}
return false;
}
/**
* Returns an array with all Samba 3 domain entries under the given suffix
*