WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

MHash no longer needed

This commit is contained in:
Roland Gruber 2007-06-24 11:16:14 +00:00
parent 52c16a4745
commit d22422bff2
2 changed files with 7 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lam/lib/account.inc
View File

@ -191,58 +191,21 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
$hash = "{SMD5}" . base64_encode(hex2bin(md5($password . $salt)) . $salt); $hash = "{SMD5}" . base64_encode(hex2bin(md5($password . $salt)) . $salt);
break; break;
case 'SHA': case 'SHA':
// PHP 4.3+ can use sha1() function $hash = "{SHA}" . base64_encode(hex2bin(sha1($password)));
if (function_exists('sha1')) {
$hash = "{SHA}" . base64_encode(hex2bin(sha1($password)));
}
// otherwise use MHash
elseif (function_exists('mHash')) {
$hash = "{SHA}" . base64_encode(mHash(MHASH_SHA1, $password));
}
// if SHA1 is not possible use crypt()
else {
$hash = "{CRYPT}" . crypt($password);
}
break; break;
case 'SSHA': case 'SSHA':
// PHP 4.3+ can use sha1() function $salt0 = substr(pack("h*", md5($rand)), 0, 8);
if (function_exists('sha1')) { $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
$salt0 = substr(pack("h*", md5($rand)), 0, 8); $hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
$hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
}
// otherwise use MHash
elseif (function_exists('mHash')) {
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($rand)), 0, 8), 4);
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
$hash = "{SSHA}" . $hash;
}
// if SSHA is not possible use crypt()
else {
$hash = "{CRYPT}" . crypt($password);
}
break; break;
case 'PLAIN': case 'PLAIN':
$hash = $password; $hash = $password;
break; break;
// use SSHA if the setting is invalid // use SSHA if the setting is invalid
default: default:
// PHP 4.3+ can use sha1() function $salt0 = substr(pack("h*", md5($rand)), 0, 8);
if (function_exists('sha1')) { $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
$salt0 = substr(pack("h*", md5($rand)), 0, 8); $hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
$hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
}
// otherwise use MHash
elseif (function_exists('mHash')) {
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($rand)), 0, 8), 4);
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
$hash = "{SSHA}" . $hash;
}
// if SSHA is not possible use crypt()
else {
$hash = "{CRYPT}" . crypt($password);
}
break; break;
} }
// enable/disable password // enable/disable password

2
lam/lib/modules/posixAccount.inc
View File

@ -125,8 +125,6 @@ class posixAccount extends baseModule {
// managed attributes // managed attributes
$return['attributes'] = array('cn', 'uid', 'uidNumber', 'gidNumber', 'homeDirectory', $return['attributes'] = array('cn', 'uid', 'uidNumber', 'gidNumber', 'homeDirectory',
'userPassword', 'loginShell', 'gecos', 'description'); 'userPassword', 'loginShell', 'gecos', 'description');
// PHP extensions
$return['extensions'] = array('mhash');
if ($this->get_scope() == "user") { if ($this->get_scope() == "user") {
// self service search attributes // self service search attributes
$return['selfServiceSearchAttributes'] = array('uid'); $return['selfServiceSearchAttributes'] = array('uid');