Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module)
This commit is contained in:
Bert Van de Poel
Deon George
parent
46cc4a1b13
commit
54bb4743aa
@ -2166,6 +2166,10 @@ function password_types() {
|
||||
'sha'=>'sha',
|
||||
'smd5'=>'smd5',
|
||||
'ssha'=>'ssha',
|
||||
'sha256'=>'sha256',
|
||||
'ssha256'=>'ssha256',
|
||||
'sha384'=>'sha384',
|
||||
'ssha384'=>'ssha384',
|
||||
'sha512'=>'sha512',
|
||||
'sha256crypt'=>'sha256crypt',
|
||||
'sha512crypt'=>'sha512crypt',
|
||||
@ -2284,6 +2288,28 @@ function pla_password_hash($password_clear,$enc_type) {
|
||||
|
||||
break;
|
||||
|
||||
case 'sha256':
|
||||
$new_value = sprintf('{SHA256}%s', base64_encode(hash('sha256', $password_clear, true)));
|
||||
|
||||
break;
|
||||
|
||||
case 'ssha256':
|
||||
$salt = hex2bin(random_salt(8));
|
||||
$new_value = sprintf('{SSHA256}%s', base64_encode(hash('sha256', $password_clear.$salt, true).$salt));
|
||||
|
||||
break;
|
||||
|
||||
case 'sha384':
|
||||
$new_value = sprintf('{SHA384}%s', base64_encode(hash('sha384', $password_clear, true)));
|
||||
|
||||
break;
|
||||
|
||||
case 'ssha384':
|
||||
$salt = hex2bin(random_salt(8));
|
||||
$new_value = sprintf('{SSHA384}%s', base64_encode(hash('sha384', $password_clear.$salt, true).$salt));
|
||||
|
||||
break;
|
||||
|
||||
case 'sha512':
|
||||
if (function_exists('openssl_digest') && function_exists('base64_encode')) {
|
||||
$new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true)));
|
||||
@ -2489,6 +2515,50 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
|
||||
|
||||
break;
|
||||
|
||||
# SHA256 crypted passwords
|
||||
case 'sha256':
|
||||
if (strcasecmp(pla_password_hash($plainpassword,'sha256'),'{SHA256}'.$cryptedpassword) == 0)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
|
||||
break;
|
||||
|
||||
# Salted SHA256 crypted passwords
|
||||
case 'ssha256':
|
||||
$hash = base64_decode($cryptedpassword);
|
||||
$salt = substr($hash,64);
|
||||
$new_hash = base64_encode(hash('sha256', $plainpassword.$salt, true).$salt);
|
||||
|
||||
if (strcmp($cryptedpassword,$new_hash) == 0)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
|
||||
break;
|
||||
|
||||
# SHA384 crypted passwords
|
||||
case 'sha384':
|
||||
if (strcasecmp(pla_password_hash($plainpassword,'sha384'),'{SHA384}'.$cryptedpassword) == 0)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
|
||||
break;
|
||||
|
||||
# Salted SHA384 crypted passwords
|
||||
case 'ssha384':
|
||||
$hash = base64_decode($cryptedpassword);
|
||||
$salt = substr($hash,64);
|
||||
$new_hash = base64_encode(hash('sha384', $plainpassword.$salt, true).$salt);
|
||||
|
||||
if (strcmp($cryptedpassword,$new_hash) == 0)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
|
||||
break;
|
||||
|
||||
# SHA512 crypted passwords
|
||||
case 'sha512':
|
||||
if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user