diff options
| -rw-r--r-- | _test/cases/inc/auth_password.test.php | 6 | ||||
| -rw-r--r-- | inc/PassHash.class.php | 51 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 2 |
3 files changed, 58 insertions, 1 deletions
diff --git a/_test/cases/inc/auth_password.test.php b/_test/cases/inc/auth_password.test.php index 928552a14..394f0b2f5 100644 --- a/_test/cases/inc/auth_password.test.php +++ b/_test/cases/inc/auth_password.test.php @@ -12,6 +12,7 @@ class auth_password_test extends UnitTestCase { 'md5' => '8fa22d62408e5351553acdd91c6b7003', 'sha1' => 'b456d3b0efd105d613744ffd549514ecafcfc7e1', 'ssha' => '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk', + 'lsmd5' => '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo', 'crypt' => 'ablvoGr1hvZ5k', 'mysql' => '4a1fa3780bd6fd55', 'my411' => '*e5929347e25f82e19e4ebe92f1dc6b6e7c2dbd29', @@ -48,6 +49,11 @@ class auth_password_test extends UnitTestCase { } } + function test_bcrypt_self(){ + $hash = auth_cryptPassword('foobcrypt','bcrypt'); + $this->assertTrue(auth_verifyPassword('foobcrypt',$hash)); + } + function test_verifyPassword_nohash(){ $this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/')); } diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 31493c022..2558f37c6 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -47,9 +47,15 @@ class PassHash { }elseif(preg_match('/^md5\$(.{5})\$/',$hash,$m)){ $method = 'djangomd5'; $salt = $m[1]; + }elseif(preg_match('/^\$2a\$(.{2})\$/',$hash,$m)){ + $method = 'bcrypt'; + $salt = $hash; }elseif(substr($hash,0,6) == '{SSHA}'){ $method = 'ssha'; $salt = substr(base64_decode(substr($hash, 6)),20); + }elseif(substr($hash,0,6) == '{SMD5}'){ + $method = 'lsmd5'; + $salt = substr(base64_decode(substr($hash, 6)),16); }elseif($len == 32){ $method = 'md5'; }elseif($len == 40){ @@ -130,6 +136,20 @@ class PassHash { } } + + /** + * Password hashing method 'lsmd5' + * + * Uses salted MD5 hashs. Salt is 8 bytes long. + * + * This is the format used by LDAP. + */ + public function hash_lsmd5($clear, $salt=null){ + $this->init_salt($salt,8); + return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt); + } + + /** * Password hashing method 'apr1' * @@ -379,4 +399,35 @@ class PassHash { return 'md5$'.$salt.'$'.md5($salt.$clear); } + + /** + * Passwordhashing method 'bcrypt' + * + * Uses a modified blowfish algorithm called eksblowfish + * This method works on PHP 5.3+ only and will throw an exception + * if the needed crypt support isn't available + * + * A full hash should be given as salt (starting with $a2$) or this + * will break. When no salt is given, the iteration count can be set + * through the $compute variable. + * + * @param string $clear - the clear text to hash + * @param string $salt - the salt to use, null for random + * @param int $compute - the iteration count (between 4 and 31) + * @returns string - hashed password + */ + public function hash_bcrypt($clear, $salt=null, $compute=8){ + if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH != 1){ + throw new Exception('This PHP installation has no bcrypt support'); + } + + if(is_null($salt)){ + if($compute < 4 || $compute > 31) $compute = 8; + $salt = '$2a$'.str_pad($compute, 2, '0', STR_PAD_LEFT).'$'. + $this->gen_salt(22); + } + + return crypt($password, $salt); + } + } diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 96451e857..af815e8dc 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -125,7 +125,7 @@ $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); $meta['autopasswd'] = array('onoff'); $meta['authtype'] = array('authtype'); -$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5')); +$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt')); $meta['defaultgroup']= array('string'); $meta['superuser'] = array('string'); $meta['manager'] = array('string'); |