From 502a92e072be7b42750b4c9032e7269d1fd7c7b4 Mon Sep 17 00:00:00 2001 From: Patrick Michel Date: Sun, 27 Nov 2011 10:55:27 +0100 Subject: MD5 password hash format of the LDAP RFC FS#2378 This implements the salted MD5 password hash format of the LDAP RFC. The format is quite simple the password, followed by the 8 byte hash in base64 encoding, which results in 32 characters, prepended with the string "{smd5}". --- inc/PassHash.class.php | 15 +++++++++++++++ lib/plugins/config/settings/config.metadata.php | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 31493c022..c13cf4a54 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -50,6 +50,9 @@ class PassHash { }elseif(substr($hash,0,6) == '{SSHA}'){ $method = 'ssha'; $salt = substr(base64_decode(substr($hash, 6)),20); + }elseif(substr($hash,0,6) == '{SMD5}'){ + $method = 'smd6'; + $salt = substr(base64_decode(substr($hash, 6)),16); }elseif($len == 32){ $method = 'md5'; }elseif($len == 40){ @@ -130,6 +133,18 @@ class PassHash { } } + + /** + * Password hashing method 'smd6' + * + * Uses salted MD5 hashs. Salt is 8 bytes long. Yes, really 8 bytes... + */ + public function hash_smd6($clear, $salt=null){ + $this->init_salt($salt,8); + return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt); + } + + /** * Password hashing method 'apr1' * diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 5f2c32ea7..c943a2fad 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -123,7 +123,7 @@ $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); $meta['autopasswd'] = array('onoff'); $meta['authtype'] = array('authtype'); -$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5')); +$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','smd6','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5')); $meta['defaultgroup']= array('string'); $meta['superuser'] = array('string'); $meta['manager'] = array('string'); -- cgit v1.2.3 From 491a2c68bc685e7e0cd4f9622ef4051e4a580d62 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 27 Nov 2011 11:08:07 +0100 Subject: renamed passhash method smd6 to lsmd5 --- inc/PassHash.class.php | 14 ++++++++------ lib/plugins/config/settings/config.metadata.php | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index c13cf4a54..8f62425aa 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -51,7 +51,7 @@ class PassHash { $method = 'ssha'; $salt = substr(base64_decode(substr($hash, 6)),20); }elseif(substr($hash,0,6) == '{SMD5}'){ - $method = 'smd6'; + $method = 'lsmd5'; $salt = substr(base64_decode(substr($hash, 6)),16); }elseif($len == 32){ $method = 'md5'; @@ -135,13 +135,15 @@ class PassHash { /** - * Password hashing method 'smd6' + * Password hashing method 'lsmd5' * - * Uses salted MD5 hashs. Salt is 8 bytes long. Yes, really 8 bytes... + * Uses salted MD5 hashs. Salt is 8 bytes long. + * + * This is the format used by LDAP. */ - public function hash_smd6($clear, $salt=null){ - $this->init_salt($salt,8); - return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt); + public function hash_lsmd5($clear, $salt=null){ + $this->init_salt($salt,8); + return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt); } diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index c943a2fad..0315ecae6 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -123,7 +123,7 @@ $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); $meta['autopasswd'] = array('onoff'); $meta['authtype'] = array('authtype'); -$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','smd6','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5')); +$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5')); $meta['defaultgroup']= array('string'); $meta['superuser'] = array('string'); $meta['manager'] = array('string'); -- cgit v1.2.3 From c8ca60df97ff2b24091c7c0d0db72c680200ea1b Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 27 Nov 2011 11:08:44 +0100 Subject: added test case for lsmd5 passhashing --- _test/cases/inc/auth_password.test.php | 1 + 1 file changed, 1 insertion(+) diff --git a/_test/cases/inc/auth_password.test.php b/_test/cases/inc/auth_password.test.php index 928552a14..6c643a7ed 100644 --- a/_test/cases/inc/auth_password.test.php +++ b/_test/cases/inc/auth_password.test.php @@ -12,6 +12,7 @@ class auth_password_test extends UnitTestCase { 'md5' => '8fa22d62408e5351553acdd91c6b7003', 'sha1' => 'b456d3b0efd105d613744ffd549514ecafcfc7e1', 'ssha' => '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk', + 'lsmd5' => '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo', 'crypt' => 'ablvoGr1hvZ5k', 'mysql' => '4a1fa3780bd6fd55', 'my411' => '*e5929347e25f82e19e4ebe92f1dc6b6e7c2dbd29', -- cgit v1.2.3