From 21959715c3d6f204dd6c35b2e313eb2d4a01d22a Mon Sep 17 00:00:00 2001 From: Jean-Philippe Ghibaudo Date: Sat, 1 Sep 2012 11:31:38 +1000 Subject: [PATCH] SF Feature #3509651 - Add support for SHA512 with OpenLDAP --- lib/functions.php | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/lib/functions.php b/lib/functions.php index 3e8454d..68263b9 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1471,10 +1471,10 @@ function get_next_number($base,$attr,$increment=false,$filter=false,$startmin=nu for ($i=0;$i $num+1) - return $autonum[$i] >= $num ? $num+1 : $num; + /* If we're at the end of the list, or we've found a gap between this number and the + following, use the next available number in the gap. */ + if ($i+1 == count($autonum) || $autonum[$i+1] > $num+1) + return $autonum[$i] >= $num ? $num+1 : $num; } # If we didnt find a suitable gap and are all above the minNumber, we'll just return the $minNumber @@ -2114,7 +2114,8 @@ function password_types() { 'md5crypt'=>'md5crypt', 'sha'=>'sha', 'smd5'=>'smd5', - 'ssha'=>'ssha' + 'ssha'=>'ssha', + 'sha512'=>'sha512', ); } @@ -2123,7 +2124,7 @@ function password_types() { * * @param string The password to hash in clear text. * @param string Standard LDAP encryption type which must be one of - * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. + * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear. * @return string The hashed password. */ function password_hash($password_clear,$enc_type) { @@ -2216,6 +2217,16 @@ function password_hash($password_clear,$enc_type) { break; + case 'sha512': + if (function_exists('openssl_digest') && function_exists('base64_encode')) { + $new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true))); + + } else { + error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '),'error','index.php'); + } + + break; + case 'clear': default: $new_value = $password_clear; @@ -2379,6 +2390,15 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword break; + # SHA512 crypted passwords + case 'sha512': + if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) + return true; + else + return false; + + break; + # No crypt is given assume plaintext passwords are used default: if ($plainpassword == $cryptedpassword) @@ -2782,7 +2802,7 @@ function draw_formatted_dn($server,$entry) { $formats = $_SESSION[APPCONFIG]->getValue('appearance','tree_display_format'); - foreach ($formats as $format) { + foreach ($formats as $format) { $has_none = false; preg_match_all('/%[a-zA-Z_0-9]+/',$format,$tokens); $tokens = $tokens[0];