Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module)

This commit is contained in:
Bert Van de Poel 2021-04-25 01:32:10 +02:00 committed by Deon George
parent 46cc4a1b13
commit 54bb4743aa

View File

@ -2166,6 +2166,10 @@ function password_types() {
'sha'=>'sha', 'sha'=>'sha',
'smd5'=>'smd5', 'smd5'=>'smd5',
'ssha'=>'ssha', 'ssha'=>'ssha',
'sha256'=>'sha256',
'ssha256'=>'ssha256',
'sha384'=>'sha384',
'ssha384'=>'ssha384',
'sha512'=>'sha512', 'sha512'=>'sha512',
'sha256crypt'=>'sha256crypt', 'sha256crypt'=>'sha256crypt',
'sha512crypt'=>'sha512crypt', 'sha512crypt'=>'sha512crypt',
@ -2284,6 +2288,28 @@ function pla_password_hash($password_clear,$enc_type) {
break; break;
case 'sha256':
$new_value = sprintf('{SHA256}%s', base64_encode(hash('sha256', $password_clear, true)));
break;
case 'ssha256':
$salt = hex2bin(random_salt(8));
$new_value = sprintf('{SSHA256}%s', base64_encode(hash('sha256', $password_clear.$salt, true).$salt));
break;
case 'sha384':
$new_value = sprintf('{SHA384}%s', base64_encode(hash('sha384', $password_clear, true)));
break;
case 'ssha384':
$salt = hex2bin(random_salt(8));
$new_value = sprintf('{SSHA384}%s', base64_encode(hash('sha384', $password_clear.$salt, true).$salt));
break;
case 'sha512': case 'sha512':
if (function_exists('openssl_digest') && function_exists('base64_encode')) { if (function_exists('openssl_digest') && function_exists('base64_encode')) {
$new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true))); $new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true)));
@ -2489,6 +2515,50 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
break; break;
# SHA256 crypted passwords
case 'sha256':
if (strcasecmp(pla_password_hash($plainpassword,'sha256'),'{SHA256}'.$cryptedpassword) == 0)
return true;
else
return false;
break;
# Salted SHA256 crypted passwords
case 'ssha256':
$hash = base64_decode($cryptedpassword);
$salt = substr($hash,64);
$new_hash = base64_encode(hash('sha256', $plainpassword.$salt, true).$salt);
if (strcmp($cryptedpassword,$new_hash) == 0)
return true;
else
return false;
break;
# SHA384 crypted passwords
case 'sha384':
if (strcasecmp(pla_password_hash($plainpassword,'sha384'),'{SHA384}'.$cryptedpassword) == 0)
return true;
else
return false;
break;
# Salted SHA384 crypted passwords
case 'ssha384':
$hash = base64_decode($cryptedpassword);
$salt = substr($hash,64);
$new_hash = base64_encode(hash('sha384', $plainpassword.$salt, true).$salt);
if (strcmp($cryptedpassword,$new_hash) == 0)
return true;
else
return false;
break;
# SHA512 crypted passwords # SHA512 crypted passwords
case 'sha512': case 'sha512':
if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)