From a8c9abe22b8b9a1483a3cf15bef07297caf59f64 Mon Sep 17 00:00:00 2001
From: EtienneBarbier <etienne.barbier@atos.net>
Date: Wed, 1 Dec 2021 14:10:16 +0100
Subject: [PATCH] Add option to list available password types - closes #143

---
 config/config.php.example | 25 +++++++++++++++++++++++++
 lib/config_default.php    | 24 ++++++++++++++++++++++++
 lib/functions.php         | 22 +---------------------
 3 files changed, 50 insertions(+), 21 deletions(-)

diff --git a/config/config.php.example b/config/config.php.example
index 3f964076..e54b1f58 100644
--- a/config/config.php.example
+++ b/config/config.php.example
@@ -71,6 +71,31 @@
    environments. */
 #  $config->custom->password['no_random_crypt_salt'] = true;
 
+/* If you want to restrict password available types (encryption algorithms)
+	 Should be subset of:
+	 array(
+		''=>'clear',
+		'bcrypt'=>'bcrypt',
+		'blowfish'=>'blowfish',
+		'crypt'=>'crypt',
+		'ext_des'=>'ext_des',
+		'md5'=>'md5',
+		'k5key'=>'k5key',
+		'md5crypt'=>'md5crypt',
+		'sha'=>'sha',
+		'smd5'=>'smd5',
+		'ssha'=>'ssha',
+		'sha256'=>'sha256',
+		'ssha256'=>'ssha256',
+		'sha384'=>'sha384',
+		'ssha384'=>'ssha384',
+		'sha512'=>'sha512',
+		'ssha512'=>'ssha512',
+		'sha256crypt'=>'sha256crypt',
+		'sha512crypt'=>'sha512crypt',
+	 )*/
+#  $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
+
 /* PHP script timeout control. If php runs longer than this many seconds then
    PHP will stop with an Maximum Execution time error. Increase this value from
    the default if queries to your LDAP server are slow. The default is either
diff --git a/lib/config_default.php b/lib/config_default.php
index 9c18be48..121d743b 100644
--- a/lib/config_default.php
+++ b/lib/config_default.php
@@ -554,6 +554,30 @@ class Config {
 			'desc'=>'Disable random salt for crypt()',
 			'default'=>false);
 
+		$this->default->password['available_types'] = array(
+			'desc'=>'List of available password types used for encryption',
+			'default'=>array(
+				''=>'clear',
+				'bcrypt'=>'bcrypt',
+				'blowfish'=>'blowfish',
+				'crypt'=>'crypt',
+				'ext_des'=>'ext_des',
+				'md5'=>'md5',
+				'k5key'=>'k5key',
+				'md5crypt'=>'md5crypt',
+				'sha'=>'sha',
+				'smd5'=>'smd5',
+				'ssha'=>'ssha',
+				'sha256'=>'sha256',
+				'ssha256'=>'ssha256',
+				'sha384'=>'sha384',
+				'ssha384'=>'ssha384',
+				'sha512'=>'sha512',
+				'ssha512'=>'ssha512',
+				'sha256crypt'=>'sha256crypt',
+				'sha512crypt'=>'sha512crypt',
+			));
+
 		/** Search display
 		 * By default, when searching you may display a list or a table of results.
 		 * Set this to 'table' to see table formatted results.
diff --git a/lib/functions.php b/lib/functions.php
index df3e0799..b44dd2cf 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -2148,27 +2148,7 @@ function password_types() {
 	if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
 
-	return array(
-		''=>'clear',
-		'bcrypt'=>'bcrypt',
-		'blowfish'=>'blowfish',
-		'crypt'=>'crypt',
-		'ext_des'=>'ext_des',
-		'md5'=>'md5',
-		'k5key'=>'k5key',
-		'md5crypt'=>'md5crypt',
-		'sha'=>'sha',
-		'smd5'=>'smd5',
-		'ssha'=>'ssha',
-		'sha256'=>'sha256',
-		'ssha256'=>'ssha256',
-		'sha384'=>'sha384',
-		'ssha384'=>'ssha384',
-		'sha512'=>'sha512',
-		'ssha512'=>'ssha512',
-		'sha256crypt'=>'sha256crypt',
-		'sha512crypt'=>'sha512crypt',
-	);
+	return $_SESSION[APPCONFIG]->getValue('password', 'available_types');
 }
 
 /**