diff options
Diffstat (limited to 'plugins/password/drivers/ldap.php')
-rw-r--r-- | plugins/password/drivers/ldap.php | 167 |
1 files changed, 71 insertions, 96 deletions
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index 29c43fbf4..cf62debcf 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -23,7 +23,7 @@ class rcube_ldap_password // Building user DN if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) { - $userDN = $this->substitute_vars($userDN); + $userDN = self::substitute_vars($userDN); } else { $userDN = $this->search_userdn($rcmail); } @@ -64,7 +64,7 @@ class rcube_ldap_password return PASSWORD_CONNECT_ERROR; } - $crypted_pass = $this->hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); + $crypted_pass = self::hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); $force = $rcmail->config->get('password_ldap_force_replace'); $pwattr = $rcmail->config->get('password_ldap_pwattr'); $lchattr = $rcmail->config->get('password_ldap_lchattr'); @@ -84,7 +84,7 @@ class rcube_ldap_password } // Crypt new samba password - if ($smbpwattr && !($samba_pass = $this->hashPassword($passwd, 'samba'))) { + if ($smbpwattr && !($samba_pass = self::hash_password($passwd, 'samba'))) { return PASSWORD_CRYPT_ERROR; } @@ -147,7 +147,7 @@ class rcube_ldap_password } $base = $rcmail->config->get('password_ldap_search_base'); - $filter = $this->substitute_vars($rcmail->config->get('password_ldap_search_filter')); + $filter = self::substitute_vars($rcmail->config->get('password_ldap_search_filter')); $options = array ( 'scope' => 'sub', 'attributes' => array(), @@ -163,27 +163,25 @@ class rcube_ldap_password } /** - * Substitute %login, %name, %domain, %dc in $str. - * See plugin config for details. + * Substitute %login, %name, %domain, %dc in $str + * See plugin config for details */ - function substitute_vars($str) + static function substitute_vars($str) { - $rcmail = rcmail::get_instance(); - $domain = $rcmail->user->get_username('domain'); - $dc = 'dc='.strtr($domain, array('.' => ',dc=')); // hierarchal domain string - - $str = str_replace(array( - '%login', - '%name', - '%domain', - '%dc', - ), array( - $_SESSION['username'], - $rcmail->user->get_username('local'), - $domain, - $dc, - ), $str - ); + $str = str_replace('%login', $_SESSION['username'], $str); + $str = str_replace('%l', $_SESSION['username'], $str); + + $parts = explode('@', $_SESSION['username']); + + if (count($parts) == 2) { + $dc = 'dc='.strtr($parts[1], array('.' => ',dc=')); // hierarchal domain string + + $str = str_replace('%name', $parts[0], $str); + $str = str_replace('%n', $parts[0], $str); + $str = str_replace('%dc', $dc, $str); + $str = str_replace('%domain', $parts[1], $str); + $str = str_replace('%d', $parts[1], $str); + } return $str; } @@ -192,132 +190,109 @@ class rcube_ldap_password * Code originaly from the phpLDAPadmin development team * http://phpldapadmin.sourceforge.net/ * - * Hashes a password and returns the hash based on the specified enc_type. - * - * @param string $passwordClear The password to hash in clear text. - * @param string $encodageType Standard LDAP encryption type which must be one of - * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. - * @return string The hashed password. - * + * Hashes a password and returns the hash based on the specified enc_type */ - function hashPassword( $passwordClear, $encodageType ) + static function hash_password($password_clear, $encodage_type) { - $encodageType = strtolower( $encodageType ); - switch( $encodageType ) { + $encodage_type = strtolower($encodage_type); + switch ($encodage_type) { case 'crypt': - $cryptedPassword = '{CRYPT}' . crypt($passwordClear, $this->randomSalt(2)); + $crypted_password = '{CRYPT}' . crypt($password_clear, self::random_salt(2)); break; - case 'ext_des': - // extended des crypt. see OpenBSD crypt man page. - if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) { - // Your system crypt library does not support extended DES encryption. - return FALSE; + /* Extended DES crypt. see OpenBSD crypt man page */ + if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) { + /* Your system crypt library does not support extended DES encryption */ + return false; } - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . $this->randomSalt(8) ); + $crypted_password = '{CRYPT}' . crypt($password_clear, '_' . self::random_salt(8)); break; - case 'md5crypt': - if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) { - // Your system crypt library does not support md5crypt encryption. - return FALSE; + if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) { + /* Your system crypt library does not support md5crypt encryption */ + return false; } - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . $this->randomSalt(9) ); + $crypted_password = '{CRYPT}' . crypt($password_clear, '$1$' . self::random_salt(9)); break; - case 'blowfish': - if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) { - // Your system crypt library does not support blowfish encryption. - return FALSE; + if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) { + /* Your system crypt library does not support blowfish encryption */ + return false; } - // hardcoded to second blowfish version and set number of rounds - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . $this->randomSalt(13) ); + /* Hardcoded to second blowfish version and set number of rounds */ + $crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . self::random_salt(13)); break; - case 'md5': - $cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) ); + $crypted_password = '{MD5}' . base64_encode(pack('H*', md5($password_clear))); break; - case 'sha': - if( function_exists('sha1') ) { - // use php 4.3.0+ sha1 function, if it is available. - $cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) ); - } elseif( function_exists( 'mhash' ) ) { - $cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) ); + if (function_exists('sha1')) { + /* Use PHP 4.3.0+ sha1 function, if it is available */ + $crypted_password = '{SHA}' . base64_encode(pack('H*', sha1($password_clear))); + } else if (function_exists('mhash')) { + $crypted_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear)); } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. + /* Your PHP install does not have the mhash() function */ + return false; } break; - case 'ssha': - if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { - mt_srand( (double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( 'h*', md5( mt_rand() ) ), 0, 8 ), 4 ); - $cryptedPassword = '{SSHA}'.base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt ); + if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { + mt_srand((double) microtime() * 1000000 ); + $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); + $crypted_password = '{SSHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt); } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. + /* Your PHP install does not have the mhash() function */ + return false; } break; - case 'smd5': - if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { - mt_srand( (double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( 'h*', md5( mt_rand() ) ), 0, 8 ), 4 ); - $cryptedPassword = '{SMD5}'.base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt ); + if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { + mt_srand((double) microtime() * 1000000 ); + $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); + $crypted_password = '{SMD5}' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt); } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. + /* Your PHP install does not have the mhash() function */ + return false; } break; - case 'samba': if (function_exists('hash')) { - $cryptedPassword = hash('md4', rcube_charset::convert($passwordClear, RCUBE_CHARSET, 'UTF-16LE')); - $cryptedPassword = strtoupper($cryptedPassword); + $crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE')); + $crypted_password = strtoupper($crypted_password); } else { /* Your PHP install does not have the hash() function */ return false; } break; - case 'ad': - $cryptedPassword = rcube_charset::convert('"' . $passwordClear . '"', RCUBE_CHARSET, 'UTF-16LE'); + $crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE'); break; - case 'clear': default: - $cryptedPassword = $passwordClear; + $crypted_password = $password_clear; } - return $cryptedPassword; + return $crypted_password; } /** * Code originaly from the phpLDAPadmin development team * http://phpldapadmin.sourceforge.net/ * - * Used to generate a random salt for crypt-style passwords. Salt strings are used - * to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses - * not only the user's password but also a randomly generated string. The string is - * stored as the first N characters of the hash for reference of hashing algorithms later. - * - * --- added 20021125 by bayu irawan <bayuir@divnet.telkom.co.id> --- - * --- ammended 20030625 by S C Rigler <srigler@houston.rr.com> --- - * - * @param int $length The length of the salt string to generate. - * @return string The generated salt string. + * Used to generate a random salt for crypt-style passwords */ - function randomSalt( $length ) + static function random_salt($length) { - $possible = '0123456789'. - 'abcdefghijklmnopqrstuvwxyz'. - 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. - './'; + $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './'; $str = ''; // mt_srand((double)microtime() * 1000000); - while (strlen($str) < $length) + while (strlen($str) < $length) { $str .= substr($possible, (rand() % strlen($possible)), 1); + } return $str; } + } |