From 3e3fcd4d2786930996be916b9ff3a0c46abc49c0 Mon Sep 17 00:00:00 2001
From: Lorenzo Perone <lorenzo.perone@bytesatwork.com>
Date: Tue, 14 Oct 2014 23:22:46 +0200
Subject: Password Plugin / LDAP Driver: - adds support for (optional) multiple
 userPassword values for compatibility with more authentication shemes - adds
 support for CRAM-MD5 scheme as implemented by doveadm pw (credits: see header
 of plugins/password/helpers/dovecot_hmacmd5.php)

---
 plugins/password/drivers/ldap.php | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'plugins/password/drivers/ldap.php')

diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index 340dd29f8..2cf2c1198 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -78,7 +78,20 @@ class rcube_ldap_password
             return PASSWORD_CONNECT_ERROR;
         }
 
-        $crypted_pass = self::hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
+        $encodage = $rcmail->config->get('password_ldap_encodage');
+
+        // Support multiple userPassword values where desired.
+        // multiple encodings can be specified separated by '+' (e.g. "cram-md5+ssha")
+        $encodages = explode('+',$encodage);
+        $crypted_pass = array();
+
+        foreach($encodages as $enc) {
+            $cpw = self::hash_password($passwd, $enc);
+            if(!empty($cpw)) {
+                $crypted_pass[] = $cpw;
+            }
+        }
+
         $force        = $rcmail->config->get('password_ldap_force_replace');
         $pwattr       = $rcmail->config->get('password_ldap_pwattr');
         $lchattr      = $rcmail->config->get('password_ldap_lchattr');
@@ -93,7 +106,7 @@ class rcube_ldap_password
         }
 
         // Crypt new password
-        if (!$crypted_pass) {
+        if (empty($crypted_pass)) {
             return PASSWORD_CRYPT_ERROR;
         }
 
@@ -297,6 +310,7 @@ class rcube_ldap_password
             }
             break;
 
+
         case 'smd5':
             mt_srand((double) microtime() * 1000000);
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
@@ -332,6 +346,11 @@ class rcube_ldap_password
             $crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
             break;
 
+        case 'cram-md5':
+            require_once(dirname(__FILE__).'/../helpers/dovecot_hmacmd5.php');
+			return dovecot_hmacmd5($password_clear);
+            break;
+
         case 'clear':
         default:
             $crypted_password = $password_clear;
-- 
cgit v1.2.3