githubFork/roundcubemail.git

alecpl

2009-10-06 ffeab7fe7e0ccf1d458d6a863600359c38769950

commit \| author \| age
c8a1e6	1	<?php
A	2
	3	/**
	4	* LDAP Password Driver
	5	*
	6	* Driver for passwords stored in LDAP
	7	* This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2).
	8	*
	9	* @version 1.0 (2009-06-24)
	10	* @author Edouard MOREAU <edouard.moreau@ensma.fr>
	11	*
	12	* function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
	13	* function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
	14	*
	15	*/
	16
	17	function password_save($curpass, $passwd)
	18	{
	19	$rcmail = rcmail::get_instance();
	20	require_once ('Net/LDAP2.php');
	21
	22	// Building user DN
	23	$userDN = str_replace('%login', $_SESSION['username'], $rcmail->config->get('password_ldap_userDN_mask'));
7b8650	24
A	25	$parts = explode('@', $_SESSION['username']);
	26	if (count($parts) == 2)
	27	{
	28	$userDN = str_replace('%name', $parts[0], $userDN);
	29	$userDN = str_replace('%domain', $parts[1], $userDN);
	30	}
	31
c8a1e6	32	if (empty($userDN)) {return PASSWORD_CONNECT_ERROR;}
A	33
	34	// Connection Method
	35	switch($rcmail->config->get('password_ldap_method')) {
	36	case 'user': $binddn = $userDN; $bindpw = $curpass; break;
	37	case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break;
	38	default: $binddn = $userDN; $bindpw = $curpass; break; // default is user mode
	39	}
	40
	41	// Configuration array
	42	$ldapConfig = array (
	43	'binddn' => $binddn,
	44	'bindpw' => $bindpw,
	45	'basedn' => $rcmail->config->get('password_ldap_basedn'),
	46	'host' => $rcmail->config->get('password_ldap_host'),
	47	'port' => $rcmail->config->get('password_ldap_port'),
	48	'starttls' => $rcmail->config->get('password_ldap_starttls'),
	49	'version' => $rcmail->config->get('password_ldap_version'),
	50	);
	51
	52	// Connecting using the configuration array
	53	$ldap = Net_LDAP2::connect($ldapConfig);
	54
	55	// Checking for connection error
	56	if (PEAR::isError($ldap)) {return PASSWORD_CONNECT_ERROR;}
	57
	58	// Crypting new password
	59	$newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
	60	if (!$newCryptedPassword) {return PASSWORD_CRYPT_ERROR;}
	61
	62	// Writing new crypted password to LDAP
	63	$userEntry = $ldap->getEntry($userDN);
	64	if (Net_LDAP2::isError($userEntry)) {return PASSWORD_CONNECT_ERROR;}
793e24	65	if (!$userEntry->replace(array($rcmail->config->get('password_ldap_pwattr') => $newCryptedPassword),$rcmail->config->get('password_ldap_force_replace'))) {return PASSWORD_CONNECT_ERROR;}
c8a1e6	66	if (Net_LDAP2::isError($userEntry->update())) {return PASSWORD_CONNECT_ERROR;}
A	67
	68	// All done, no error
	69	return PASSWORD_SUCCESS;
	70	}
	71
	72
	73	/**
	74	* Code originaly from the phpLDAPadmin development team
	75	* http://phpldapadmin.sourceforge.net/
	76	*
	77	* Hashes a password and returns the hash based on the specified enc_type.
	78	*
	79	* @param string $passwordClear The password to hash in clear text.
	80	* @param string $encodageType Standard LDAP encryption type which must be one of
	81	* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
	82	* @return string The hashed password.
	83	*
	84	*/
	85
	86	function hashPassword( $passwordClear, $encodageType )
	87	{
	88	$encodageType = strtolower( $encodageType );
	89	switch( $encodageType ) {
	90	case 'crypt':
	91	$cryptedPassword = '{CRYPT}' . crypt($passwordClear,randomSalt(2));
	92	break;
	93
	94	case 'ext_des':
	95	// extended des crypt. see OpenBSD crypt man page.
	96	if ( ! defined( 'CRYPT_EXT_DES' ) \|\| CRYPT_EXT_DES == 0 ) {return FALSE;} //Your system crypt library does not support extended DES encryption.
	97	$cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . randomSalt(8) );
	98	break;
	99
	100	case 'md5crypt':
	101	if( ! defined( 'CRYPT_MD5' ) \|\| CRYPT_MD5 == 0 ) {return FALSE;} //Your system crypt library does not support md5crypt encryption.
	102	$cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . randomSalt(9) );
	103	break;
	104
	105	case 'blowfish':
	106	if( ! defined( 'CRYPT_BLOWFISH' ) \|\| CRYPT_BLOWFISH == 0 ) {return FALSE;} //Your system crypt library does not support blowfish encryption.
	107	$cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . randomSalt(13) ); // hardcoded to second blowfish version and set number of rounds
	108	break;
	109
	110	case 'md5':
	111	$cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) );
	112	break;
	113
	114	case 'sha':
	115	if( function_exists('sha1') ) {
	116	// use php 4.3.0+ sha1 function, if it is available.
	117	$cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) );
	118	} elseif( function_exists( 'mhash' ) ) {
	119	$cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) );
	120	} else {
	121	return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
	122	}
	123	break;
	124
	125	case 'ssha':
	126	if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
	127	mt_srand( (double) microtime() * 1000000 );
	128	$salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
	129	$cryptedPassword = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt );
	130	} else {
	131	return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
	132	}
	133	break;
	134
	135	case 'smd5':
	136	if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
	137	mt_srand( (double) microtime() * 1000000 );
	138	$salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
	139	$cryptedPassword = "{SMD5}".base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt );
	140	} else {
	141	return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
	142	}
	143	break;
	144
	145	case 'clear':
	146	default:
	147	$cryptedPassword = $passwordClear;
	148	}
	149
	150	return $cryptedPassword;
	151	}
	152
	153
	154
	155	/**
	156	* Code originaly from the phpLDAPadmin development team
	157	* http://phpldapadmin.sourceforge.net/
	158	*
	159	* Used to generate a random salt for crypt-style passwords. Salt strings are used
	160	* to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses
	161	* not only the user's password but also a randomly generated string. The string is
	162	* stored as the first N characters of the hash for reference of hashing algorithms later.
	163	*
	164	* --- added 20021125 by bayu irawan <bayuir@divnet.telkom.co.id> ---
	165	* --- ammended 20030625 by S C Rigler <srigler@houston.rr.com> ---
	166	*
	167	* @param int $length The length of the salt string to generate.
	168	* @return string The generated salt string.
	169	*/
	170
	171	function randomSalt( $length )
	172	{
	173	$possible = '0123456789'.
	174	'abcdefghijklmnopqrstuvwxyz'.
	175	'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
	176	'./';
	177	$str = "";
	178	mt_srand((double)microtime() * 1000000);
	179
	180	while( strlen( $str ) < $length )
	181	$str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
	182
	183	return $str;
	184	}
	185
	186	?>