1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
diff -ur passwd-2.2.1/config/backends.php.dist passwd/config/backends.php.dist
--- passwd-2.2.1/config/backends.php.dist 2004-06-30 00:41:27.000000000 -0400
+++ passwd/config/backends.php.dist 2004-06-30 01:02:27.000000000 -0400
@@ -40,12 +40,14 @@
* supported by passwd
*
* 1) plain
- * 2) crypt
- * 3) md5-hex
- * 4) md5-base64
- * 5) smd5
- * 6) sha
- * 7) ssha
+ * 2) crypt or crypt-des
+ * 3) crypt-md5
+ * 4) crypt-blowfish
+ * 5) md5-hex
+ * 6) md5-base64
+ * 7) smd5
+ * 8) sha
+ * 9) ssha
*
* Currently, md5-base64, smd5, sha, and ssha require the mhash php
* library in order to work properly. See the INSTALL file for
@@ -190,7 +192,7 @@
// 'socket' => '/tmp/mysql.sock',
'username' => '',
'password' => '',
- 'encryption' => 'crypt',
+ 'encryption' => 'crypt-md5',
'database' => 'vpopmail',
'table' => 'vpopmail',
'name' => 'pw_name',
diff -ur passwd-2.2.1/lib/Driver.php passwd/lib/Driver.php
--- passwd-2.2.1/lib/Driver.php 2003-02-15 16:16:26.000000000 -0400
+++ passwd/lib/Driver.php 2004-06-30 00:59:32.000000000 -0400
@@ -104,8 +104,22 @@
}
break;
case 'crypt':
- $encrypted = substr($encrypted, 7);
- $salt = substr($encrypted , 0, 2);
+ case 'crypt-des':
+ $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+ $salt = substr($encrypted, 0, 2);
+ if ($encrypted == crypt($plaintext, $salt)) {
+ return true;
+ }
+ break;
+ case 'crypt-md5':
+ $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+ $salt = substr($encrypted, 0, 12);
+ if ($encrypted == crypt($plaintext, $salt)) {
+ return true;
+ }
+ case 'crypt-blowfish':
+ $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+ $salt = substr($encrypted, 0, 16);
if ($encrypted == crypt($plaintext, $salt)) {
return true;
}
@@ -113,14 +127,14 @@
case 'sha':
$encrypted = substr($encrypted, 5);
if ($encrypted == base64_encode(mHash(MHASH_SHA1, $plaintext)))
-{
+ {
return true;
}
break;
case 'ssha':
$encrypted = substr($encrypted, 6);
$hash = base64_decode($encrypted);
- $salt = substr($hash, 20);
+ $salt = substr($hash, 20);
if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
return true;
}
@@ -156,9 +170,18 @@
case "sha":
$newPassword = "{SHA}" . base64_encode(mHash(MHASH_SHA1, $newPassword));
break;
- case "crypt":
- // The salt is left out, generated by php
- $newPassword = "{crypt}" . crypt($newPassword);
+ case 'crypt':
+ case 'crypt-des':
+ $salt = substr(md5(mt_rand()), 0, 2);
+ $newPassword = crypt($newPassword, $salt);
+ break;
+ case 'crypt-md5':
+ $salt = '$1$' . substr(md5(mt_rand()), 0, 8) . '$';
+ $newPassword = crypt($newPassword, $salt);
+ break;
+ case 'crypt-blowfish':
+ $salt = '$2$' . substr(md5(mt_rand()), 0, 12) . '$';
+ $newPassword = crypt($newPassword, $salt);
break;
case "md5-hex":
$newPassword = md5($newPassword);
|
GitWeb