PukiWiki Fork
Fork

Fork origin: pukiwiki / pukiwiki

R/O
HTTP
SSH
HTTPS

提交

Commit MetaInfo

修订版	9d67cfb2c07ff0b8c995bf3c344b61882bfb03d2 (tree)
时间	2018-05-10 00:20:42
作者	umorigu <umorigu@gmai...>
Commiter	umorigu

Log Message

BugTrack/2469 OpenLDAP SHA-2 Support on password (patched by henoheno)

Supported SHA-2 password schemes:
* SHA256, SHA384, SHA512 (LDAP: OpenLDAP compatible)
* SSHA256, SSHA384, SSHA512 (OpenLDAP compatible - Salted version)
* x-php-sha256, x-php-sha384, x-php-512 (Simple hex version)

RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)
https://tools.ietf.org/html/rfc6234

Internet-Draft: Lightweight Directory Access Protocol (LDAP): Hashed Attribute values for 'userPassword' (March 13, 2013)
https://tools.ietf.org/html/draft-stroeder-hashed-userpassword-values-01

更改概述

modified: lib/auth.php (diff)
modified: plugin/md5.inc.php (diff)
modified: pukiwiki.ini.php (diff)

差异

--- a/lib/auth.php

+++ b/lib/auth.php

		@@ -85,6 +85,12 @@ function pkwk_hash_compute($phrase = '', $scheme = '{x-php-md5}', $prefix = TRUE
85	85	hash('sha256', $phrase);
86	86	break;
87	87
	88	+ // PHP sha384
	89	+ case '{x-php-sha384}' :
	90	+ $hash = ($prefix ? ($canonical ? '{x-php-sha384}' : $scheme) : '') .
	91	+ hash('sha384', $phrase);
	92	+ break;
	93	+
88	94	// PHP sha512
89	95	case '{x-php-sha512}' :
90	96	$hash = ($prefix ? ($canonical ? '{x-php-sha512}' : $scheme) : '') .

		@@ -125,6 +131,48 @@ function pkwk_hash_compute($phrase = '', $scheme = '{x-php-md5}', $prefix = TRUE
125	131	base64_encode(pkwk_hex2bin(sha1($phrase . $salt)) . $salt);
126	132	break;
127	133
	134	+ // LDAP SHA256
	135	+ case '{sha256}' :
	136	+ $hash = ($prefix ? ($canonical ? '{SHA256}' : $scheme) : '') .
	137	+ base64_encode(hash('sha256', $phrase, TRUE));
	138	+ break;
	139	+
	140	+ // LDAP SSHA256
	141	+ case '{ssha256}' :
	142	+ // SHA-2 SHA-256 Key length = 256bits = 32bytes
	143	+ $salt = ($salt != '' ? substr(base64_decode($salt), 32) : substr(crypt(''), -8));
	144	+ $hash = ($prefix ? ($canonical ? '{SSHA256}' : $scheme) : '') .
	145	+ base64_encode(hash('sha256', $phrase . $salt, TRUE) . $salt);
	146	+ break;
	147	+
	148	+ // LDAP SHA384
	149	+ case '{sha384}' :
	150	+ $hash = ($prefix ? ($canonical ? '{SHA384}' : $scheme) : '') .
	151	+ base64_encode(hash('sha384', $phrase, TRUE));
	152	+ break;
	153	+
	154	+ // LDAP SSHA384
	155	+ case '{ssha384}' :
	156	+ // SHA-2 SHA-384 Key length = 384bits = 48bytes
	157	+ $salt = ($salt != '' ? substr(base64_decode($salt), 48) : substr(crypt(''), -8));
	158	+ $hash = ($prefix ? ($canonical ? '{SSHA384}' : $scheme) : '') .
	159	+ base64_encode(hash('sha384', $phrase . $salt, TRUE) . $salt);
	160	+ break;
	161	+
	162	+ // LDAP SHA512
	163	+ case '{sha512}' :
	164	+ $hash = ($prefix ? ($canonical ? '{SHA512}' : $scheme) : '') .
	165	+ base64_encode(hash('sha512', $phrase, TRUE));
	166	+ break;
	167	+
	168	+ // LDAP SSHA512
	169	+ case '{ssha512}' :
	170	+ // SHA-2 SHA-512 Key length = 512bits = 64bytes
	171	+ $salt = ($salt != '' ? substr(base64_decode($salt), 64) : substr(crypt(''), -8));
	172	+ $hash = ($prefix ? ($canonical ? '{SSHA512}' : $scheme) : '') .
	173	+ base64_encode(hash('sha512', $phrase . $salt, TRUE) . $salt);
	174	+ break;
	175	+
128	176	// LDAP CLEARTEXT and just cleartext
129	177	case '{cleartext}' : /* FALLTHROUGH */
130	178	case '' :

--- a/plugin/md5.inc.php

+++ b/plugin/md5.inc.php

		@@ -37,10 +37,10 @@ function plugin_md5_action()
37	37	array_push($scheme_list, 'x-php-sha1', 'SHA', 'SSHA');
38	38	}
39	39	if ($algos_enabled->sha256) {
40		- array_push($scheme_list, 'x-php-sha256');
	40	+ array_push($scheme_list, 'x-php-sha256', 'SHA256', 'SSHA256');
41	41	}
42	42	if ($algos_enabled->sha512) {
43		- array_push($scheme_list, 'x-php-sha512');
	43	+ array_push($scheme_list, 'x-php-sha512', 'SHA512', 'SSHA512');
44	44	}
45	45	if (!in_array($scheme, $scheme_list)) {
46	46	return array(

		@@ -113,7 +113,20 @@ EOD;
113	113	<label for="_p_md5_lsmd5">LDAP SMD5 (md5 with a seed) *</label><br />
114	114	<input type="radio" name="scheme" id="_p_md5_lmd5" value="MD5" />
115	115	<label for="_p_md5_lmd5">LDAP MD5</label><br />
116		-
	116	+EOD;
	117	+ if ($algos_enabled->sha256) $form .= <<<EOD
	118	+ <input type="radio" name="scheme" id="_p_md5_lssha256" value="SSHA256"/>
	119	+ <label for="_p_md5_lssha256">LDAP SSHA256 (sha256 with a seed) *</label><br />
	120	+ <input type="radio" name="scheme" id="_p_md5_lsha256" value="SHA256" />
	121	+ <label for="_p_md5_lsha256">LDAP SHA256</label><br />
	122	+EOD;
	123	+ if ($algos_enabled->sha512) $form .= <<<EOD
	124	+ <input type="radio" name="scheme" id="_p_md5_lssha512" value="SSHA512"/>
	125	+ <label for="_p_md5_lssha512">LDAP SSHA512 (sha512 with a seed) *</label><br />
	126	+ <input type="radio" name="scheme" id="_p_md5_lsha512" value="SHA512" />
	127	+ <label for="_p_md5_lsha512">LDAP SHA512</label><br />
	128	+EOD;
	129	+ $form .= <<<EOD
117	130	<input type="checkbox" name="prefix" id="_p_md5_prefix" checked="checked" />
118	131	<label for="_p_md5_prefix">Add scheme prefix (RFC2307, Using LDAP as NIS)</label><br />
119	132

--- a/pukiwiki.ini.php

+++ b/pukiwiki.ini.php

		@@ -185,6 +185,7 @@ $adminpass = '{x-php-md5}!';
185	185	//$adminpass = '{CRYPT}$1$AR.Gk94x$uCe8fUUGMfxAPH83psCZG/'; // LDAP CRYPT 'pass'
186	186	//$adminpass = '{MD5}Gh3JHJBzJcaScd3wyUS8cg=='; // LDAP MD5 'pass'
187	187	//$adminpass = '{SMD5}o7lTdtHFJDqxFOVX09C8QnlmYmZnd2Qx'; // LDAP SMD5 'pass'
	188	+//$adminpass = '{SHA256}10/w7o2juYBrGMh32/KbveULW9jk2tejpyUAD+uC6PE=' // LDAP SHA256 'pass'
188	189
189	190	/////////////////////////////////////////////////
190	191	// Page-reading feature settings

PukiWiki Fork Fork

提交

标签

Frequently used words (click to add to your profile)

Commit MetaInfo

Log Message

更改概述

差异

PukiWiki Fork
Fork