Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.encryption.inc | ||
---|---|---|
3 | 3 |
/** |
4 | 4 |
* @file |
5 | 5 |
* Provides functions for encryption/decryption. |
6 |
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file |
|
7 | 6 |
*/ |
8 | 7 |
|
9 |
define('LDAP_SERVERS_MODE', 'CTR'); |
|
10 | 8 |
/** |
11 |
* Return a random salt of a given length for crypt-style passwords |
|
9 |
* Return a random salt of a given length for crypt-style passwords.
|
|
12 | 10 |
* |
13 | 11 |
* @param int length |
14 | 12 |
* The requested length. |
15 | 13 |
* |
16 | 14 |
* @return string |
17 | 15 |
* A (fairly) random salt of the requested length. |
18 |
* |
|
19 | 16 |
*/ |
20 |
function ldap_servers_random_salt( $length ) {
|
|
17 |
function ldap_servers_random_salt($length) {
|
|
21 | 18 |
$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './'; |
22 | 19 |
$salt = ""; |
23 | 20 |
|
24 |
mt_srand((double)microtime() * 1000000); |
|
25 |
while ( strlen( $salt ) < $length ) {
|
|
26 |
$salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
|
|
21 |
mt_srand((double) microtime() * 1000000);
|
|
22 |
while (strlen($salt) < $length) {
|
|
23 |
$salt .= substr($possible, (rand() % strlen($possible)), 1);
|
|
27 | 24 |
} |
28 | 25 |
|
29 | 26 |
return $salt; |
30 | 27 |
} |
31 | 28 |
|
29 |
/** |
|
30 |
* Encryption options available. |
|
31 |
* |
|
32 |
* @return array |
|
33 |
* Options. |
|
34 |
*/ |
|
35 |
function _ldap_servers_encrypt_types() { |
|
36 |
$options = [ |
|
37 |
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'Clear text', |
|
38 |
]; |
|
32 | 39 |
|
33 |
function _ldap_servers_encrypt_types($type = 'all') { |
|
34 |
|
|
35 |
$hashes = array(); |
|
36 |
$encrypts = array(); |
|
37 |
if (extension_loaded('mcrypt')) { // only support with extension |
|
38 |
|
|
39 |
/** |
|
40 |
LDAP_SERVERS_ENC_TYPE_MD5C => 'MD5 Crypt', |
|
41 |
LDAP_SERVERS_ENC_TYPE_SALTED_MD5 => 'Salted MD5', |
|
42 |
LDAP_SERVERS_ENC_TYPE_SHA => 'SHA', |
|
43 |
LDAP_SERVERS_ENC_TYPE_SALTED_SHA => 'SHA Salted', |
|
44 |
); |
|
45 |
*/ |
|
46 |
|
|
47 |
/** $encrypts = array( |
|
48 |
LDAP_SERVERS_ENC_TYPE_EXTENDED_DES => 'Extended DES', |
|
49 |
LDAP_SERVERS_ENC_TYPE_BLOWFISH => 'Blowfish', |
|
50 |
LDAP_SERVERS_ENC_TYPE_SALTED_CRYPT => 'Salted Crypt', |
|
51 |
); */ |
|
52 |
|
|
53 |
$encrypts = array( |
|
54 |
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'No Encryption' |
|
55 |
); |
|
56 |
if (function_exists('mcrypt_module_open')) { |
|
57 |
$encrypts[LDAP_SERVERS_ENC_TYPE_BLOWFISH] = 'Blowfish'; |
|
58 |
} |
|
59 |
|
|
60 |
} |
|
61 |
|
|
62 |
// $hashes[LDAP_SERVERS_ENC_TYPE_MD5] = 'MD5'; |
|
63 |
// $encrypts[LDAP_SERVERS_ENC_TYPE_CRYPT] = 'Crypt'; |
|
64 |
|
|
65 |
if ($type == 'encrypt') { |
|
66 |
return $encrypts; |
|
67 |
} |
|
68 |
|
|
69 |
if ($type == 'hash') { |
|
70 |
return $hashes; |
|
40 |
if (extension_loaded('openssl')) { |
|
41 |
$options[LDAP_SERVERS_ENC_TYPE_OPENSSL] = 'OpenSSL'; |
|
71 | 42 |
} |
72 | 43 |
|
73 |
return array_merge($hashes, $encrypts); |
|
74 |
|
|
75 |
|
|
44 |
return $options; |
|
76 | 45 |
} |
46 |
|
|
77 | 47 |
/** |
78 |
* Encrypt Password Method
|
|
48 |
* Encrypt string.
|
|
79 | 49 |
* |
80 |
* @param string clear_txt |
|
81 |
* Plaintext password. |
|
50 |
* @param $input |
|
51 |
* Clear text. |
|
52 |
* @param null $encryption_enabled |
|
53 |
* OpenSSL or clear text. |
|
82 | 54 |
* |
83 | 55 |
* @return string |
84 |
* Encrypted text, formatted for use as an LDAP password. |
|
85 |
* |
|
86 |
* @link http://php.net/manual/en/function.mcrypt-generic-init.php |
|
56 |
* Plain or encrypted. |
|
87 | 57 |
*/ |
88 |
function _ldap_servers_encrypt_has_mcrypt_and_warn() { |
|
89 |
if (!function_exists('mcrypt_module_open')) { |
|
90 |
watchdog('ldap_servers', 'Encryption is set to blowfish, but mcrypt module in not installed', array(), WATCHDOG_ERROR); |
|
91 |
return FALSE; |
|
92 |
} |
|
93 |
else { |
|
94 |
return TRUE; |
|
95 |
} |
|
96 |
} |
|
58 |
function _ldap_servers_encrypt($input, $encryption_enabled = NULL) { |
|
97 | 59 |
|
98 |
function _ldap_servers_encrypt($clear_txt, $enc_type = NULL) { |
|
99 |
|
|
100 |
if (!$enc_type) { |
|
101 |
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT); |
|
60 |
if (!$encryption_enabled) { |
|
61 |
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT); |
|
102 | 62 |
} |
103 | 63 |
|
104 |
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
|
105 |
return $clear_txt;
|
|
64 |
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
|
65 |
return $input;
|
|
106 | 66 |
} |
107 | 67 |
|
108 | 68 |
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt()); |
69 |
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(LDAP_SERVERS_CYPHER_MODE)); |
|
70 |
$encrypted_data = openssl_encrypt($input, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv); |
|
109 | 71 |
|
110 |
switch ($enc_type) { |
|
111 |
|
|
112 |
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish |
|
113 |
// Open mcrypt module. |
|
114 |
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) { |
|
115 |
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, ''); |
|
116 |
// Determine maximum mycrypt key length. |
|
117 |
$key_length = mcrypt_enc_get_key_size($td); |
|
118 |
// Shorten key to allowed length. |
|
119 |
$key = substr($key, 0, $key_length); |
|
120 |
// Create the initialization vector. |
|
121 |
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); |
|
122 |
// Encrypt the text. |
|
123 |
mcrypt_generic_init($td, $key, $iv); |
|
124 |
$crypttext = mcrypt_generic($td, $clear_txt); |
|
125 |
mcrypt_generic_deinit($td); |
|
126 |
// Build the encrypted string. |
|
127 |
$cipher_txt = $iv . $crypttext; |
|
128 |
// Close the module. |
|
129 |
mcrypt_module_close($td); |
|
130 |
} |
|
131 |
break; |
|
132 |
|
|
133 |
default: // Cleartext |
|
134 |
$cipher_txt = $clear_txt; |
|
135 |
} |
|
136 |
|
|
137 |
return base64_encode($cipher_txt); |
|
72 |
return base64_encode($encrypted_data . '::' . $iv); |
|
138 | 73 |
} |
139 | 74 |
|
140 | 75 |
/** |
141 |
* Encrypt Decrypt Method
|
|
76 |
* Decrypt string.
|
|
142 | 77 |
* |
143 |
* @param string $cipher_txt |
|
144 |
* ciphered text. |
|
78 |
* @param string $input |
|
79 |
* Clear text or encrypted text. |
|
80 |
* @param null $encryption_enabled |
|
81 |
* OpenSSL or clear text. |
|
145 | 82 |
* |
146 | 83 |
* @return string |
147 |
* clear text |
|
148 |
* |
|
149 |
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file |
|
84 |
* Clear text. |
|
150 | 85 |
*/ |
86 |
function _ldap_servers_decrypt($input, $encryption_enabled = NULL) { |
|
151 | 87 |
|
152 |
function _ldap_servers_decrypt($cipher_txt, $enc_type = NULL) { |
|
153 |
|
|
154 |
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt()); |
|
155 |
if (!$enc_type) { |
|
156 |
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT); |
|
157 |
} |
|
158 |
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) { |
|
159 |
return $cipher_txt; |
|
88 |
if (!$encryption_enabled) { |
|
89 |
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT); |
|
160 | 90 |
} |
161 | 91 |
|
162 |
$cipher_txt = base64_decode($cipher_txt); |
|
163 |
switch ($enc_type) { |
|
164 |
|
|
165 |
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish |
|
166 |
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) { |
|
167 |
$clear_txt = ""; |
|
168 |
// Open mcrypt module. |
|
169 |
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, ''); |
|
170 |
// Determine maximum mycrypt key length. |
|
171 |
$key_length = mcrypt_enc_get_key_size($td); |
|
172 |
// Shorten key to allowed length. |
|
173 |
$key = substr($key, 0, $key_length); |
|
174 |
// Determine the algorithm IV. |
|
175 |
$ivsize = mcrypt_enc_get_iv_size($td); |
|
176 |
// Process if the decoded cipher text is sufficient. |
|
177 |
if (strlen($cipher_txt) > $ivsize) { |
|
178 |
// Split apart IV and text. |
|
179 |
$iv = substr($cipher_txt, 0, $ivsize); |
|
180 |
$cipher_txt = substr($cipher_txt, $ivsize); |
|
181 |
// If the IV exists, decrypt the text. |
|
182 |
if ($iv) { |
|
183 |
mcrypt_generic_init($td, $key, $iv); |
|
184 |
$clear_txt = mdecrypt_generic($td, $cipher_txt); |
|
185 |
mcrypt_generic_deinit($td); |
|
186 |
} |
|
187 |
} |
|
188 |
// Close the module. |
|
189 |
mcrypt_module_close($td); |
|
190 |
} |
|
191 |
break; |
|
192 |
|
|
193 |
default: // Cleartext |
|
194 |
$clear_txt = $cipher_txt; |
|
92 |
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) { |
|
93 |
return $input; |
|
195 | 94 |
} |
196 |
return $clear_txt; |
|
95 |
|
|
96 |
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt()); |
|
97 |
list($encrypted_data, $iv) = explode('::', base64_decode($input), 2); |
|
98 |
return openssl_decrypt($encrypted_data, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv); |
|
197 | 99 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules