Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
| drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.encryption.inc | ||
|---|---|---|
| 3 | 3 |
/** |
| 4 | 4 |
* @file |
| 5 | 5 |
* Provides functions for encryption/decryption. |
| 6 |
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file |
|
| 7 | 6 |
*/ |
| 8 | 7 |
|
| 9 |
define('LDAP_SERVERS_MODE', 'CTR');
|
|
| 10 | 8 |
/** |
| 11 |
* Return a random salt of a given length for crypt-style passwords |
|
| 9 |
* Return a random salt of a given length for crypt-style passwords.
|
|
| 12 | 10 |
* |
| 13 | 11 |
* @param int length |
| 14 | 12 |
* The requested length. |
| 15 | 13 |
* |
| 16 | 14 |
* @return string |
| 17 | 15 |
* A (fairly) random salt of the requested length. |
| 18 |
* |
|
| 19 | 16 |
*/ |
| 20 |
function ldap_servers_random_salt( $length ) {
|
|
| 17 |
function ldap_servers_random_salt($length) {
|
|
| 21 | 18 |
$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './'; |
| 22 | 19 |
$salt = ""; |
| 23 | 20 |
|
| 24 |
mt_srand((double)microtime() * 1000000); |
|
| 25 |
while ( strlen( $salt ) < $length ) {
|
|
| 26 |
$salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
|
|
| 21 |
mt_srand((double) microtime() * 1000000);
|
|
| 22 |
while (strlen($salt) < $length) {
|
|
| 23 |
$salt .= substr($possible, (rand() % strlen($possible)), 1);
|
|
| 27 | 24 |
} |
| 28 | 25 |
|
| 29 | 26 |
return $salt; |
| 30 | 27 |
} |
| 31 | 28 |
|
| 29 |
/** |
|
| 30 |
* Encryption options available. |
|
| 31 |
* |
|
| 32 |
* @return array |
|
| 33 |
* Options. |
|
| 34 |
*/ |
|
| 35 |
function _ldap_servers_encrypt_types() {
|
|
| 36 |
$options = [ |
|
| 37 |
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'Clear text', |
|
| 38 |
]; |
|
| 32 | 39 |
|
| 33 |
function _ldap_servers_encrypt_types($type = 'all') {
|
|
| 34 |
|
|
| 35 |
$hashes = array(); |
|
| 36 |
$encrypts = array(); |
|
| 37 |
if (extension_loaded('mcrypt')) { // only support with extension
|
|
| 38 |
|
|
| 39 |
/** |
|
| 40 |
LDAP_SERVERS_ENC_TYPE_MD5C => 'MD5 Crypt', |
|
| 41 |
LDAP_SERVERS_ENC_TYPE_SALTED_MD5 => 'Salted MD5', |
|
| 42 |
LDAP_SERVERS_ENC_TYPE_SHA => 'SHA', |
|
| 43 |
LDAP_SERVERS_ENC_TYPE_SALTED_SHA => 'SHA Salted', |
|
| 44 |
); |
|
| 45 |
*/ |
|
| 46 |
|
|
| 47 |
/** $encrypts = array( |
|
| 48 |
LDAP_SERVERS_ENC_TYPE_EXTENDED_DES => 'Extended DES', |
|
| 49 |
LDAP_SERVERS_ENC_TYPE_BLOWFISH => 'Blowfish', |
|
| 50 |
LDAP_SERVERS_ENC_TYPE_SALTED_CRYPT => 'Salted Crypt', |
|
| 51 |
); */ |
|
| 52 |
|
|
| 53 |
$encrypts = array( |
|
| 54 |
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'No Encryption' |
|
| 55 |
); |
|
| 56 |
if (function_exists('mcrypt_module_open')) {
|
|
| 57 |
$encrypts[LDAP_SERVERS_ENC_TYPE_BLOWFISH] = 'Blowfish'; |
|
| 58 |
} |
|
| 59 |
|
|
| 60 |
} |
|
| 61 |
|
|
| 62 |
// $hashes[LDAP_SERVERS_ENC_TYPE_MD5] = 'MD5'; |
|
| 63 |
// $encrypts[LDAP_SERVERS_ENC_TYPE_CRYPT] = 'Crypt'; |
|
| 64 |
|
|
| 65 |
if ($type == 'encrypt') {
|
|
| 66 |
return $encrypts; |
|
| 67 |
} |
|
| 68 |
|
|
| 69 |
if ($type == 'hash') {
|
|
| 70 |
return $hashes; |
|
| 40 |
if (extension_loaded('openssl')) {
|
|
| 41 |
$options[LDAP_SERVERS_ENC_TYPE_OPENSSL] = 'OpenSSL'; |
|
| 71 | 42 |
} |
| 72 | 43 |
|
| 73 |
return array_merge($hashes, $encrypts); |
|
| 74 |
|
|
| 75 |
|
|
| 44 |
return $options; |
|
| 76 | 45 |
} |
| 46 |
|
|
| 77 | 47 |
/** |
| 78 |
* Encrypt Password Method
|
|
| 48 |
* Encrypt string.
|
|
| 79 | 49 |
* |
| 80 |
* @param string clear_txt |
|
| 81 |
* Plaintext password. |
|
| 50 |
* @param $input |
|
| 51 |
* Clear text. |
|
| 52 |
* @param null $encryption_enabled |
|
| 53 |
* OpenSSL or clear text. |
|
| 82 | 54 |
* |
| 83 | 55 |
* @return string |
| 84 |
* Encrypted text, formatted for use as an LDAP password. |
|
| 85 |
* |
|
| 86 |
* @link http://php.net/manual/en/function.mcrypt-generic-init.php |
|
| 56 |
* Plain or encrypted. |
|
| 87 | 57 |
*/ |
| 88 |
function _ldap_servers_encrypt_has_mcrypt_and_warn() {
|
|
| 89 |
if (!function_exists('mcrypt_module_open')) {
|
|
| 90 |
watchdog('ldap_servers', 'Encryption is set to blowfish, but mcrypt module in not installed', array(), WATCHDOG_ERROR);
|
|
| 91 |
return FALSE; |
|
| 92 |
} |
|
| 93 |
else {
|
|
| 94 |
return TRUE; |
|
| 95 |
} |
|
| 96 |
} |
|
| 58 |
function _ldap_servers_encrypt($input, $encryption_enabled = NULL) {
|
|
| 97 | 59 |
|
| 98 |
function _ldap_servers_encrypt($clear_txt, $enc_type = NULL) {
|
|
| 99 |
|
|
| 100 |
if (!$enc_type) {
|
|
| 101 |
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
|
| 60 |
if (!$encryption_enabled) {
|
|
| 61 |
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
|
| 102 | 62 |
} |
| 103 | 63 |
|
| 104 |
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
|
| 105 |
return $clear_txt;
|
|
| 64 |
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
|
| 65 |
return $input;
|
|
| 106 | 66 |
} |
| 107 | 67 |
|
| 108 | 68 |
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
| 69 |
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(LDAP_SERVERS_CYPHER_MODE)); |
|
| 70 |
$encrypted_data = openssl_encrypt($input, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv); |
|
| 109 | 71 |
|
| 110 |
switch ($enc_type) {
|
|
| 111 |
|
|
| 112 |
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish |
|
| 113 |
// Open mcrypt module. |
|
| 114 |
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) {
|
|
| 115 |
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, '');
|
|
| 116 |
// Determine maximum mycrypt key length. |
|
| 117 |
$key_length = mcrypt_enc_get_key_size($td); |
|
| 118 |
// Shorten key to allowed length. |
|
| 119 |
$key = substr($key, 0, $key_length); |
|
| 120 |
// Create the initialization vector. |
|
| 121 |
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); |
|
| 122 |
// Encrypt the text. |
|
| 123 |
mcrypt_generic_init($td, $key, $iv); |
|
| 124 |
$crypttext = mcrypt_generic($td, $clear_txt); |
|
| 125 |
mcrypt_generic_deinit($td); |
|
| 126 |
// Build the encrypted string. |
|
| 127 |
$cipher_txt = $iv . $crypttext; |
|
| 128 |
// Close the module. |
|
| 129 |
mcrypt_module_close($td); |
|
| 130 |
} |
|
| 131 |
break; |
|
| 132 |
|
|
| 133 |
default: // Cleartext |
|
| 134 |
$cipher_txt = $clear_txt; |
|
| 135 |
} |
|
| 136 |
|
|
| 137 |
return base64_encode($cipher_txt); |
|
| 72 |
return base64_encode($encrypted_data . '::' . $iv); |
|
| 138 | 73 |
} |
| 139 | 74 |
|
| 140 | 75 |
/** |
| 141 |
* Encrypt Decrypt Method
|
|
| 76 |
* Decrypt string.
|
|
| 142 | 77 |
* |
| 143 |
* @param string $cipher_txt |
|
| 144 |
* ciphered text. |
|
| 78 |
* @param string $input |
|
| 79 |
* Clear text or encrypted text. |
|
| 80 |
* @param null $encryption_enabled |
|
| 81 |
* OpenSSL or clear text. |
|
| 145 | 82 |
* |
| 146 | 83 |
* @return string |
| 147 |
* clear text |
|
| 148 |
* |
|
| 149 |
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file |
|
| 84 |
* Clear text. |
|
| 150 | 85 |
*/ |
| 86 |
function _ldap_servers_decrypt($input, $encryption_enabled = NULL) {
|
|
| 151 | 87 |
|
| 152 |
function _ldap_servers_decrypt($cipher_txt, $enc_type = NULL) {
|
|
| 153 |
|
|
| 154 |
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
|
| 155 |
if (!$enc_type) {
|
|
| 156 |
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
|
| 157 |
} |
|
| 158 |
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
|
| 159 |
return $cipher_txt; |
|
| 88 |
if (!$encryption_enabled) {
|
|
| 89 |
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
|
| 160 | 90 |
} |
| 161 | 91 |
|
| 162 |
$cipher_txt = base64_decode($cipher_txt); |
|
| 163 |
switch ($enc_type) {
|
|
| 164 |
|
|
| 165 |
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish |
|
| 166 |
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) {
|
|
| 167 |
$clear_txt = ""; |
|
| 168 |
// Open mcrypt module. |
|
| 169 |
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, '');
|
|
| 170 |
// Determine maximum mycrypt key length. |
|
| 171 |
$key_length = mcrypt_enc_get_key_size($td); |
|
| 172 |
// Shorten key to allowed length. |
|
| 173 |
$key = substr($key, 0, $key_length); |
|
| 174 |
// Determine the algorithm IV. |
|
| 175 |
$ivsize = mcrypt_enc_get_iv_size($td); |
|
| 176 |
// Process if the decoded cipher text is sufficient. |
|
| 177 |
if (strlen($cipher_txt) > $ivsize) {
|
|
| 178 |
// Split apart IV and text. |
|
| 179 |
$iv = substr($cipher_txt, 0, $ivsize); |
|
| 180 |
$cipher_txt = substr($cipher_txt, $ivsize); |
|
| 181 |
// If the IV exists, decrypt the text. |
|
| 182 |
if ($iv) {
|
|
| 183 |
mcrypt_generic_init($td, $key, $iv); |
|
| 184 |
$clear_txt = mdecrypt_generic($td, $cipher_txt); |
|
| 185 |
mcrypt_generic_deinit($td); |
|
| 186 |
} |
|
| 187 |
} |
|
| 188 |
// Close the module. |
|
| 189 |
mcrypt_module_close($td); |
|
| 190 |
} |
|
| 191 |
break; |
|
| 192 |
|
|
| 193 |
default: // Cleartext |
|
| 194 |
$clear_txt = $cipher_txt; |
|
| 92 |
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
|
| 93 |
return $input; |
|
| 195 | 94 |
} |
| 196 |
return $clear_txt; |
|
| 95 |
|
|
| 96 |
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
|
| 97 |
list($encrypted_data, $iv) = explode('::', base64_decode($input), 2);
|
|
| 98 |
return openssl_decrypt($encrypted_data, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv); |
|
| 197 | 99 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules