1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* Provides functions for encryption/decryption.
|
6 |
|
|
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
|
7 |
|
|
*/
|
8 |
|
|
|
9 |
|
|
define('LDAP_SERVERS_MODE', 'CTR');
|
10 |
|
|
/**
|
11 |
|
|
* Return a random salt of a given length for crypt-style passwords
|
12 |
|
|
*
|
13 |
|
|
* @param int length
|
14 |
|
|
* The requested length.
|
15 |
|
|
*
|
16 |
|
|
* @return string
|
17 |
|
|
* A (fairly) random salt of the requested length.
|
18 |
|
|
*
|
19 |
|
|
*/
|
20 |
|
|
function ldap_servers_random_salt( $length ) {
|
21 |
|
|
$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
|
22 |
|
|
$salt = "";
|
23 |
|
|
|
24 |
|
|
mt_srand((double)microtime() * 1000000);
|
25 |
|
|
while ( strlen( $salt ) < $length ) {
|
26 |
|
|
$salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
|
27 |
|
|
}
|
28 |
|
|
|
29 |
|
|
return $salt;
|
30 |
|
|
}
|
31 |
|
|
|
32 |
|
|
|
33 |
|
|
function _ldap_servers_encrypt_types($type = 'all') {
|
34 |
|
|
|
35 |
|
|
$hashes = array();
|
36 |
|
|
$encrypts = array();
|
37 |
|
|
if (extension_loaded('mcrypt')) { // only support with extension
|
38 |
|
|
|
39 |
|
|
/**
|
40 |
|
|
LDAP_SERVERS_ENC_TYPE_MD5C => 'MD5 Crypt',
|
41 |
|
|
LDAP_SERVERS_ENC_TYPE_SALTED_MD5 => 'Salted MD5',
|
42 |
|
|
LDAP_SERVERS_ENC_TYPE_SHA => 'SHA',
|
43 |
|
|
LDAP_SERVERS_ENC_TYPE_SALTED_SHA => 'SHA Salted',
|
44 |
|
|
);
|
45 |
|
|
*/
|
46 |
|
|
|
47 |
|
|
/** $encrypts = array(
|
48 |
|
|
LDAP_SERVERS_ENC_TYPE_EXTENDED_DES => 'Extended DES',
|
49 |
|
|
LDAP_SERVERS_ENC_TYPE_BLOWFISH => 'Blowfish',
|
50 |
|
|
LDAP_SERVERS_ENC_TYPE_SALTED_CRYPT => 'Salted Crypt',
|
51 |
|
|
); */
|
52 |
|
|
|
53 |
|
|
$encrypts = array(
|
54 |
7547bb19
|
Assos Assos
|
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'No Encryption'
|
55 |
85ad3d82
|
Assos Assos
|
);
|
56 |
|
|
if (function_exists('mcrypt_module_open')) {
|
57 |
|
|
$encrypts[LDAP_SERVERS_ENC_TYPE_BLOWFISH] = 'Blowfish';
|
58 |
|
|
}
|
59 |
|
|
|
60 |
|
|
}
|
61 |
|
|
|
62 |
|
|
// $hashes[LDAP_SERVERS_ENC_TYPE_MD5] = 'MD5';
|
63 |
|
|
// $encrypts[LDAP_SERVERS_ENC_TYPE_CRYPT] = 'Crypt';
|
64 |
|
|
|
65 |
|
|
if ($type == 'encrypt') {
|
66 |
|
|
return $encrypts;
|
67 |
|
|
}
|
68 |
|
|
|
69 |
|
|
if ($type == 'hash') {
|
70 |
|
|
return $hashes;
|
71 |
|
|
}
|
72 |
|
|
|
73 |
|
|
return array_merge($hashes, $encrypts);
|
74 |
|
|
|
75 |
|
|
|
76 |
|
|
}
|
77 |
|
|
/**
|
78 |
|
|
* Encrypt Password Method
|
79 |
|
|
*
|
80 |
|
|
* @param string clear_txt
|
81 |
|
|
* Plaintext password.
|
82 |
|
|
*
|
83 |
|
|
* @return string
|
84 |
|
|
* Encrypted text, formatted for use as an LDAP password.
|
85 |
|
|
*
|
86 |
|
|
* @link http://php.net/manual/en/function.mcrypt-generic-init.php
|
87 |
|
|
*/
|
88 |
|
|
function _ldap_servers_encrypt_has_mcrypt_and_warn() {
|
89 |
|
|
if (!function_exists('mcrypt_module_open')) {
|
90 |
|
|
watchdog('ldap_servers', 'Encryption is set to blowfish, but mcrypt module in not installed', array(), WATCHDOG_ERROR);
|
91 |
|
|
return FALSE;
|
92 |
|
|
}
|
93 |
|
|
else {
|
94 |
|
|
return TRUE;
|
95 |
|
|
}
|
96 |
|
|
}
|
97 |
|
|
|
98 |
|
|
function _ldap_servers_encrypt($clear_txt, $enc_type = NULL) {
|
99 |
|
|
|
100 |
|
|
if (!$enc_type) {
|
101 |
|
|
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
102 |
|
|
}
|
103 |
|
|
|
104 |
|
|
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
105 |
|
|
return $clear_txt;
|
106 |
|
|
}
|
107 |
|
|
|
108 |
|
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
109 |
|
|
|
110 |
|
|
switch ($enc_type) {
|
111 |
|
|
|
112 |
|
|
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish
|
113 |
|
|
// Open mcrypt module.
|
114 |
|
|
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) {
|
115 |
|
|
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, '');
|
116 |
|
|
// Determine maximum mycrypt key length.
|
117 |
|
|
$key_length = mcrypt_enc_get_key_size($td);
|
118 |
|
|
// Shorten key to allowed length.
|
119 |
|
|
$key = substr($key, 0, $key_length);
|
120 |
|
|
// Create the initialization vector.
|
121 |
|
|
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
|
122 |
|
|
// Encrypt the text.
|
123 |
|
|
mcrypt_generic_init($td, $key, $iv);
|
124 |
|
|
$crypttext = mcrypt_generic($td, $clear_txt);
|
125 |
|
|
mcrypt_generic_deinit($td);
|
126 |
|
|
// Build the encrypted string.
|
127 |
|
|
$cipher_txt = $iv . $crypttext;
|
128 |
|
|
// Close the module.
|
129 |
|
|
mcrypt_module_close($td);
|
130 |
|
|
}
|
131 |
|
|
break;
|
132 |
|
|
|
133 |
|
|
default: // Cleartext
|
134 |
|
|
$cipher_txt = $clear_txt;
|
135 |
|
|
}
|
136 |
|
|
|
137 |
|
|
return base64_encode($cipher_txt);
|
138 |
|
|
}
|
139 |
|
|
|
140 |
|
|
/**
|
141 |
|
|
* Encrypt Decrypt Method
|
142 |
|
|
*
|
143 |
|
|
* @param string $cipher_txt
|
144 |
|
|
* ciphered text.
|
145 |
|
|
*
|
146 |
|
|
* @return string
|
147 |
|
|
* clear text
|
148 |
|
|
*
|
149 |
|
|
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
|
150 |
|
|
*/
|
151 |
|
|
|
152 |
|
|
function _ldap_servers_decrypt($cipher_txt, $enc_type = NULL) {
|
153 |
|
|
|
154 |
|
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
155 |
|
|
if (!$enc_type) {
|
156 |
|
|
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
157 |
|
|
}
|
158 |
|
|
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
159 |
|
|
return $cipher_txt;
|
160 |
|
|
}
|
161 |
|
|
|
162 |
|
|
$cipher_txt = base64_decode($cipher_txt);
|
163 |
|
|
switch ($enc_type) {
|
164 |
|
|
|
165 |
|
|
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish
|
166 |
|
|
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) {
|
167 |
|
|
$clear_txt = "";
|
168 |
|
|
// Open mcrypt module.
|
169 |
|
|
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, '');
|
170 |
|
|
// Determine maximum mycrypt key length.
|
171 |
|
|
$key_length = mcrypt_enc_get_key_size($td);
|
172 |
|
|
// Shorten key to allowed length.
|
173 |
|
|
$key = substr($key, 0, $key_length);
|
174 |
|
|
// Determine the algorithm IV.
|
175 |
|
|
$ivsize = mcrypt_enc_get_iv_size($td);
|
176 |
|
|
// Split apart IV and text.
|
177 |
|
|
$iv = substr($cipher_txt, 0, $ivsize);
|
178 |
|
|
$cipher_txt = substr($cipher_txt, $ivsize);
|
179 |
|
|
// If the IV exists, decrypt the text.
|
180 |
|
|
if ($iv) {
|
181 |
|
|
mcrypt_generic_init($td, $key, $iv);
|
182 |
|
|
$clear_txt = mdecrypt_generic($td, $cipher_txt);
|
183 |
|
|
mcrypt_generic_deinit($td);
|
184 |
|
|
}
|
185 |
|
|
// Close the module.
|
186 |
|
|
mcrypt_module_close($td);
|
187 |
|
|
}
|
188 |
|
|
break;
|
189 |
|
|
|
190 |
|
|
default: // Cleartext
|
191 |
|
|
$clear_txt = $cipher_txt;
|
192 |
|
|
}
|
193 |
|
|
return $clear_txt;
|
194 |
|
|
} |