1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Provides functions for encryption/decryption.
|
6
|
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
|
7
|
*/
|
8
|
|
9
|
define('LDAP_SERVERS_MODE', 'CTR');
|
10
|
/**
|
11
|
* Return a random salt of a given length for crypt-style passwords
|
12
|
*
|
13
|
* @param int length
|
14
|
* The requested length.
|
15
|
*
|
16
|
* @return string
|
17
|
* A (fairly) random salt of the requested length.
|
18
|
*
|
19
|
*/
|
20
|
function ldap_servers_random_salt( $length ) {
|
21
|
$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
|
22
|
$salt = "";
|
23
|
|
24
|
mt_srand((double)microtime() * 1000000);
|
25
|
while ( strlen( $salt ) < $length ) {
|
26
|
$salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
|
27
|
}
|
28
|
|
29
|
return $salt;
|
30
|
}
|
31
|
|
32
|
|
33
|
function _ldap_servers_encrypt_types($type = 'all') {
|
34
|
|
35
|
$hashes = array();
|
36
|
$encrypts = array();
|
37
|
if (extension_loaded('mcrypt')) { // only support with extension
|
38
|
|
39
|
/**
|
40
|
LDAP_SERVERS_ENC_TYPE_MD5C => 'MD5 Crypt',
|
41
|
LDAP_SERVERS_ENC_TYPE_SALTED_MD5 => 'Salted MD5',
|
42
|
LDAP_SERVERS_ENC_TYPE_SHA => 'SHA',
|
43
|
LDAP_SERVERS_ENC_TYPE_SALTED_SHA => 'SHA Salted',
|
44
|
);
|
45
|
*/
|
46
|
|
47
|
/** $encrypts = array(
|
48
|
LDAP_SERVERS_ENC_TYPE_EXTENDED_DES => 'Extended DES',
|
49
|
LDAP_SERVERS_ENC_TYPE_BLOWFISH => 'Blowfish',
|
50
|
LDAP_SERVERS_ENC_TYPE_SALTED_CRYPT => 'Salted Crypt',
|
51
|
); */
|
52
|
|
53
|
$encrypts = array(
|
54
|
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'No Encryption'
|
55
|
);
|
56
|
if (function_exists('mcrypt_module_open')) {
|
57
|
$encrypts[LDAP_SERVERS_ENC_TYPE_BLOWFISH] = 'Blowfish';
|
58
|
}
|
59
|
|
60
|
}
|
61
|
|
62
|
// $hashes[LDAP_SERVERS_ENC_TYPE_MD5] = 'MD5';
|
63
|
// $encrypts[LDAP_SERVERS_ENC_TYPE_CRYPT] = 'Crypt';
|
64
|
|
65
|
if ($type == 'encrypt') {
|
66
|
return $encrypts;
|
67
|
}
|
68
|
|
69
|
if ($type == 'hash') {
|
70
|
return $hashes;
|
71
|
}
|
72
|
|
73
|
return array_merge($hashes, $encrypts);
|
74
|
|
75
|
|
76
|
}
|
77
|
/**
|
78
|
* Encrypt Password Method
|
79
|
*
|
80
|
* @param string clear_txt
|
81
|
* Plaintext password.
|
82
|
*
|
83
|
* @return string
|
84
|
* Encrypted text, formatted for use as an LDAP password.
|
85
|
*
|
86
|
* @link http://php.net/manual/en/function.mcrypt-generic-init.php
|
87
|
*/
|
88
|
function _ldap_servers_encrypt_has_mcrypt_and_warn() {
|
89
|
if (!function_exists('mcrypt_module_open')) {
|
90
|
watchdog('ldap_servers', 'Encryption is set to blowfish, but mcrypt module in not installed', array(), WATCHDOG_ERROR);
|
91
|
return FALSE;
|
92
|
}
|
93
|
else {
|
94
|
return TRUE;
|
95
|
}
|
96
|
}
|
97
|
|
98
|
function _ldap_servers_encrypt($clear_txt, $enc_type = NULL) {
|
99
|
|
100
|
if (!$enc_type) {
|
101
|
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
102
|
}
|
103
|
|
104
|
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
105
|
return $clear_txt;
|
106
|
}
|
107
|
|
108
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
109
|
|
110
|
switch ($enc_type) {
|
111
|
|
112
|
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish
|
113
|
// Open mcrypt module.
|
114
|
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) {
|
115
|
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, '');
|
116
|
// Determine maximum mycrypt key length.
|
117
|
$key_length = mcrypt_enc_get_key_size($td);
|
118
|
// Shorten key to allowed length.
|
119
|
$key = substr($key, 0, $key_length);
|
120
|
// Create the initialization vector.
|
121
|
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
|
122
|
// Encrypt the text.
|
123
|
mcrypt_generic_init($td, $key, $iv);
|
124
|
$crypttext = mcrypt_generic($td, $clear_txt);
|
125
|
mcrypt_generic_deinit($td);
|
126
|
// Build the encrypted string.
|
127
|
$cipher_txt = $iv . $crypttext;
|
128
|
// Close the module.
|
129
|
mcrypt_module_close($td);
|
130
|
}
|
131
|
break;
|
132
|
|
133
|
default: // Cleartext
|
134
|
$cipher_txt = $clear_txt;
|
135
|
}
|
136
|
|
137
|
return base64_encode($cipher_txt);
|
138
|
}
|
139
|
|
140
|
/**
|
141
|
* Encrypt Decrypt Method
|
142
|
*
|
143
|
* @param string $cipher_txt
|
144
|
* ciphered text.
|
145
|
*
|
146
|
* @return string
|
147
|
* clear text
|
148
|
*
|
149
|
* http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
|
150
|
*/
|
151
|
|
152
|
function _ldap_servers_decrypt($cipher_txt, $enc_type = NULL) {
|
153
|
|
154
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
155
|
if (!$enc_type) {
|
156
|
$enc_type = variable_get('ldap_servers_encryption' , LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
157
|
}
|
158
|
if ($enc_type == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
159
|
return $cipher_txt;
|
160
|
}
|
161
|
|
162
|
$cipher_txt = base64_decode($cipher_txt);
|
163
|
switch ($enc_type) {
|
164
|
|
165
|
case LDAP_SERVERS_ENC_TYPE_BLOWFISH: // Blowfish
|
166
|
if (_ldap_servers_encrypt_has_mcrypt_and_warn()) {
|
167
|
$clear_txt = "";
|
168
|
// Open mcrypt module.
|
169
|
$td = mcrypt_module_open('blowfish', '', LDAP_SERVERS_CYPHER_MODE, '');
|
170
|
// Determine maximum mycrypt key length.
|
171
|
$key_length = mcrypt_enc_get_key_size($td);
|
172
|
// Shorten key to allowed length.
|
173
|
$key = substr($key, 0, $key_length);
|
174
|
// Determine the algorithm IV.
|
175
|
$ivsize = mcrypt_enc_get_iv_size($td);
|
176
|
// Split apart IV and text.
|
177
|
$iv = substr($cipher_txt, 0, $ivsize);
|
178
|
$cipher_txt = substr($cipher_txt, $ivsize);
|
179
|
// If the IV exists, decrypt the text.
|
180
|
if ($iv) {
|
181
|
mcrypt_generic_init($td, $key, $iv);
|
182
|
$clear_txt = mdecrypt_generic($td, $cipher_txt);
|
183
|
mcrypt_generic_deinit($td);
|
184
|
}
|
185
|
// Close the module.
|
186
|
mcrypt_module_close($td);
|
187
|
}
|
188
|
break;
|
189
|
|
190
|
default: // Cleartext
|
191
|
$clear_txt = $cipher_txt;
|
192
|
}
|
193
|
return $clear_txt;
|
194
|
}
|