1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* Provides functions for encryption/decryption.
|
6 |
|
|
*/
|
7 |
|
|
|
8 |
|
|
/**
|
9 |
32700c57
|
Assos Assos
|
* Return a random salt of a given length for crypt-style passwords.
|
10 |
85ad3d82
|
Assos Assos
|
*
|
11 |
|
|
* @param int length
|
12 |
|
|
* The requested length.
|
13 |
|
|
*
|
14 |
|
|
* @return string
|
15 |
|
|
* A (fairly) random salt of the requested length.
|
16 |
|
|
*/
|
17 |
32700c57
|
Assos Assos
|
function ldap_servers_random_salt($length) {
|
18 |
85ad3d82
|
Assos Assos
|
$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
|
19 |
|
|
$salt = "";
|
20 |
|
|
|
21 |
32700c57
|
Assos Assos
|
mt_srand((double) microtime() * 1000000);
|
22 |
|
|
while (strlen($salt) < $length) {
|
23 |
|
|
$salt .= substr($possible, (rand() % strlen($possible)), 1);
|
24 |
85ad3d82
|
Assos Assos
|
}
|
25 |
|
|
|
26 |
|
|
return $salt;
|
27 |
|
|
}
|
28 |
|
|
|
29 |
32700c57
|
Assos Assos
|
/**
|
30 |
|
|
* Encryption options available.
|
31 |
|
|
*
|
32 |
|
|
* @return array
|
33 |
|
|
* Options.
|
34 |
|
|
*/
|
35 |
|
|
function _ldap_servers_encrypt_types() {
|
36 |
|
|
$options = [
|
37 |
|
|
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'Clear text',
|
38 |
|
|
];
|
39 |
85ad3d82
|
Assos Assos
|
|
40 |
32700c57
|
Assos Assos
|
if (extension_loaded('openssl')) {
|
41 |
|
|
$options[LDAP_SERVERS_ENC_TYPE_OPENSSL] = 'OpenSSL';
|
42 |
85ad3d82
|
Assos Assos
|
}
|
43 |
|
|
|
44 |
32700c57
|
Assos Assos
|
return $options;
|
45 |
85ad3d82
|
Assos Assos
|
}
|
46 |
32700c57
|
Assos Assos
|
|
47 |
85ad3d82
|
Assos Assos
|
/**
|
48 |
32700c57
|
Assos Assos
|
* Encrypt string.
|
49 |
85ad3d82
|
Assos Assos
|
*
|
50 |
32700c57
|
Assos Assos
|
* @param $input
|
51 |
|
|
* Clear text.
|
52 |
|
|
* @param null $encryption_enabled
|
53 |
|
|
* OpenSSL or clear text.
|
54 |
85ad3d82
|
Assos Assos
|
*
|
55 |
|
|
* @return string
|
56 |
32700c57
|
Assos Assos
|
* Plain or encrypted.
|
57 |
85ad3d82
|
Assos Assos
|
*/
|
58 |
32700c57
|
Assos Assos
|
function _ldap_servers_encrypt($input, $encryption_enabled = NULL) {
|
59 |
85ad3d82
|
Assos Assos
|
|
60 |
32700c57
|
Assos Assos
|
if (!$encryption_enabled) {
|
61 |
|
|
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
62 |
85ad3d82
|
Assos Assos
|
}
|
63 |
|
|
|
64 |
32700c57
|
Assos Assos
|
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
65 |
|
|
return $input;
|
66 |
85ad3d82
|
Assos Assos
|
}
|
67 |
|
|
|
68 |
|
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
69 |
32700c57
|
Assos Assos
|
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(LDAP_SERVERS_CYPHER_MODE));
|
70 |
|
|
$encrypted_data = openssl_encrypt($input, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv);
|
71 |
85ad3d82
|
Assos Assos
|
|
72 |
32700c57
|
Assos Assos
|
return base64_encode($encrypted_data . '::' . $iv);
|
73 |
85ad3d82
|
Assos Assos
|
}
|
74 |
|
|
|
75 |
|
|
/**
|
76 |
32700c57
|
Assos Assos
|
* Decrypt string.
|
77 |
85ad3d82
|
Assos Assos
|
*
|
78 |
32700c57
|
Assos Assos
|
* @param string $input
|
79 |
|
|
* Clear text or encrypted text.
|
80 |
|
|
* @param null $encryption_enabled
|
81 |
|
|
* OpenSSL or clear text.
|
82 |
85ad3d82
|
Assos Assos
|
*
|
83 |
|
|
* @return string
|
84 |
32700c57
|
Assos Assos
|
* Clear text.
|
85 |
85ad3d82
|
Assos Assos
|
*/
|
86 |
32700c57
|
Assos Assos
|
function _ldap_servers_decrypt($input, $encryption_enabled = NULL) {
|
87 |
85ad3d82
|
Assos Assos
|
|
88 |
32700c57
|
Assos Assos
|
if (!$encryption_enabled) {
|
89 |
|
|
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
90 |
85ad3d82
|
Assos Assos
|
}
|
91 |
|
|
|
92 |
32700c57
|
Assos Assos
|
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
93 |
|
|
return $input;
|
94 |
85ad3d82
|
Assos Assos
|
}
|
95 |
32700c57
|
Assos Assos
|
|
96 |
|
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
97 |
|
|
list($encrypted_data, $iv) = explode('::', base64_decode($input), 2);
|
98 |
|
|
return openssl_decrypt($encrypted_data, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv);
|
99 |
85ad3d82
|
Assos Assos
|
} |