1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Provides functions for encryption/decryption.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* Return a random salt of a given length for crypt-style passwords.
|
10
|
*
|
11
|
* @param int length
|
12
|
* The requested length.
|
13
|
*
|
14
|
* @return string
|
15
|
* A (fairly) random salt of the requested length.
|
16
|
*/
|
17
|
function ldap_servers_random_salt($length) {
|
18
|
$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
|
19
|
$salt = "";
|
20
|
|
21
|
mt_srand((double) microtime() * 1000000);
|
22
|
while (strlen($salt) < $length) {
|
23
|
$salt .= substr($possible, (rand() % strlen($possible)), 1);
|
24
|
}
|
25
|
|
26
|
return $salt;
|
27
|
}
|
28
|
|
29
|
/**
|
30
|
* Encryption options available.
|
31
|
*
|
32
|
* @return array
|
33
|
* Options.
|
34
|
*/
|
35
|
function _ldap_servers_encrypt_types() {
|
36
|
$options = [
|
37
|
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'Clear text',
|
38
|
];
|
39
|
|
40
|
if (extension_loaded('openssl')) {
|
41
|
$options[LDAP_SERVERS_ENC_TYPE_OPENSSL] = 'OpenSSL';
|
42
|
}
|
43
|
|
44
|
return $options;
|
45
|
}
|
46
|
|
47
|
/**
|
48
|
* Encrypt string.
|
49
|
*
|
50
|
* @param $input
|
51
|
* Clear text.
|
52
|
* @param null $encryption_enabled
|
53
|
* OpenSSL or clear text.
|
54
|
*
|
55
|
* @return string
|
56
|
* Plain or encrypted.
|
57
|
*/
|
58
|
function _ldap_servers_encrypt($input, $encryption_enabled = NULL) {
|
59
|
|
60
|
if (!$encryption_enabled) {
|
61
|
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
62
|
}
|
63
|
|
64
|
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
65
|
return $input;
|
66
|
}
|
67
|
|
68
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
69
|
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(LDAP_SERVERS_CYPHER_MODE));
|
70
|
$encrypted_data = openssl_encrypt($input, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv);
|
71
|
|
72
|
return base64_encode($encrypted_data . '::' . $iv);
|
73
|
}
|
74
|
|
75
|
/**
|
76
|
* Decrypt string.
|
77
|
*
|
78
|
* @param string $input
|
79
|
* Clear text or encrypted text.
|
80
|
* @param null $encryption_enabled
|
81
|
* OpenSSL or clear text.
|
82
|
*
|
83
|
* @return string
|
84
|
* Clear text.
|
85
|
*/
|
86
|
function _ldap_servers_decrypt($input, $encryption_enabled = NULL) {
|
87
|
|
88
|
if (!$encryption_enabled) {
|
89
|
$encryption_enabled = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
90
|
}
|
91
|
|
92
|
if ($encryption_enabled == LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
93
|
return $input;
|
94
|
}
|
95
|
|
96
|
$key = variable_get('ldap_servers_encrypt_key', drupal_get_hash_salt());
|
97
|
list($encrypted_data, $iv) = explode('::', base64_decode($input), 2);
|
98
|
return openssl_decrypt($encrypted_data, LDAP_SERVERS_CYPHER_MODE, $key, 0, $iv);
|
99
|
}
|