Home Verkennen Help
Inloggen
boarspring
/
repo_zf1
spiegel van https://github.com/bluescreen/zf1-php7.2.git
2
0
Vork 1
Bestanden Issues 0 Wiki
Bladeren bron

added support for {SMD5} and {SSHA} password hashing in Zend_Ldap_Attribute 

git-svn-id: http://framework.zend.com/svn/framework/standard/trunk@17460 44c647ce-9c0f-0410-b52a-842ac1e357ba
sgehrig 16 jaren geleden
bovenliggende
dbeaa139a3
commit
f5f1019028
2 gewijzigde bestanden met toevoegingen van 64 en 6 verwijderingen
Gecombineerde weergave Toon Diff Stats
  1. 16 4
      library/Zend/Ldap/Attribute.php
  2. 48 2
      tests/Zend/Ldap/AttributeTest.php

+ 16 - 4
library/Zend/Ldap/Attribute.php
Bestand weergeven 

@@ -29,8 +29,10 @@
 
  */
 
  */
 
 class Zend_Ldap_Attribute
 
 class Zend_Ldap_Attribute
 
 {
 
 {
 
-    const PASSWORD_HASH_MD5 = 'md5';
 
-    const PASSWORD_HASH_SHA = 'sha1';
 
+    const PASSWORD_HASH_MD5  = 'md5';
 
+    const PASSWORD_HASH_SMD5 = 'smd5';
 
+    const PASSWORD_HASH_SHA  = 'sha';
 
+    const PASSWORD_HASH_SSHA = 'ssha';
 
 
 
     /**
 
     /**
 
      * Sets a LDAP attribute.
 
      * Sets a LDAP attribute.
 
@@ -274,14 +276,24 @@ class Zend_Ldap_Attribute
 
     public static function createPassword($password, $hashType = self::PASSWORD_HASH_MD5)
 
     public static function createPassword($password, $hashType = self::PASSWORD_HASH_MD5)
 
     {
 
     {
 
         switch ($hashType) {
 
         switch ($hashType) {
 
+            case self::PASSWORD_HASH_SSHA:
 
+                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
 
+                $rawHash = sha1($password . $salt, true) . $salt;
 
+                $method  = '{SSHA}';
 
+                break;
 
             case self::PASSWORD_HASH_SHA:
 
             case self::PASSWORD_HASH_SHA:
 
                 $rawHash = sha1($password, true);
 
                 $rawHash = sha1($password, true);
 
-                $method = '{SHA}';
 
+                $method  = '{SHA}';
 
+                break;
 
+            case self::PASSWORD_HASH_SMD5:
 
+                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
 
+                $rawHash = md5($password . $salt, true) . $salt;
 
+                $method  = '{SMD5}';
 
                 break;
 
                 break;
 
             case self::PASSWORD_HASH_MD5:
 
             case self::PASSWORD_HASH_MD5:
 
             default:
 
             default:
 
                 $rawHash = md5($password, true);
 
                 $rawHash = md5($password, true);
 
-                $method = '{MD5}';
 
+                $method  = '{MD5}';
 
                 break;
 
                 break;
 
         }
 
         }
 
         return $method . base64_encode($rawHash);
 
         return $method . base64_encode($rawHash);

+ 48 - 2
tests/Zend/Ldap/AttributeTest.php
Bestand weergeven 

@@ -180,7 +180,7 @@ class Zend_Ldap_AttributeTest extends PHPUnit_Framework_TestCase
 
         $this->assertEquals('new2', $data['uid'][2]);

         $this->assertEquals('new2', $data['uid'][2]);

     }

     }

 

 

-    public function testSHAPasswordGeneration()

+    public function testPasswordSettingSHA()

     {

     {

         $data=array();

         $data=array();

         Zend_Ldap_Attribute::setPassword($data, 'pa$$w0rd', Zend_Ldap_Attribute::PASSWORD_HASH_SHA);

         Zend_Ldap_Attribute::setPassword($data, 'pa$$w0rd', Zend_Ldap_Attribute::PASSWORD_HASH_SHA);

@@ -188,7 +188,7 @@ class Zend_Ldap_AttributeTest extends PHPUnit_Framework_TestCase
 
         $this->assertEquals('{SHA}vi3X+3ptD4ulrdErXo+3W72mRyE=', $password);

         $this->assertEquals('{SHA}vi3X+3ptD4ulrdErXo+3W72mRyE=', $password);

     }

     }

 

 

-    public function testMD5PasswordGeneration()

+    public function testPasswordSettingMD5()

     {

     {

         $data=array();

         $data=array();

         Zend_Ldap_Attribute::setPassword($data, 'pa$$w0rd', Zend_Ldap_Attribute::PASSWORD_HASH_MD5);

         Zend_Ldap_Attribute::setPassword($data, 'pa$$w0rd', Zend_Ldap_Attribute::PASSWORD_HASH_MD5);

@@ -455,4 +455,50 @@ class Zend_Ldap_AttributeTest extends PHPUnit_Framework_TestCase
 
         $this->assertFalse(Zend_Ldap_Attribute::attributeHasValue($data, 'boolean1',
 
         $this->assertFalse(Zend_Ldap_Attribute::attributeHasValue($data, 'boolean1',
 
             array(true, false)));
 
             array(true, false)));
 
     }

     }

+

+    public function testPasswordGenerationSSHA()

+    {

+        $password = 'pa$$w0rd';

+        $ssha = Zend_Ldap_Attribute::createPassword($password, Zend_Ldap_Attribute::PASSWORD_HASH_SSHA);

+        $encoded = substr($ssha, strpos($ssha, '}'));

+        $binary  = base64_decode($encoded);

+        $this->assertEquals(24, strlen($binary));

+        $hash    = substr($binary, 0, 20);

+        $salt    = substr($binary, 20);

+        $this->assertEquals(4, strlen($salt));

+        $this->assertEquals(sha1($password . $salt, true), $hash);

+    }

+

+    public function testPasswordGenerationSHA()

+    {

+        $password = 'pa$$w0rd';

+        $sha = Zend_Ldap_Attribute::createPassword($password, Zend_Ldap_Attribute::PASSWORD_HASH_SHA);

+        $encoded = substr($sha, strpos($sha, '}'));

+        $binary  = base64_decode($encoded);

+        $this->assertEquals(20, strlen($binary));

+        $this->assertEquals(sha1($password, true), $binary);

+    }

+

+    public function testPasswordGenerationSMD5()

+    {

+        $password = 'pa$$w0rd';

+        $smd5 = Zend_Ldap_Attribute::createPassword($password, Zend_Ldap_Attribute::PASSWORD_HASH_SMD5);

+        $encoded = substr($smd5, strpos($smd5, '}'));

+        $binary  = base64_decode($encoded);

+        $this->assertEquals(20, strlen($binary));

+        $hash    = substr($binary, 0, 16);

+        $salt    = substr($binary, 16);

+        $this->assertEquals(4, strlen($salt));

+        $this->assertEquals(md5($password . $salt, true), $hash);

+    }

+

+    public function testPasswordGenerationMD5()

+    {

+        $password = 'pa$$w0rd';

+        $md5 = Zend_Ldap_Attribute::createPassword($password, Zend_Ldap_Attribute::PASSWORD_HASH_MD5);

+        $encoded = substr($md5, strpos($md5, '}'));

+        $binary  = base64_decode($encoded);

+        $this->assertEquals(16, strlen($binary));

+        $this->assertEquals(md5($password, true), $binary);

+    }

 }
 
 }