6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
8/4/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#330] add support for crypt-md5 encryption
*
Your Email Address
*
Spam protection
Enter the letters below:
.___. ..___. . . [__ |_/ [__ |_/ | | | \| | \\__|
Comment
> When vpopmail is compiled with the --enable-md5-passwords=y > horde-passwd is unable to change the user password since the > crypt-md5 encryption is not supported, the one vpopmail supports. > > > > I backported the code currently on head (as of Jun 25,2004) that adds > support to crypt-md5 to current RELENG_2 tree. > > > > While I cannot tell you how much the --enable-md5-passwords=y is > used, but at least on Gentoo it's used as the default. > > > > > > The path to be applied is: > > > > diff -ur passwd/lib/Driver.php passwd-new/lib/Driver.php > > --- passwd/lib/Driver.php 2004-06-24 01:30:47.000000000 -0400 > > +++ passwd-new/lib/Driver.php 2004-06-24 01:16:46.000000000 -0400 > > @@ -104,8 +104,22 @@ > > } > > break; > > case 'crypt': > > - $encrypted = substr($encrypted, 7); > > - $salt = substr($encrypted , 0, 2); > > + case 'crypt-des': > > + $encrypted = preg_replace('|^{crypt}|', '', $encrypted); > > + $salt = substr($encrypted, 0, 2); > > + if ($encrypted == crypt($plaintext, $salt)) { > > + return true; > > + } > > + break; > > + case 'crypt-md5': > > + $encrypted = preg_replace('|^{crypt}|', '', $encrypted); > > + $salt = substr($encrypted, 0, 12); > > + if ($encrypted == crypt($plaintext, $salt)) { > > + return true; > > + } > > + case 'crypt-blowfish': > > + $encrypted = preg_replace('|^{crypt}|', '', $encrypted); > > + $salt = substr($encrypted, 0, 16); > > if ($encrypted == crypt($plaintext, $salt)) { > > return true; > > } > > @@ -113,14 +127,14 @@ > > case 'sha': > > $encrypted = substr($encrypted, 5); > > if ($encrypted == base64_encode(mHash(MHASH_SHA1, > $plaintext))) > > -{ > > + { > > return true; > > } > > break; > > case 'ssha': > > $encrypted = substr($encrypted, 6); > > $hash = base64_decode($encrypted); > > - $salt = substr($hash, 20); > > + $salt = substr($hash, 20); > > if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) { > > return true; > > } > > @@ -156,9 +170,18 @@ > > case "sha": > > $newPassword = "{SHA}" . > base64_encode(mHash(MHASH_SHA1, $newPassword)); > > break; > > - case "crypt": > > - // The salt is left out, generated by php > > - $newPassword = "{crypt}" . crypt($newPassword); > > + case 'crypt': > > + case 'crypt-des': > > + $salt = substr(md5(mt_rand()), 0, 2); > > + $newPassword = crypt($newPassword, $salt); > > + break; > > + case 'crypt-md5': > > + $salt = '$1$' . substr(md5(mt_rand()), 0, 8) . '$'; > > + $newPassword = crypt($newPassword, $salt); > > + break; > > + case 'crypt-blowfish': > > + $salt = '$2$' . substr(md5(mt_rand()), 0, 12) . '$'; > > + $newPassword = crypt($newPassword, $salt); > > break; > > case "md5-hex": > > $newPassword = md5($newPassword);
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers