Common subdirectories: ldap_integration/includes and ldap_integration.patched/includes
diff -up ldap_integration/ldapauth.admin.inc ldap_integration.patched/ldapauth.admin.inc
--- ldap_integration/ldapauth.admin.inc 2009-07-28 07:03:05.000000000 -0700
+++ ldap_integration.patched/ldapauth.admin.inc 2009-09-17 14:16:32.000000000 -0700
@@ -215,7 +215,7 @@ function ldapauth_admin_form(&$form_stat
'server' => '',
'port' => '389',
'tls' => 0,
- 'encrypted' => 0,
+ 'enc_type' => 0,
'basedn' => '',
'user_attr' => LDAPAUTH_DEFAULT_USER_ATTR,
'mail_attr' => LDAPAUTH_DEFAULT_MAIL_ATTR,
@@ -264,11 +264,12 @@ function ldapauth_admin_form(&$form_stat
'#default_value' => $edit['tls'],
'#description' => t('Secure the connection between the Drupal and the LDAP servers using TLS.
Note: To use START-TLS, you must set the LDAP Port to 389.'),
);
- $form['server-settings']['encrypted'] = array(
- '#type' => 'checkbox',
- '#title' => t('Store passwords in encrypted form'),
- '#default_value' => $edit['encrypted'],
- '#description' => t('Secure the password in LDAP by storing it MD5 encrypted (use with care, as some LDAP directories may do this automatically, what would cause logins problems).'),
+ $form['server-settings']['enc_type'] = array(
+ '#type' => 'select',
+ '#options' => valid_enc_types(),
+ '#title' => t('LDAP password encryption type'),
+ '#default_value' => $edit['enc_type'],
+ '#description' => t('This lists which type of Standard LDAP encryption should be used. Use with care as some LDAP directories may do this automatically, what would cause login issues. If unsure, use cleartext.'),
);
$form['login-procedure'] = array(
@@ -392,19 +393,19 @@ function ldapauth_admin_form_submit($for
switch ($op) {
case t('Save configuration'):
if (!isset($values['sid'])) {
- db_query("INSERT INTO {ldapauth} (name, status, server, port, tls, encrypted, basedn, user_attr, mail_attr, binddn, bindpw, login_php, filter_php) VALUES ('%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s')", $values['name'], 1, $values['server'], $values['port'], $values['tls'], $values['encrypted'], $values['basedn'], trim($values['user_attr']), trim($values['mail_attr']), $values['binddn'], $values['bindpw'], trim($values['login_php']), trim($values['filter_php']));
+ db_query("INSERT INTO {ldapauth} (name, status, server, port, tls, enc_type, basedn, user_attr, mail_attr, binddn, bindpw, login_php, filter_php) VALUES ('%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s')", $values['name'], 1, $values['server'], $values['port'], $values['tls'], $values['enc_type'], $values['basedn'], trim($values['user_attr']), trim($values['mail_attr']), $values['binddn'], $values['bindpw'], trim($values['login_php']), trim($values['filter_php']));
drupal_set_message(t('LDAP configuration %name has been added.', array('%name' => $values['name'])));
watchdog('ldapauth', 'LDAP configuration %name has been added.', array('%name' => $values['name']));
}
else {
if (isset($values['bindpw_clear'])) {
- db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = %d, tls = %d, encrypted = %d, basedn = '%s', user_attr = '%s', mail_attr = '%s', login_php = '%s', filter_php = '%s' WHERE sid = %d", $values['name'], $values['server'], $values['port'], $values['tls'], $values['encrypted'], $values['basedn'], trim($values['user_attr']), trim($values['mail_attr']), trim($values['login_php']), trim($values['filter_php']), $values['sid']);
+ db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = %d, tls = %d, enc_type = %d, basedn = '%s', user_attr = '%s', mail_attr = '%s', login_php = '%s', filter_php = '%s' WHERE sid = %d", $values['name'], $values['server'], $values['port'], $values['tls'], $values['enc_type'], $values['basedn'], trim($values['user_attr']), trim($values['mail_attr']), trim($values['login_php']), trim($values['filter_php']), $values['sid']);
if ($values['bindpw_clear']) {
db_query("UPDATE {ldapauth} SET bindpw = '' WHERE sid = %d", $values['sid']);
}
}
else {
- db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = %d, tls = %d, encrypted = %d, basedn = '%s', user_attr = '%s', mail_attr = '%s', binddn = '%s', bindpw = '%s', login_php = '%s', filter_php = '%s' WHERE sid = %d", $values['name'], $values['server'], $values['port'], $values['tls'], $values['encrypted'], $values['basedn'], trim($values['user_attr']), trim($values['mail_attr']), $values['binddn'], $values['bindpw'], trim($values['login_php']), trim($values['filter_php']), $values['sid']);
+ db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = %d, tls = %d, enc_type = %d, basedn = '%s', user_attr = '%s', mail_attr = '%s', binddn = '%s', bindpw = '%s', login_php = '%s', filter_php = '%s' WHERE sid = %d", $values['name'], $values['server'], $values['port'], $values['tls'], $values['enc_type'], $values['basedn'], trim($values['user_attr']), trim($values['mail_attr']), $values['binddn'], $values['bindpw'], trim($values['login_php']), trim($values['filter_php']), $values['sid']);
}
drupal_set_message(t('LDAP Configuration %name has been updated.', array('%name' => $values['name'])));
watchdog('ldapauth', 'LDAP Configuration %name has been updated.', array('%name' => $values['name']));
@@ -524,6 +525,46 @@ function ldapauth_admin_menu_block_page(
}
/**
+ * Returns an array of valid encryption types.
+ *
+ * *Most of the code here is from phpLDAPadmin.
+ */
+function valid_enc_types() {
+
+ // Clear Text
+ $valid_types[0] = t('Clear');
+
+ // Crypt + Salted Crypt
+ $valid_types[2] = t('Crypt');
+ $valid_types[3] = t('Salted Crypt');
+
+ // Extended DES
+ if ( defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 1 )
+ $valid_types[4] = t('Extended DES');
+
+ // MD5Crypt
+ if ( defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 1 )
+ $valid_types[5] = t('MD5Crypt');
+
+ // Blowfish
+ if ( defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 1 )
+ $valid_types[6] = t('Blowfish');
+
+ // MD5
+ $valid_types[1] = t('MD5');
+
+ // SMD5 + SHA + SSHA
+ if (function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
+ $valid_types[7] = t('Salted MD5');
+ $valid_types[8] = t('SHA');
+ $valid_types[9] = t('Salted SHA');
+ }
+
+ return $valid_types;
+}
+
+
+/**
* Implements the AJAX server test.
*
* @param $sid
diff -up ldap_integration/ldapauth.install ldap_integration.patched/ldapauth.install
--- ldap_integration/ldapauth.install 2009-07-20 12:35:40.000000000 -0700
+++ ldap_integration.patched/ldapauth.install 2009-09-17 14:16:32.000000000 -0700
@@ -73,7 +73,7 @@ function ldapauth_schema() {
'not null' => TRUE,
'default' => 0,
),
- 'encrypted' => array(
+ 'enc_type' => array(
'type' => 'int',
'size' => 'tiny',
'not null' => TRUE,
@@ -167,3 +167,14 @@ function ldapauth_update_6002() {
return $ret;
}
+function ldapauth_update_6003() {
+ $ret = array();
+ //db_query(" CHANGE COLUMN encrypted enc_type TINYINT NOT NULL DEFAULT 0");
+ db_change_field($ret, 'ldapauth', 'encrypted', 'enc_type', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ));
+ return $ret;
+}
diff -up ldap_integration/ldapauth.module ldap_integration.patched/ldapauth.module
--- ldap_integration/ldapauth.module 2009-07-28 07:03:05.000000000 -0700
+++ ldap_integration.patched/ldapauth.module 2009-09-17 14:16:32.000000000 -0700
@@ -500,7 +500,7 @@ function _ldapauth_init($sid) {
$_ldapauth_ldap->setOption('server', $servers[$sid]->server);
$_ldapauth_ldap->setOption('port', $servers[$sid]->port);
$_ldapauth_ldap->setOption('tls', $servers[$sid]->tls);
- $_ldapauth_ldap->setOption('encrypted', $servers[$sid]->encrypted);
+ $_ldapauth_ldap->setOption('enc_type', $servers[$sid]->enc_type);
$_ldapauth_ldap->setOption('basedn', $servers[$sid]->basedn);
$_ldapauth_ldap->setOption('user_attr', $servers[$sid]->user_attr);
$_ldapauth_ldap->setOption('mail_attr', $servers[$sid]->mail_attr);
diff -up ldap_integration/ldapdata.module ldap_integration.patched/ldapdata.module
--- ldap_integration/ldapdata.module 2009-07-28 07:03:05.000000000 -0700
+++ ldap_integration.patched/ldapdata.module 2009-09-17 14:16:59.000000000 -0700
@@ -394,8 +394,7 @@ function _ldapdata_user_update_drupal_ac
if ($ldap_attr = isset($d2l_map[$key]) ? $d2l_map[$key] : NULL) {
if ($key == 'pass') {
if ($value) {
- $pw = $_ldapdata_ldap->getOption('encrypted') ? '{md5}'. base64_encode(pack('H*', md5($value))) : $value;
- $writeout[$ldap_attr] = $pw;
+ $writeout[$ldap_attr] = encode_password($value);
}
}
else {
@@ -603,7 +602,7 @@ function _ldapdata_init($sid) {
$_ldapdata_ldap->setOption('server', $servers[$sid]->server);
$_ldapdata_ldap->setOption('port', $servers[$sid]->port);
$_ldapdata_ldap->setOption('tls', $servers[$sid]->tls);
- $_ldapdata_ldap->setOption('encrypted', $servers[$sid]->encrypted);
+ $_ldapdata_ldap->setOption('enc_type', $servers[$sid]->enc_type);
$_ldapdata_ldap->setOption('basedn', $servers[$sid]->basedn);
$_ldapdata_ldap->setOption('user_attr', $servers[$sid]->user_attr);
$_ldapdata_ldap->setOption('attr_filter', '_ldapdata_attribute_filter');
@@ -652,3 +651,83 @@ function _ldapdata_ldap_info($sid, $req)
}
}
+/**
+ * Return a random salt of a given length for crypt-style passwords
+ *
+ * *Most of the code here is from phpLDAPadmin.
+ *
+ */
+function random_salt( $length ) {
+ $possible = '0123456789'.
+ 'abcdefghijklmnopqrstuvwxyz'.
+ 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
+ './';
+ $str = "";
+
+ mt_srand((double)microtime() * 1000000);
+ while( strlen( $str ) < $length )
+ $str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
+
+ return $str;
+}
+
+/**
+ * Return an encrypted password
+ *
+ * *Most of the code here is from phpLDAPadmin.
+ *
+ */
+function encode_password($clearTxt) {
+ global $_ldapdata_ldap;
+
+ switch ($_ldapdata_ldap->getOption('enc_type')) {
+ case 1: // MD5
+ $cipherTxt = '{MD5}' . base64_encode( pack( 'H*' , md5( $clearTxt) ) );
+ break;
+
+ case 2: // Crypt
+ $cipherTxt = '{CRYPT}' . crypt($clearTxt,substr($clearTxt,0,2));
+ break;
+
+ case 3: // Salted Crypt
+ $cipherTxt = '{CRYPT}' . crypt($clearTxt,random_salt(2));
+ break;
+
+ case 4: // Extended DES
+ $cipherTxt = '{CRYPT}' . crypt( $clearTxt, '_' . random_salt(8) );
+ break;
+
+ case 5: // MD5Crypt
+ $cipherTxt = '{CRYPT}' . crypt( $clearTxt , '$1$' . random_salt(9) );
+ break;
+
+ case 6: // Blowfish
+ $cipherTxt = '{CRYPT}' . crypt( $clearTxt , '$2a$12$' . random_salt(13) );
+ break;
+
+ case 7: // Salted MD5
+ mt_srand( (double) microtime() * 1000000 );
+ $salt = mhash_keygen_s2k( MHASH_MD5, $clearTxt, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
+ $cipherTxt = "{SMD5}".base64_encode( mhash( MHASH_MD5, $clearTxt.$salt ).$salt );
+ break;
+
+ case 8: // SHA
+ if ( function_exists('sha1') ) {
+ $cipherTxt = '{SHA}' . base64_encode( pack( 'H*' , sha1( $clearTxt) ) );
+ } elseif ( function_exists( 'mhash' ) ) {
+ $cipherTxt = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $clearTxt) );
+ }
+ break;
+
+ case 9: // Salted SHA
+ mt_srand( (double) microtime() * 1000000 );
+ $salt = mhash_keygen_s2k( MHASH_SHA1, $clearTxt, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
+ $cipherTxt = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $clearTxt.$salt ).$salt );
+ break;
+
+ default: // Cleartext
+ $cipherTxt = $clearTxt;
+ }
+
+ return $cipherTxt;
+}
diff -up ldap_integration/ldapgroups.module ldap_integration.patched/ldapgroups.module
--- ldap_integration/ldapgroups.module 2009-07-28 07:03:05.000000000 -0700
+++ ldap_integration.patched/ldapgroups.module 2009-09-17 14:16:32.000000000 -0700
@@ -324,7 +324,7 @@ function _ldapgroups_ldap_init($sid) {
$_ldapgroups_ldap->setOption('server', $servers[$sid]->server);
$_ldapgroups_ldap->setOption('port', $servers[$sid]->port);
$_ldapgroups_ldap->setOption('tls', $servers[$sid]->tls);
- $_ldapgroups_ldap->setOption('encrypted', $servers[$sid]->encrypted);
+ $_ldapgroups_ldap->setOption('enc_type', $servers[$sid]->enc_type);
$_ldapgroups_ldap->setOption('basedn', $servers[$sid]->basedn);
$_ldapgroups_ldap->setOption('user_attr', $servers[$sid]->user_attr);
return $_ldapgroups_ldap;
Common subdirectories: ldap_integration/translations and ldap_integration.patched/translations