diff options
author | Daniel Lange <DLange@git.local> | 2016-03-12 12:11:01 +0100 |
---|---|---|
committer | Daniel Lange <DLange@git.local> | 2016-03-12 12:14:50 +0100 |
commit | e82ab61ed1de64292bd6b1a6684c61288eec0aaa (patch) | |
tree | 97883d549401789eea312b2f364aa65ce42a7107 | |
parent | 59b7828a86aa10a35f3612fa009c46caad82e76f (diff) | |
download | drupal_htpasswdsync-e82ab61ed1de64292bd6b1a6684c61288eec0aaa.tar.gz drupal_htpasswdsync-e82ab61ed1de64292bd6b1a6684c61288eec0aaa.tar.bz2 drupal_htpasswdsync-e82ab61ed1de64292bd6b1a6684c61288eec0aaa.zip |
Add option to (de)select curly braces prefix for passwords. Bump to v1.2
-rw-r--r-- | CHANGELOG.txt | 3 | ||||
-rw-r--r-- | HTPasswdSync.info | 1 | ||||
-rw-r--r-- | HTPasswdSync.module | 35 |
3 files changed, 32 insertions, 7 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 3806fa8..849c772 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,6 @@ +v1.2 Enable or disable curly braces password prefix like {SHA512-crypt} + Dovecot introduced the prefix, htpasswd from nginx doesn't understand it + v1.1 Support SHA-256-crypt and SHA-512-crypt hashes See git log for other changes / patches applied diff --git a/HTPasswdSync.info b/HTPasswdSync.info index 2955ee7..f256d8d 100644 --- a/HTPasswdSync.info +++ b/HTPasswdSync.info @@ -3,3 +3,4 @@ description = Export user login data into htpasswd and htgroup files. core = 7.x php = 5.5 configure = admin/config/people/htpasswdsync +version = 1.2fit diff --git a/HTPasswdSync.module b/HTPasswdSync.module index fd5402d..f6689bb 100644 --- a/HTPasswdSync.module +++ b/HTPasswdSync.module @@ -47,10 +47,20 @@ function _htpasswdsync_hash() { /** + * Returns if the passwords shall be prefixed with curly braces indicating + * the hashing algorithm used + * @return bool + */ +function _htpasswdsync_prefix() { + return variable_get('htpasswdsync_prefix', true); +} + + +/** * Returns if the htpasswd file shall be overwritten by drupal of not * overwritting will erase all manual entered users. Manual make the htpasswd * grow and contain renamed users. it will do the same for the htgroup - * @return array of role id + * @return bool */ function _htpasswdsync_overwrite() { return variable_get('htpasswdsync_overwrite', true); @@ -77,12 +87,13 @@ function _htpasswdsync_names_lowercase() { /** * Returns the domain of which email addresses shall be exported as well - * @return bool + * @return string */ function _htpasswdsync_email_domain() { return variable_get('htpasswdsync_export_email_domain', ''); } + /** * Returns a random (safe) string for salts * Adopted from phpass by SolarDesigner and TimWolla on Stack Codereview @@ -90,7 +101,7 @@ function _htpasswdsync_email_domain() { * @return string */ function get_salt($count) { - $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\\][{}\'";:?.>,<!@#$%^&*()-_=+|'; + $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\\][{}\'";?.>,<!@#%^&*()-_=+|'; $randString = ""; for ($i = 0; $i < $count; $i++) { $randString .= $charset[mt_rand(0, strlen($charset) - 1)]; @@ -121,20 +132,24 @@ function _htpasswdsync_sanitize_name($name) { */ function _htpasswdsync_crypt($password) { $hashes = _htpasswdsync_hashes(); + $prefix = ''; switch ($hashes[_htpasswdsync_hash()]) { case 'crypt': return crypt($password, chr(rand(65, 122)) . chr(rand(65, 122))); break; case 'SHA-1': - return '{SHA}' . base64_encode(sha1($password, TRUE)); + if(_htpasswdsync_prefix()) $prefix = '{SHA}'; + return $prefix . base64_encode(sha1($password, TRUE)); break; case 'SHA-256-crypt': + if(_htpasswdsync_prefix()) $prefix = '{SHA256-crypt}'; $salt = get_salt(16); - return '{SHA256-crypt}' . crypt($password, '$5$' . $salt . '$'); + return $prefix . crypt($password, '$5$' . $salt . '$'); break; case 'SHA-512-crypt': + if(_htpasswdsync_prefix()) $prefix = '{SHA512-crypt}'; $salt = get_salt(16); - return '{SHA512-crypt}' . crypt($password, '$6$' . $salt . '$'); + return $prefix . crypt($password, '$6$' . $salt . '$'); break; default: @@ -532,11 +547,17 @@ function htpasswdsync_admin_form() { ); $form['htpasswdsync_hash'] = array( '#type' => 'radios', - '#title' => t('password hashing algorythm'), + '#title' => t('password hashing algorithm'), '#description' => t("How shall the password be hashed crypt (old unix), SHA1 (insecure, not salted!), SHA-256-crypt (safe) or SHA-512-crypt (best)"), '#options' => _htpasswdsync_hashes(), '#default_value' => _htpasswdsync_hash(), ); + $form['htpasswdsync_prefix'] = array( + '#type' => 'checkbox', + '#title' => t('Add a curly braces prefix like {SHA512-crypt} to the password field (e.g. for Dovecot)'), + '#description' => t("If yes, htpasswdsync will prefix all newly save passwords with {algorithm} except old unix-crypt which never gets prefixed for compatibility reasons."), + '#default_value' => _htpasswdsync_prefix(), + ); $form['htpasswdsync_roles'] = array( '#type' => 'checkboxes', '#title' => t('Roles to be exported into the htgroup file'), |