From e82ab61ed1de64292bd6b1a6684c61288eec0aaa Mon Sep 17 00:00:00 2001
From: Daniel Lange <DLange@git.local>
Date: Sat, 12 Mar 2016 12:11:01 +0100
Subject: Add option to (de)select curly braces prefix for passwords. Bump to
 v1.2

---
 CHANGELOG.txt       |  3 +++
 HTPasswdSync.info   |  1 +
 HTPasswdSync.module | 35 ++++++++++++++++++++++++++++-------
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 3806fa8..849c772 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,6 @@
+v1.2 Enable or disable curly braces password prefix like {SHA512-crypt}
+     Dovecot introduced the prefix, htpasswd from nginx doesn't understand it
+
 v1.1 Support SHA-256-crypt and SHA-512-crypt hashes
      See git log for other changes / patches applied
 
diff --git a/HTPasswdSync.info b/HTPasswdSync.info
index 2955ee7..f256d8d 100644
--- a/HTPasswdSync.info
+++ b/HTPasswdSync.info
@@ -3,3 +3,4 @@ description = Export user login data into htpasswd and htgroup files.
 core = 7.x
 php = 5.5
 configure = admin/config/people/htpasswdsync
+version = 1.2fit
diff --git a/HTPasswdSync.module b/HTPasswdSync.module
index fd5402d..f6689bb 100644
--- a/HTPasswdSync.module
+++ b/HTPasswdSync.module
@@ -46,11 +46,21 @@ function _htpasswdsync_hash() {
 }
 
 
+/**
+ * Returns if the passwords shall be prefixed with curly braces indicating
+ * the hashing algorithm used
+ * @return bool
+ */
+function _htpasswdsync_prefix() {
+    return variable_get('htpasswdsync_prefix', true);
+}
+
+
 /**
  * Returns if the htpasswd file shall be overwritten by drupal of not
  * overwritting will erase all manual entered users. Manual make the htpasswd
  * grow and contain renamed users. it will do the same for the htgroup
- * @return array of role id
+ * @return bool
  */
 function _htpasswdsync_overwrite() {
     return variable_get('htpasswdsync_overwrite', true);
@@ -77,12 +87,13 @@ function _htpasswdsync_names_lowercase() {
 
 /**
  * Returns the domain of which email addresses shall be exported as well
- * @return bool
+ * @return string
  */
 function _htpasswdsync_email_domain() {
     return variable_get('htpasswdsync_export_email_domain', '');
 }
 
+
 /**
  * Returns a random (safe) string for salts
  * Adopted from phpass by SolarDesigner and TimWolla on Stack Codereview
@@ -90,7 +101,7 @@ function _htpasswdsync_email_domain() {
  * @return string
  */
 function get_salt($count) {
-     $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\\][{}\'";:?.>,<!@#$%^&*()-_=+|';
+     $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\\][{}\'";?.>,<!@#%^&*()-_=+|';
      $randString = "";
      for ($i = 0; $i < $count; $i++) {
          $randString .= $charset[mt_rand(0, strlen($charset) - 1)];
@@ -121,20 +132,24 @@ function _htpasswdsync_sanitize_name($name) {
  */
 function _htpasswdsync_crypt($password) {
     $hashes = _htpasswdsync_hashes();
+    $prefix = '';
     switch ($hashes[_htpasswdsync_hash()]) {
         case 'crypt':
             return crypt($password, chr(rand(65, 122)) . chr(rand(65, 122)));
             break;
         case 'SHA-1':
-            return '{SHA}' . base64_encode(sha1($password, TRUE));
+            if(_htpasswdsync_prefix()) $prefix = '{SHA}';
+            return $prefix . base64_encode(sha1($password, TRUE));
             break;
         case 'SHA-256-crypt':
+            if(_htpasswdsync_prefix()) $prefix = '{SHA256-crypt}';
             $salt = get_salt(16);
-            return '{SHA256-crypt}' . crypt($password, '$5$' . $salt . '$');
+            return $prefix . crypt($password, '$5$' . $salt . '$');
             break;
         case 'SHA-512-crypt':
+            if(_htpasswdsync_prefix()) $prefix = '{SHA512-crypt}';
             $salt = get_salt(16);
-            return '{SHA512-crypt}' . crypt($password, '$6$' . $salt . '$');
+            return $prefix . crypt($password, '$6$' . $salt . '$');
             break;
 
         default:
@@ -532,11 +547,17 @@ function htpasswdsync_admin_form() {
     );
     $form['htpasswdsync_hash'] = array(
         '#type' => 'radios',
-        '#title' => t('password hashing algorythm'),
+        '#title' => t('password hashing algorithm'),
         '#description' => t("How shall the password be hashed crypt (old unix), SHA1 (insecure, not salted!), SHA-256-crypt (safe) or SHA-512-crypt (best)"),
         '#options' => _htpasswdsync_hashes(),
         '#default_value' => _htpasswdsync_hash(),
     );
+    $form['htpasswdsync_prefix'] = array(
+        '#type' => 'checkbox',
+        '#title' => t('Add a curly braces prefix like {SHA512-crypt} to the password field (e.g. for Dovecot)'),
+        '#description' => t("If yes, htpasswdsync will prefix all newly save passwords with {algorithm} except old unix-crypt which never gets prefixed for compatibility reasons."),
+        '#default_value' => _htpasswdsync_prefix(),
+    );
     $form['htpasswdsync_roles'] = array(
         '#type' => 'checkboxes',
         '#title' => t('Roles to be exported into the htgroup file'),
-- 
cgit v1.2.3