• R/O
  • HTTP
  • SSH
  • HTTPS

pukiwiki: Commit


Commit MetaInfo

Revision4669d6b23250aa9a9eb8b0350609d10a13671e31 (tree)
Time2018-04-28 05:21:16
Authorumorigu <umorigu@gmai...>
Commiterumorigu

Log Message

BugTrack/2469 Support SHA256 and SHA512 as password digest

* Support SHA256 and SHA512 as password digest algorithms

  • scheme prefix: x-php-sha256, x-php-sha512

* Simplify md5 plugin: Salt is salt (Salt doesn't contain a {scheme} part)'

Change Summary

Incremental Difference

--- a/lib/auth.php
+++ b/lib/auth.php
@@ -1,7 +1,7 @@
11 <?php
22 // PukiWiki - Yet another WikiWikiWeb clone
33 // auth.php
4-// Copyright 2003-2017 PukiWiki Development Team
4+// Copyright 2003-2018 PukiWiki Development Team
55 // License: GPL v2 or (at your option) any later version
66 //
77 // Authentication related functions
@@ -51,8 +51,8 @@ function pkwk_hash_compute($phrase = '', $scheme = '{x-php-md5}', $prefix = TRUE
5151 // With a {scheme}salt or not
5252 $matches = array();
5353 if (preg_match('/^(\{.+\})(.*)$/', $scheme, $matches)) {
54- $scheme = & $matches[1];
55- $salt = & $matches[2];
54+ $scheme = $matches[1];
55+ $salt = $matches[2];
5656 } else if ($scheme != '') {
5757 $scheme = ''; // Cleartext
5858 $salt = '';
@@ -79,6 +79,18 @@ function pkwk_hash_compute($phrase = '', $scheme = '{x-php-md5}', $prefix = TRUE
7979 sha1($phrase);
8080 break;
8181
82+ // PHP sha256
83+ case '{x-php-sha256}' :
84+ $hash = ($prefix ? ($canonical ? '{x-php-sha256}' : $scheme) : '') .
85+ hash('sha256', $phrase);
86+ break;
87+
88+ // PHP sha512
89+ case '{x-php-sha512}' :
90+ $hash = ($prefix ? ($canonical ? '{x-php-sha512}' : $scheme) : '') .
91+ hash('sha512', $phrase);
92+ break;
93+
8294 // LDAP CRYPT
8395 case '{crypt}' :
8496 $hash = ($prefix ? ($canonical ? '{CRYPT}' : $scheme) : '') .
--- a/plugin/md5.inc.php
+++ b/plugin/md5.inc.php
@@ -1,54 +1,59 @@
11 <?php
22 // PukiWiki - Yet another WikiWikiWeb clone.
33 // md5.inc.php
4-// Copyright 2001-2017 PukiWiki Development Team
4+// Copyright 2001-2018 PukiWiki Development Team
55 // License: GPL v2 or (at your option) any later version
66 //
77 // MD5 plugin: Allow to convert password/passphrase
88 // * PHP sha1() -- If you have sha1() or mhash extension
99 // * PHP md5()
10-// * PHP crypt()
10+// * PHP hash('sha256')
11+// * PHP hash('sha512')
1112 // * LDAP SHA / SSHA -- If you have sha1() or mhash extension
1213 // * LDAP MD5 / SMD5
13-// * LDAP CRYPT
1414
1515 // User interface of pkwk_hash_compute() for system admin
1616 function plugin_md5_action()
1717 {
1818 global $get, $post;
19-
2019 if (PKWK_SAFE_MODE || PKWK_READONLY) die_message('Prohibited by admin');
21-
2220 // Wait POST
2321 $phrase = isset($post['phrase']) ? $post['phrase'] : '';
24-
2522 if ($phrase == '') {
2623 // Show the form
27-
2824 // If plugin=md5&md5=password, only set it (Don't compute)
2925 $value = isset($get['md5']) ? $get['md5'] : '';
30-
3126 return array(
3227 'msg' =>'Compute userPassword',
3328 'body'=>plugin_md5_show_form(isset($post['phrase']), $value));
34-
3529 } else {
3630 // Compute (Don't show its $phrase at the same time)
37-
38- $prefix = isset($post['prefix']);
31+ $is_output_prefix = isset($post['prefix']);
3932 $salt = isset($post['salt']) ? $post['salt'] : '';
40-
41- // With scheme-prefix or not
42- if (! preg_match('/^\{.+\}.*$/', $salt)) {
43- $scheme = isset($post['scheme']) ? '{' . $post['scheme'] . '}': '';
44- $salt = $scheme . $salt;
33+ $scheme = isset($post['scheme']) ? $post['scheme']: '';
34+ $algos_enabled = plugin_md5_get_algos_enabled();
35+ $scheme_list = array('x-php-md5', 'MD5', 'SMD5');
36+ if ($algos_enabled->sha1) {
37+ array_push($scheme_list, 'x-php-sha1', 'SHA', 'SSHA');
4538 }
46-
39+ if ($algos_enabled->sha256) {
40+ array_push($scheme_list, 'x-php-sha256');
41+ }
42+ if ($algos_enabled->sha512) {
43+ array_push($scheme_list, 'x-php-sha512');
44+ }
45+ if (!in_array($scheme, $scheme_list)) {
46+ return array(
47+ 'msg' => 'Error',
48+ 'body' => 'Invalid scheme: ' . htmlsc($scheme),
49+ );
50+ }
51+ $scheme_with_salt = '{' . $scheme . '}' . $salt;
4752 return array(
4853 'msg' =>'Result',
4954 'body'=>
50- //($prefix ? 'userPassword: ' : '') .
51- pkwk_hash_compute($phrase, $salt, $prefix, TRUE));
55+ pkwk_hash_compute($phrase, $scheme_with_salt,
56+ $is_output_prefix, TRUE));
5257 }
5358 }
5459
@@ -57,28 +62,23 @@ function plugin_md5_action()
5762 function plugin_md5_show_form($nophrase = FALSE, $value = '')
5863 {
5964 if (PKWK_SAFE_MODE || PKWK_READONLY) die_message('Prohibited');
60- if (strlen($value) > PKWK_PASSPHRASE_LIMIT_LENGTH)
65+ if (strlen($value) > PKWK_PASSPHRASE_LIMIT_LENGTH) {
6166 die_message('Limit: malicious message length');
62-
67+ }
6368 if ($value != '') $value = 'value="' . htmlsc($value) . '" ';
64-
65- $sha1_enabled = function_exists('sha1');
69+ $algos_enabled = plugin_md5_get_algos_enabled();
6670 $sha1_checked = $md5_checked = '';
67- if ($sha1_enabled) {
71+ if ($algos_enabled->sha1) {
6872 $sha1_checked = 'checked="checked" ';
6973 } else {
7074 $md5_checked = 'checked="checked" ';
7175 }
72-
7376 $self = get_base_uri();
74-
7577 $form = <<<EOD
7678 <p><strong>NOTICE: Don't use this feature via untrustful or unsure network</strong></p>
7779 <hr>
7880 EOD;
79-
8081 if ($nophrase) $form .= '<strong>NO PHRASE</strong><br />';
81-
8282 $form .= <<<EOD
8383 <form action="$self" method="post">
8484 <div>
@@ -86,39 +86,38 @@ EOD;
8686 <label for="_p_md5_phrase">Phrase:</label>
8787 <input type="text" name="phrase" id="_p_md5_phrase" size="60" $value/><br />
8888 EOD;
89-
90- if ($sha1_enabled) $form .= <<<EOD
91- <input type="radio" name="scheme" id="_p_md5_sha1" value="x-php-sha1" />
92- <label for="_p_md5_sha1">PHP sha1()</label><br />
93-EOD;
94-
9589 $form .= <<<EOD
9690 <input type="radio" name="scheme" id="_p_md5_md5" value="x-php-md5" />
97- <label for="_p_md5_md5">PHP md5()</label><br />
98- <input type="radio" name="scheme" id="_p_md5_crpt" value="x-php-crypt" />
99- <label for="_p_md5_crpt">PHP crypt() *</label><br />
91+ <label for="_p_md5_md5">PHP md5</label><br />
10092 EOD;
101-
102- if ($sha1_enabled) $form .= <<<EOD
93+ if ($algos_enabled->sha1) $form .= <<<EOD
94+ <input type="radio" name="scheme" id="_p_md5_sha1" value="x-php-sha1" />
95+ <label for="_p_md5_sha1">PHP sha1</label><br />
96+EOD;
97+ if ($algos_enabled->sha256) $form .= <<<EOD
98+ <input type="radio" name="scheme" id="_p_md5_sha256" value="x-php-sha256" />
99+ <label for="_p_md5_sha256">PHP sha256</label><br />
100+EOD;
101+ if ($algos_enabled->sha512) $form .= <<<EOD
102+ <input type="radio" name="scheme" id="_p_md5_sha512" value="x-php-sha512" />
103+ <label for="_p_md5_sha512">PHP sha512</label><br />
104+EOD;
105+ if ($algos_enabled->sha1) $form .= <<<EOD
103106 <input type="radio" name="scheme" id="_p_md5_lssha" value="SSHA" $sha1_checked/>
104107 <label for="_p_md5_lssha">LDAP SSHA (sha-1 with a seed) *</label><br />
105108 <input type="radio" name="scheme" id="_p_md5_lsha" value="SHA" />
106109 <label for="_p_md5_lsha">LDAP SHA (sha-1)</label><br />
107110 EOD;
108-
109111 $form .= <<<EOD
110112 <input type="radio" name="scheme" id="_p_md5_lsmd5" value="SMD5" $md5_checked/>
111113 <label for="_p_md5_lsmd5">LDAP SMD5 (md5 with a seed) *</label><br />
112114 <input type="radio" name="scheme" id="_p_md5_lmd5" value="MD5" />
113115 <label for="_p_md5_lmd5">LDAP MD5</label><br />
114116
115- <input type="radio" name="scheme" id="_p_md5_lcrpt" value="CRYPT" />
116- <label for="_p_md5_lcrpt">LDAP CRYPT *</label><br />
117-
118117 <input type="checkbox" name="prefix" id="_p_md5_prefix" checked="checked" />
119118 <label for="_p_md5_prefix">Add scheme prefix (RFC2307, Using LDAP as NIS)</label><br />
120119
121- <label for="_p_md5_salt">Salt, '{scheme}', '{scheme}salt', or userPassword itself to specify:</label><br />
120+ <label for="_p_md5_salt">Salt:</label>
122121 <input type="text" name="salt" id="_p_md5_salt" size="60" /><br />
123122
124123 <input type="submit" value="Compute" /><br />
@@ -131,3 +130,27 @@ EOD;
131130
132131 return $form;
133132 }
133+
134+/**
135+ * Get availabilites of algos.
136+ */
137+function plugin_md5_get_algos_enabled()
138+{
139+ $sha1_enabled = function_exists('sha1');
140+ $sha256_enabled = false;
141+ $sha512_enabled = false;
142+ if (function_exists('hash') && function_exists('hash_algos')) {
143+ $algos = hash_algos();
144+ if (in_array('sha256', $algos)) {
145+ $sha256_enabled = true;
146+ }
147+ if (in_array('sha512', $algos)) {
148+ $sha512_enabled = true;
149+ }
150+ }
151+ return (object) array(
152+ 'sha1' => $sha1_enabled,
153+ 'sha256' => $sha256_enabled,
154+ 'sha512' => $sha512_enabled,
155+ );
156+}
--- a/pukiwiki.ini.php
+++ b/pukiwiki.ini.php
@@ -181,6 +181,7 @@ $adminpass = '{x-php-md5}!';
181181 // Sample:
182182 //$adminpass = 'pass'; // Cleartext
183183 //$adminpass = '{x-php-md5}1a1dc91c907325c69271ddf0c944bc72'; // PHP md5() 'pass'
184+//$adminpass = '{x-php-sha256}d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1'; // PHP sha256 'pass'
184185 //$adminpass = '{CRYPT}$1$AR.Gk94x$uCe8fUUGMfxAPH83psCZG/'; // LDAP CRYPT 'pass'
185186 //$adminpass = '{MD5}Gh3JHJBzJcaScd3wyUS8cg=='; // LDAP MD5 'pass'
186187 //$adminpass = '{SMD5}o7lTdtHFJDqxFOVX09C8QnlmYmZnd2Qx'; // LDAP SMD5 'pass'
Show on old repository browser