diff options
author | Daniel Lange <DLange@git.local> | 2016-03-11 17:43:15 +0100 |
---|---|---|
committer | Daniel Lange <DLange@git.local> | 2016-03-11 17:43:15 +0100 |
commit | e8e7efbd23bb56136ac538b30e73acaddda92d96 (patch) | |
tree | f32f2257c766a0e98a3e8e504d059bf26252f312 | |
parent | 90cb364f9c7282e00afc05435fab7e62bc190d86 (diff) | |
download | drupal_htpasswdsync-e8e7efbd23bb56136ac538b30e73acaddda92d96.tar.gz drupal_htpasswdsync-e8e7efbd23bb56136ac538b30e73acaddda92d96.tar.bz2 drupal_htpasswdsync-e8e7efbd23bb56136ac538b30e73acaddda92d96.zip |
Add support for SHA-256-crypt and SHA-512-crypt salted hashes
Warning: Database schema change. Using varchar(128) instead of varchar(64) now.
Thanks for reading the full git log comment :)
-rw-r--r-- | CHANGELOG.txt | 2 | ||||
-rw-r--r-- | HTPasswdSync.info | 2 | ||||
-rw-r--r-- | HTPasswdSync.install | 4 | ||||
-rw-r--r-- | HTPasswdSync.module | 30 | ||||
-rw-r--r-- | README.txt | 13 |
5 files changed, 44 insertions, 7 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index b7a5a39..3806fa8 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,2 +1,4 @@ +v1.1 Support SHA-256-crypt and SHA-512-crypt hashes + See git log for other changes / patches applied v1.0 Initial release for DP7 diff --git a/HTPasswdSync.info b/HTPasswdSync.info index bf24406..2955ee7 100644 --- a/HTPasswdSync.info +++ b/HTPasswdSync.info @@ -1,5 +1,5 @@ name = HTPasswdSync description = Export user login data into htpasswd and htgroup files. core = 7.x -php = 5.0 +php = 5.5 configure = admin/config/people/htpasswdsync diff --git a/HTPasswdSync.install b/HTPasswdSync.install index e83c828..f35f2f0 100644 --- a/HTPasswdSync.install +++ b/HTPasswdSync.install @@ -30,14 +30,14 @@ function htpasswdsync_db_schema() { 'username' => array( 'description' => 'The {users}.username.', 'type' => 'varchar', - 'length' => 64, + 'length' => 128, 'not null' => true, 'default' => 0, ), 'passwd' => array( 'description' => 'The crypted (crypt) password.', 'type' => 'varchar', - 'length' => 64, + 'length' => 128, 'not null' => true, 'default' => '', ), diff --git a/HTPasswdSync.module b/HTPasswdSync.module index 85e835f..fd5402d 100644 --- a/HTPasswdSync.module +++ b/HTPasswdSync.module @@ -33,7 +33,7 @@ function _htpasswdsync_roles() { * @return array */ function _htpasswdsync_hashes() { - return array ('crypt' => 'crypt', 'SHA-1' => 'SHA-1'); + return array ('crypt' => 'crypt', 'SHA-1' => 'SHA-1', 'SHA-256-crypt' => 'SHA-256-crypt', 'SHA-512-crypt' => 'SHA-512-crypt'); } @@ -42,7 +42,7 @@ function _htpasswdsync_hashes() { * @return string */ function _htpasswdsync_hash() { - return variable_get('htpasswdsync_hash', 'SHA-1'); + return variable_get('htpasswdsync_hash', 'SHA-512-crypt'); } @@ -83,6 +83,21 @@ function _htpasswdsync_email_domain() { return variable_get('htpasswdsync_export_email_domain', ''); } +/** + * Returns a random (safe) string for salts + * Adopted from phpass by SolarDesigner and TimWolla on Stack Codereview + * @param int $count + * @return string + */ +function get_salt($count) { + $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\\][{}\'";:?.>,<!@#$%^&*()-_=+|'; + $randString = ""; + for ($i = 0; $i < $count; $i++) { + $randString .= $charset[mt_rand(0, strlen($charset) - 1)]; + } + return $randString; +} + /** * Sanitizes the user name to be htpasswd conform. Removes ":" character as it @@ -113,6 +128,15 @@ function _htpasswdsync_crypt($password) { case 'SHA-1': return '{SHA}' . base64_encode(sha1($password, TRUE)); break; + case 'SHA-256-crypt': + $salt = get_salt(16); + return '{SHA256-crypt}' . crypt($password, '$5$' . $salt . '$'); + break; + case 'SHA-512-crypt': + $salt = get_salt(16); + return '{SHA512-crypt}' . crypt($password, '$6$' . $salt . '$'); + break; + default: return _htpasswdsync_hash(); } @@ -509,7 +533,7 @@ function htpasswdsync_admin_form() { $form['htpasswdsync_hash'] = array( '#type' => 'radios', '#title' => t('password hashing algorythm'), - '#description' => t("How shall the password be hashed (crypt only available for unix, SHA1 can be used on all platforms)"), + '#description' => t("How shall the password be hashed crypt (old unix), SHA1 (insecure, not salted!), SHA-256-crypt (safe) or SHA-512-crypt (best)"), '#options' => _htpasswdsync_hashes(), '#default_value' => _htpasswdsync_hash(), ); @@ -5,7 +5,18 @@ Mirrored at https://github.com/fasterit/drupal_htpasswdsync This is the Faster IT version of the htpasswdsync module for Drupal 7. We have applied patches and improved over the module hosted on drupal.org. -Please review the git log for details. +This version supports secure (salted) SHA-256-crypt and SHA-512-crypt password +storage. + +Pleas be aware that SHA-512-crypt hashes are larger than the 64 bytes the +original authors of this module specified. So if you are upgrading from a +previous version and not re-installing new, please execute the following +in MySQL: + + use drupal7; # or whatever your Drupal database is + alter table htpasswdsync_htpasswd modify passwd varchar(128); + +For an overview of other changes please review the git log. -- SUMMARY -- |