diff --git a/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook b/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook index 56f73889..f352d3ae 100644 --- a/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook +++ b/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook @@ -25,6 +25,8 @@ Nom du type d'encodage du mot de passe utilisé. Les types d'encodages supportés sont les suivants : + argon2 (ou argon2i, PHP >= 7.2) + argon2id (PHP >= 7.3) md5crypt crypt ext_des diff --git a/src/includes/class/class.LSattr_ldap_password.php b/src/includes/class/class.LSattr_ldap_password.php index f003dbe2..9fc0a617 100644 --- a/src/includes/class/class.LSattr_ldap_password.php +++ b/src/includes/class/class.LSattr_ldap_password.php @@ -208,6 +208,23 @@ class LSattr_ldap_password extends LSattr_ldap { return '{CRYPT}'.crypt($clearPassword,'$1$'.$salt.'$'); } break; + case 'argon2': + case 'argon2i': + if( ! defined( 'PASSWORD_ARGON2I' ) ) { + LSerror :: addErrorCode('LSattr_ldap_password_01', 'argon2'); + } + else { + return '{ARGON2}'.password_hash($clearPassword, PASSWORD_ARGON2I); + } + break; + case 'argon2id': + if( ! defined( 'PASSWORD_ARGON2ID' ) ) { + LSerror :: addErrorCode('LSattr_ldap_password_01', 'argon2id'); + } + else { + return '{ARGON2}'.password_hash($clearPassword, PASSWORD_ARGON2ID); + } + break; case 'clear': return $clearPassword; break; @@ -310,6 +327,10 @@ class LSattr_ldap_password extends LSattr_ldap { break; + # Argon2 passwords + case 'argon2': + return password_verify($clearPassword, $hashedPasswordData); + # No crypt is given default: # Assume is a plaintext password