bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-06-29 06:53:43 +02:00
Code Issues Projects Releases Wiki Activity

LSattr_ldap_password: fix verify method for Salted SHA2 passwords

Browse source
This commit is contained in:
Benjamin Renard 2021-02-08 11:11:23 +01:00
parent f47e40a5ac
commit 82a236a67c
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/includes/class/class.LSattr_ldap_password.php
View file

@ -262,8 +262,12 @@ class LSattr_ldap_password extends LSattr_ldap {
case 'ssha512':
case 'smd5':
$data = base64_decode($hashedPasswordData);
# Salt = last 4 bytes
$salt = substr($data, -4);
# Salt = last 4 bytes for SSHA / SMD5 and last 8 bytes for SSH256 / SSHA512
if ($cypher == 'ssha' || $cypher == 'smd5')
$salt_size = 4;
else
$salt_size = 8;
$salt = substr($data, -$salt_size);
$new_hash = $this -> encodePassword($clearPassword, $cypher, null, $salt);
return (strcmp($hashedPassword,$new_hash) == 0);
break;