LSattr_ldap_password: fix verify method for Salted SHA2 passwords

This commit is contained in:
Benjamin Renard 2021-02-08 11:11:23 +01:00
parent f47e40a5ac
commit 82a236a67c

View file

@ -262,8 +262,12 @@ class LSattr_ldap_password extends LSattr_ldap {
case 'ssha512': case 'ssha512':
case 'smd5': case 'smd5':
$data = base64_decode($hashedPasswordData); $data = base64_decode($hashedPasswordData);
# Salt = last 4 bytes # Salt = last 4 bytes for SSHA / SMD5 and last 8 bytes for SSH256 / SSHA512
$salt = substr($data, -4); if ($cypher == 'ssha' || $cypher == 'smd5')
$salt_size = 4;
else
$salt_size = 8;
$salt = substr($data, -$salt_size);
$new_hash = $this -> encodePassword($clearPassword, $cypher, null, $salt); $new_hash = $this -> encodePassword($clearPassword, $cypher, null, $salt);
return (strcmp($hashedPassword,$new_hash) == 0); return (strcmp($hashedPassword,$new_hash) == 0);
break; break;