From cc8816aa9a7a5a20360e17b8cf0499c56171dc4d Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Fri, 1 Feb 2019 10:26:05 +0100
Subject: [PATCH] LSattr_ldap :: password : Add SHA256/SHA512 & SSHA256/SSHA512
 support

---
 .../LSattr_ldap/LSattr_ldap_password.docbook  |  4 +++
 .../class/class.LSattr_ldap_password.php      | 35 +++++++++++++++++--
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook b/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook
index b5a3ed1b..93244ab4 100644
--- a/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook
+++ b/doc/conf/LSattribute/LSattr_ldap/LSattr_ldap_password.docbook
@@ -29,7 +29,11 @@
       <listitem><simpara><literal>ext_des</literal></simpara></listitem>
       <listitem><simpara><literal>blowfish</literal></simpara></listitem>
       <listitem><simpara><literal>sha</literal></simpara></listitem>
+      <listitem><simpara><literal>sha256</literal></simpara></listitem>
+      <listitem><simpara><literal>sha512</literal></simpara></listitem>
       <listitem><simpara><literal>ssha</literal></simpara></listitem>
+      <listitem><simpara><literal>ssha256</literal></simpara></listitem>
+      <listitem><simpara><literal>ssha512</literal></simpara></listitem>
       <listitem><simpara><literal>smd5</literal></simpara></listitem>
       <listitem><simpara><literal>md5</literal></simpara></listitem>
       <listitem><simpara><literal>clear</literal></simpara></listitem>
diff --git a/public_html/includes/class/class.LSattr_ldap_password.php b/public_html/includes/class/class.LSattr_ldap_password.php
index c8b8470a..ae140761 100644
--- a/public_html/includes/class/class.LSattr_ldap_password.php
+++ b/public_html/includes/class/class.LSattr_ldap_password.php
@@ -155,14 +155,43 @@ class LSattr_ldap_password extends LSattr_ldap {
           LSerror :: addErrorCode('LSattr_ldap_password_01','sha');
         }
         break;
+      case 'sha256':
+      case 'sha512':
+        switch($this -> config['ldap_options']['encode']) {
+          case 'sha256':
+            $mhash_type = MHASH_SHA256;
+            break;
+          case 'sha512':
+            $mhash_type = MHASH_SHA512;
+            break;
+        }
+        if( function_exists( 'mhash' ) ) {
+          return '{'.strtoupper($this -> config['ldap_options']['encode']).'}' . base64_encode( mhash( $mhash_type, $clearPassword ) );
+        } else {
+          LSerror :: addErrorCode('LSattr_ldap_password_01', $this -> config['ldap_options']['encode']);
+        }
+        break;
       case 'ssha':
+      case 'ssha256':
+      case 'ssha512':
+        switch($this -> config['ldap_options']['encode']) {
+          case 'ssha':
+            $mhash_type = MHASH_SHA1;
+            break;
+          case 'ssha256':
+            $mhash_type = MHASH_SHA256;
+            break;
+          case 'ssha512':
+            $mhash_type = MHASH_SHA512;
+            break;
+        }
         if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
           mt_srand( (double) microtime() * 1000000 );
-          $salt = mhash_keygen_s2k( MHASH_SHA1, $clearPassword, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
-          return "{SSHA}".base64_encode( mhash( MHASH_SHA1, $clearPassword.$salt ).$salt );
+          $salt = mhash_keygen_s2k( $mhash_type, $clearPassword, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
+          return "{".strtoupper($this -> config['ldap_options']['encode'])."}".base64_encode( mhash( $mhash_type, $clearPassword.$salt ).$salt );
         }
         else {
-          LSerror :: addErrorCode('LSattr_ldap_password_01','ssha');
+          LSerror :: addErrorCode('LSattr_ldap_password_01', $this -> config['ldap_options']['encode']);
         }
         break;
       case 'smd5':