From 103fa671b5e0ecd2dbd7002cb35d35330691e900 Mon Sep 17 00:00:00 2001 From: Marcin Haba Date: Sat, 7 Dec 2019 08:11:55 +0100 Subject: [PATCH] baculum: Start storing basic auth passwords in APR MD5 format --- .../protected/Common/Class/Miscellaneous.php | 44 ++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/gui/baculum/protected/Common/Class/Miscellaneous.php b/gui/baculum/protected/Common/Class/Miscellaneous.php index b42ceec86..b9b09489c 100644 --- a/gui/baculum/protected/Common/Class/Miscellaneous.php +++ b/gui/baculum/protected/Common/Class/Miscellaneous.php @@ -439,7 +439,49 @@ class Miscellaneous extends TModule { * @return string hashed password */ public function getHashedPassword($password) { - return crypt($password, base64_encode($password)); + return $this->cryptApr1Md5($password); + } + + public function cryptApr1Md5($password) { + $salt = $this->getRandomString(8); + $len = strlen($password); + $text = sprintf('%s$apr1$%s', $password, $salt); + $bin = pack('H32', md5($password . $salt . $password)); + for ($i = $len; $i > 0; $i -= 16) { + $text .= substr($bin, 0, min(16, $i)); + } + for ($i = $len; $i > 0; $i >>= 1) { + $text .= ($i & 1) ? chr(0) : $password[0]; + } + $bin = pack('H32', md5($text)); + for ($i = 0; $i < 1000; $i++) { + $new = ($i & 1) ? $password : $bin; + if ($i % 3) { + $new .= $salt; + } + if ($i % 7) { + $new .= $password; + } + $new .= ($i & 1) ? $bin : $password; + $bin = pack('H32', md5($new)); + } + $tmp = null; + for ($i = 0; $i < 5; $i++) { + $k = $i + 6; + $j = $i + 12; + if ($j == 16) { + $j = 5; + } + $tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp; + } + $tmp = chr(0) . chr(0) . $bin[11] . $tmp; + $str = strrev(substr(base64_encode($tmp), 2)); + $tmp = strtr( + $str, + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', + './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + ); + return sprintf('$apr1$%s$%s', $salt, $tmp); } } -- 2.47.3