[Web] Verify new hashes: SSHA512 and SHA512-CRYPT, fix password update for users in sogo static view

This commit is contained in:
André 2018-07-12 00:48:09 +02:00
parent 587f37a300
commit 1ce5f09f6e
2 changed files with 39 additions and 23 deletions

View File

@ -130,19 +130,21 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
} }
//function verify_hash($hash, $password) { //function verify_hash($hash, $password) {
function verify_hash($hash, $password) { function verify_hash($hash, $password) {
// Remove tag if any if (preg_match('/^{SSHA256}/i', $hash)) {
$hash = preg_replace('/^{SSHA256}/i', '', $hash); // Remove tag if any
// Decode hash $hash = preg_replace('/^{SSHA256}/i', '', $hash);
$dhash = base64_decode($hash); // Decode hash
// Get first 32 bytes of binary which equals a SHA256 hash $dhash = base64_decode($hash);
$ohash = substr($dhash, 0, 32); // Get first 32 bytes of binary which equals a SHA256 hash
// Remove SHA256 hash from decoded hash to get original salt string $ohash = substr($dhash, 0, 32);
$osalt = str_replace($ohash, '', $dhash); // Remove SHA256 hash from decoded hash to get original salt string
// Check single salted SHA256 hash against extracted hash $osalt = str_replace($ohash, '', $dhash);
if (hash_equals(hash('sha256', $password . $osalt, true), $ohash)) { // Check single salted SHA256 hash against extracted hash
return true; if (hash_equals(hash('sha256', $password . $osalt, true), $ohash)) {
return true;
}
} }
else { elseif (preg_match('/^{SHA512-CRYPT}/i', $hash)) {
// Remove tag if any // Remove tag if any
$hash = preg_replace('/^{SHA512-CRYPT}/i', '', $hash); $hash = preg_replace('/^{SHA512-CRYPT}/i', '', $hash);
// Decode hash // Decode hash
@ -153,6 +155,19 @@ function verify_hash($hash, $password) {
return true; return true;
} }
} }
elseif (preg_match('/^{SSHA512}/i', $hash)) {
$hash = preg_replace('/^{SSHA512}/i', '', $hash);
// Decode hash
$dhash = base64_decode($hash);
// Get first 64 bytes of binary which equals a SHA512 hash
$ohash = substr($dhash, 0, 64);
// Remove SHA512 hash from decoded hash to get original salt string
$osalt = str_replace($ohash, '', $dhash);
// Check single salted SHA512 hash against extracted hash
if (hash_equals(hash('sha512', $password . $osalt, true), $ohash)) {
return true;
}
}
return false; return false;
} }
function check_login($user, $pass) { function check_login($user, $pass) {
@ -376,6 +391,17 @@ function edit_admin_account($postarray) {
'msg' => sprintf($lang['success']['admin_modified']) 'msg' => sprintf($lang['success']['admin_modified'])
); );
} }
function update_sogo_static_view() {
global $pdo;
global $lang;
$stmt = $pdo->query("SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_NAME = 'sogo_view'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$stmt = $pdo->query("REPLACE INTO _sogo_static_view SELECT * from sogo_view");
$stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
}
}
function edit_user_account($postarray) { function edit_user_account($postarray) {
global $lang; global $lang;
global $pdo; global $pdo;
@ -438,6 +464,7 @@ function edit_user_account($postarray) {
} }
} }
} }
update_sogo_static_view();
$_SESSION['return'] = array( $_SESSION['return'] = array(
'type' => 'success', 'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username)) 'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))

View File

@ -1,15 +1,4 @@
<?php <?php
function update_sogo_static_view() {
global $pdo;
global $lang;
$stmt = $pdo->query("SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_NAME = 'sogo_view'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$stmt = $pdo->query("REPLACE INTO _sogo_static_view SELECT * from sogo_view");
$stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
}
}
function mailbox($_action, $_type, $_data = null, $attr = null) { function mailbox($_action, $_type, $_data = null, $attr = null) {
global $pdo; global $pdo;
global $redis; global $redis;