/lib/php/File/Passwd.php
PHP | 416 lines | 182 code | 24 blank | 210 comment | 23 complexity | a69f236fc94b5cc7e32e8ee985190c99 MD5 | raw file
Possible License(s): Apache-2.0, MPL-2.0-no-copyleft-exception, LGPL-2.1, BSD-2-Clause, GPL-2.0, LGPL-3.0
- <?php
- /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
- /**
- * File::Passwd
- *
- * PHP versions 4 and 5
- *
- * LICENSE: This source file is subject to version 3.0 of the PHP license
- * that is available through the world-wide-web at the following URI:
- * http://www.php.net/license/3_0.txt. If you did not receive a copy of
- * the PHP License and are unable to obtain it through the web, please
- * send a note to license@php.net so we can mail you a copy immediately.
- *
- * @category FileFormats
- * @package File_Passwd
- * @author Michael Wallner <mike@php.net>
- * @copyright 2003-2005 Michael Wallner
- * @license http://www.php.net/license/3_0.txt PHP License 3.0
- * @version CVS: $Id: Passwd.php,v 1.25 2005/04/14 15:00:30 mike Exp $
- * @link http://pear.php.net/package/File_Passwd
- */
- /**
- * Requires PEAR.
- */
- require_once 'PEAR.php';
- /**
- * Encryption constants.
- */
- // SHA encryption.
- define('FILE_PASSWD_SHA', 'sha');
- // MD5 encryption
- define('FILE_PASSWD_MD5', 'md5');
- // DES encryption
- define('FILE_PASSWD_DES', 'des');
- // NT hash encryption.
- define('FILE_PASSWD_NT', 'nt');
- // LM hash encryption.
- define('FILE_PASSWD_LM', 'lm');
- // PLAIN (no encryption)
- define('FILE_PASSWD_PLAIN', 'plain');
- /**
- * Error constants.
- */
- // Undefined error.
- define('FILE_PASSWD_E_UNDEFINED', 0);
- // Invalid file format.
- define('FILE_PASSWD_E_INVALID_FORMAT', 1);
- define('FILE_PASSWD_E_INVALID_FORMAT_STR', 'Passwd file has invalid format.');
- // Invalid extra property.
- define('FILE_PASSWD_E_INVALID_PROPERTY', 2);
- define('FILE_PASSWD_E_INVALID_PROPERTY_STR', 'Invalid property \'%s\'.');
- // Invalid characters.
- define('FILE_PASSWD_E_INVALID_CHARS', 3);
- define('FILE_PASSWD_E_INVALID_CHARS_STR', '%s\'%s\' contains illegal characters.');
- // Invalid encryption mode.
- define('FILE_PASSWD_E_INVALID_ENC_MODE', 4);
- define('FILE_PASSWD_E_INVALID_ENC_MODE_STR', 'Encryption mode \'%s\' not supported.');
- // Exists already.
- define('FILE_PASSWD_E_EXISTS_ALREADY', 5);
- define('FILE_PASSWD_E_EXISTS_ALREADY_STR', '%s\'%s\' already exists.');
- // Exists not.
- define('FILE_PASSWD_E_EXISTS_NOT', 6);
- define('FILE_PASSWD_E_EXISTS_NOT_STR', '%s\'%s\' doesn\'t exist.');
- // User not in group.
- define('FILE_PASSWD_E_USER_NOT_IN_GROUP', 7);
- define('FILE_PASSWD_E_USER_NOT_IN_GROUP_STR', 'User \'%s\' doesn\'t exist in group \'%s\'.');
- // User not in realm.
- define('FILE_PASSWD_E_USER_NOT_IN_REALM', 8);
- define('FILE_PASSWD_E_USER_NOT_IN_REALM_STR', 'User \'%s\' doesn\'t exist in realm \'%s\'.');
- // Parameter must be of type array.
- define('FILE_PASSWD_E_PARAM_MUST_BE_ARRAY', 9);
- define('FILE_PASSWD_E_PARAM_MUST_BE_ARRAY_STR', 'Parameter %s must be of type array.');
- // Method not implemented.
- define('FILE_PASSWD_E_METHOD_NOT_IMPLEMENTED', 10);
- define('FILE_PASSWD_E_METHOD_NOT_IMPLEMENTED_STR', 'Method \'%s()\' not implemented.');
- // Directory couldn't be created.
- define('FILE_PASSWD_E_DIR_NOT_CREATED', 11);
- define('FILE_PASSWD_E_DIR_NOT_CREATED_STR', 'Couldn\'t create directory \'%s\'.');
- // File couldn't be opened.
- define('FILE_PASSWD_E_FILE_NOT_OPENED', 12);
- define('FILE_PASSWD_E_FILE_NOT_OPENED_STR', 'Couldn\'t open file \'%s\'.');
- // File coudn't be locked.
- define('FILE_PASSWD_E_FILE_NOT_LOCKED', 13);
- define('FILE_PASSWD_E_FILE_NOT_LOCKED_STR', 'Couldn\'t lock file \'%s\'.');
- // File couldn't be unlocked.
- define('FILE_PASSWD_E_FILE_NOT_UNLOCKED', 14);
- define('FILE_PASSWD_E_FILE_NOT_UNLOCKED_STR', 'Couldn\'t unlock file.');
- // File couldn't be closed.
- define('FILE_PASSWD_E_FILE_NOT_CLOSED', 15);
- define('FILE_PASSWD_E_FILE_NOT_CLOSED_STR', 'Couldn\'t close file.');
- /**
- * Allowed 64 chars for salts
- */
- $GLOBALS['_FILE_PASSWD_64'] =
- './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
- /**
- * The package File_Passwd provides classes and methods
- * to handle many different kinds of passwd files.
- *
- * The File_Passwd class in certain is a factory container for its special
- * purpose extension classes, each handling a specific passwd file format.
- * It also provides a static method for reasonable fast user authentication.
- * Beside that it offers some encryption methods used by the extensions.
- *
- * @author Michael Wallner <mike@php.net>
- * @version $Revision: 1.25 $
- *
- * Usage Example:
- * <code>
- * $passwd = &File_Passwd::factory('Unix');
- * </code>
- */
- class File_Passwd
- {
- /**
- * Get API version
- *
- * @static
- * @access public
- * @return string API version
- */
- function apiVersion()
- {
- return '1.0.0';
- }
- /**
- * Generate salt
- *
- * @access public
- * @return mixed
- * @param int $length salt length
- * @return string the salt
- */
- function salt($length = 2)
- {
- $salt = '';
- $length = (int) $length;
- $length < 2 && $length = 2;
- for($i = 0; $i < $length; $i++) {
- $salt .= $GLOBALS['_FILE_PASSWD_64'][rand(0, 63)];
- }
- return $salt;
- }
- /**
- * No encryption (plaintext)
- *
- * @access public
- * @return string plaintext input
- * @param string plaintext passwd
- */
- function crypt_plain($plain)
- {
- return $plain;
- }
-
- /**
- * DES encryption
- *
- * @static
- * @access public
- * @return string crypted text
- * @param string $plain plaintext to encrypt
- * @param string $salt the salt to use for encryption (2 chars)
- */
- function crypt_des($plain, $salt = null)
- {
- (is_null($salt) || strlen($salt) < 2) && $salt = File_Passwd::salt(2);
- return crypt($plain, $salt);
- }
-
- /**
- * MD5 encryption
- *
- * @static
- * @access public
- * @return string crypted text
- * @param string $plain plaintext to encrypt
- * @param string $salt the salt to use for encryption
- * (>2 chars starting with $1$)
- */
- function crypt_md5($plain, $salt = null)
- {
- if (
- is_null($salt) ||
- strlen($salt) < 3 ||
- !preg_match('/^\$1\$/', $salt))
- {
- $salt = '$1$' . File_Passwd::salt(8);
- }
- return crypt($plain, $salt);
- }
-
- /**
- * SHA1 encryption
- *
- * Returns a PEAR_Error if sha1() is not available (PHP<4.3).
- *
- * @static
- * @throws PEAR_Error
- * @access public
- * @return mixed crypted string or PEAR_Error
- * @param string $plain plaintext to encrypt
- */
- function crypt_sha($plain)
- {
- if (!function_exists('sha1')) {
- return PEAR::raiseError(
- 'SHA1 encryption is not available (PHP < 4.3).',
- FILE_PASSWD_E_INVALID_ENC_MODE
- );
- }
- $hash = PEAR_ZE2 ? sha1($plain, true) : pack('H40', sha1($plain));
- return '{SHA}' . base64_encode($hash);
- }
-
- /**
- * APR compatible MD5 encryption
- *
- * @access public
- * @return mixed
- * @param string $plain plaintext to crypt
- * @param string $salt the salt to use for encryption
- */
- function crypt_apr_md5($plain, $salt = null)
- {
- if (is_null($salt)) {
- $salt = File_Passwd::salt(8);
- } elseif (preg_match('/^\$apr1\$/', $salt)) {
- $salt = preg_replace('/^\$apr1\$([^$]+)\$.*/', '\\1', $salt);
- } else {
- $salt = substr($salt, 0,8);
- }
-
- $length = strlen($plain);
- $context = $plain . '$apr1$' . $salt;
-
- if (PEAR_ZE2) {
- $binary = md5($plain . $salt . $plain, true);
- } else {
- $binary = pack('H32', md5($plain . $salt . $plain));
- }
-
- for ($i = $length; $i > 0; $i -= 16) {
- $context .= substr($binary, 0, min(16 , $i));
- }
- for ( $i = $length; $i > 0; $i >>= 1) {
- $context .= ($i & 1) ? chr(0) : $plain[0];
- }
-
- $binary = PEAR_ZE2 ? md5($context, true) : pack('H32', md5($context));
-
- for($i = 0; $i < 1000; $i++) {
- $new = ($i & 1) ? $plain : $binary;
- if ($i % 3) {
- $new .= $salt;
- }
- if ($i % 7) {
- $new .= $plain;
- }
- $new .= ($i & 1) ? $binary : $plain;
- $binary = PEAR_ZE2 ? md5($new, true) : pack('H32', md5($new));
- }
-
- $p = array();
- for ($i = 0; $i < 5; $i++) {
- $k = $i + 6;
- $j = $i + 12;
- if ($j == 16) {
- $j = 5;
- }
- $p[] = File_Passwd::_64(
- (ord($binary[$i]) << 16) |
- (ord($binary[$k]) << 8) |
- (ord($binary[$j])),
- 5
- );
- }
-
- return
- '$apr1$' . $salt . '$' . implode($p) .
- File_Passwd::_64(ord($binary[11]), 3);
- }
- /**
- * Convert hexadecimal string to binary data
- *
- * @static
- * @access private
- * @return mixed
- * @param string $hex
- */
- function _hexbin($hex)
- {
- $rs = '';
- $ln = strlen($hex);
- for($i = 0; $i < $ln; $i += 2) {
- $rs .= chr(hexdec($hex{$i} . $hex{$i+1}));
- }
- return $rs;
- }
-
- /**
- * Convert to allowed 64 characters for encryption
- *
- * @static
- * @access private
- * @return string
- * @param string $value
- * @param int $count
- */
- function _64($value, $count)
- {
- $result = '';
- while(--$count) {
- $result .= $GLOBALS['_FILE_PASSWD_64'][$value & 0x3f];
- $value >>= 6;
- }
- return $result;
- }
- /**
- * Factory for new extensions
- *
- * o Unix for standard Unix passwd files
- * o CVS for CVS pserver passwd files
- * o SMB for SMB server passwd files
- * o Authbasic for AuthUserFiles
- * o Authdigest for AuthDigestFiles
- * o Custom for custom formatted passwd files
- *
- * Returns a PEAR_Error if the desired class/file couldn't be loaded.
- *
- * @static use &File_Passwd::factory() for instantiating your passwd object
- *
- * @throws PEAR_Error
- * @access public
- * @return object File_Passwd_$class - desired Passwd object
- * @param string $class the desired subclass of File_Passwd
- */
- function &factory($class)
- {
- $class = ucFirst(strToLower($class));
- if (!@include_once "File/Passwd/$class.php") {
- return PEAR::raiseError("Couldn't load file Passwd/$class.php", 0);
- }
- $class = 'File_Passwd_'.$class;
- if (!class_exists($class)) {
- return PEAR::raiseError("Couldn't load class $class.", 0);
- }
- $instance = &new $class();
- return $instance;
- }
-
- /**
- * Fast authentication of a certain user
- *
- * Though this approach should be reasonable fast, it is NOT
- * with APR compatible MD5 encryption used for htpasswd style
- * password files encrypted in MD5. Generating one MD5 password
- * takes about 0.3 seconds!
- *
- * Returns a PEAR_Error if:
- * o file doesn't exist
- * o file couldn't be opened in read mode
- * o file couldn't be locked exclusively
- * o file couldn't be unlocked (only if auth fails)
- * o file couldn't be closed (only if auth fails)
- * o invalid <var>$type</var> was provided
- * o invalid <var>$opt</var> was provided
- *
- * Depending on <var>$type</var>, <var>$opt</var> should be:
- * o Smb: encryption method (NT or LM)
- * o Unix: encryption method (des or md5)
- * o Authbasic: encryption method (des, sha or md5)
- * o Authdigest: the realm the user is in
- * o Cvs: n/a (empty)
- * o Custom: array of 2 elements: encryption function and delimiter
- *
- * @static call this method statically for a reasonable fast authentication
- *
- * @throws PEAR_Error
- * @access public
- * @return return mixed true if authenticated,
- * false if not or PEAR_error
- *
- * @param string $type Unix, Cvs, Smb, Authbasic or Authdigest
- * @param string $file path to passwd file
- * @param string $user the user to authenticate
- * @param string $pass the plaintext password
- * @param mixed $opt o Smb: NT or LM
- * o Unix: des or md5
- * o Authbasic des, sha or md5
- * o Authdigest realm the user is in
- * o Custom encryption function and
- * delimiter character
- */
- function staticAuth($type, $file, $user, $pass, $opt = '')
- {
- $type = ucFirst(strToLower($type));
- if (!@include_once "File/Passwd/$type.php") {
- return PEAR::raiseError("Couldn't load file Passwd/$type.php", 0);
- }
- $func = array('File_Passwd_' . $type, 'staticAuth');
- return call_user_func($func, $file, $user, $pass, $opt);
- }
- }
- ?>