LDAP 密码校验Bug

[fangpsh]

如果采用的SSHA 算法，generate_password() 应该decode LDAP userPassword 拿到末尾的salt，然后再结和用户输入的password 进行ssha 。现在的salt 却是随机生成的：

            case 'ssha':
                if (function_exists('mhash') == true && function_exists('mhash_keygen_s2k') == true) {
                    mt_srand((double) microtime() * 1000000);
                    $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8) ,4);
                    return sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt));
                } else {
                    throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes'));
                }

所以

self::generate_password($password, $encryptionType) != $this->_password;

[fangpsh]

可参考： https://github.com/leenooks/phpLDAPadmin/blob/708bc5ed83cc92f42ec10ae621b39a799c0e3a61/lib/functions.php#L2297,L2315

[meolu]

理解，待我新版注意