Closed fangpsh closed 5 years ago
如果采用的SSHA 算法,generate_password() 应该decode LDAP userPassword 拿到末尾的salt,然后再结和用户输入的password 进行ssha 。现在的salt 却是随机生成的:
case 'ssha': if (function_exists('mhash') == true && function_exists('mhash_keygen_s2k') == true) { mt_srand((double) microtime() * 1000000); $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8) ,4); return sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt)); } else { throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes')); }
所以
self::generate_password($password, $encryptionType) != $this->_password;
可参考: https://github.com/leenooks/phpLDAPadmin/blob/708bc5ed83cc92f42ec10ae621b39a799c0e3a61/lib/functions.php#L2297,L2315
理解,待我新版注意
如果采用的SSHA 算法,generate_password() 应该decode LDAP userPassword 拿到末尾的salt,然后再结和用户输入的password 进行ssha 。现在的salt 却是随机生成的:
所以