NOTE: Add '{x-php-md5}' prefix to your $adminpass MD5-hash.
* Added pkwk_hash_compute() to auth.php, to handle multiple shcemes. pkwk_login() and basic_auth() will call this.
* Move pkwk_login() from func.php to auth.php
* Added sha1() definition to func.php for PHP 4 < 4.3.0 users (mhash extension needed)
* md5 plugin become UI of pkwk_hash_compute()
PukiWiki UPDATING
-$Id: UPDATING.txt,v 1.23 2005/02/20 14:38:52 henoheno Exp $
+$Id: UPDATING.txt,v 1.24 2005/04/05 13:29:25 henoheno Exp $
¸ß´¹À¤Ë´Ø¤¹¤ëµ½Ò
==================
+PukiWiki 1.4.6: PukiWiki PukiWiki 1.4.5_1 ¤È¤ÎÈó¸ß´¹ÅÀ
+
+ 1. ´ÉÍý¼Ô¥Ñ¥¹¥ï¡¼¥É(½¾Íè¤ÏMD5¥Ï¥Ã¥·¥å¤Î¤ß)¤È¥Ù¡¼¥·¥Ã¥¯Ç§¾Ú¤Î
+ ¥æ¡¼¥¶¡¼¥Ñ¥¹¥ï¡¼¥É(½¾Íè¤Ïʿʸ¤Î¤ß)¤Ë¤Ä¤¤¤Æ¡¢ÊݸÊýË¡¤ò¶å¼ï
+ Îà(¤¦¤Á¸Þ¼ïÎà¤ÏOpenLDAP¸ß´¹)¤ÎÃ椫¤éÁªÂò¤Ç¤¤ëÍͤˤʤê¤Þ¤·¤¿¡£
+
+ ¤½¤ÎÉûºîÍѤȤ·¤Æ¡¢º£¸å¤Ï¥Ñ¥¹¥ï¡¼¥É(¥Ï¥Ã¥·¥å)¤ÎÀèƬ¤Ç¡¢¥Ñ¥¹
+ ¥ï¡¼¥É¥Õ¥©¡¼¥Þ¥Ã¥È¤¬²¿¤Ç¤¢¤ë¤«¤òÀë¸À¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+
+ ´ÉÍý¼Ô¥Ñ¥¹¥ï¡¼¥É¤Ë½¾ÍèÄ̤êMD5¥Ï¥Ã¥·¥å¤òÍѤ¤¤ë¾ì¹ç¡¢°Ê²¼¤Î
+ Íͤˡ¢¥Ï¥Ã¥·¥å¤ÎÀèƬ¤Ë '{x-php-md5}' ¤òÄɲ䷤Ʋ¼¤µ¤¤¡£
+
+ // md5('pass')
+ $adminpass = '{x-php-md5}1a1dc91c907325c69271ddf0c944bc72';
+
+ ¥Ù¡¼¥·¥Ã¥¯Ç§¾Ú¤Ë¤Ä¤¤¤Æ(½¾ÍèÄ̤ê)ʿʸ¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÊݸ¤¹
+ ¤ë¾ì¹ç¡¢ÆäËÃͤòÊѹ¹¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¥Õ¥©¡¼¥Þ¥Ã¥È¤ÎÀë
+ ¸À¤¬¤Ê¤¤¤È¤¡¢¥Ñ¥¹¥ï¡¼¥É¤Ïʿʸ¤ÇÊݸ¤µ¤ì¤Æ¤¤¤ë¤È²ò¼á¤µ¤ì¤Þ¤¹¡£
+
+ $auth_users = array(
+ 'foo' => 'foo_passwd', // ʿʸ
+ 'bar' => '{x-php-md5}f53ae779077e987718cc285b14dfbe86',
+ // md5('bar_passwd')
+ 'hoge' => '{SMD5}OzJo/boHwM4q5R+g7LCOx2xGMkFKRVEx',
+ // LDAP SMD5 'hoge_passwd'
+ );
+
+ ʿʸ¤ò½ü¤¯È¬¼ïÎà¤ÎÊݸ¥Õ¥©¡¼¥Þ¥Ã¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢¶¯²½¤µ¤ì¤¿
+ md5¥×¥é¥°¥¤¥ó¤ÇÀ¸À®¡¦¸¡¾Ú¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ ¢¨¿®Íê¤Ç¤¤Ê¤¤´Ä¶¤Ç¤Ïmd5¥×¥é¥°¥¤¥ó¤ò»ÈÍѤ·¤Ê¤¤¤Ç²¼¤µ¤¤
+
+ 2. ¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥ÉÊݸÊýË¡¤ÎÃæ¤Ë crypt() ´Ø¿ô¤ò»ÈÍѤ¹¤ë¤â¤Î¤¬
+ Æó¼ïÎढ¤ê¤Þ¤¹('{x-php-crypt}', '{CRYPT}')¤¬¡¢crypt() ¤Î
+ ½ÐÎϤϥ·¥¹¥Æ¥à°Í¸¤Ç¤¹¡£Â¾¤Î¥·¥¹¥Æ¥à¤Ø / ¾¤Î¥·¥¹¥Æ¥à¤«¤é
+ ÀßÄê¤ò»ý¤Á±Û¤·¤¿¾ì¹ç¤ËÆ°ºî¤·¤Ê¤¤²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
+
+ 2. ¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥ÉÊݸÊýË¡¤ÎÃæ¤Ë sha1() ´Ø¿ô¤ò»ÈÍѤ¹¤ë¤â¤Î¤¬
+ »°¼ïÎढ¤ê¤Þ¤¹('{x-php-sha1}', '{SHA}', '{SSHA}')¤¬¡¢¤³¤Î
+ ´Ø¿ô¤Ï PHP 4.3.0 °Ê¹ß¡¢¤¢¤ë¤¤¤Ï 'mhash' ¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò
+ ÁȤ߹þ¤ó¤À´Ä¶°Ê³°¤Ç¤ÏÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤»¤ó¡£
+
+
PukiWiki 1.4.5_1: PukiWiki 1.4.4¤È¤ÎÈó¸ß´¹ÅÀ
1. ¥Ç¥Õ¥©¥ë¥È¤Î¥¹¥¥ó(en¤Èja)¤¬Åý¹ç¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: auth.php,v 1.9 2005/03/27 10:49:26 henoheno Exp $
+// $Id: auth.php,v 1.10 2005/04/05 13:29:26 henoheno Exp $
//
-// Basic authentication related functions
+// Authentication related functions
+
+define('PKWK_PASSPHRASE_LIMIT_LENGTH', 512);
+
+// Passwd-auth related ----
+
+function pkwk_login($pass = '')
+{
+ global $adminpass;
+
+ if (! PKWK_READONLY && isset($adminpass) &&
+ pkwk_hash_compute($adminpass, $pass) == $adminpass) {
+ return TRUE;
+ } else {
+ sleep(2); // Blocking brute force attack
+ return FALSE;
+ }
+}
+
+// Compute RFC2307 'userPassword' value, like slappasswd (OpenLDAP)
+// $scheme : Specify 'scheme' or '{scheme}' or '{scheme}salt'
+// $phrase : Pass-phrase
+// $prefix : Output with a scheme-prefix or not
+function pkwk_hash_compute($scheme = 'php_md5', $phrase = '', $prefix = TRUE)
+{
+ if (strlen($phrase) > PKWK_PASSPHRASE_LIMIT_LENGTH)
+ die('pkwk_hash_compute(): malicious message length');
+
+ // With a salt or not
+ $matches = array();
+ if (preg_match('/^\{(.+)\}(.*)$/', $scheme, $matches)) {
+ $scheme = $matches[1];
+ $salt = $matches[2];
+ } else if ($scheme != '') {
+ $scheme = ''; // Cleartext
+ }
+
+ // Compute and add a scheme-prefix
+ switch (strtolower($scheme)) {
+ case 'x-php-crypt' : /* FALLTHROUGH */
+ case 'php_crypt' :
+ $hash = ($prefix ? '{x-php-crypt}' : '') .
+ ($salt != '' ? crypt($phrase, $salt) : crypt($phrase)); break;
+ case 'x-php-md5' : /* FALLTHROUGH */
+ case 'php_md5' :
+ $hash = ($prefix ? '{x-php-md5}' : '') . md5($phrase); break;
+ case 'x-php-sha1' : /* FALLTHROUGH */
+ case 'php_sha1' :
+ $hash = ($prefix ? '{x-php-sha1}' : '') . sha1($phrase); break;
+
+ case 'crypt' : /* FALLTHROUGH */
+ case 'ldap_crypt' :
+ $hash = ($prefix ? '{CRYPT}' : '') .
+ ($salt != '' ? crypt($phrase, $salt) : crypt($phrase)); break;
+
+ case 'md5' : /* FALLTHROUGH */
+ case 'ldap_md5' :
+ $hash = ($prefix ? '{MD5}' : '') . base64_encode(hex2bin(md5($phrase))); break;
+ case 'smd5' : /* FALLTHROUGH */
+ case 'ldap_smd5' :
+ // MD5 Key length = 128bits = 16bytes
+ $salt = ($salt != '' ? substr(base64_decode($salt), 16) : substr(crypt(''), -8));
+ $hash = ($prefix ? '{SMD5}' : '') .
+ base64_encode(hex2bin(md5($phrase . $salt)) . $salt);
+ break;
+
+ case 'sha' : /* FALLTHROUGH */
+ case 'ldap_sha' :
+ $hash = ($prefix ? '{SHA}' : '') . base64_encode(hex2bin(sha1($phrase))); break;
+ case 'ssha' : /* FALLTHROUGH */
+ case 'ldap_ssha' :
+ // SHA-1 Key length = 160bits = 20bytes
+ $salt = ($salt != '' ? substr(base64_decode($salt), 20) : substr(crypt(''), -8));
+ $hash = ($prefix ? '{SSHA}' : '') .
+ base64_encode(hex2bin(sha1($phrase . $salt)) . $salt);
+ break;
+
+ case 'cleartext' : /* FALLTHROUGH */
+ case 'clear' : /* FALLTHROUGH */
+ case '' :
+ $hash = & $phrase; break; // Creartext, keep NO prefix
+
+ default:
+ $hash = FALSE; break; // Invalid scheme
+ }
+
+ return $hash;
+}
+
+
+// Basic-auth related ----
// Check edit-permission
function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE)
// Basic authentication
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
- global $auth_users, $auth_method_type;
- global $_msg_auth;
+ global $auth_method_type, $auth_users, $_msg_auth;
// Checked by:
$target_str = '';
! isset($_SERVER['PHP_AUTH_USER']) ||
! in_array($_SERVER['PHP_AUTH_USER'], $user_list) ||
! isset($auth_users[$_SERVER['PHP_AUTH_USER']]) ||
- $auth_users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
+ pkwk_hash_compute($auth_users[$_SERVER['PHP_AUTH_USER']],
+ $_SERVER['PHP_AUTH_PW']) != $auth_users[$_SERVER['PHP_AUTH_USER']])
{
+ // Auth failed
pkwk_common_headers();
if ($auth_flag) {
header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
exit;
}
return FALSE;
+ } else {
+ return TRUE;
}
- return TRUE;
}
?>
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: func.php,v 1.38 2005/03/28 15:28:40 henoheno Exp $
+// $Id: func.php,v 1.39 2005/04/05 13:29:26 henoheno Exp $
//
// General functions
return join($glue, $arr);
}
-function pkwk_login($pass = '')
-{
- global $adminpass;
-
- if (! PKWK_READONLY && $pass != '' && md5($pass) == $adminpass) {
- return TRUE;
- } else {
- sleep(2); // Blocking brute force attack
- return FALSE;
- }
-}
-
-
//// Compat ////
// is_a -- Returns TRUE if the object is of this class or has this class as one of its parents
return md5($data);
}
}
+
+// sha1 -- Compute SHA-1 hash
+// (PHP 4 >= 4.3.0, PHP5)
+if (! function_exists('sha1')) {
+ if (extension_loaded('mhash')) {
+ function sha1($str, $raw_output = FALSE)
+ {
+ if ($raw_output) {
+ // PHP 5.0.0 or lator only :)
+ return mhash(MHASH_SHA1, $str);
+ } else {
+ return bin2hex(mhash(MHASH_SHA1, $str));
+ }
+ }
+ }
+}
?>
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: md5.inc.php,v 1.11 2005/03/30 15:07:57 henoheno Exp $
+// $Id: md5.inc.php,v 1.12 2005/04/05 13:29:26 henoheno Exp $
+//
// MD5 plugin
-define('PLUGIN_MD5_LIMIT_LENGTH', 512);
-
+// User interface of pkwk_hash_compute() for system admin
function plugin_md5_action()
{
global $get, $post;
$submit = isset($post['key']);
if ($key != '') {
// Compute (Don't show its $key at the same time)
- $scheme = isset($post['scheme']) ? $post['scheme'] : '';
+
$prefix = isset($post['prefix']);
- $body = plugin_md5_compute($scheme, $key, $prefix);
- return array('msg'=>'MD5', 'body'=>$body);
+ $salt = isset($post['salt']) ? $post['salt'] : '';
+
+ // With scheme-prefix or not
+ if (! preg_match('/^\{.+\}.*$/', $salt)) {
+ $scheme = isset($post['scheme']) ? '{' . $post['scheme'] . '}': '';
+ $salt = $scheme . $salt;
+ }
+
+ return array('msg'=>'MD5',
+ 'body'=>pkwk_hash_compute($salt, $key, $prefix));
} else {
// If plugin=md5&md5=password, only set it (Don't compute)
$value = isset($get['md5']) ? $get['md5'] : '';
-
- plugin_md5_checklimit($value);
+ if (strlen($value) > PKWK_PASSPHRASE_LIMIT_LENGTH)
+ die_message('Limit: malicious message length');
if ($value != '') $value = 'value="' . htmlspecialchars($value) . '" ';
+
$self = get_script_uri();
$form = '';
if ($submit) $form .= '<strong>NO PHRASE</strong><br />';
<div>
<input type="hidden" name="plugin" value="md5" />
<label for="_p_md5_phrase">Phrase:</label>
- <input type="text" name="key" id="_p_md5_phrase" size="60" $value/><br />
+ <input type="text" name="key" id="_p_md5_phrase" size="60" $value/><br />
<input type="radio" name="scheme" id="_p_md5_sha1" value="php_sha1" />
<label for="_p_md5_sha1">PHP sha1()</label><br />
<input type="radio" name="scheme" id="_p_md5_md5" value="php_md5" checked="checked" />
<label for="_p_md5_md5">PHP md5()</label><br />
<input type="radio" name="scheme" id="_p_md5_crpt" value="php_crypt" />
- <label for="_p_md5_crpt">PHP crypt()</label><br />
+ <label for="_p_md5_crpt">PHP crypt() *</label><br />
+ <input type="radio" name="scheme" id="_p_md5_lssha" value="ldap_ssha" />
+ <label for="_p_md5_lssha">OpenLDAP SSHA (sha-1 with a seed)</label><br />
<input type="radio" name="scheme" id="_p_md5_lsha" value="ldap_sha" />
- <label for="_p_md5_lsha">OpenLDAP SHA (sha1)</label><br />
+ <label for="_p_md5_lsha">OpenLDAP SHA (sha-1)</label><br />
+
+ <input type="radio" name="scheme" id="_p_md5_lsmd5" value="ldap_smd5" />
+ <label for="_p_md5_lsmd5">OpenLDAP SMD5 (md5 with a seed)</label><br />
<input type="radio" name="scheme" id="_p_md5_lmd5" value="ldap_md5" />
<label for="_p_md5_lmd5">OpenLDAP MD5</label><br />
+ <input type="radio" name="scheme" id="_p_md5_lcrpt" value="ldap_crypt" />
+ <label for="_p_md5_lcrpt">OpenLDAP CRYPT *</label><br />
+
<input type="checkbox" name="prefix" id="_p_md5_prefix" checked="checked" />
<label for="_p_md5_prefix">Add scheme prefix (RFC2307, Using LDAP as NIS)</label><br />
+ <label for="_p_md5_salt">*Salt or userPassword itself:</label>
+ <input type="text" name="salt" id="_p_md5_salt" size="60" /><br />
+
<input type="submit" value="Compute" />
</div>
</form>
return array('msg'=>'MD5', 'body'=>$form);
}
}
-
-// Compute hash with php-functions, or compute like slappasswd (OpenLDAP)
-function plugin_md5_compute($scheme = 'php_md5', $key = '', $prefix = FALSE)
-{
- plugin_md5_checklimit($key);
-
- switch (strtolower($scheme)) {
- case 'x-php-crypt' : /* FALLTHROUGH */
- case 'php_crypt' :
- $hash = ($prefix ? '{x-php-crypt}' : '') . crypt($key); break;
- case 'x-php-md5' : /* FALLTHROUGH */
- case 'php_md5' :
- $hash = ($prefix ? '{x-php-md5}' : '') . md5($key); break;
- case 'x-php-sha1' : /* FALLTHROUGH */
- case 'php_sha1' :
- $hash = ($prefix ? '{x-php-sha1}' : '') . sha1($key); break;
- case 'md5' : /* FALLTHROUGH */
- case 'ldap_md5' :
- $hash = ($prefix ? '{MD5}' : '') . base64_encode(hex2bin(md5($key))); break;
- case 'sha' : /* FALLTHROUGH */
- case 'ldap_sha' :
- $hash = ($prefix ? '{SHA}' : '') . base64_encode(hex2bin(sha1($key))); break;
- default: $hash = ''; break;
- }
-
- return $hash;
-}
-
-function plugin_md5_checklimit($text)
-{
- if (strlen($text) > PLUGIN_MD5_LIMIT_LENGTH)
- die_message('Limit: malicious message length');
-}
?>
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: pukiwiki.ini.php,v 1.117 2005/04/02 06:34:50 henoheno Exp $
+// $Id: pukiwiki.ini.php,v 1.118 2005/04/05 13:29:25 henoheno Exp $
//
// PukiWiki main setting file
// Admin password for this Wikisite
// CHANGE THIS
-$adminpass = '1a1dc91c907325c69271ddf0c944bc72'; // md5('pass')
+//$adminpass = 'pass'; // Cleartext
+//$adminpass = '{x-php-crypt}$1$nxrVut5a$c9LdXN1rKQC1HQOwBY4O//'; // crypt('pass')
+$adminpass = '{x-php-md5}1a1dc91c907325c69271ddf0c944bc72'; // md5('pass')
+//$adminpass = '{x-php-sha1}9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684'; // sha1('pass')
+//$adminpass = '{CRYPT}$1$AR.Gk94x$uCe8fUUGMfxAPH83psCZG/'; // CRYPT 'pass'
+//$adminpass = '{MD5}Gh3JHJBzJcaScd3wyUS8cg=='; // MD5 'pass'
+//$adminpass = '{SMD5}o7lTdtHFJDqxFOVX09C8QnlmYmZnd2Qx'; // SMD5 'pass'
+//$adminpass = '{SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ='; // SHA 'pass'
+//$adminpass = '{SSHA}B78f8i/RpNC+CyFdKLH2odaK8hlPNjlOOUUyMA=='; // SSHA 'pass'
/////////////////////////////////////////////////
// Page-reading feature settings
/////////////////////////////////////////////////
// User definition
$auth_users = array(
- 'foo' => 'foo_passwd',
- 'bar' => 'bar_passwd',
- 'hoge' => 'hoge_passwd',
+ 'foo' => 'foo_passwd', // Cleartext
+ 'bar' => '{x-php-md5}f53ae779077e987718cc285b14dfbe86', // md5('bar_passwd')
+ 'hoge' => '{SMD5}OzJo/boHwM4q5R+g7LCOx2xGMkFKRVEx', // SMD5 'hoge_passwd'
);
/////////////////////////////////////////////////
// Authentication method
-// 'pagename' : by Page name
-// 'contents' : by Page contents
-$auth_method_type = 'contents';
+$auth_method_type = 'contents'; // By Page contents
+//$auth_method_type = 'pagename'; // By Page name
/////////////////////////////////////////////////
// Read auth (0:Disable, 1:Enable)