fix tests (pacrypt/{md5raw} etc)

3 years ago · bed0300fae
2 changed files with 32 additions and 12 deletions
--- a/functions.inc.php
+++ b/functions.inc.php
@ -1297,9 +1297,7 @@ function pacrypt($pw, $pw_db = "")
 {
    global $CONF;

-    $mechanism = $CONF['encrypt'] ?? 'CRYPT';
-
-    $mechanism = strtoupper($mechanism);
+    $mechanism = strtoupper($CONF['encrypt'] ?? 'CRYPT');

    $crypts = ['PHP_CRYPT', 'MD5CRYPT', 'PHP_CRYPT:DES', 'PHP_CRYPT:MD5', 'PHP_CRYPT:SHA256'];

@ -1311,6 +1309,33 @@ function pacrypt($pw, $pw_db = "")
        return _pacrypt_php_crypt($pw, $pw_db);
    }

+    if ($mechanism == 'AUTHLIB') {
+        return _pacrypt_authlib($pw, $pw_db);
+    }
+
+    if (!empty($pw_db) && preg_match('/^{([0-9a-z-\.]+)}/i', $pw_db, $matches)) {
+        $method_in_hash = $matches[1];
+        if ('COURIER:' . strtoupper($method_in_hash) == $mechanism) {
+            // don't try and be clever.
+        } elseif ($mechanism != $method_in_hash) {
+            error_log("PostfixAdmin: configured to use $mechanism, but asked to crypt password using {$method_in_hash}; are you migrating algorithm/mechanism or is something wrong?");
+            $mechanism = $method_in_hash;
+        }
+    }
+
+    if ($mechanism == 'MD5RAW') {
+        $mechanism = 'COURIER:MD5RAW';
+    }
+
+    if (!empty($pw_db) && preg_match('/^\$[0-9]\$/i', $pw_db, $matches)) {
+        $method_in_hash = $matches[0];
+        switch ($method_in_hash) {
+            case '$1$':
+            case '$6$':
+                $algorithm = 'SYSTEM';
+        }
+    }
+
    if ($mechanism == 'SHA512.B64') {
        // postfixadmin incorrectly uses this as a SHA512-CRYPT.B64
        $mechanism = 'SHA512-CRYPT.B64';
@ -1320,16 +1345,11 @@ function pacrypt($pw, $pw_db = "")
        $mechanism = strtoupper($matches[1]);
    }

-    if (preg_match('/^COURIER:(.*)$/i', $mechanism, $matches)) {
-        $mechanism = strtoupper($mechanism);
-    }
    if (empty($pw_db)) {
        $pw_db = null;
    }

-    if ($mechanism == 'AUTHLIB') {
-        return _pacrypt_authlib($pw, $pw_db);
-    }
+

    $hasher = new \PostfixAdmin\PasswordHashing\Crypt($mechanism);
    return $hasher->crypt($pw, $pw_db);
@ -1345,7 +1365,7 @@ function pacrypt($pw, $pw_db = "")
 * @return string hashed password in crypt format.
 * @deprecated see PFACrypt::cryptMd5() (note this returns {MD5} prefix
 */
-function md5crypt($pw, $salt="", $magic="")
+function md5crypt($pw, $salt = "", $magic = "")
 {
    $MAGIC = "$1$";

--- a/tests/PacryptTest.php
+++ b/tests/PacryptTest.php
@ -285,15 +285,15 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase
            'md5' => 'cc03e747a6afbbcbf8be7668acfebee5',
            'cleartext' => 'test123',
            'mysql_encrypt' => '$6$$KMCDSuWNoVgNrK5P1zDS12ZZt.LV4z9v9NtD0AG0T5Rv/n0wWVvZmHMSKKZQciP7lrqrlbrBrBd4lhBSGy1BU0',
-            'authlib' => '{md5raw}cc03e747a6afbbcbf8be7668acfebee5',
+            'authlib' => '{MD5RAW}cc03e747a6afbbcbf8be7668acfebee5', // authpasswd md5raw (via courier-authdaemon package)
            'php_crypt:SHA512' => '{SHA512-CRYPT}$6$IeqpXtDIXF09ADdc$IsE.SSK3zuwtS9fdWZ0oVxXQjPDj834xqxTiv3Qfidq3AbAjPb0DNyI28JyzmDVlbfC9uSfNxD9RUyeO1.7FV/',
            'php_crypt:DES' => 'VXAXutUnpVYg6',
            'php_crypt:MD5' => '$1$rGTbP.KE$wimpECWs/wQa7rnSwCmHU.',
            'php_crypt:SHA256' => '$5$UaZs6ZuaLkVPx3bM$4JwAqdphXVutFYw7COgAkp/vj09S1DfjIftxtjqDrr/',
            'php_crypt:BLOWFISH' => '$2y$10$4gbwQMAoJPcg.mWnENYNg.syH9mZNsbQu6KN7skK92g3tlPnvvBDW',
            'sha512.b64' => '{SHA512-CRYPT.B64}JDYkMDBpOFJXQ0JwMlFMMDlobCRFMVFWLzJjbENPbEo4OTg0SjJyY1oxeXNTaFJIYVhJeVdFTDdHRGl3aHliYkhQUHBUQjZTM0lFMlYya2ZXczZWbHY0aDVNa3N0anpud0xuRTBWZVRELw==',
-        ];

+        ];


        foreach ($mechs as $mech => $example_hash) {