Password encryption Problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
bluenote
Forum Commoner
Posts: 93
Joined: Sat Mar 01, 2003 4:59 am
Location: Heidelberg, Germany

Password encryption Problem

Post by bluenote »

Hello :) ,

i have to code an authentication module for our intranet area. I started with a simple html form collecting the two credentials (username and upasswd) which is to be send to the 'authenticate.inc':

Code: Select all

<?php
require('departments.inc');

$username = $_REQUEST["username"];
$upasswd = $_REQUEST["upasswd"];

if (($username=='') && ($upasswd=='')) {
	
	$login = "false";}
	
	else if (($username=='') && ($upasswd != '')) {
		
		$login = "false";}
		
		else if (($username != '') && ($upasswd=='')) {
			
			$login = "false";}
			
			else if (($username != '') && ($upasswd != '')) {
				
				$login = "true";}
				
				if ($login=='false') {
					
					header("HTTP/1.0 401 Unauthorized");
					header ("Location: /shared/docs/system/messages/401.php3");}
					
					else if ($login=='true') {
						
						$salt = substr($upasswd , 0, 1);
						$passwd = crypt("'$upasswd', '$salt'");
						
						require('ldap_connect.ldp');
						
						if ($ds) {
							
							$ldapbind = ldap_bind($ds);
							
							if ($ldapbind) {
								
								$dn = "ou=people,dc=my dc=home,dc=de";
								$filter = "(&(uid=$username) (userPassword=$passwd))";
								
								$get_userid = array("uid", "userPassword", "uidNumber");
								$sr01 = ldap_search($ds, $dn, $filter, $get_userid);
								$entries_returned01 = ldap_count_entries($ds,$sr01);
								
								if ($entries_returned01=='0') {
									
									header("HTTP/1.0 401 Unauthorized");
									header ("Location: /intra/index.php3?department=$department&LANG=$LANG&view=$view");}
									
									else if ($entries_returned01=='1') {
										
										$entry01 = ldap_first_entry($ds, $sr01);
										$values01 = ldap_get_values($ds, $entry01, "uidNumber");
										$suserid = $values01[0];
										$userid = "$suserid";
										
										$lquery = "SELECT staff_ldap.ldap_s01, staff_ldap.ldap_s02, DBstaff.staff_ldap.ldap_s05 FROM staff_ldap WHERE staff_ldap.ldap_s03 = '$userid' AND staff_ldap.ldap_s04 = '$username' LIMIT 0,1";
										
										$lerg = mysql_query($lquery);
										
										$lnumrows = mysql_num_rows($lerg);
										
										if ($lnumrows=='1') {
											
											$l = 0;
											
											$sectionID = mysql_result($lerg,$l,"ldap_s01");
											$login = mysql_result($lerg,$l,"ldap_s02");
											$user = mysql_result($lerg,$l,"ldap_s05");
											
											header ("Location: /intra/login/index.php3?department=$department&LANG=$LANG&view=$view&sectionID=$sectionID&login=$login&user=$user&username=$username");}}
											
											else {
												
												header("HTTP/1.0 401 Unauthorized");
												header ("Location: /intra/index.php3?department=$department&LANG=$LANG&view=$view");}
												
												$ldapunbind = ldap_unbind($ds);}}}

?>
If i try the above without $upasswd / $passwd (just with the username), everything works fine and i get the user i was searching for.

My Problem lies in line 30 / 31. The manual attached to our LDAP implementation (a SunOne Directory Server) says that while adding a new user, his password will be Standard UNIX encrypted, and the PHP manual says that crypt() uses the Standard UNIX crypt function. Butr when i use PHP crypt as a standalone function

Code: Select all

<?php
$passwd = crypt('teststringfordummiesliekeme', 't');

echo $passwd;

?>
the result is absolutely different from the result which adding a new Solaris user produces in /etc/shadow.

Any hints?

Greetings,
- bluenote
User avatar
bluenote
Forum Commoner
Posts: 93
Joined: Sat Mar 01, 2003 4:59 am
Location: Heidelberg, Germany

Post by bluenote »

Well actually you can forget about the above 8) the problem can be reduced to the following few lines:
  1. A user types in a password ($upasswd);
    $upasswd is transported to 'authenticate.inc';
    $upasswd gets encrypted with crypt() -- i think, not properly -- and renamed to $passwd;
    The LDAP directory (where passwords are encrypted with standard unix crypt) is searched for an user with userPassword = $passwd;
    ...
    ...
    At last, the LDAP attribute userPassword is compared with $passwd.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Results of php's crypt depends on what salt you're passing to it and as well on what php's ./configure thought of your system's crypt at the time of installation. And results of system's crypt depends on ... well, your system :) As you can see there's a lot of possible variations, you will need to experiment for a while.
User avatar
bluenote
Forum Commoner
Posts: 93
Joined: Sat Mar 01, 2003 4:59 am
Location: Heidelberg, Germany

Post by bluenote »

Hey Weirdan,

:cry: :cry:

i already knew i would get many many sleepless nights...

well here's how i build PHP beeing user root:

Code: Select all

bash-2.05# cd /usr/local/src

bash-2.05# gunzip < php-5.0.2.tar.gz | /usr/local/bin/tar xovf -
bash-2.05# cd php-5.0.2

bash-2.05# export CC="/usr/local/bin/gcc"
bash-2.05# export LDFLAGS="-R/local/openldap/lib -R/etc/lib -L/usr/lib -R/usr/ucblib -R/usr/local/lib -R/usr/local/apache/lib -R/usr/local/ssl/lib -R/usr/local/mysql/lib"
bash-2.05# export CPPFLAGS="-I/local/openldap/include -I/usr/include -I/usr/local/include -I/usr/local/mysql/include -I/usr/local/apache/include"
bash-2.05# export PATH=/local/openldap/bin:/usr/sbin:/usr/bin:/usr/lib/nis:/usr/local/bin:/usr/ccs/bin:/usr/local/apache/bin/apxs:/usr/local/mysql/bin
bash-2.05# export LD_LIBRARY_PATH=/local/openldap/lib:/usr/local/ssl/lib:/usr/local/mysql/lib
bash-2.05# export LD_RUN_PATH=/local/openldap/bin:/usr/sbin:/usr/bin:/usr/lib/nis:/usr/local/bin:/usr/ccs/bin:/usr/local/apache/bin/apxs:/usr/local/mysql/bin

bash-2.05# ln -s /usr/ccs/bin/ar /usr/local/bin/ar
bash-2.05# ln -s /usr/local/bin/libtool ./libtool

bash-2.05# ./configure --with-apxs=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/lib/BLUErdb-2.0/conf --with-config-file-scan-dir=/usr/local/lib/BLUErdb-2.0/conf --with-ldap=/local/openldap --with-mcrypt=/usr/local/lib --with-mhash=/usr/local/lib --with-mysqli=/usr/local/mysql/bin/mysql_config --with-mysql=/usr/local/mysql --with-openssl=/usr/local/ssl --with-zlib-dir=/usr/local/include --with-gd --with-jpeg-dir=/usr/local/lib --enable-gd-native-ttf --enable-gd-jis-conv --with-curl=/usr/local/include/curl --with-curlwrappers --enable-dbx --with-iconv=/usr/local/bin/iconv --enable-calendar --enable-soap

bash-2.05# make clean
bash-2.05# make
bash-2.05# make install
My system is a SunFire V240, Solaris 9 SPARC, with the latest patch cluster added.

- bluenote
User avatar
bluenote
Forum Commoner
Posts: 93
Joined: Sat Mar 01, 2003 4:59 am
Location: Heidelberg, Germany

Post by bluenote »

In addition:

Code: Select all

bash-2.05# man crypt
Reformatting page.  Please Wait... done

User Commands                                            crypt(1)

NAME
     crypt - encode or decode a file

SYNOPSIS
     crypt &#1111;password]

DESCRIPTION
     The crypt utility encrypts and decrypts the  contents  of  a
     file.  crypt reads from the standard input and writes on the
     standard output. The password is a key that selects  a  par-
     ticular  transformation.  If  no  password  is  given, crypt
     demands a key from the terminal and turns off printing while
     the  key is being typed in. crypt encrypts and decrypts with
     the same key:

     example% crypt key<clear.file> encrypted.file
     example% crypt key<encrypted.file | pr

     will print the contents of clear.file.

     Files encrypted by crypt are compatible with  those  treated
     by the editors ed(1), ex(1), and vi(1) in encryption mode.

     The security of encrypted files depends  on  three  factors:
     the  fundamental method must be hard to solve; direct search
     of the key space must be infeasible; "sneak paths" by  which
     keys or cleartext can become visible must be minimized.

     crypt implements a  one-rotor  machine  designed  along  the
     lines  of  the  German Enigma, but with a 256-element rotor.
     Methods of attack on such machines are  widely  known,  thus
     crypt provides minimal security.

     The transformation of a key into the  internal  settings  of
     the  machine  is deliberately designed to be expensive, that
     is, to take a substantial fraction of a second  to  compute.
     However,  if  keys  are restricted to (say) three lower-case
     letters, then encrypted files can be read by expending  only
     a substantial fraction of five minutes of machine time.

     Since the key is an argument to the  crypt  command,  it  is
     potentially visible to users executing ps(1) or a derivative
     command. To minimize this possibility, crypt takes  care  to
     destroy  any  record  of  the key immediately upon entry. No
     doubt the choice of keys  and  key  security  are  the  most
     vulnerable aspect of crypt.

FILES
     /dev/tty
           for typed key

SunOS 5.9           Last change: 14 May 1997                    1

User Commands                                            crypt(1)

ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|

SEE ALSO
     des(1), ed(1), ex(1), makekey(1), ps(1),  vi(1),  attributes
     (5)
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

create some dummy password using adduser (or whatever it's called on Solaris) and post it here. Then we'll be able to see what algorithm was used to generate the encrypted password.
Post Reply