![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
05568bdb81b41babee787ad7f8e7cc294eb62292
1 #!/usr/bin/php
2 <?php
4 function cred_encrypt($input, $password) {
6 $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
7 $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
9 return bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password, $input, MCRYPT_MODE_ECB, $iv));
10 }
13 function get_random_char() {
14 $randno = rand (0, 63);
15 if ($randno < 12) {
16 return (chr ($randno + 46)); // Digits, '/' and '.'
17 } else if ($randno < 38) {
18 return (chr ($randno + 53)); // Uppercase
19 } else {
20 return (chr ($randno + 59)); // Lowercase
21 }
22 }
25 function get_random_string($size= 32){
26 $str= "";
27 for ($i = 0; $i < $size; $i++) {
28 $str .= get_random_char();
29 }
30 return $str;
31 }
34 # We need to have access to gosa.secrets
35 if (posix_getuid() != 0){
36 die ("This program needs to be called by root!\n");
37 }
39 # Do we have a valid gosa.conf?
40 if (!file_exists("/etc/gosa/gosa.conf")){
41 die ("Cannot find a valid /etc/gosa/gosa.conf!\n");
42 }
44 echo "Starting password encryption\n";
45 echo "* generating random master key\n";
46 $master_key= get_random_string();
48 # Do we have a valid gosa.secrets, already?
49 if (file_exists("/etc/gosa/gosa.secrets")){
50 die ("There's already a /etc/gosa/gosa.secrets. Cannot convert your existing gosa.conf - aborted\n");
51 } else {
52 echo "* creating /etc/gosa/gosa.secrets\n";
53 $fp = fopen("/etc/gosa/gosa.secrets", 'w') or die("Cannot open /etc/gosa/gosa.secrets for writing - aborted");
54 fwrite($fp, "RequestHeader set GOSA_KEY $master_key\n");
55 fclose($fp);
56 chmod ("/etc/gosa/gosa.secrets", 0600);
57 chown ("/etc/gosa/gosa.secrets", "root");
58 chgrp ("/etc/gosa/gosa.secrets", "root");
59 }
61 # Locate all passwords inside the gosa.conf
62 echo "* loading /etc/gosa/gosa.conf\n";
63 $conf = new DOMDocument();
64 $conf->load("/etc/gosa/gosa.conf") or die ("Cannot read /etc/gosa/gosa.conf - aborted\n");
65 $conf->encoding = 'UTF-8';
66 $referrals= $conf->getElementsByTagName("referral");
67 echo "* encrypting existent passwords with master key\n";
68 foreach($referrals as $referral){
69 $user = $referral->attributes->getNamedItem("adminDn");
70 echo "* encrypting password for: ".$user->nodeValue."\n";
71 $pw= $referral->attributes->getNamedItem("adminPassword");
72 $pw->nodeValue= cred_encrypt($pw->nodeValue, $master_key);
73 }
75 # Move original gosa.conf out of the way and make it unreadable for the web user
76 echo "* creating backup in /etc/gosa/gosa.conf.orig\n";
77 rename("/etc/gosa/gosa.conf", "/etc/gosa/gosa.conf.orig");
78 chmod("/etc/gosa/gosa.conf.orig", 0600);
79 chown ("/etc/gosa/gosa.conf.orig", "root");
80 chgrp ("/etc/gosa/gosa.conf.orig", "root");
82 # Save new passwords
83 echo "* saving modified /etc/gosa/gosa.conf\n";
84 $conf->save("/etc/gosa/gosa.conf") or die("Cannot write modified /etc/gosa/gosa.conf - aborted\n");
85 chmod("/etc/gosa/gosa.conf", 0640);
86 chown ("/etc/gosa/gosa.conf", "root");
87 chgrp ("/etc/gosa/gosa.conf", "www-data");
88 echo "OK\n\n";
90 # Print reminder
91 echo<<<EOF
92 Please adapt your http gosa location declaration to include the newly
93 created "/etc/gosa/gosa.secrets".
95 Example:
97 Alias /gosa /usr/share/gosa/html
99 <Location /gosa>
100 php_admin_flag engine on
101 php_admin_value open_basedir "/etc/gosa/:/usr/share/gosa/:/var/cache/gosa/:/var/spool/gosa/"
102 php_admin_flag register_globals off
103 php_admin_flag allow_call_time_pass_reference off
104 php_admin_flag expose_php off
105 php_admin_flag zend.ze1_compatibility_mode off
106 php_admin_flag register_long_arrays off
107 php_admin_flag magic_quotes_gpc on
108 include /etc/gosa/gosa.secrets
109 </Location>
112 Please reload your httpd configuration after you've modified anything.
115 EOF;
116 ?>