clean up security sensitive functions

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8985 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-si/gosa-si-bus b/gosa-si/gosa-si-bus
index a9ae07261e929c0c4fff58732c3bad79cd5e87fa..53b99c31f944ed010728abf098c365a366dd6a6e 100755 (executable)
--- a/gosa-si/gosa-si-bus
+++ b/gosa-si/gosa-si-bus
@@ -28,8 +28,6 @@ use Time::HiRes qw( gettimeofday );
 use POE qw(Component::Server::TCP);
 use Data::Dumper;
 use Crypt::Rijndael;
-use GOSA::DBsqlite;
-use GOSA::GosaSupportDaemon;
 use IO::Socket::INET;
 use NetAddr::IP;
 use XML::Simple;
@@ -37,6 +35,8 @@ use MIME::Base64;
 use File::Basename;
 use Digest::MD5  qw(md5 md5_hex md5_base64);
 
+use GOSA::GosaSupportDaemon;
+use GOSA::DBsqlite;
 
 my ($cfg_file, $default_cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file,);
 my ($bus_address, $bus_key, $bus_ip, $bus_port, $bus_mac_address);
@@ -466,6 +466,45 @@ sub create_passwd {
 }
 
 
+sub create_ciphering {
+    my ($passwd) = @_;
+       if((!defined($passwd)) || length($passwd)==0) {
+               $passwd = "";
+       }
+    $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
+    my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
+    my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
+    $my_cipher->set_iv($iv);
+    return $my_cipher;
+}
+
+
+sub encrypt_msg {
+    my ($msg, $key) = @_;
+    my $my_cipher = &create_ciphering($key);
+    {
+      use bytes;
+      $msg = "\0"x(16-length($msg)%16).$msg;
+    }
+    $msg = $my_cipher->encrypt($msg);
+    chomp($msg = &encode_base64($msg));
+    # there are no newlines allowed inside msg
+    $msg=~ s/\n//g;
+    return $msg;
+}
+
+
+sub decrypt_msg {
+
+    my ($msg, $key) = @_ ;
+    $msg = &decode_base64($msg);
+    my $my_cipher = &create_ciphering($key);
+    $msg = $my_cipher->decrypt($msg); 
+    $msg =~ s/\0*//g;
+    return $msg;
+}
+
+
 sub send_msg_hash2address {
     my ($msg_hash, $address, $encrypt_key) = @_ ;
     my $msg = &create_xml_string($msg_hash);

diff --git a/gosa-si/gosa-si-client b/gosa-si/gosa-si-client
index cf4488c25231bbbaec239859f8a9dfc9c2bbd1f8..b4f6a4358f7a308dad3259669154cb1e90adad83 100755 (executable)
--- a/gosa-si/gosa-si-client
+++ b/gosa-si/gosa-si-client
@@ -636,6 +636,45 @@ sub create_passwd {
 }
 
 
+sub create_ciphering {
+    my ($passwd) = @_;
+       if((!defined($passwd)) || length($passwd)==0) {
+               $passwd = "";
+       }
+    $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
+    my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
+    my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
+    $my_cipher->set_iv($iv);
+    return $my_cipher;
+}
+
+
+sub encrypt_msg {
+    my ($msg, $key) = @_;
+    my $my_cipher = &create_ciphering($key);
+    {
+      use bytes;
+      $msg = "\0"x(16-length($msg)%16).$msg;
+    }
+    $msg = $my_cipher->encrypt($msg);
+    chomp($msg = &encode_base64($msg));
+    # there are no newlines allowed inside msg
+    $msg=~ s/\n//g;
+    return $msg;
+}
+
+
+sub decrypt_msg {
+
+    my ($msg, $key) = @_ ;
+    $msg = &decode_base64($msg);
+    my $my_cipher = &create_ciphering($key);
+    $msg = $my_cipher->decrypt($msg); 
+    $msg =~ s/\0*//g;
+    return $msg;
+}
+
+
 sub get_server_addresses {
     my $domain= shift;
     my @result;
@@ -1137,9 +1176,21 @@ sub generic_file_error {
 
 sub fifo_got_record {
     my $file_record = $_[ARG0];
-    print STDERR "$file_record\n";
+    my $header;
+    my $content = "";
+
+    $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/;
+    if( defined $1 ) {
+        $header = $1;
+    } else {
+        return;
+    }
+
+    if( defined $2 ) {
+        $content = $2;
+    }
 
-    my $clmsg_hash = &create_xml_hash("CLMSG_$file_record", $client_address, $server_address);
+    my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content);
     my $clmsg = &create_xml_string($clmsg_hash);
     &send_msg_to_target($clmsg, $server_address, $server_key);
     return;

diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server
index 5c1a96a38ff563e0aecf4d68e6e13d494e20eec8..a182873d38b6dd7b3d5d9f15d1a9c02a7a55be36 100755 (executable)
--- a/gosa-si/gosa-si-server
+++ b/gosa-si/gosa-si-server
@@ -41,6 +41,7 @@ use Cwd;
 use File::Spec;
 use File::Basename;
 use GOSA::DBsqlite;
+use GOSA::GosaSupportDaemon;
 use POE qw(Component::Server::TCP);
 
 my $modules_path = "/usr/lib/gosa-si/modules";
@@ -223,21 +224,6 @@ sub daemon_log {
 }
 
 
-sub get_time {
-    my ($seconds, $minutes, $hours, $monthday, $month,
-            $year, $weekday, $yearday, $sommertime) = localtime(time);
-    $hours = $hours < 10 ? $hours = "0".$hours : $hours;
-    $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
-    $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
-    $month+=1;
-    $month = $month < 10 ? $month = "0".$month : $month;
-    $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
-    $year+=1900;
-    return "$year$month$monthday$hours$minutes$seconds";
-
-}
-
-
 #===  FUNCTION  ================================================================
 #         NAME:  check_cmdline_param
 #   PARAMETERS:  nothing
@@ -375,8 +361,6 @@ $SIG{INT} = \&sig_int_handler;
 
 sub check_key_and_xml_validity {
     my ($crypted_msg, $module_key) = @_;
-#print STDERR "crypted_msg:$crypted_msg\n";
-#print STDERR "modul_key:$module_key\n";
 
     my $msg;
     my $msg_hash;
@@ -604,6 +588,7 @@ sub input_from_unknown_host {
     return ($msg, $msg_hash, $module);
 }
 
+
 sub create_ciphering {
     my ($passwd) = @_;
        if((!defined($passwd)) || length($passwd)==0) {
@@ -633,6 +618,7 @@ sub encrypt_msg {
 
 
 sub decrypt_msg {
+
     my ($msg, $key) = @_ ;
     $msg = &decode_base64($msg);
     my $my_cipher = &create_ciphering($key);

diff --git a/gosa-si/modules/GosaSupportDaemon.pm b/gosa-si/modules/GosaSupportDaemon.pm
index 3a15aa94186b8ee6ea56ebfad0955d08883bf535..813ea4f02f3395385d231a5b28735ccd52d2eb92 100644 (file)
--- a/gosa-si/modules/GosaSupportDaemon.pm
+++ b/gosa-si/modules/GosaSupportDaemon.pm
@@ -7,9 +7,6 @@ my @functions = (
     "get_content_from_xml_hash",
     "add_content2xml_hash",
     "create_xml_string",
-    "encrypt_msg",
-    "decrypt_msg",
-    "create_ciphering",
     "transform_msg2hash",
     "get_time",
     "build_msg",
@@ -150,33 +147,19 @@ sub add_content2xml_hash {
 #      RETURNS:  crypted_msg - string - crypted message
 #  DESCRIPTION:  crypts the incoming message with the Crypt::Rijndael module
 #===============================================================================
-sub encrypt_msg {
-#    my ($msg, $my_cipher) = @_;
-#    if(not defined $my_cipher) { print "no cipher object\n"; }
+#sub encrypt_msg {
+#    my ($msg, $key) = @_;
+#    my $my_cipher = &create_ciphering($key);
 #    {
 #      use bytes;
 #      $msg = "\0"x(16-length($msg)%16).$msg;
 #    }
 #    $msg = $my_cipher->encrypt($msg);
 #    chomp($msg = &encode_base64($msg));
-#
 #    # there are no newlines allowed inside msg
 #    $msg=~ s/\n//g;
-#
 #    return $msg;
-    my ($msg, $key) = @_;
-    my $my_cipher = &create_ciphering($key);
-    {
-      use bytes;
-      $msg = "\0"x(16-length($msg)%16).$msg;
-    }
-    $msg = $my_cipher->encrypt($msg);
-    chomp($msg = &encode_base64($msg));
-    # there are no newlines allowed inside msg
-    $msg=~ s/\n//g;
-    return $msg;
-
-}
+#}
 
 
 #===  FUNCTION  ================================================================
@@ -186,7 +169,7 @@ sub encrypt_msg {
 #      RETURNS:  msg - string - decrypted message
 #  DESCRIPTION:  decrypts the incoming message with the Crypt::Rijndael module
 #===============================================================================
-sub decrypt_msg {
+#sub decrypt_msg {
 #    my ($msg, $my_cipher) = @_ ;
 #    
 #    if(defined $msg && defined $my_cipher) {
@@ -195,13 +178,13 @@ sub decrypt_msg {
 #    $msg = $my_cipher->decrypt($msg); 
 #    $msg =~ s/\0*//g;
 #    return $msg;
-    my ($msg, $key) = @_ ;
-    $msg = &decode_base64($msg);
-    my $my_cipher = &create_ciphering($key);
-    $msg = $my_cipher->decrypt($msg); 
-    $msg =~ s/\0*//g;
-    return $msg;
-}
+#    my ($msg, $key) = @_ ;
+#    $msg = &decode_base64($msg);
+#    my $my_cipher = &create_ciphering($key);
+#    $msg = $my_cipher->decrypt($msg); 
+#    $msg =~ s/\0*//g;
+#    return $msg;
+#}
 
 
 #===  FUNCTION  ================================================================
@@ -210,17 +193,17 @@ sub decrypt_msg {
 #      RETURNS:  cipher - object
 #  DESCRIPTION:  creates a Crypt::Rijndael::MODE_CBC object with passwd as key
 #===============================================================================
-sub create_ciphering {
-    my ($passwd) = @_;
-    $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
-    my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
-
-    #daemon_log("iv: $iv", 7);
-    #daemon_log("key: $passwd", 7);
-    my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
-    $my_cipher->set_iv($iv);
-    return $my_cipher;
-}
+#sub create_ciphering {
+#    my ($passwd) = @_;
+#    $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
+#    my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
+#
+#    #daemon_log("iv: $iv", 7);
+#    #daemon_log("key: $passwd", 7);
+#    my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
+#    $my_cipher->set_iv($iv);
+#    return $my_cipher;
+#}
 
 
 #===  FUNCTION  ================================================================