Moved to more simple password storage

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10766 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-core/html/index.php b/gosa-core/html/index.php
index a9c1cba32314f079637def394c605daf160832a4..b26380eeb389ec89152515483ba3f3c503e03b29 100644 (file)
--- a/gosa-core/html/index.php
+++ b/gosa-core/html/index.php
@@ -271,8 +271,8 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces
       exit()  ;
     }else{
       $cfg = array();
-      $cfg['admin']     = $config->get_admin_dn();
-      $cfg['password']  = $config->get_admin_password();
+      $cfg['admin']     = $config->current['ADMIN'];
+      $cfg['password']  = $config->current['PASSWORD'];
       $cfg['connection']= $config->current['SERVER'];
       $cfg['tls']       = $tls;
       $str = check_schema($cfg,isset($config->current['RFC2307BIS']) && preg_match("/(true|yes|on|1)/i",$config->current['RFC2307BIS']));

diff --git a/gosa-core/include/class_config.inc b/gosa-core/include/class_config.inc
index 4d8b18c8c325eb34c66232ecfd0012cff7400b34..d5f68214266fc1497d9b34c2041c5534e833c108 100644 (file)
--- a/gosa-core/include/class_config.inc
+++ b/gosa-core/include/class_config.inc
@@ -214,13 +214,23 @@ class config  {
     $this->level--;
   }
 
+
+  function get_credentials($creds)
+  {
+    if (isset($_SERVER['HTTP_GOSA_KEY'])){
+      return (cred_decrypt($creds, $_SERVER['HTTP_GOSA_KEY']));
+    }
+    return ($creds);
+  }
+
+
   function get_ldap_link($sizelimit= FALSE)
   {
     if($this->ldap === NULL || !is_resource($this->ldap->cid)){
 
       /* Build new connection */
       $this->ldap= ldap_init ($this->current['SERVER'], $this->current['BASE'],
-          $this->get_admin_dn(), $this->get_admin_password());
+          $this->current['ADMIN'], $this->get_credentials($this->current['PASSWORD']));
 
       /* Check for connection */
       if (is_null($this->ldap) || (is_int($this->ldap) && $this->ldap == 0)){
@@ -321,13 +331,6 @@ class config  {
     /* Convert BASE to have escaped special characters */
     $this->current['BASE']= @LDAP::convert($this->current['BASE']);
 
-    /* Load server informations */
-    $this->load_servers();
-  }
-
-
-  function update_credentials_from_config()
-  {
     /* Parse LDAP referral informations */
     if (!isset($this->current['ADMIN']) || !isset($this->current['PASSWORD'])){
       $url= $this->current['SERVER'];
@@ -336,49 +339,10 @@ class config  {
       $this->current['PASSWORD']= $referral['PASSWORD'];
     }
 
-    /* Bail out if problematic */
-    if (!isset($this->current['ADMIN']) || !isset($this->current['PASSWORD'])){
-      msg_dialog::display(_("Configuration error"), _("Cannot find any administrative LDAP credentials!"), FATAL_ERROR_DIALOG);
-      exit;
-    }
-  }
-
-
-  function encode_server_url($url, $base, $val)
-  {
-    return (preg_replace("/_+/", "_", "HTTP_".strtr(strtoupper($url."_".md5($base)."_$val"), ".-:/", "____")));
-  }
-
-
-  function get_admin_dn()
-  {
-    $enc= $this->encode_server_url($this->current['SERVER'], $this->current['BASE'], "ADMIN");
-    /* Answer from http request */
-    if (isset($_SERVER[$enc])){
-      return $_SERVER[$enc];
-    }
-
-    /* Answer in old style for compatibility */
-    $this->update_credentials_from_config();
-    return $this->current['ADMIN'];
-  }
-
-
-  function get_admin_password()
-  {
-    $enc= $this->encode_server_url($this->current['SERVER'], $this->current['BASE'], "PASSWORD");
-
-    /* Answer from http request */
-    if (isset($_SERVER[$enc])){
-      return $_SERVER[$enc];
-    }
-
-    /* Answer in old style for compatibility */
-    $this->update_credentials_from_config();
-    return $this->current['PASSWORD'];
+    /* Load server informations */
+    $this->load_servers();
   }
 
-
   function load_servers ()
   {
     /* Only perform actions if current is set */
@@ -424,7 +388,8 @@ class config  {
     if ($ldap->count()){
       $attrs= $ldap->fetch();
       $this->data['SERVERS']['KERBEROS']= array( 'SERVER' => $attrs['cn'][0],
-          'REALM' => $attrs['goKrbRealm'][0]);
+          'REALM' => $attrs['goKrbRealm'][0],
+          'ADMIN' => $attrs['goKrbAdmin'][0]);
     }
 
     /* Get cups server. FIXME: only one is supported currently */

diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 08626e248e47382e578ea438ae417740b2aceaf2..4f7236ae5ca02b5e6d145a2752aeef9a5789e1d4 100644 (file)
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -2733,7 +2733,25 @@ function get_random_char () {
      } else {
          return (chr ($randno + 59)); // Lowercase
      }
-  }
+}
+
+
+function cred_encrypt($input, $password) {
+
+  $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+  $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
+
+  return bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password, $input, MCRYPT_MODE_ECB, $iv));
+
+}
+
+function cred_decrypt($input,$password) {
+  $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+  $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
+
+  return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, pack("H*", $input), MCRYPT_MODE_ECB, $iv);
+}
+
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>