From: cajus Date: Mon, 5 May 2008 13:28:56 +0000 (+0000) Subject: Moved to more simple password storage X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=ca820b53aa9911874a3c6e7253ea12b72a5cf513;p=gosa.git Moved to more simple password storage git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10766 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-core/html/index.php b/gosa-core/html/index.php index a9c1cba32..b26380eeb 100644 --- a/gosa-core/html/index.php +++ b/gosa-core/html/index.php @@ -271,8 +271,8 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces exit() ; }else{ $cfg = array(); - $cfg['admin'] = $config->get_admin_dn(); - $cfg['password'] = $config->get_admin_password(); + $cfg['admin'] = $config->current['ADMIN']; + $cfg['password'] = $config->current['PASSWORD']; $cfg['connection']= $config->current['SERVER']; $cfg['tls'] = $tls; $str = check_schema($cfg,isset($config->current['RFC2307BIS']) && preg_match("/(true|yes|on|1)/i",$config->current['RFC2307BIS'])); diff --git a/gosa-core/include/class_config.inc b/gosa-core/include/class_config.inc index 4d8b18c8c..d5f682142 100644 --- a/gosa-core/include/class_config.inc +++ b/gosa-core/include/class_config.inc @@ -214,13 +214,23 @@ class config { $this->level--; } + + function get_credentials($creds) + { + if (isset($_SERVER['HTTP_GOSA_KEY'])){ + return (cred_decrypt($creds, $_SERVER['HTTP_GOSA_KEY'])); + } + return ($creds); + } + + function get_ldap_link($sizelimit= FALSE) { if($this->ldap === NULL || !is_resource($this->ldap->cid)){ /* Build new connection */ $this->ldap= ldap_init ($this->current['SERVER'], $this->current['BASE'], - $this->get_admin_dn(), $this->get_admin_password()); + $this->current['ADMIN'], $this->get_credentials($this->current['PASSWORD'])); /* Check for connection */ if (is_null($this->ldap) || (is_int($this->ldap) && $this->ldap == 0)){ @@ -321,13 +331,6 @@ class config { /* Convert BASE to have escaped special characters */ $this->current['BASE']= @LDAP::convert($this->current['BASE']); - /* Load server informations */ - $this->load_servers(); - } - - - function update_credentials_from_config() - { /* Parse LDAP referral informations */ if (!isset($this->current['ADMIN']) || !isset($this->current['PASSWORD'])){ $url= $this->current['SERVER']; @@ -336,49 +339,10 @@ class config { $this->current['PASSWORD']= $referral['PASSWORD']; } - /* Bail out if problematic */ - if (!isset($this->current['ADMIN']) || !isset($this->current['PASSWORD'])){ - msg_dialog::display(_("Configuration error"), _("Cannot find any administrative LDAP credentials!"), FATAL_ERROR_DIALOG); - exit; - } - } - - - function encode_server_url($url, $base, $val) - { - return (preg_replace("/_+/", "_", "HTTP_".strtr(strtoupper($url."_".md5($base)."_$val"), ".-:/", "____"))); - } - - - function get_admin_dn() - { - $enc= $this->encode_server_url($this->current['SERVER'], $this->current['BASE'], "ADMIN"); - /* Answer from http request */ - if (isset($_SERVER[$enc])){ - return $_SERVER[$enc]; - } - - /* Answer in old style for compatibility */ - $this->update_credentials_from_config(); - return $this->current['ADMIN']; - } - - - function get_admin_password() - { - $enc= $this->encode_server_url($this->current['SERVER'], $this->current['BASE'], "PASSWORD"); - - /* Answer from http request */ - if (isset($_SERVER[$enc])){ - return $_SERVER[$enc]; - } - - /* Answer in old style for compatibility */ - $this->update_credentials_from_config(); - return $this->current['PASSWORD']; + /* Load server informations */ + $this->load_servers(); } - function load_servers () { /* Only perform actions if current is set */ @@ -424,7 +388,8 @@ class config { if ($ldap->count()){ $attrs= $ldap->fetch(); $this->data['SERVERS']['KERBEROS']= array( 'SERVER' => $attrs['cn'][0], - 'REALM' => $attrs['goKrbRealm'][0]); + 'REALM' => $attrs['goKrbRealm'][0], + 'ADMIN' => $attrs['goKrbAdmin'][0]); } /* Get cups server. FIXME: only one is supported currently */ diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index 08626e248..4f7236ae5 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -2733,7 +2733,25 @@ function get_random_char () { } else { return (chr ($randno + 59)); // Lowercase } - } +} + + +function cred_encrypt($input, $password) { + + $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); + $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM); + + return bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password, $input, MCRYPT_MODE_ECB, $iv)); + +} + +function cred_decrypt($input,$password) { + $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); + $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM); + + return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, pack("H*", $input), MCRYPT_MODE_ECB, $iv); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>