From ca820b53aa9911874a3c6e7253ea12b72a5cf513 Mon Sep 17 00:00:00 2001
From: cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 5 May 2008 13:28:56 +0000
Subject: [PATCH] Moved to more simple password storage

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10766 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/html/index.php           |  4 +-
 gosa-core/include/class_config.inc | 65 +++++++-----------------------
 gosa-core/include/functions.inc    | 20 ++++++++-
 3 files changed, 36 insertions(+), 53 deletions(-)

diff --git a/gosa-core/html/index.php b/gosa-core/html/index.php
index a9c1cba32..b26380eeb 100644
--- a/gosa-core/html/index.php
+++ b/gosa-core/html/index.php
@@ -271,8 +271,8 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces
       exit()  ;
     }else{
       $cfg = array();
-      $cfg['admin']     = $config->get_admin_dn();
-      $cfg['password']  = $config->get_admin_password();
+      $cfg['admin']     = $config->current['ADMIN'];
+      $cfg['password']  = $config->current['PASSWORD'];
       $cfg['connection']= $config->current['SERVER'];
       $cfg['tls']       = $tls;
       $str = check_schema($cfg,isset($config->current['RFC2307BIS']) && preg_match("/(true|yes|on|1)/i",$config->current['RFC2307BIS']));
diff --git a/gosa-core/include/class_config.inc b/gosa-core/include/class_config.inc
index 4d8b18c8c..d5f682142 100644
--- a/gosa-core/include/class_config.inc
+++ b/gosa-core/include/class_config.inc
@@ -214,13 +214,23 @@ class config  {
     $this->level--;
   }
 
+
+  function get_credentials($creds)
+  {
+    if (isset($_SERVER['HTTP_GOSA_KEY'])){
+      return (cred_decrypt($creds, $_SERVER['HTTP_GOSA_KEY']));
+    }
+    return ($creds);
+  }
+
+
   function get_ldap_link($sizelimit= FALSE)
   {
     if($this->ldap === NULL || !is_resource($this->ldap->cid)){
 
       /* Build new connection */
       $this->ldap= ldap_init ($this->current['SERVER'], $this->current['BASE'],
-          $this->get_admin_dn(), $this->get_admin_password());
+          $this->current['ADMIN'], $this->get_credentials($this->current['PASSWORD']));
 
       /* Check for connection */
       if (is_null($this->ldap) || (is_int($this->ldap) && $this->ldap == 0)){
@@ -321,13 +331,6 @@ class config  {
     /* Convert BASE to have escaped special characters */
     $this->current['BASE']= @LDAP::convert($this->current['BASE']);
 
-    /* Load server informations */
-    $this->load_servers();
-  }
-
-
-  function update_credentials_from_config()
-  {
     /* Parse LDAP referral informations */
     if (!isset($this->current['ADMIN']) || !isset($this->current['PASSWORD'])){
       $url= $this->current['SERVER'];
@@ -336,49 +339,10 @@ class config  {
       $this->current['PASSWORD']= $referral['PASSWORD'];
     }
 
-    /* Bail out if problematic */
-    if (!isset($this->current['ADMIN']) || !isset($this->current['PASSWORD'])){
-      msg_dialog::display(_("Configuration error"), _("Cannot find any administrative LDAP credentials!"), FATAL_ERROR_DIALOG);
-      exit;
-    }
-  }
-
-
-  function encode_server_url($url, $base, $val)
-  {
-    return (preg_replace("/_+/", "_", "HTTP_".strtr(strtoupper($url."_".md5($base)."_$val"), ".-:/", "____")));
-  }
-
-
-  function get_admin_dn()
-  {
-    $enc= $this->encode_server_url($this->current['SERVER'], $this->current['BASE'], "ADMIN");
-    /* Answer from http request */
-    if (isset($_SERVER[$enc])){
-      return $_SERVER[$enc];
-    }
-
-    /* Answer in old style for compatibility */
-    $this->update_credentials_from_config();
-    return $this->current['ADMIN'];
-  }
-
-
-  function get_admin_password()
-  {
-    $enc= $this->encode_server_url($this->current['SERVER'], $this->current['BASE'], "PASSWORD");
-
-    /* Answer from http request */
-    if (isset($_SERVER[$enc])){
-      return $_SERVER[$enc];
-    }
-
-    /* Answer in old style for compatibility */
-    $this->update_credentials_from_config();
-    return $this->current['PASSWORD'];
+    /* Load server informations */
+    $this->load_servers();
   }
 
-
   function load_servers ()
   {
     /* Only perform actions if current is set */
@@ -424,7 +388,8 @@ class config  {
     if ($ldap->count()){
       $attrs= $ldap->fetch();
       $this->data['SERVERS']['KERBEROS']= array( 'SERVER' => $attrs['cn'][0],
-          'REALM' => $attrs['goKrbRealm'][0]);
+          'REALM' => $attrs['goKrbRealm'][0],
+          'ADMIN' => $attrs['goKrbAdmin'][0]);
     }
 
     /* Get cups server. FIXME: only one is supported currently */
diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 08626e248..4f7236ae5 100644
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -2733,7 +2733,25 @@ function get_random_char () {
      } else {
          return (chr ($randno + 59)); // Lowercase
      }
-  }
+}
+
+
+function cred_encrypt($input, $password) {
+
+  $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+  $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
+
+  return bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password, $input, MCRYPT_MODE_ECB, $iv));
+
+}
+
+function cred_decrypt($input,$password) {
+  $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+  $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
+
+  return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, pack("H*", $input), MCRYPT_MODE_ECB, $iv);
+}
+
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>
-- 
2.30.2