Skip to content
Permalink
Browse files
Crypt passwords in DB
fixed #2252
  • Loading branch information
moyooo committed Oct 26, 2010
1 parent b236a88 commit 60732c5a5a42cb18338db9017c6f2e808027b28c
Showing 10 changed files with 153 additions and 23 deletions.
@@ -77,6 +77,10 @@

define("NOT_AVAILABLE",'N/A');

// key used to crypt passwords in DB for external access : proxy / smtp / ldap / mailcollectors
// This key is not used to crypt user's passwords
// If you hav to define passwords again
define("GLPIKEY","GLPI£i'snarss'ç");

// TIMES
define("MINUTE_TIMESTAMP",60);
@@ -42,7 +42,6 @@
if (!empty($_POST["test_smtp_send"])) {
NotificationMail::testNotification();
glpi_header($_SERVER['HTTP_REFERER']);

} else if (!empty($_POST["update"])) {
$config = new Config;
$config->update($_POST);
@@ -542,7 +542,7 @@ function Login($login_name, $login_password, $noauto=false) {
$ds = AuthLdap::connectToServer($ldap_method["host"],
$ldap_method["port"],
$ldap_method["rootdn"],
$ldap_method["rootdn_password"],
decrypt($ldap_method["rootdn_password"],GLPIKEY),
$ldap_method["use_tls"],
$ldap_method["deref_option"]);

@@ -138,8 +138,12 @@ function preconfig($type) {

function prepareInputForUpdate($input) {

if (isset($input["rootdn_password"]) && empty($input["rootdn_password"])) {
unset($input["rootdn_password"]);
if (isset($input["rootdn_password"])) {
if (empty($input["rootdn_password"])) {
unset($input["rootdn_password"]);
} else {
$input["rootdn_password"]=encrypt($input["rootdn_password"],GLPIKEY);
}
}

// Set attributes in lower case
@@ -855,7 +859,7 @@ static function testLDAPConnection($auths_id, $replicate_id=-1) {
$port = $config_ldap->fields['port'];
}
$ds = AuthLdap::connectToServer($host, $port, $config_ldap->fields['rootdn'],
$config_ldap->fields['rootdn_password'],
decrypt($config_ldap->fields['rootdn_password'],GLPIKEY),
$config_ldap->fields['use_tls'],
$config_ldap->fields['deref_option']);
if ($ds) {
@@ -1030,7 +1034,7 @@ static function getAllUsers($options = array(), &$results, &$limitexceeded) {
}
$ds = AuthLdap::connectToServer($config_ldap->fields['host'], $config_ldap->fields['port'],
$config_ldap->fields['rootdn'],
$config_ldap->fields['rootdn_password'],
decrypt($config_ldap->fields['rootdn_password'],GLPIKEY),
$config_ldap->fields['use_tls'],
$config_ldap->fields['deref_option']);
if ($ds) {
@@ -1278,7 +1282,7 @@ static function getAllGroups($auths_id, $filter, $filter2, $entity, $order='DESC

$ds = AuthLdap::connectToServer($config_ldap->fields['host'], $config_ldap->fields['port'],
$config_ldap->fields['rootdn'],
$config_ldap->fields['rootdn_password'],
decrypt($config_ldap->fields['rootdn_password'],GLPIKEY),
$config_ldap->fields['use_tls'],
$config_ldap->fields['deref_option']);
if ($ds) {
@@ -1498,7 +1502,7 @@ static function ldapImportUserByServerId($params=array(), $action, $ldap_server,
} else {
$ds = AuthLdap::connectToServer($config_ldap->fields['host'], $config_ldap->fields['port'],
$config_ldap->fields['rootdn'],
$config_ldap->fields['rootdn_password'],
decrypt($config_ldap->fields['rootdn_password'],GLPIKEY),
$config_ldap->fields['use_tls'],
$config_ldap->fields['deref_option']);
}
@@ -1598,7 +1602,7 @@ static function ldapImportGroup ($group_dn, $options=array()) {
//Connect to the directory
$ds = AuthLdap::connectToServer($config_ldap->fields['host'], $config_ldap->fields['port'],
$config_ldap->fields['rootdn'],
$config_ldap->fields['rootdn_password'],
decrypt($config_ldap->fields['rootdn_password'],GLPIKEY),
$config_ldap->fields['use_tls'],
$config_ldap->fields['deref_option']);
if ($ds) {
@@ -1672,7 +1676,8 @@ static function connectToServer($host, $port, $login = "", $password = "", $use_
static function tryToConnectToServer($ldap_method, $login, $password) {

$ds = AuthLdap::connectToServer($ldap_method['host'], $ldap_method['port'],
$ldap_method['rootdn'], $ldap_method['rootdn_password'],
$ldap_method['rootdn'],
decrypt($ldap_method['rootdn_password'],GLPIKEY),
$ldap_method['use_tls'], $ldap_method['deref_option']);

// Test with login and password of the user if exists
@@ -1686,7 +1691,8 @@ static function tryToConnectToServer($ldap_method, $login, $password) {
if (!$ds && $ldap_method['id']>0) {
foreach (getAllReplicateForAMaster($ldap_method['id']) as $replicate) {
$ds = AuthLdap::connectToServer($replicate["host"], $replicate["port"],
$ldap_method['rootdn'], $ldap_method['rootdn_password'],
$ldap_method['rootdn'],
decrypt($ldap_method['rootdn_password'],GLPIKEY),
$ldap_method['use_tls'], $ldap_method['deref_option']);

// Test with login and password of the user
@@ -2298,7 +2304,7 @@ static function searchUser(AuthLDAP $authldap) {

if (AuthLdap::connectToServer($authldap->getField('host'), $authldap->getField('port'),
$authldap->getField('rootdn'),
$authldap->getField('rootdn_password'),
decrypt($authldap->getField('rootdn_password'),GLPIKEY),
$authldap->getField('use_tls'),
$authldap->getField('deref_option'))) {
AuthLdap::showLdapUsers();
@@ -1627,7 +1627,7 @@ function getURLContent ($url, &$msgerr=NULL, $rec=0) {
$request .= "Host: ".$taburl["host"]."\r\n";
if (!empty($CFG_GLPI["proxy_user"])) {
$request .= "Proxy-Authorization: Basic " . base64_encode ($CFG_GLPI["proxy_user"].":".
$CFG_GLPI["proxy_password"]) . "\r\n";
decrypt($CFG_GLPI["proxy_password"],GLPIKEY)) . "\r\n";
}

} else {
@@ -2321,6 +2321,10 @@ function sylk_clean($value) {

/**
* Clean all parameters of an URL. Get a clean URL
*
* @param $url string URL
*
* @return clean URL
**/
function cleanParametersURL($url) {

@@ -2332,6 +2336,10 @@ function cleanParametersURL($url) {
/**
* Manage planning posted datas (must have begin + duration or end)
* Compute end if duration is set
*
* @param $data array data to process
*
* @return processed datas
**/
function manageBeginAndEndPlanDates(&$data) {

@@ -2344,4 +2352,47 @@ function manageBeginAndEndPlanDates(&$data) {
}
}

/**
* Encrypt a string
*
* @param $string string to encrypt
* @param $key string key used to encrypt
*
* @return encrypted string
**/
function encrypt($string, $key) {
$result = '';
for($i=0; $i<strlen($string); $i++) {
$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)+ord($keychar));
$result.=$char;
}

return base64_encode($result);
}


/**
* Decrypt a string
*
* @param $string string to decrypt
* @param $key string key used to decrypt
*
* @return decrypted string
**/
function decrypt($string, $key) {
$result = '';
$string = base64_decode($string);

for($i=0; $i<strlen($string); $i++) {
$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)-ord($keychar));
$result.=$char;
}

return $result;
}

?>
@@ -85,12 +85,20 @@ function showForm($ID, $options=array()) {
**/
function prepareInputForUpdate($input) {

if (isset($input["smtp_password"]) && empty($input["smtp_password"])) {
unset($input["smtp_password"]);
if (isset($input["smtp_password"])) {
if (empty($input["smtp_password"])) {
unset($input["smtp_password"]);
} else {
$input["smtp_password"]=encrypt($input["smtp_password"],GLPIKEY);
}
}

if (isset($input["proxy_password"]) && empty($input["proxy_password"])) {
unset($input["proxy_password"]);
if (isset($input["proxy_password"])) {
if (empty($input["proxy_password"])) {
unset($input["proxy_password"]);
} else {
$input["proxy_password"]=encrypt($input["proxy_password"],GLPIKEY);
}
}

// Manage DB Slave process
@@ -98,9 +98,15 @@ function post_getEmpty () {

function prepareInputForUpdate($input) {

if (isset($input['password']) && empty($input['password'])) {
unset($input['password']);

if (isset($input["password"])) {
if (empty($input["password"])) {
unset($input["password"]);
} else {
$input["password"]=encrypt($input["password"],GLPIKEY);
}
}

if (isset ($input['mail_server']) && !empty ($input['mail_server'])) {
$input["host"] = constructMailServerConfig($input);
}
@@ -684,7 +690,7 @@ function decodeMimeString($mimeStr, $inputCharset='utf-8', $targetCharset='utf-8
function connect() {

$this->marubox=@imap_open($this->fields['host'], $this->fields['login'],
$this->fields['password'], 1);
decrypt($this->fields['password'],GLPIKEY), 1);
}


@@ -77,7 +77,7 @@ function __construct() {
if ($CFG_GLPI['smtp_username'] != '') {
$this->SMTPAuth = true;
$this->Username = $CFG_GLPI['smtp_username'];
$this->Password = $CFG_GLPI['smtp_password'];
$this->Password = decrypt($CFG_GLPI['smtp_password'],GLPIKEY);
}
if ($CFG_GLPI['smtp_mode'] == MAIL_SMTPSSL) {
$this->SMTPSecure = "ssl";
@@ -44,7 +44,7 @@
* @return bool for success (will die for most error)
**/
function update0781to080($output='HTML') {
global $DB, $LANG;
global $DB, $LANG, $CFG_GLPI;

$updateresult = true;
$ADDTODISPLAYPREF = array();
@@ -812,6 +812,62 @@ function update0781to080($output='HTML') {
$migration->addField("glpi_configs", "url_maxlength",
"int(11) NOT NULL DEFAULT '30' AFTER `list_limit_max`");

displayMigrationMessage("080", $LANG['update'][142] . ' - password encrypt');


/// how not to replay password encryption ?
if (!empty($CFG_GLPI['proxy_password'])) {
$query="UPDATE `glpi_configs`
SET `proxy_password` = '".addslashes(encrypt($CFG_GLPI['proxy_password'],GLPIKEY))."'
WHERE `id`= 1 ";
$DB->query($query)
or die("0.80 update proxy_password in glpi_configs " . $LANG['update'][90] . $DB->error());
}
if (!empty($CFG_GLPI['smtp_password'])) {
$query="UPDATE `glpi_configs`
SET `smtp_password` = '".addslashes(encrypt($CFG_GLPI['smtp_password'],GLPIKEY))."'
WHERE `id`= 1 ";
$DB->query($query)
or die("0.80 update proxy_password in glpi_configs " . $LANG['update'][90] . $DB->error());
}

$query = "SELECT *
FROM `glpi_authldaps`
WHERE `rootdn_password` IS NOT NULL AND `rootdn_password` <> ''";

if ($result = $DB->query($query)) {
if ($DB->numrows($result)) {
while ($data = $DB->fetch_assoc($result)) {
if (!empty($data['rootdn_password'])) {
$query="UPDATE `glpi_authldaps`
SET `rootdn_password` = '".addslashes(encrypt($data['rootdn_password'],GLPIKEY))."'
WHERE `id`= '".$data['id']."' ";
$DB->query($query)
or die("0.80 update rootdn_password in glpi_authldaps " . $LANG['update'][90] . $DB->error());
}
}
}
}

$query = "SELECT *
FROM `glpi_mailcollectors`
WHERE `password` IS NOT NULL AND `password` <> ''";

if ($result = $DB->query($query)) {
if ($DB->numrows($result)) {
while ($data = $DB->fetch_assoc($result)) {
if (!empty($data['password'])) {
$query="UPDATE `glpi_mailcollectors`
SET `password` = '".addslashes(encrypt($data['password'],GLPIKEY))."'
WHERE `id`= '".$data['id']."' ";
$DB->query($query)
or die("0.80 update password in glpi_mailcollectors " . $LANG['update'][90] . $DB->error());
}
}
}
}


displayMigrationMessage("080", $LANG['update'][142] . ' - glpi_displaypreferences');

foreach ($ADDTODISPLAYPREF as $type => $tab) {
@@ -123,7 +123,7 @@
echo " ".$method['name'];

if (AuthLdap::tryToConnectToServer($method, $method["rootdn"],
$method["rootdn_password"])) {
decrypt($method["rootdn_password"],GLPIKEY))) {
echo "_OK";
} else {
echo "_PROBLEM";

0 comments on commit 60732c5

Please sign in to comment.