NEW Encrypt all sensitive constants in llx_const
This commit is contained in:
Laurent Destailleur
parent
c60f42b1bf
commit
03d086f741
@ -158,7 +158,7 @@ if (!empty($conf->global->ADHERENT_USE_MAILMAN)) {
|
||||
$link .= '</a>';
|
||||
// Edition des varibales globales
|
||||
$constantes = array(
|
||||
'ADHERENT_MAILMAN_ADMINPW',
|
||||
'ADHERENT_MAILMAN_ADMIN_PASSWORD',
|
||||
'ADHERENT_MAILMAN_URL',
|
||||
'ADHERENT_MAILMAN_UNSUB_URL',
|
||||
'ADHERENT_MAILMAN_LISTS'
|
||||
|
||||
@ -1555,6 +1555,7 @@ class CMailFile
|
||||
|
||||
dol_syslog("Try socket connection to host=".$host." port=".$port);
|
||||
//See if we can connect to the SMTP server
|
||||
$errno = 0; $errstr = '';
|
||||
if ($socket = @fsockopen(
|
||||
$host, // Host to test, IP or domain. Add ssl:// for SSL/TLS.
|
||||
$port, // which Port number to use
|
||||
|
||||
@ -255,6 +255,8 @@ class Conf
|
||||
);
|
||||
|
||||
if (!is_null($db) && is_object($db)) {
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
|
||||
|
||||
// Define all global constants into $this->global->key=value
|
||||
$sql = "SELECT ".$db->decrypt('name')." as name,";
|
||||
$sql .= " ".$db->decrypt('value')." as value, entity";
|
||||
@ -278,8 +280,7 @@ class Conf
|
||||
$value = $_ENV['DOLIBARR_'.$key];
|
||||
}
|
||||
|
||||
//if (! defined("$key")) define("$key", $value); // In some cases, the constant might be already forced (Example: SYSLOG_HANDLERS during install)
|
||||
$this->global->$key = $value;
|
||||
$this->global->$key = dolDecrypt($value);
|
||||
|
||||
if ($value && strpos($key, 'MAIN_MODULE_') === 0) {
|
||||
$reg = array();
|
||||
|
||||
@ -603,7 +603,8 @@ function dolibarr_get_const($db, $name, $entity = 1)
|
||||
if ($resql) {
|
||||
$obj = $db->fetch_object($resql);
|
||||
if ($obj) {
|
||||
$value = $obj->value;
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
|
||||
$value = dolDecrypt($obj->value);
|
||||
}
|
||||
}
|
||||
return $value;
|
||||
@ -651,11 +652,22 @@ function dolibarr_set_const($db, $name, $value, $type = 'chaine', $visible = 0,
|
||||
$resql = $db->query($sql);
|
||||
|
||||
if (strcmp($value, '')) { // true if different. Must work for $value='0' or $value=0
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity)";
|
||||
if (!preg_match('/^MAIN_LOGEVENTS/', $name) && (preg_match('/(_KEY|_EXPORTKEY|_SECUREKEY|_SERVERKEY|_PASS|_PASSWORD|_PW|_PW_TICKET|_PW_EMAILING|_SECRET|_SECURITY_TOKEN|_WEB_TOKEN)$/', $name))) {
|
||||
// This seems a sensitive constant, we encrypt its value
|
||||
// To list all sensitive constant, you can make a
|
||||
// WHERE name like '%\_KEY' or name like '%\_EXPORTKEY' or name like '%\_SECUREKEY' or name like '%\_SERVERKEY' or name like '%\_PASS' or name like '%\_PASSWORD' or name like '%\_SECRET'
|
||||
// or name like '%\_SECURITY_TOKEN' or name like '%\WEB_TOKEN'
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
|
||||
$newvalue = dolEncrypt($value);
|
||||
} else {
|
||||
$newvalue = $value;
|
||||
}
|
||||
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."const(name, value, type, visible, note, entity)";
|
||||
$sql .= " VALUES (";
|
||||
$sql .= $db->encrypt($name);
|
||||
$sql .= ", ".$db->encrypt($value);
|
||||
$sql .= ",'".$db->escape($type)."',".((int) $visible).",'".$db->escape($note)."',".((int) $entity).")";
|
||||
$sql .= ", ".$db->encrypt($newvalue);
|
||||
$sql .= ", '".$db->escape($type)."', ".((int) $visible).", '".$db->escape($note)."', ".((int) $entity).")";
|
||||
|
||||
//print "sql".$value."-".pg_escape_string($value)."-".$sql;exit;
|
||||
//print "xx".$db->escape($value);
|
||||
|
||||
@ -374,13 +374,16 @@ function encodedecode_dbpassconf($level = 0)
|
||||
|
||||
$lineofpass = 0;
|
||||
|
||||
$reg = array();
|
||||
if (preg_match('/^[^#]*dolibarr_main_db_encrypted_pass[\s]*=[\s]*(.*)/i', $buffer, $reg)) { // Old way to save crypted value
|
||||
$val = trim($reg[1]); // This also remove CR/LF
|
||||
$val = preg_replace('/^["\']/', '', $val);
|
||||
$val = preg_replace('/["\'][\s;]*$/', '', $val);
|
||||
if (!empty($val)) {
|
||||
$passwd_crypted = $val;
|
||||
// method dol_encode/dol_decode
|
||||
$val = dol_decode($val);
|
||||
//$val = dolEncrypt($val);
|
||||
$passwd = $val;
|
||||
$lineofpass = 1;
|
||||
}
|
||||
@ -389,10 +392,17 @@ function encodedecode_dbpassconf($level = 0)
|
||||
$val = preg_replace('/^["\']/', '', $val);
|
||||
$val = preg_replace('/["\'][\s;]*$/', '', $val);
|
||||
if (preg_match('/crypted:/i', $buffer)) {
|
||||
// method dol_encode/dol_decode
|
||||
$val = preg_replace('/crypted:/i', '', $val);
|
||||
$passwd_crypted = $val;
|
||||
$val = dol_decode($val);
|
||||
$passwd = $val;
|
||||
} elseif (preg_match('/^dolcrypt:([^:]+):(.*)$/i', $buffer, $reg)) {
|
||||
// method dolEncrypt/dolDecrypt
|
||||
$val = preg_replace('/crypted:([^:]+):/i', '', $val);
|
||||
$passwd_crypted = $val;
|
||||
$val = dolDecrypt($buffer);
|
||||
$passwd = $val;
|
||||
} else {
|
||||
$passwd = $val;
|
||||
$val = dol_encode($val);
|
||||
|
||||
@ -145,7 +145,7 @@ class modAdherent extends DolibarrModules
|
||||
$this->const[$r][4] = 0;
|
||||
$r++;
|
||||
|
||||
$this->const[$r][0] = "ADHERENT_MAILMAN_ADMINPW";
|
||||
$this->const[$r][0] = "ADHERENT_MAILMAN_ADMIN_PASSWORD";
|
||||
$this->const[$r][1] = "chaine";
|
||||
$this->const[$r][2] = "";
|
||||
$this->const[$r][3] = "Mot de passe Admin des liste mailman";
|
||||
|
||||
@ -104,7 +104,9 @@ class DoliStorage implements TokenStorageInterface
|
||||
//var_dump($token);
|
||||
dol_syslog("storeAccessToken service=".$service);
|
||||
|
||||
$serializedToken = serialize($token);
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
|
||||
$serializedToken = dolEncrypt(serialize($token));
|
||||
|
||||
$this->tokens[$service] = $token;
|
||||
|
||||
if (!is_array($this->tokens)) {
|
||||
@ -155,7 +157,8 @@ class DoliStorage implements TokenStorageInterface
|
||||
}
|
||||
$result = $this->db->fetch_array($resql);
|
||||
if ($result) {
|
||||
$token = unserialize($result['token']);
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
|
||||
$token = unserialize(dolDecrypt($result['token']));
|
||||
$this->date_creation = $this->db->jdate($result['datec']);
|
||||
$this->date_modification = $this->db->jdate($result['tms']);
|
||||
$this->state = $result['state'];
|
||||
|
||||
@ -55,6 +55,8 @@ ALTER TABLE llx_user DROP COLUMN idpers3;
|
||||
|
||||
-- v17
|
||||
|
||||
UPDATE llx_const set name = 'ADHERENT_MAILMAN_ADMIN_PASSWORD' WHERE name = 'ADHERENT_MAILMAN_ADMINPW';
|
||||
|
||||
ALTER TABLE llx_oauth_token ADD COLUMN state text after tokenstring;
|
||||
|
||||
ALTER TABLE llx_adherent ADD COLUMN default_lang VARCHAR(6) DEFAULT NULL AFTER datefin;
|
||||
|
||||
@ -7,7 +7,7 @@ MailmanCreationSuccess=Subscription test was executed successfully
|
||||
MailmanDeletionSuccess=Unsubscription test was executed successfully
|
||||
SynchroMailManEnabled=A Mailman update will be performed
|
||||
SynchroSpipEnabled=A Spip update will be performed
|
||||
DescADHERENT_MAILMAN_ADMINPW=Mailman administrator password
|
||||
DescADHERENT_MAILMAN_ADMIN_PASSWORD=Mailman administrator password
|
||||
DescADHERENT_MAILMAN_URL=URL for Mailman subscriptions
|
||||
DescADHERENT_MAILMAN_UNSUB_URL=URL for Mailman unsubscriptions
|
||||
DescADHERENT_MAILMAN_LISTS=List(s) for automatic inscription of new members (separated by a comma)
|
||||
|
||||
@ -141,7 +141,7 @@ class MailmanSpip
|
||||
$list,
|
||||
$object->email,
|
||||
$object->pass,
|
||||
$conf->global->ADHERENT_MAILMAN_ADMINPW
|
||||
$conf->global->ADHERENT_MAILMAN_ADMIN_PASSWORD
|
||||
);
|
||||
|
||||
$curl_url = str_replace($patterns, $replace, $url);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user