r56087 - in /branches/14.2/admin: ./ inc/class.admin_cmd.inc.php setup/setup.inc.php setup/tables_update.inc.php

classic Classic list List threaded Threaded
1 message Options
ralfbecker_sf ralfbecker_sf
Reply | Threaded
Open this post in threaded view
|

r56087 - in /branches/14.2/admin: ./ inc/class.admin_cmd.inc.php setup/setup.inc.php setup/tables_update.inc.php

Author: ralfbecker
Date: Sun May  8 12:05:01 2016
New Revision: 56087

URL: http://svn.stylite.de/viewvc/egroupware?rev=56087&view=rev
Log:
mask out passwords in admin queue

Modified:
    branches/14.2/admin/   (props changed)
    branches/14.2/admin/inc/class.admin_cmd.inc.php
    branches/14.2/admin/setup/setup.inc.php
    branches/14.2/admin/setup/tables_update.inc.php

Propchange: branches/14.2/admin/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sun May  8 12:05:01 2016
@@ -1,2 +1,2 @@
 /branches/14.1/admin:51499
-/trunk/admin:51376,51460,51639,51699,51770,51810,51812,51817,51836,51855,51878,52247,52357,52451,52481,52520,52550-52551,52572,52574,52780,52958,53021-53022,53024,53026,53042,53044,53087,53116,53146-53147,53198,53287,53667,53705,53707,53712,53726,53732,53753,53772,53787,53828,53960,53991,54030,54032,54050,54156,54158,54444-54445,54452,54472,54522,54529,54533,54545,55095,55937
+/trunk/admin:51376,51460,51639,51699,51770,51810,51812,51817,51836,51855,51878,52247,52357,52451,52481,52520,52550-52551,52572,52574,52780,52958,53021-53022,53024,53026,53042,53044,53087,53116,53146-53147,53198,53287,53667,53705,53707,53712,53726,53732,53753,53772,53787,53828,53960,53991,54030,54032,54050,54156,54158,54444-54445,54452,54472,54522,54529,54533,54545,55095,55937,56084

Modified: branches/14.2/admin/inc/class.admin_cmd.inc.php
URL: http://svn.stylite.de/viewvc/egroupware/branches/14.2/admin/inc/class.admin_cmd.inc.php?rev=56087&r1=56086&r2=56087&view=diff
==============================================================================
--- branches/14.2/admin/inc/class.admin_cmd.inc.php (original)
+++ branches/14.2/admin/inc/class.admin_cmd.inc.php Sun May  8 12:05:01 2016
@@ -21,6 +21,13 @@
  const failed     = 3;
  const pending    = 4;
  const queued     = 5; // command waits to be fetched from remote
+
+ /**
+ * Status which stil need passwords available
+ *
+ * @var array
+ */
+ static $require_pw_stati = array(self::scheduled,self::pending,self::queued);
 
  /**
  * The status of the command, one of either scheduled, successful, failed or deleted
@@ -304,7 +311,10 @@
  $vars[$name] = $this->$name;
  }
  }
- $vars['data'] = json_encode($this->data); // data is stored serialized
+ // data is stored serialized
+ // passwords are masked / removed, if we dont need them anymore
+ $vars['data'] = in_array($this->status, self::$require_pw_stati) ?
+ json_encode($this->data) : self::mask_passwords($this->data);
 
  admin_cmd::$sql->init($vars);
  if (admin_cmd::$sql->save() != 0)
@@ -327,6 +337,33 @@
  admin_cmd::_set_async_job();
  }
  return true;
+ }
+
+ /**
+ * Mask / remove passwords in $data
+ *
+ * @param string|array $data json or php-encoded string or array
+ * @param boolean $return_serialized =true true: return json serialized string, false: return array
+ * @return string|array see $return_serialized
+ */
+ static function mask_passwords($data, $return_serialized=true)
+ {
+ if (!is_array($data))
+ {
+ $data = json_php_unserialize($data);
+ }
+ foreach($data as $key => &$value)
+ {
+ if (is_array($value))
+ {
+ $value = self::mask_passwords($value, false);
+ }
+ elseif (preg_match('/(pw|passwd_?\d*|(?<!change)password|db_pass)$/i', $key))
+ {
+ $value = str_repeat('*', strlen($value));
+ }
+ }
+ return $return_serialized ? json_encode($data) : $data;
  }
 
  /**
@@ -838,6 +875,7 @@
  'status' => admin_cmd::failed,
  'error'  => lang('Unknown command %1!',$job['type']),
  'errno'  => 0,
+ 'data'   => self::mask_passwords($job['data']),
  ));
  }
  }

Modified: branches/14.2/admin/setup/setup.inc.php
URL: http://svn.stylite.de/viewvc/egroupware/branches/14.2/admin/setup/setup.inc.php?rev=56087&r1=56086&r2=56087&view=diff
==============================================================================
--- branches/14.2/admin/setup/setup.inc.php (original)
+++ branches/14.2/admin/setup/setup.inc.php Sun May  8 12:05:01 2016
@@ -10,7 +10,7 @@
  */
 
 $setup_info['admin']['name']      = 'admin';
-$setup_info['admin']['version']   = '14.3';
+$setup_info['admin']['version']   = '14.3.001';
 $setup_info['admin']['app_order'] = 1;
 $setup_info['admin']['tables']    = array('egw_admin_queue','egw_admin_remote');
 $setup_info['admin']['enable']    = 1;

Modified: branches/14.2/admin/setup/tables_update.inc.php
URL: http://svn.stylite.de/viewvc/egroupware/branches/14.2/admin/setup/tables_update.inc.php?rev=56087&r1=56086&r2=56087&view=diff
==============================================================================
--- branches/14.2/admin/setup/tables_update.inc.php (original)
+++ branches/14.2/admin/setup/tables_update.inc.php Sun May  8 12:05:01 2016
@@ -151,3 +151,25 @@
  return $GLOBALS['setup_info']['admin']['currentver'] = '14.3';
 }
 
+/**
+ * Remove cleartext passwords from egw_admin_queue
+ *
+ * @return string
+ */
+function admin_upgrade14_3()
+{
+ // asuming everythings not MySQL uses PostgreSQL regular expression syntax
+ $regexp = substr($GLOBALS['egw_setup']->db->Type, 0, 5) == 'mysql' ? 'REGEXP' : '~*';
+
+ foreach($GLOBALS['egw_setup']->db->select('egw_admin_queue', 'cmd_id,cmd_data',
+ 'cmd_status NOT IN ('.implode(',', admin_cmd::$require_pw_stati).") AND cmd_data $regexp '(pw|passwd\\_?\\d*|password|db\\_pass)\\?\"'",
+ __LINE__, __FILE__, false, '', 'admin') as $row)
+ {
+ if (($masked = admin_cmd::mask_passwords($row['cmd_data'])) != $row['cmd'])
+ {
+ $GLOBALS['egw_setup']->db->update('egw_admin_queue', array('cmd_data' => $masked),
+ array('cmd_id' => $row['cmd_id']), __LINE__, __FILE__, 'admin');
+ }
+ }
+ return $GLOBALS['setup_info']['admin']['currentver'] = '14.3.001';
+}


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
eGroupWare-cvs mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/egroupware-cvs