soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Initial commit

Browse Source
This commit is contained in:
Grégory Soutadé
2013-10-09 20:47:43 +02:00
commit 82f95fe6e9
23 changed files with 3252 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

260
server/functions.php Executable file
View File

@@ -0,0 +1,260 @@
<?php
/*
Copyright (C) 2013 Grégory Soutadé
This file is part of gPass.
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
/*
login is stored as :
@@url;login
Password is salted (3 random characters) and encrypted
All is encrypted with AES256 and key : sha256(master key)
*/
$MAX_ENTRY_LEN = 512;
$USERS_PATH = "./users/";
function open_crypto($mkey)
{
if (!isset($_SESSION['td']))
{
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
if ($td == false)
die("Unable to open mcrypt");
$ret = mcrypt_generic_init($td, hash("sha256", $mkey, true), '0000000000000000');
if ($ret < 0)
{
echo "<div class=\"error\">Unable to set key $ret</div>";
return null;
}
$_SESSION['td'] = $td;
}
else
$td = $_SESSION['td'];
return $td;
}
function decrypt($mkey, $val, $salted)
{
$td = open_crypto($mkey);
if ($td == null) return;
$val = mdecrypt_generic($td, hex2bin($val));
// Remove 0 added by encrypt
$val = str_replace("\0", '', $val);
// Remove salt
if ($salted)
$val = substr($val, 0, strlen($val)-3);
return $val;
}
function encrypt($mkey, $val, $salted)
{
global $MAX_ENTRY_LEN;
$td = open_crypto($mkey);
if ($td == null) return;
if ($salted)
{
$val .= dechex(rand(256,4095)); //between 0x100 and 0xfff
}
$val = mcrypt_generic($td, $val);
if (strlen($val) > $MAX_ENTRY_LEN)
{
echo "<div class=\"error\">Value to encrypt is too long</div>";
return null;
}
return bin2hex($val);
}
// From http://php.net/manual/en/function.copy.php
function recurse_copy($src,$dst) {
$dir = opendir($src);
if ($dir == FALSE) return FALSE;
if (!@mkdir($dst)) return FALSE;
while(false !== ( $file = readdir($dir)) ) {
if (( $file != '.' ) && ( $file != '..' )) {
if ( is_dir($src . '/' . $file) ) {
return recurse_copy($src . '/' . $file,$dst . '/' . $file);
}
else {
copy($src . '/' . $file,$dst . '/' . $file);
}
}
}
closedir($dir);
return TRUE;
}
function create_user($user)
{
global $USERS_PATH;
if (strpos($user, "..") || strpos($user, "/") || $user[0] == "." || $user[0] == "_")
{
echo "<div class=\"error\">Invalid user</div>";
}
else
{
$user = $USERS_PATH . $user;
if (file_exists($user))
{
echo "<div class=\"error\">User already exists</div>";
}
else
{
if (!recurse_copy("./ref", $user))
{
echo "<div class=\"error\">Cannot create user $user</div>";
}
else
{
return true;
}
}
}
return false;
}
function load_database($user)
{
global $USERS_PATH;
try {
$db = new SQLite3($USERS_PATH . "$user/gpass.bdd", SQLITE3_OPEN_READWRITE);
}
catch(Exception $e)
{
echo "<div class=\"error\">Unable to load database for user $user !</div>";
return null;
}
// New access need to reset crypto
unset($_SESSION['td']);
return $db;
}
function add_entry($user, $mkey, $url, $login, $password)
{
$db = load_database($user);
if ($db == null) return false;
$password = encrypt($mkey, $password, true);
$login = encrypt($mkey, "@@" . $url . ";" . $login, false);
if ($password == null || $login == null)
return false;
$count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'");
if ($count != 0)
{
echo "<div class=\"error\">Entry already exists</div>";
return false;
}
$result = $db->query("INSERT INTO gpass ('login', 'password') VALUES ('" . $login . "', '" . $password . "')");
return true;
}
function delete_entry($user, $login)
{
$db = load_database($user);
if ($db == null) return false;
$db->query("DELETE FROM gpass WHERE login='" . $login . "'");
return true;
}
function update_entry($user, $mkey, $old_login, $url, $login, $password)
{
if (delete_entry($user, $old_login))
return add_entry($user, $mkey, $url, $login, $password);
return false;
}
function list_entries($user, $mkey)
{
$db = load_database($user);
if ($db == null) return;
$result = $db->query("SELECT * FROM gpass");
$res = array();
$valid_accounts = 0;
$total_accounts = 0;
while ($row = $result->fetchArray())
{
$total_accounts++;
$login = decrypt($mkey, $row['login'], false);
if ($login[0] != '@' && $login[1] != '@')
{
$subres = array('login_ciph' => $row['login'],
'url' => '', 'login' => '',
'password' => $row['password'],
'ciphered' => 1);
array_push($res, $subres);
continue;
}
$login = substr($login, 2);
$sep = strpos($login, ';');
$url = substr($login, 0, $sep);
$login = substr($login, $sep+1);
$password = decrypt($mkey, $row['password'], true);
$subres = array('login_ciph' => $row['login'],
'url' => $url, 'login' => $login,
'password' => $password,
'ciphered' => 0);
array_push($res, $subres);
$valid_accounts++;
}
return array($total_accounts-$valid_accounts, $res);
}
?>

174
server/index.php Executable file
View File

@@ -0,0 +1,174 @@
<?php
/*
Copyright (C) 2013 Grégory Soutadé
This file is part of gPass.
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
include('functions.php');
session_start();
$VIEW_CIPHERED_PASSWORDS=true;
$mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";
$user = (isset($_POST['user'])) ? $_POST['user'] : "";
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<link rel="stylesheet" type="text/css" href="/ressources/gpass.css" />
<script src="ressources/gpass.js"></script>
<?php
global $user;
if ($user == "")
echo "<title>gPass : global Password</title>";
else
echo "<title>gPass : global Password - $user</title>";
?>
</head>
<body>
<?php
if (isset($_POST['create_user']))
{
if (create_user($_POST['user']))
$user = $_POST['user'];
}
else
{
if (isset($_POST['add']))
add_entry($user, $mkey, $_POST['url'], $_POST['login'], $_POST['pwd']);
else if (isset($_POST['delete']))
delete_entry($user, $_POST['login_ciph']);
else if (isset($_POST['update']))
update_entry($user, $mkey, $_POST['login_ciph'], $_POST['url'], $_POST['login'], $_POST['pwd']);
}
?>
<img src="ressources/gpass.png" id="logo" alt="logo"/>
<div id="admin">
<form method="post">
<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
</form>
</div>
<div id="user">
<form method="post" id="select_user">
<?php
global $user;
global $mkey;
$users = scandir("./users/");
$count = 0;
foreach($users as $u)
{
if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
$count++;
}
if ($count == 0)
echo "<b>No user found</b><br/>";
else
{
echo '<b>User</b> <select name="user">';
foreach($users as $u)
{
if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
{
if ($user == "") $user = $u;
if ($user == $u)
echo "<option value=\"$u\" selected=\"1\"/>$u</option>";
else
echo "<option value=\"$u\"/>$u</option>";
}
}
echo "</select>";
echo ' <b>Master key </b> <input type="password" name="mkey"/> <input name="list" type="submit" value="See"/>';
}
?>
</form>
<div id="passwords">
<?php
global $user;
global $mkey;
global $VIEW_UNCIPHERED_PASSWORDS;
if ($user != "")
{
$nb_unciphered = 0;
list($nb_ciphered, $entries) = list_entries($user, $mkey);
echo "<b>" . (count($entries) - $nb_ciphered) . " unciphered password(s)</b><br/>";
foreach($entries as $entry)
{
if ($entry['ciphered'] == 1) continue;
echo '<form method="post">';
echo '<input type="hidden" name="user" value="' . $user . '"/>';
echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>';
echo '<input type="hidden" name="login_ciph" value="' . $entry['login_ciph'] . '"/>';
echo 'URL <input type="text" name="url" value="' . $entry['url'] . '"/>';
echo 'login <input type="text" name="login" value="' . $entry['login'] . '"/>';
echo 'password <input type="text" name="pwd" value="' . $entry['password'] . '"/>';
echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>';
echo '<input type="submit" name="update" value="Update" onclick="return confirm(\'Are you sure want to update this password ?\');"/>';
echo '</form>';
}
echo "<br/><br/>";
echo "<b>$nb_ciphered ciphered password(s)</b><br/>";
if ($VIEW_CIPHERED_PASSWORDS)
{
foreach($entries as $entry)
{
if ($entry['ciphered'] == 0) continue;
echo '<form method="post">';
echo '<input type="hidden" name="user" value="' . $user . '"/>';
echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>';
echo '<input class="hash" type="text" name="login_ciph" value="' . $entry['login_ciph'] . '"/>';
echo '<input class="hash" type="text" name="pwd" value="' . $entry['password'] . '"/>';
echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>';
echo '</form>';
}
}
}
?>
</div>
<div id="add_new_password">
<?php
global $user;
if ($user != "")
{
echo "<b>Add a new password</b><br/>";
echo '<form method="post">';
echo '<input type="hidden" name="user" value="' . $user . '"/>';
echo 'URL <input id="new_url" type="text" name="url"/>';
echo 'login <input type="text" name="login" />';
echo 'password <input id="new_password" type="text" name="pwd"/>';
echo 'master key <input type="password" name="mkey"/>';
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
echo "<input type=\"submit\" name=\"add\" value=\"Add\" onclick='a = document.getElementById(\"new_url\") ; a.value = url_domain(a.value);'/>";
echo '</form>';
}
?>
</div>
</div>
</body>
</html>

1
server/init.sql Executable file
View File

@@ -0,0 +1 @@
CREATE TABLE gpass(login VARCHAR(512) PRIMARY KEY, password VARCHAR(512));

BIN
server/ref/gpass.bdd Executable file
View File

Binary file not shown.

56
server/ref/index.php Executable file
View File

@@ -0,0 +1,56 @@
<?php
/*
Copyright (C) 2013 Grégory Soutadé
This file is part of gPass.
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
function load_database()
{
try {
$db = new SQLite3("./gpass.bdd", SQLITE3_OPEN_READONLY);
}
catch(Exception $e)
{
die("<b>Unable to load database for user $user !</b><br/>");
return null;
}
return $db;
}
$db = load_database();
$res = "";
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
for ($i=0; isset($_POST["k$i"]); $i++)
{
$statement->bindValue(":login", $_POST["k$i"]);
$result = $statement->execute();
$row = $result->fetchArray();
if (isset($row["password"]))
{
echo "pass=" . $row["password"] . "\n";
break;
}
}
$statement->close();
echo "<end>";
?>

70
server/ressources/gpass.css Executable file
View File

@@ -0,0 +1,70 @@
body {
background-image:linear-gradient(#0096ff 30%, white);
height:100%; width:100%;
}
#logo {
display:block;
margin-left:auto;
margin-right:auto;
margin-top:30px;
margin-bottom:40px;
}
#admin {
border-style:solid;
border-width:5px;
border-color:red;
padding : 15px;
margin : 15px;
}
#admin form {
text-align : center;
}
#user {
border-style:solid;
border-width:5px;
border-color:green;
padding : 15px;
margin : 15px;
}
#user input {
margin-right : 30px;
margin-top : 10px;
margin-bottom : 10px;
}
#select_user {
text-align : center;
}
#passwords {
border-style:solid;
border-width:5px;
border-color:grey;
padding : 15px;
margin : 15px;
}
.hash {
width : 700px;
}
#add_new_password {
border-style:solid;
border-width:5px;
border-color:blue;
padding : 15px;
margin : 15px;
}
.error {
text-align:center;
color:red;
font-weight:bold;
font-size:xx-large;
}

63
server/ressources/gpass.js Executable file
View File

@@ -0,0 +1,63 @@
// parseUri 1.2.2
// (c) Steven Levithan <stevenlevithan.com>
// MIT License
// http://blog.stevenlevithan.com/archives/parseuri
function parseUri (str) {
var o = parseUri.options,
m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
uri = {},
i = 14;
while (i--) uri[o.key[i]] = m[i] || "";
uri[o.q.name] = {};
uri[o.key[12]].replace(o.q.parser, function ($0, $1, $2) {
if ($1) uri[o.q.name][$1] = $2;
});
return uri;
};
parseUri.options = {
strictMode: false,
key: ["source","protocol","authority","userInfo","user","password","host","port","relative","path","directory","file","query","anchor"],
q: {
name: "queryKey",
parser: /(?:^|&)([^&=]*)=?([^&]*)/g
},
parser: {
strict: /^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
loose: /^(?:(?![^:@]+:[^:@\/]*@)([^:\/?#.]+):)?(?:\/\/)?((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?)(((\/(?:[^?#](?![^?#\/]*\.[^?#\/.]+(?:[?#]|$)))*\/?)?([^?#\/]*))(?:\?([^#]*))?(?:#(.*))?)/
}
};
function generate_password()
{
// symbols 32 - 47 / 58 - 64 / 91 - 96 / 123 - 126
// numbers 48 - 57
// upper 65 - 90
// lower 97 - 122
var symbols = new Array(40, 47, 48, 57, 65, 90, 97, 122, 123, 126);
// var symbols = new Array(32, 47, 58, 64, 91, 96, 123, 126, 48, 57, 65, 90, 97, 122);
field = document.getElementById("new_password");
var res = "";
//for(i=0; i<16; i++)
while (res.length < 16)
{
a = Math.round(Math.random() * (symbols.length/2) * 2);
diff = symbols[a+1] - symbols[a];
r = Math.round(Math.random()*diff);
if (isNaN(r+symbols[a]))
continue;
res += String.fromCharCode(r + symbols[a]);
}
field.value = res;
}
function url_domain(data) {
var uri = parseUri(data)
return uri['host'];
}

BIN
server/ressources/gpass.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

32
server/ressources/parseuri.js Executable file
View File

@@ -0,0 +1,32 @@
// parseUri 1.2.2
// (c) Steven Levithan <stevenlevithan.com>
// MIT License
function parseUri (str) {
var o = parseUri.options,
m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
uri = {},
i = 14;
while (i--) uri[o.key[i]] = m[i] || "";
uri[o.q.name] = {};
uri[o.key[12]].replace(o.q.parser, function ($0, $1, $2) {
if ($1) uri[o.q.name][$1] = $2;
});
return uri;
};
parseUri.options = {
strictMode: false,
key: ["source","protocol","authority","userInfo","user","password","host","port","relative","path","directory","file","query","anchor"],
q: {
name: "queryKey",
parser: /(?:^|&)([^&=]*)=?([^&]*)/g
},
parser: {
strict: /^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
loose: /^(?:(?![^:@]+:[^:@\/]*@)([^:\/?#.]+):)?(?:\/\/)?((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?)(((\/(?:[^?#](?![^?#\/]*\.[^?#\/.]+(?:[?#]|$)))*\/?)?([^?#\/]*))(?:\?([^#]*))?(?:#(.*))?)/
}
};