soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Introduce shadow logins

Browse Source
This commit is contained in:
Gregory Soutade
2015-02-09 18:57:49 +01:00
parent 636d403396
commit e9c6208b54
8 changed files with 316 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
server/functions.php
View File

@@ -28,72 +28,11 @@
*/
$MAX_ENTRY_LEN = 512;
$USERS_PATH = "./users/";
$TARGET_DB_VERSION = 1;
function open_crypto($mkey)
function sanitize($val)
{
if (!isset($_SESSION['td']))
{
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
if ($td == false)
die("Unable to open mcrypt");
$ret = mcrypt_generic_init($td, hex2bin($mkey), '0000000000000000');
if ($ret < 0)
{
echo "<div class=\"error\">Unable to set key $ret</div>";
return null;
}
$_SESSION['td'] = $td;
}
else
$td = $_SESSION['td'];
return $td;
}
function decrypt($mkey, $val, $salted)
{
$td = open_crypto($mkey);
if ($td == null) return;
$val = mdecrypt_generic($td, hex2bin($val));
// Remove 0 added by encrypt
$val = str_replace("\0", '', $val);
// Remove salt
if ($salted)
$val = substr($val, 0, strlen($val)-3);
return $val;
}
function encrypt($mkey, $val, $salted)
{
global $MAX_ENTRY_LEN;
$td = open_crypto($mkey);
if ($td == null) return;
if ($salted)
{
$val .= dechex(rand(256,4095)); //between 0x100 and 0xfff
}
$val = mcrypt_generic($td, $val);
if (strlen($val) > $MAX_ENTRY_LEN)
{
echo "<div class=\"error\">Value to encrypt is too long</div>";
return null;
}
return bin2hex($val);
return (isset($_POST[$val])) ? addslashes($_POST[$val]) : "";
}
// From http://php.net/manual/en/function.copy.php
@@ -147,6 +86,45 @@ function create_user($user)
return false;
}
function _migrate_0($user, $db)
{
try {
$db->query("ALTER TABLE gpass ADD access_token VARCHAR(32)");
$db->query("ALTER TABLE gpass ADD shadow_login VARCHAR(32)");
$db->query("ALTER TABLE gpass ADD salt VARCHAR(32)");
$db->query("CREATE TABLE db_version(version INTEGER)");
$db->query("INSERT INTO db_version (version) VALUES (1)");
}
catch(Exception $e)
{
$db->close();
echo "<div class=\"error\">Unable to load database for user $user ! : $e</div>";
return -1;
}
return 0;
}
function migrate_database($user, $db)
{
global $TARGET_DB_VERSION;
$migration_functions = ['_migrate_0'];
$version = $db->querySingle("SELECT version FROM db_version");
if ($version == false)
$version = 0;
for($i=$version; $i<$TARGET_DB_VERSION; $i++)
{
if ($migration_functions[$i]($user, $db))
return -1;
}
return 0;
}
function load_database($user)
{
global $USERS_PATH;
@@ -160,13 +138,17 @@ function load_database($user)
return null;
}
if (migrate_database($user, $db))
return null;
// New access need to reset crypto
unset($_SESSION['td']);
return $db;
}
function add_entry($user, $login, $password)
function add_entry($user, $login, $password,
$shadow_login, $salt, $access_token)
{
$db = load_database($user);
@@ -184,8 +166,11 @@ function add_entry($user, $login, $password)
return false;
}
$result = $db->query("INSERT INTO gpass ('login', 'password') VALUES ('" . $login . "', '" . $password . "')");
$result = $db->query("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES
('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')");
error_log("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES
('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')");
$db->close();
echo "OK";
@@ -193,7 +178,7 @@ function add_entry($user, $login, $password)
return true;
}
function delete_entry($user, $login)
function delete_entry($user, $login, $access_token)
{
$db = load_database($user);
@@ -203,19 +188,26 @@ function delete_entry($user, $login)
return false;
}
$db->query("DELETE FROM gpass WHERE login='" . $login . "'");
$db->close();
echo "OK";
return true;
$db_ac = $db->querySingle("SELECT access_token FROM gpass WHERE login='" . $login . "'");
if (strlen($db_ac) != 0 && strcmp($db_ac, $access_token))
{
$db->close();
echo "Bad access token";
return false;
}
else
{
$db->query("DELETE FROM gpass WHERE login='" . $login . "'");
$db->close();
echo "OK";
return true;
}
}
function update_entry($user, $mkey, $old_login, $url, $login, $password)
function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)
{
if (delete_entry($user, $old_login))
return add_entry($user, $mkey, $url, $login, $password);
if (delete_entry($user, $old_login, $old_access_token))
return add_entry($user, $mkey, $url, $login, $password, $shadow_login, $salt, $new_access_token);
return false;
}
@@ -228,12 +220,60 @@ function list_entries($user)
$result = $db->query("SELECT * FROM gpass");
echo "entries\n";
$first = false;
header('Content-Type: application/json');
echo "{ \"entries\" : [\n";
while (($row = $result->fetchArray()))
{
echo $row['login'] . ";" . $row['password'] . "\n";
if ($first) echo ",";
else $first = true;
if (!strlen($row['shadow_login']))
echo "{\"login\" : \"" . $row['login'] . "\", \"password\" : \"" . $row['password'] . "\" }\n";
else
echo "{\"shadow_login\" : \"" . $row['shadow_login'] . "\", \"salt\" : \"" . $row['salt'] . "\" }\n";
}
echo "]}";
$db->close();
}
function get_secure_entries($user, $access_tokens)
{
$db = load_database($user);
if ($db == null) return;
$query = "SELECT access_token, login, password FROM gpass WHERE access_token IN (";
$first = false;
foreach (preg_split("/,/", $access_tokens) as $ac)
{
/* error_log($ac); */
if ($first) $query .= ", ";
else $first = true;
$query .= "'$ac'";
}
$query .= ")";
error_log($query);
$result = $db->query($query);
header('Content-Type: application/json');
$first = false;
echo "{ \"entries\" : [\n";
while (($row = $result->fetchArray()))
{
if ($first) echo ",";
else $first = true;
echo "{\"access_token\" : \"" . $row['access_token'] . "\", \"login\" : \"" . $row['login'] . "\", \"password\" : \"" . $row['password'] . "\" }\n";
}
echo "]}";
$db->close();
}
?>