diff options
author | Arthur Schiwon <blizzz@owncloud.com> | 2012-05-14 12:58:58 +0200 |
---|---|---|
committer | Arthur Schiwon <blizzz@owncloud.com> | 2012-05-14 12:58:58 +0200 |
commit | 82cfb3e0f540616fce0dbccbb4af6cfbaf5150c4 (patch) | |
tree | 94b2abfddf5bdfe01d381d46368055ad2b0e99aa | |
parent | 2e3467398920249471ec0b4b526fe71c51f7071c (diff) | |
download | nextcloud-server-82cfb3e0f540616fce0dbccbb4af6cfbaf5150c4.tar.gz nextcloud-server-82cfb3e0f540616fce0dbccbb4af6cfbaf5150c4.zip |
LDAP: don't store agent password in plain text
-rw-r--r-- | apps/user_ldap/appinfo/update.php | 9 | ||||
-rw-r--r-- | apps/user_ldap/appinfo/version | 2 | ||||
-rwxr-xr-x | apps/user_ldap/lib_ldap.php | 2 | ||||
-rwxr-xr-x | apps/user_ldap/settings.php | 6 | ||||
-rw-r--r-- | apps/user_ldap/templates/settings.php | 2 |
5 files changed, 17 insertions, 4 deletions
diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php new file mode 100644 index 00000000000..07afeeea8a1 --- /dev/null +++ b/apps/user_ldap/appinfo/update.php @@ -0,0 +1,9 @@ +<?php + +//from version 0.1 to 0.2 +$pw = OCP\Config::getAppValue('user_ldap', 'ldap_password'); +if(!is_null($pw)) { + $pwEnc = base64_encode($pw); + OCP\Config::setAppValue('user_ldap', 'ldap_agent_password', $pwEnc); + OC_Appconfig::deleteKey('user_ldap', 'ldap_password'); +}
\ No newline at end of file diff --git a/apps/user_ldap/appinfo/version b/apps/user_ldap/appinfo/version index a0d78bd347e..d9bf66b1866 100644 --- a/apps/user_ldap/appinfo/version +++ b/apps/user_ldap/appinfo/version @@ -1 +1 @@ -0.1.90
\ No newline at end of file +0.1.91
\ No newline at end of file diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index b2d81673795..bd3dbe9534e 100755 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -590,7 +590,7 @@ class OC_LDAP { self::$ldapHost = OCP\Config::getAppValue('user_ldap', 'ldap_host', ''); self::$ldapPort = OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT); self::$ldapAgentName = OCP\Config::getAppValue('user_ldap', 'ldap_dn',''); - self::$ldapAgentPassword = OCP\Config::getAppValue('user_ldap', 'ldap_password',''); + self::$ldapAgentPassword = base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password','')); self::$ldapBase = OCP\Config::getAppValue('user_ldap', 'ldap_base', ''); self::$ldapBaseUsers = OCP\Config::getAppValue('user_ldap', 'ldap_base_users',self::$ldapBase); self::$ldapBaseGroups = OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase); diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php index de7110fe9a8..e5a989b9c79 100755 --- a/apps/user_ldap/settings.php +++ b/apps/user_ldap/settings.php @@ -20,13 +20,16 @@ * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ -$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute'); +$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute'); OCP\Util::addscript('user_ldap', 'settings'); if ($_POST) { foreach($params as $param){ if(isset($_POST[$param])){ + if('ldap_agent_password' == $param) { + OCP\Config::setAppValue('user_ldap', $param, base64_encode($_POST[$param])); + } OCP\Config::setAppValue('user_ldap', $param, $_POST[$param]); } elseif('ldap_tls' == $param) { @@ -51,5 +54,6 @@ foreach($params as $param){ $tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT)); $tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME)); $tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember')); +$tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password'))); return $tmpl->fetchPage(); diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index 48e136668d1..d6c1a8ec0ec 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -7,7 +7,7 @@ <fieldset id="ldapSettings-1"> <p><label for="ldap_host"><?php echo $l->t('Host');?><input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>"></label> <label for="ldap_base"><?php echo $l->t('Base');?></label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" /></p> <p><label for="ldap_dn"><?php echo $l->t('Name');?></label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" /> - <label for="ldap_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" /> + <label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" value="<?php echo $_['ldap_agent_password']; ?>" /> <small><?php echo $l->t('Leave both empty for anonymous bind for search, then bind with users credentials.');?></small></p> <p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" value="<?php echo $_['ldap_login_filter']; ?>" /><small><?php echo $l->t('use %%uid placeholder, e.g. uid=%%uid');?></small></p> <p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" value="<?php echo $_['ldap_userlist_filter']; ?>" /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p> |