diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-10-14 17:17:06 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-10-14 17:18:30 +0200 |
| commit | 2c427f050e2bc263b5c4c2faabf73e3993f1d29d (patch) | |
| tree | 3dc42693fe0853e2235194b7e3846b2ae15736c3 | |
| parent | d6c4b83f13976b19f471ce3a02c5b872c2f79bdc (diff) | |
| download | nextcloud-server-2c427f050e2bc263b5c4c2faabf73e3993f1d29d.tar.gz nextcloud-server-2c427f050e2bc263b5c4c2faabf73e3993f1d29d.zip | |
Show a warning in the installer if no secure RNG is available
| -rw-r--r-- | core/templates/installation.php | 10 | ||||
| -rw-r--r-- | lib/setup.php | 2 | ||||
| -rwxr-xr-x | lib/util.php | 24 |
3 files changed, 34 insertions, 2 deletions
diff --git a/core/templates/installation.php b/core/templates/installation.php index 1a05c3fb762..426d60989a6 100644 --- a/core/templates/installation.php +++ b/core/templates/installation.php @@ -3,7 +3,6 @@ <input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'></input> <input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'></input> <form action="index.php" method="post"> - <input type="hidden" name="install" value="true" /> <?php if(count($_['errors']) > 0): ?> <ul class="errors"> @@ -19,7 +18,14 @@ <?php endforeach; ?> </ul> <?php endif; ?> - + <?php if(!$_['secureRNG']): ?> + <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;"> + <legend><strong><?php echo $l->t('Security Warning');?></strong></legend> + <span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span> + <br/> + <span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span> + </fieldset> + <?php endif; ?> <fieldset> <legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend> <p class="infield"> diff --git a/lib/setup.php b/lib/setup.php index 16b9ec68df6..be4101fd7b0 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -5,12 +5,14 @@ $hasMySQL = is_callable('mysql_connect'); $hasPostgreSQL = is_callable('pg_connect'); $hasOracle = is_callable('oci_connect'); $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data'); + $opts = array( 'hasSQLite' => $hasSQLite, 'hasMySQL' => $hasMySQL, 'hasPostgreSQL' => $hasPostgreSQL, 'hasOracle' => $hasOracle, 'directory' => $datadir, + 'secureRNG' => OC_Util::secureRNG_available(), 'errors' => array(), ); diff --git a/lib/util.php b/lib/util.php index 748886083dd..9fde98c1972 100755 --- a/lib/util.php +++ b/lib/util.php @@ -559,6 +559,7 @@ class OC_Util { * @brief Generates a cryptographical secure pseudorandom string * @param Int with the length of the random string * @return String + * Please also update secureRNG_available if you change something here */ public static function generate_random_bytes($length = 30) { @@ -589,4 +590,27 @@ class OC_Util { } return $pseudo_byte; } + + /* + * @brief Checks if a secure random number generator is available + * @return bool + */ + public static function secureRNG_available() { + + // Check openssl_random_pseudo_bytes + if(function_exists('openssl_random_pseudo_bytes')) { + openssl_random_pseudo_bytes(1, $strong); + if($strong == TRUE) { + return true; + } + } + + // Check /dev/random + $fp = @file_get_contents('/dev/random', false, null, 0, 1); + if ($fp !== FALSE) { + return true; + } + + return false; + } } |