class.setup.inc.php

ralfbecker_sf 2016-02-15 11:10:56 UTC #1

Author: ralfbecker
New Revision: 55005

URL: http://svn.stylite.de/viewvc/egroupware?rev=55005&view=rev
Log:

Filemanger: filemanager/cli.php wrongly reported wrong passwords for setup or config user with newer password hashes

Modified:
branches/14.2/filemanager/ (props changed)
branches/14.2/filemanager/cli.php
branches/14.2/setup/ (props changed)
branches/14.2/setup/inc/class.setup.inc.php

Propchange: branches/14.2/filemanager/

— svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb 15 12:10:56 2016
@@ -1,1 +1,1 @@
-/trunk/filemanager:51376,51518,51522,51524,51697,51746,51812,51817,51883,51919,52185,52293,52296,52360,52397,52432,52436,52538,52541,52598,52600,52684,52734,52847,53469,53494,53702,53826,53972,54170,54792-54793,54799,54807,54811,54814-54815,54898
+/trunk/filemanager:51376,51518,51522,51524,51697,51746,51812,51817,51883,51919,52185,52293,52296,52360,52397,52432,52436,52538,52541,52598,52600,52684,52734,52847,53469,53494,53702,53826,53972,54170,54792-54793,54799,54807,54811,54814-54815,54898,55004

Modified: branches/14.2/filemanager/cli.php
URL: http://svn.stylite.de/viewvc/egroupware/branches/14.2/filemanager/cli.php?rev=55005&r1=55004&r2=55005&view=diff

— branches/14.2/filemanager/cli.php (original)
+++ branches/14.2/filemanager/cli.php Mon Feb 15 12:10:56 2016
@@ -15,7 +15,7 @@

chdir(dirname(FILE)); // to enable our relative pathes to work

-error_reporting(error_reporting() & ~E_NOTICE);
+error_reporting(error_reporting() & ~E_NOTICE & ~E_DEPRECATED);

if (php_sapi_name() !== ‘cli’) // security precaution: forbit calling filemanager/cli.php as web-page
{
@@ -34,17 +34,22 @@
//print_r($account);
if (!($sessionid = $GLOBALS[‘egw’]->session->create($account)))
{

  echo "Wrong user-account or -password !!!\n\n";

```
  usage('',1);
```

  usage("Wrong username or -password!");

}
return $sessionid;
}

/**

Give a usage message and exit

- @param string $error_msg =’’ error-message to be printed in front of usage
  */
  -function usage()
  -{
  +function usage($error_msg=’’)
  +{
if ($error_msg)
{
```
  echo "$error_msg\n\n";
```
}
$cmd = basename(FILE);
echo “Usage:\t$cmd ls [-r|–recursive|-l|–long|-i|–inode] URL [URL2 …]\n”;
echo “\t$cmd cat URL [URL2 …]\n”;
@@ -100,7 +105,7 @@
’-empty’,’-size’,’-cmin’,’-ctime’,’-mmin’,’-mtime’,’-limit’,’-order’,’-sort’,
’-hidden’,’-show-deleted’,’-name-preg’,’-path’,’-path-preg’)))
{

```
  			usage();
```

  			usage("Unknown find option '$option'!");
  		}
  		if (in_array($option,array('-empty','-depth','-nouser','-nogroup','-hidden','-show-deleted')))
  		{

@@ -182,7 +187,7 @@
case ‘umount’:
if ($argc != 1 && !$all)
{

```
  	usage();
```

  	usage('Wrong number of parameters!');
  }
  if (($url = $argv[0])) load_wrapper($url);
  if(!egw_vfs::$is_root)

@@ -206,7 +211,7 @@
case ‘mount’:
if ($argc > 2)
{

```
  	usage();
```

  	usage('Wrong number of parameters!');
  }
  load_wrapper($url=$argv[0]);

@@ -249,7 +254,7 @@
break;

case 'rename':

```
  if (count($argv) != 2) usage();
```

  if (count($argv) != 2) usage('Wrong number of parameters!');
  load_wrapper($argv[0]);
  load_wrapper($argv[1]);
  rename($argv[0],$argv[1]);

@@ -535,10 +540,12 @@
$GLOBALS[‘egw_info’][‘flags’][‘currentapp’] = ‘login’;
include(’…/header.inc.php’);

  if ($user == 'root_'.$GLOBALS['egw_info']['server']['header_admin_user'] &&

  	_check_pw($GLOBALS['egw_info']['server']['header_admin_password'],$passwd) ||

  	$user == 'root_'.$GLOBALS['egw_domain'][$domain]['config_user'] &&

  	_check_pw($GLOBALS['egw_domain'][$domain]['config_passwd'],$passwd))

  if (setup::check_auth($user, $passwd,

  		'root_'.$GLOBALS['egw_info']['server']['header_admin_user'],

  		$GLOBALS['egw_info']['server']['header_admin_password']) ||

```
  	setup::check_auth($user, $passwd,
```

  		'root_'.$GLOBALS['egw_domain'][$domain]['config_user'],

  		$GLOBALS['egw_domain'][$domain]['config_passwd']))
  {
  	echo "\nRoot access granted!\n";
  	egw_vfs::$is_root = true;

@@ -555,23 +562,6 @@
echo “\nError: eGroupWare’s files directory {$GLOBALS[‘egw_info’][‘server’][‘files_dir’]} is NOT writable by the user running “.basename(FILE).”!\n”.
"–> Please run it as the same user the webserver uses or root, otherwise the $cmd command will fail!\n\n";
}
-}

-/**

- Check password against a md5 hash or cleartext password
- @param string $hash_or_cleartext
- @param string $pw
- @return boolean
*/
-function _check_pw($hash_or_cleartext,$pw)
-{
//echo “_check_pw($hash_or_cleartext,$pw) md5=”.md5($pw)."\n";
if (preg_match(’/^[0-9a-f]{32}$/’,$hash_or_cleartext))
{

  return $hash_or_cleartext == md5($pw);

}
return $hash_or_cleartext == $pw;
}

/**
@@ -585,7 +575,7 @@

if ($argc < 1 || $argc > 3)
{

```
  usage();
```

```
  usage('Wrong number of parameters!');
```
}
load_wrapper($url = $argv[0]);
if (!class_exists(‘egw_vfs’))
@@ -721,7 +711,7 @@

if (count($argv) > 1 && $to_exists && !is_dir($to))
{

```
  usage();
```

```
  usage("No such directory '$to'!");
```
}
$anz_dirs = $anz_files = 0;
foreach($argv as $from)
@@ -827,9 +817,17 @@
if ($from[0] == ‘/’) $from = ‘sqlfs://default’.$from;
load_wrapper($from);

if (!file_exists($from) || $to[0] != ‘/’ || file_exists($to) || !is_writable(dirname($to)))
{
```
  usage();
```

if (!file_exists($from))
{

  usage("Directory '$from' does NOT exist!");

}
elseif ($to[0] != ‘/’ || file_exists($to))
{

  usage("Directory '$to' does not exist!");

}
elseif (!is_writable(dirname($to)))
{

  usage("Directory '$to' is not writable!");

}
egw_vfs::find($from, array(
‘url’ => true,

Propchange: branches/14.2/setup/

— svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb 15 12:10:56 2016
@@ -1,2 +1,2 @@
/branches/Stylite-EPL-11.1/setup:53282
-/trunk/setup:51812,52135,52360,52747,52912,53019,53075,53531,53556,53563,54271
+/trunk/setup:51812,52135,52360,52747,52912,53019,53075,53531,53556,53563,54271,55004

Modified: branches/14.2/setup/inc/class.setup.inc.php
URL: http://svn.stylite.de/viewvc/egroupware/branches/14.2/setup/inc/class.setup.inc.php?rev=55005&r1=55004&r2=55005&view=diff

— branches/14.2/setup/inc/class.setup.inc.php (original)
+++ branches/14.2/setup/inc/class.setup.inc.php Mon Feb 15 12:10:56 2016
@@ -75,7 +75,7 @@
*/
var $recommended_php_version = ‘5.5’;

function setup($html=False, $translation=False)

function __construct($html=False, $translation=False)
{
// setup us as $GLOBALS[‘egw_setup’], as this gets used in our sub-objects
$GLOBALS[‘egw_setup’] =& $this;
@@ -362,7 +362,7 @@
- @param string $hash hash to check password agains (no {prefix} for plain and md5!)
- @returns bool true on success
  */

function check_auth($user, $pw, $conf_user, $hash)

static function check_auth($user, $pw, $conf_user, $hash)
{
if ($user !== $conf_user)
{

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

eGroupWare-cvs mailing list
eGroupWare-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-cvs