extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-05 13:39:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

moved remote hash calculation to a function

Browse Source
This commit is contained in:
Ralf Becker 2007-12-07 00:03:31 +00:00
parent 03f786390d
commit b2640f0cec
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
admin/inc/class.admin_cmd.inc.php
View File

@ -825,8 +825,7 @@ abstract class admin_cmd
if ($data['install_id'] && $data['config_passwd']) // calculate hash if ($data['install_id'] && $data['config_passwd']) // calculate hash
{ {
$pw = self::is_md5($data['config_passwd']) ? $data['config_passwd'] : md5($data['config_passwd']); $data['remote_hash'] = self::remote_hash($data['install_id'],$data['config_passwd']);
$data['remote_hash'] = md5($pw.$data['install_id']);
} }
elseif ($data['install_id'] || $data['config_passwd'] || !$data['remote_hash']) elseif ($data['install_id'] || $data['config_passwd'] || !$data['remote_hash'])
{ {
@ -842,6 +841,24 @@ abstract class admin_cmd
return admin_cmd::$remote->data['remote_id']; return admin_cmd::$remote->data['remote_id'];
} }
/**
* Calculate the remote hash from install_id and config_passwd
*
* @param string $install_id
* @param string $config_passwd
* @return string 32char md5 hash
*/
static function remote_hash($install_id,$config_passwd)
{
if (empty($config_passwd) || !self::is_md5($install_id))
{
throw new egw_exception_wrong_parameter(empty($config_passwd)?'Empty config password':'install_id no md5 hash');
}
if (!self::is_md5($config_passwd)) $config_passwd = md5($config_passwd);
return md5($config_passwd.$install_id);
}
/** /**
* displays an account specified by it's id or lid * displays an account specified by it's id or lid
* *

4
admin/remote.php
View File

@ -39,10 +39,10 @@ $allowed_remote_admin_ids = $GLOBALS['egw_info']['server']['allow_remote_admin']
// of the command (to not allow to send new commands with an earsdroped secret) and the md5 hash // of the command (to not allow to send new commands with an earsdroped secret) and the md5 hash
// of the md5 hash of the config password and the install_id (egw_admin_remote.remote_hash) // of the md5 hash of the config password and the install_id (egw_admin_remote.remote_hash)
if (!$domain_data || is_numeric($_REQUEST['uid']) || !in_array($remote_admin_install_id,$allowed_remote_admin_ids) || if (!$domain_data || is_numeric($_REQUEST['uid']) || !in_array($remote_admin_install_id,$allowed_remote_admin_ids) ||
$_REQUEST['secret'] != ($md5=md5($_REQUEST['uid'].md5($domain_data['config_passwd'].$GLOBALS['egw_info']['server']['install_id'])))) $_REQUEST['secret'] != ($md5=md5($_REQUEST['uid'].admin_cmd::remote_hash($GLOBALS['egw_info']['server']['install_id'],$domain_data['config_passwd']))))
{ {
header("HTTP/1.1 200 Unauthorized"); header("HTTP/1.1 200 Unauthorized");
die("0 secret != '$md5'"); //die("0 secret != '$md5'");
echo lang('0 Permission denied!'); echo lang('0 Permission denied!');
if (!in_array($remote_admin_install_id,$allowed_remote_admin_ids)) if (!in_array($remote_admin_install_id,$allowed_remote_admin_ids))
{ {