mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 06:30:59 +01:00
mask out passwords in admin queue
This commit is contained in:
parent
e2261d3494
commit
e6ad65387e
@ -25,6 +25,13 @@ abstract class admin_cmd
|
||||
const pending = 4;
|
||||
const queued = 5; // command waits to be fetched from remote
|
||||
|
||||
/**
|
||||
* Status which stil need passwords available
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
static $require_pw_stati = array(self::scheduled,self::pending,self::queued);
|
||||
|
||||
/**
|
||||
* The status of the command, one of either scheduled, successful, failed or deleted
|
||||
*
|
||||
@ -309,7 +316,10 @@ abstract class admin_cmd
|
||||
$vars[$name] = $this->$name;
|
||||
}
|
||||
}
|
||||
$vars['data'] = json_encode($this->data); // data is stored serialized
|
||||
// data is stored serialized
|
||||
// paswords are masked / removed, if we dont need them anymore
|
||||
$vars['data'] = in_array($this->status, self::$require_pw_stati) ?
|
||||
json_encode($this->data) : self::mask_passwords($this->data);
|
||||
|
||||
admin_cmd::$sql->init($vars);
|
||||
if (admin_cmd::$sql->save() != 0)
|
||||
@ -334,6 +344,33 @@ abstract class admin_cmd
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Mask / remove passwords in $data
|
||||
*
|
||||
* @param string|array $data json or php-encoded string or array
|
||||
* @param boolean $return_serialized =true true: return json serialized string, false: return array
|
||||
* @return string|array see $return_serialized
|
||||
*/
|
||||
static function mask_passwords($data, $return_serialized=true)
|
||||
{
|
||||
if (!is_array($data))
|
||||
{
|
||||
$data = json_php_unserialize($data);
|
||||
}
|
||||
foreach($data as $key => &$value)
|
||||
{
|
||||
if (is_array($value))
|
||||
{
|
||||
$value = self::mask_passwords($value, false);
|
||||
}
|
||||
elseif (preg_match('/(pw|passwd_?\d*|(?<!change)password|db_pass)$/i', $key))
|
||||
{
|
||||
$value = str_repeat('*', strlen($value));
|
||||
}
|
||||
}
|
||||
return $return_serialized ? json_encode($data) : $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* reading a command from the queue returning the comand object
|
||||
*
|
||||
@ -843,6 +880,7 @@ abstract class admin_cmd
|
||||
'status' => admin_cmd::failed,
|
||||
'error' => lang('Unknown command %1!',$job['type']),
|
||||
'errno' => 0,
|
||||
'data' => self::mask_passwords($job['data']),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
$setup_info['admin']['name'] = 'admin';
|
||||
$setup_info['admin']['version'] = '14.3';
|
||||
$setup_info['admin']['version'] = '16.1';
|
||||
$setup_info['admin']['app_order'] = 1;
|
||||
$setup_info['admin']['tables'] = array('egw_admin_queue','egw_admin_remote');
|
||||
$setup_info['admin']['enable'] = 1;
|
||||
|
@ -151,3 +151,30 @@ function admin_upgrade14_2_001()
|
||||
return $GLOBALS['setup_info']['admin']['currentver'] = '14.3';
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove cleartext passwords from egw_admin_queue
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function admin_upgrade14_3()
|
||||
{
|
||||
// asuming everythings not MySQL uses PostgreSQL regular expression syntax
|
||||
$regexp = substr($GLOBALS['egw_setup']->db->Type, 0, 5) == 'mysql' ? 'REGEXP' : '~*';
|
||||
|
||||
foreach($GLOBALS['egw_setup']->db->select('egw_admin_queue', 'cmd_id,cmd_data',
|
||||
'cmd_status NOT IN ('.implode(',', admin_cmd::$require_pw_stati).") AND cmd_data $regexp '(pw|passwd\\_?\\d*|password|db\\_pass)\\?\"'",
|
||||
__LINE__, __FILE__, false, '', 'admin') as $row)
|
||||
{
|
||||
if (($masked = admin_cmd::mask_passwords($row['cmd_data'])) != $row['cmd'])
|
||||
{
|
||||
$GLOBALS['egw_setup']->db->update('egw_admin_queue', array('cmd_data' => $masked),
|
||||
array('cmd_id' => $row['cmd_id']), __LINE__, __FILE__, 'admin');
|
||||
}
|
||||
}
|
||||
return $GLOBALS['setup_info']['admin']['currentver'] = '14.3.001';
|
||||
}
|
||||
|
||||
function admin_upgrade14_3_001()
|
||||
{
|
||||
return $GLOBALS['setup_info']['admin']['currentver'] = '16.1';
|
||||
}
|
Loading…
Reference in New Issue
Block a user