Added encryption by using the openSSL functionality to encrypt the email passwords in the db
--HG-- branch : quitta-gsoc-2013
This commit is contained in:
parent
5174764f2d
commit
d1c1740741
6 changed files with 101 additions and 23 deletions
|
@ -142,6 +142,13 @@ class Mail_Handler{
|
||||||
}
|
}
|
||||||
// Check mail
|
// Check mail
|
||||||
$sGroups = Support_Group::getGroups();
|
$sGroups = Support_Group::getGroups();
|
||||||
|
|
||||||
|
//decrypt passwords in the db!
|
||||||
|
$crypter = new MyCrypt($cfg['crypt']);
|
||||||
|
foreach($sGroups as $group){
|
||||||
|
$group->setIMAP_Password($crypter->decrypt($cfg['mail']['default_password']));
|
||||||
|
}
|
||||||
|
|
||||||
$defaultGroup = new Support_Group();
|
$defaultGroup = new Support_Group();
|
||||||
$defaultGroup->setSGroupId(0);
|
$defaultGroup->setSGroupId(0);
|
||||||
$defaultGroup->setGroupEmail($default_groupemail);
|
$defaultGroup->setGroupEmail($default_groupemail);
|
||||||
|
@ -149,9 +156,12 @@ class Mail_Handler{
|
||||||
$defaultGroup->setIMAP_Username($cfg['mail']['default_username']);
|
$defaultGroup->setIMAP_Username($cfg['mail']['default_username']);
|
||||||
$defaultGroup->setIMAP_Password($cfg['mail']['default_password']);
|
$defaultGroup->setIMAP_Password($cfg['mail']['default_password']);
|
||||||
|
|
||||||
|
//add default group to the list
|
||||||
$sGroups[] = $defaultGroup;
|
$sGroups[] = $defaultGroup;
|
||||||
|
|
||||||
foreach($sGroups as $group){
|
foreach($sGroups as $group){
|
||||||
|
//check if group has mailing stuff filled in!
|
||||||
|
if($group->getGroupEmail() != "" && $group->getIMAP_MailServer() != "" && $group->getIMAP_Username() != "" && $group->getIMAP_Password() != "")
|
||||||
$mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
|
$mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
|
||||||
$message_count = imap_num_msg($mbox);
|
$message_count = imap_num_msg($mbox);
|
||||||
|
|
||||||
|
@ -176,6 +186,7 @@ class Mail_Handler{
|
||||||
imap_close($mbox);
|
imap_close($mbox);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
class MyCrypt{
|
||||||
|
|
||||||
|
private $config;
|
||||||
|
|
||||||
|
function __construct($cryptinfo) {
|
||||||
|
$this->config = $cryptinfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public function encrypt($data) {
|
||||||
|
|
||||||
|
self::check_methods($this->config['enc_method'], $this->config['hash_method']);
|
||||||
|
$iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
|
||||||
|
$infostr = sprintf('$%s$%s$', $this->config['enc_method'], $this->config['hash_method']);
|
||||||
|
return $infostr . openssl_encrypt($data, $this->config['enc_method'], $this->config['key'], false, $iv);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function decrypt($edata) {
|
||||||
|
$e_arr = explode('$', $edata);
|
||||||
|
if( count($e_arr) != 4 ) {
|
||||||
|
Throw new Exception('Given data is missing crucial sections.');
|
||||||
|
}
|
||||||
|
$this->config['enc_method'] = $e_arr[1];
|
||||||
|
$this->config['hash_method'] = $e_arr[2];
|
||||||
|
self::check_methods($this->config['enc_method'], $this->config['hash_method']);
|
||||||
|
$iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
|
||||||
|
return openssl_decrypt($e_arr[3], $this->config['enc_method'], $this->config['key'], false, $iv);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function hashIV($key, $method, $iv_size) {
|
||||||
|
$myhash = hash($method, $key, TRUE);
|
||||||
|
while( strlen($myhash) < $iv_size ) {
|
||||||
|
$myhash .= hash($method, $myhash, TRUE);
|
||||||
|
}
|
||||||
|
return substr($myhash, 0, $iv_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function check_methods($enc, $hash) {
|
||||||
|
|
||||||
|
if( ! function_exists('openssl_encrypt') ) {
|
||||||
|
Throw new Exception('openssl_encrypt() not supported.');
|
||||||
|
} else if( ! in_array($enc, openssl_get_cipher_methods()) ) {
|
||||||
|
Throw new Exception('Encryption method ' . $enc . ' not supported.');
|
||||||
|
} else if( ! in_array(strtolower($hash), hash_algos()) ) {
|
||||||
|
Throw new Exception('Hashing method ' . $hash . ' not supported.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -51,7 +51,12 @@ class Support_Group{
|
||||||
$sGroup->setGroupEmail($values['GroupEmail']);
|
$sGroup->setGroupEmail($values['GroupEmail']);
|
||||||
$sGroup->setIMAP_MailServer($values['IMAP_MailServer']);
|
$sGroup->setIMAP_MailServer($values['IMAP_MailServer']);
|
||||||
$sGroup->setIMAP_Username($values['IMAP_Username']);
|
$sGroup->setIMAP_Username($values['IMAP_Username']);
|
||||||
$sGroup->setIMAP_Password($values['IMAP_Password']);
|
|
||||||
|
//encrypt password!
|
||||||
|
global $cfg;
|
||||||
|
$crypter = new MyCrypt($cfg['crypt']);
|
||||||
|
$enc_password = $crypter->encrypt($values['IMAP_Password']);
|
||||||
|
$sGroup->setIMAP_Password($enc_password);
|
||||||
$sGroup->create();
|
$sGroup->create();
|
||||||
|
|
||||||
return "SUCCESS";
|
return "SUCCESS";
|
||||||
|
|
|
@ -53,6 +53,10 @@ $SUPPORT_GROUP_IMAP_CRYPTKEY = "azerty";
|
||||||
$TICKET_MAILING_SUPPORT = true;
|
$TICKET_MAILING_SUPPORT = true;
|
||||||
$MAIL_DIR = "/tmp";
|
$MAIL_DIR = "/tmp";
|
||||||
|
|
||||||
|
$cfg['crypt']['key'] = 'Sup3rS3cr3tStuff';
|
||||||
|
$cfg['crypt']['enc_method'] = 'AES-256-CBC';
|
||||||
|
$cfg['crypt']['hash_method'] = "SHA512";
|
||||||
|
|
||||||
//-----------------------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------------------
|
||||||
// If true= the server will add automatically unknown user in the database
|
// If true= the server will add automatically unknown user in the database
|
||||||
// (in nel.user= nel.permission= ring.ring_user and ring.characters
|
// (in nel.user= nel.permission= ring.ring_user and ring.characters
|
||||||
|
|
|
@ -15,7 +15,12 @@ function modify_email_of_sgroup(){
|
||||||
$group->setGroupEmail($groupemail);
|
$group->setGroupEmail($groupemail);
|
||||||
$group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'],FILTER_SANITIZE_STRING));
|
$group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'],FILTER_SANITIZE_STRING));
|
||||||
$group->setIMAP_Username(filter_var($_POST['IMAP_Username'],FILTER_SANITIZE_STRING));
|
$group->setIMAP_Username(filter_var($_POST['IMAP_Username'],FILTER_SANITIZE_STRING));
|
||||||
$group->setIMAP_Password($password);
|
|
||||||
|
//encrypt password!
|
||||||
|
global $cfg;
|
||||||
|
$crypter = new MyCrypt($cfg['crypt']);
|
||||||
|
$enc_password = $crypter->encrypt($password);
|
||||||
|
$group->setIMAP_Password($enc_password);
|
||||||
$group->update();
|
$group->update();
|
||||||
$result['RESULT_OF_MODIFYING'] = "SUCCESS";
|
$result['RESULT_OF_MODIFYING'] = "SUCCESS";
|
||||||
}else{
|
}else{
|
||||||
|
|
|
@ -290,7 +290,7 @@
|
||||||
`GroupEmail` VARCHAR(45) NULL ,
|
`GroupEmail` VARCHAR(45) NULL ,
|
||||||
`IMAP_MailServer` VARCHAR(60) NULL ,
|
`IMAP_MailServer` VARCHAR(60) NULL ,
|
||||||
`IMAP_Username` VARCHAR(45) NULL ,
|
`IMAP_Username` VARCHAR(45) NULL ,
|
||||||
`IMAP_Password` VARCHAR(45) NULL ,
|
`IMAP_Password` VARCHAR(90) NULL ,
|
||||||
PRIMARY KEY (`SGroupId`) ,
|
PRIMARY KEY (`SGroupId`) ,
|
||||||
UNIQUE INDEX `Name_UNIQUE` (`Name` ASC) ,
|
UNIQUE INDEX `Name_UNIQUE` (`Name` ASC) ,
|
||||||
UNIQUE INDEX `Tag_UNIQUE` (`Tag` ASC) )
|
UNIQUE INDEX `Tag_UNIQUE` (`Tag` ASC) )
|
||||||
|
|
Loading…
Reference in a new issue