[Pkg-owncloud-commits] [owncloud] 37/67: Show a warning in the installer if no secure RNG is available
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:10:39 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.5.1
in repository owncloud.
commit 38f87340147539901ab82b280700949d439d5672
Author: Lukas Reschke <lukas at statuscode.ch>
Date: Sun Oct 14 17:17:06 2012 +0200
Show a warning in the installer if no secure RNG is available
---
core/templates/installation.php | 10 ++++++++--
lib/setup.php | 2 ++
lib/util.php | 24 ++++++++++++++++++++++++
3 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/core/templates/installation.php b/core/templates/installation.php
index 1a05c3f..426d609 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -3,7 +3,6 @@
<input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'></input>
<input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'></input>
<form action="index.php" method="post">
-
<input type="hidden" name="install" value="true" />
<?php if(count($_['errors']) > 0): ?>
<ul class="errors">
@@ -19,7 +18,14 @@
<?php endforeach; ?>
</ul>
<?php endif; ?>
-
+ <?php if(!$_['secureRNG']): ?>
+ <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+ <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+ <span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span>
+ <br/>
+ <span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>
+ </fieldset>
+ <?php endif; ?>
<fieldset>
<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
<p class="infield">
diff --git a/lib/setup.php b/lib/setup.php
index 16b9ec6..be4101f 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -5,12 +5,14 @@ $hasMySQL = is_callable('mysql_connect');
$hasPostgreSQL = is_callable('pg_connect');
$hasOracle = is_callable('oci_connect');
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
+
$opts = array(
'hasSQLite' => $hasSQLite,
'hasMySQL' => $hasMySQL,
'hasPostgreSQL' => $hasPostgreSQL,
'hasOracle' => $hasOracle,
'directory' => $datadir,
+ 'secureRNG' => OC_Util::secureRNG_available(),
'errors' => array(),
);
diff --git a/lib/util.php b/lib/util.php
index e08d38f..eeed82f 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -559,6 +559,7 @@ class OC_Util {
* @brief Generates a cryptographical secure pseudorandom string
* @param Int with the length of the random string
* @return String
+ * Please also update secureRNG_available if you change something here
*/
public static function generate_random_bytes($length = 30) {
@@ -589,4 +590,27 @@ class OC_Util {
}
return $pseudo_byte;
}
+
+ /*
+ * @brief Checks if a secure random number generator is available
+ * @return bool
+ */
+ public static function secureRNG_available() {
+
+ // Check openssl_random_pseudo_bytes
+ if(function_exists('openssl_random_pseudo_bytes')) {
+ openssl_random_pseudo_bytes(1, $strong);
+ if($strong == TRUE) {
+ return true;
+ }
+ }
+
+ // Check /dev/random
+ $fp = @file_get_contents('/dev/random', false, null, 0, 1);
+ if ($fp !== FALSE) {
+ return true;
+ }
+
+ return false;
+ }
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list