Hi,
this issue is related to several problems. The first one is simple.
A place to start studying the issue is:
<URL:https://httpd.apache.org/docs/trunk/new_features_2_4.html>
"Translation of headers to environment variables is more strict
than before to mitigate some possible cross-site-scripting
attacks via header injection. Headers containing invalid
characters (including underscores) are now silently
dropped."
<URL:https://stackoverflow.com/questions/18185366/header-names-with-underscores-ignored-in-php-5-5-1-apache-2-4-6>.
A patch is attached, problems with upgrades are to be expected.
After having fixed the above problem, things still do not work. I
tried to figure out why and found that the password is decrypted
correctly, but as the working password is of type string(8), the
decrypted is of type string(16). This can be checked with the
following debug patch ("l1Nh8OxB" was the correct password):
diff -ru gosa_orig/include/functions.inc gosa/include/functions.inc
--- gosa_orig/include/functions.inc 2014-06-18 09:19:57.277339000+0200
+++ gosa/include/functions.inc 2014-06-18 14:31:19.827537710 +0200
@@ -469,7 +469,16 @@
function ldap_init ($server, $base, $binddn='', $pass='')
{
global $config;
+ print_r($pass." is a ");
+ var_dump($pass);
+ print_r("(which does not work)<br />l1Nh8OxB is a ");
+ var_dump("l1Nh8OxB");
+ if($pass != "l1Nh8OxB"){
+ print_r("l1Nh8OxB<br />");
+ $pass= "l1Nh8OxB";
+ }
+
$ldap = new LDAP ($binddn, $pass, $server,
isset($config->current['LDAPFOLLOWREFERRALS']) &&
$config->current['LDAPFOLLOWREFERRALS'] == "true",
isset($config->current['LDAPTLS']) &&
$config->current['LDAPTLS'] == "true");
So there seems to be some encoding problem. I tried to fix that, but
someone with more knowledge about php and encodings should have a
look.
Best regards,
Andi
Index: gosa-2.7.4+reloaded1/gosa-core/bin/gosa-encrypt-passwords
===================================================================
--- gosa-2.7.4+reloaded1.orig/gosa-core/bin/gosa-encrypt-passwords
+++ gosa-2.7.4+reloaded1/gosa-core/bin/gosa-encrypt-passwords
@@ -51,7 +51,7 @@ if (file_exists("/etc/gosa/gosa.secrets"
} else {
echo "* creating /etc/gosa/gosa.secrets\n";
$fp = fopen("/etc/gosa/gosa.secrets", 'w') or die("Cannot open /etc/gosa/gosa.secrets for writing - aborted");
- fwrite($fp, "RequestHeader set GOSA_KEY $master_key\n");
+ fwrite($fp, "RequestHeader set GOSAKEY $master_key\n");
fclose($fp);
chmod ("/etc/gosa/gosa.secrets", 0600);
chown ("/etc/gosa/gosa.secrets", "root");
Index: gosa-2.7.4+reloaded1/gosa-core/include/class_config.inc
===================================================================
--- gosa-2.7.4+reloaded1.orig/gosa-core/include/class_config.inc
+++ gosa-2.7.4+reloaded1/gosa-core/include/class_config.inc
@@ -301,14 +301,14 @@ class config {
function get_credentials($creds)
{
- if (isset($_SERVER['HTTP_GOSA_KEY'])){
- if (!session::global_is_set('HTTP_GOSA_KEY_CACHE')){
- session::global_set('HTTP_GOSA_KEY_CACHE',array());
+ if (isset($_SERVER['HTTP_GOSAKEY'])){
+ if (!session::global_is_set('HTTP_GOSAKEY_CACHE')){
+ session::global_set('HTTP_GOSAKEY_CACHE',array());
}
- $cache = session::global_get('HTTP_GOSA_KEY_CACHE');
+ $cache = session::global_get('HTTP_GOSAKEY_CACHE');
if(!isset($cache[$creds])){
- $cache[$creds] = cred_decrypt($creds, $_SERVER['HTTP_GOSA_KEY']);
- session::global_set('HTTP_GOSA_KEY_CACHE',$cache);
+ $cache[$creds] = cred_decrypt($creds, $_SERVER['HTTP_GOSAKEY']);
+ session::global_set('HTTP_GOSAKEY_CACHE',$cache);
}
return ($cache[$creds]);
}
