[PHP] Problems with PHP calling PGP

2001-08-24 Thread CO Group Support

Hi all.  I am having a very strange problem when trying to run PGP under
Unix shell from inside a php script.  I am trying to encrypt the body of an
email message.  And, bizarrely, I can get it to work fine several different
ways (using exec(), popen(), backtick, etc), but (here's the strange part)
every time the script works fine, I get an "internal web server" (Apache)
error when the script terminates.  Whenever I try an exec() or popen()
command that DOESN'T work, Apache DOESN'T complain!  In other words, when
the call to PGP works, Apache fails and vice-versa!  It feels like PGP and
Apache are working together to make sure I can't get the job done!

Now, when I use GNUPG instead of PGP, everything works fine (and no Apache
error).  So, I think the problem has something to do with the way PHP, PGP,
Unix and Apache interact together.  One solution is to just use GNUPG
instead of PGP, but I like PGP better.

Note: I am running my PHP script through a program called php-cgiwrap which
makes the PHP script execute as me on the server rather than as "nobody".  I
can't let the script execute as "nobody" because "nobody" doesn't have
permission to run PGP, but I do.

I would greatly appreciate help on getting the PGP approach to work
perfectly.  I am posting both the PGP and GNUPG code snippets below (note:
all the GNUPG snippets work perfectly).  Thanks.

Kurt Bertone

/**/
Here are some code snippets where the PGP works fine, but Apache complains:



/* set up some strings */
$pgppath = "/usr/home/myhome/.pgp";
$uid = "Recipient Name <[EMAIL PROTECTED]>";
$to = "[EMAIL PROTECTED]";
$subject = "Seekwit Message";
$from = "[EMAIL PROTECTED]";
$msg = "This is a vewy, vewy seekwit message.";

putenv("PGPPATH=$pgppath");

/* following works fine, except we get the Apache error */
$cmd = "/usr/local/bin/pgp -feat '$uid' | /usr/bin/mail -s '$subject' $to";
$pp = popen($cmd, "w");
fputs($pp, $msg);
pclose($pp);

/* following works fine, except we get the Apache error */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat '$uid' | /usr/bin/mail -s
'$subject' $to";
`$cmd`;

/* following works fine, except we get the Apache error */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat '$uid'";
$encrypted = `$cmd`;
$encrypted = "From: $from\n\n" . $encrypted;
mail($to, $subject, "", "$encrypted");



/**/
The following GNUPG code works perfectly - no problems at all.



/* set up some strings */
$pgppath = "/usr/home/myhome/.pgp";
$uid = "Recipient Name <[EMAIL PROTECTED]>";
$to = "[EMAIL PROTECTED]";
$subject = "Seekwit Message";
$from = "[EMAIL PROTECTED]";
$msg = "This is a vewy, vewy seekwit message.";

putenv("GNUPGHOME=$gnupghome");

/* following works perfectly */
$cmd = "/usr/local/bin/gpg --textmode --always-trust ";
$cmd .= "--armor --batch --no-secmem-warning --homedir '$gnupghome' ";
$cmd .= "--compress-algo 1 --cipher-algo cast5 --recipient '$uid' --encrypt
";
$cmd .= "| /usr/bin/mail -s '$subject' $to";
$pp = popen($cmd, "w");
fputs($pp, $msg);
pclose($pp);

/* following works perfectly */
$cmd = "echo '$msg' | /usr/local/bin/gpg --textmode --always-trust ";
$cmd .= "--armor --batch --no-secmem-warning --homedir '$gnupghome' ";
$cmd .= "--compress-algo 1 --cipher-algo cast5 --recipient '$uid' --encrypt
";
$cmd .= "| /usr/bin/mail -s '$subject' $to";
`$cmd`;

/* following works perfectly */
$cmd = "echo '$msg' | /usr/local/bin/gpg --textmode --always-trust ";
$cmd .= "--armor --batch --no-secmem-warning --homedir '$gnupghome' ";
$cmd .= "--compress-algo 1 --cipher-algo cast5 --recipient
'$uid' --encrypt";
$encrypted = `$cmd`;
$encrypted = "From: $from\n\n" . $encrypted;
mail($to, $subject, "", $encrypted);





Re: [PHP] Re: Problems with PHP calling PGP

2001-08-24 Thread CO Group Support

Hello Richard.

Thanks for the response, but I finally, finally found and fixed the problem.
It turns out that PGP generates output on STDERR, even when you run it in
+batchmode.  This extraneous output makes Apache unhappy, for some reason.
So I fixed the problem by inserting a 2>/dev/null into the pgp command to
flush all the STDERR noise down the terlet.  Works great now (whew!).

The working code is below, for those who are interested.

Kurt



/* set up some strings */
$pgppath = "/usr/home/myhome/.pgp";
$ruid = "Recipient Name <[EMAIL PROTECTED]>";
$suid = "Sender Name <[EMAIL PROTECTED]>";
$to = "[EMAIL PROTECTED]";
$subject = "Seekwit Message";
$from = "[EMAIL PROTECTED]";
$msg = "This is a vewy, vewy seekwit message.";

putenv("PGPPATH=$pgppath");

/*
 * the following code snippets work fine as long as the 2>/dev/null is in
there
 * to send the extraneous output
 * that PGP generates on STDERR into the bit bucket
*/

/*
 * I think the following is the most secure way to do it because it doesn't
include the clear text message
 * in the command line, so it should be invisible to people running, for
example, ps -auxxx
 */
$cmd = "/usr/local/bin/pgp -feat +force +batchmode '$ruid' -u '$suid'
2>/dev/null | /usr/bin/mail -s '$subject' $to";
$pp = popen($cmd, "w");
fputs($pp, $msg);
pclose($pp);

/* this one  does a straight echo | pgp | mail */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat +force +batchmode '$ruid' -u
'$suid' 2>/dev/null | /usr/bin/mail -s '$subject' $to";
`$cmd`;

/* this one does an echo | pg, captures the stdout using backtick, and mails
it using php mail */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat +force +batchmode '$ruid' -u
'$suid' 2>/dev/null";
$encrypted = `$cmd`;
$encrypted = "From: $from\n\n" . $encrypted;
mail($to, $subject, "", "$encrypted");




- Original Message -
From: "Richard Lynch" <[EMAIL PROTECTED]>
To: "CO Group Support" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, August 24, 2001 9:05 PM
Subject: [PHP] Re: Problems with PHP calling PGP


> Note: I am running my PHP script through a program called php-cgiwrap
which
> makes the PHP script execute as me on the server rather than as "nobody".
I
> can't let the script execute as "nobody" because "nobody" doesn't have
> permission to run PGP, but I do.

You may want to look at suExec http://apache.org

Try the popen one without the pclose.  If that works, upgrade PHP.

Also -- see if you can su to nobody, and run that php-cgiwrap thingie with
this script without Apache being involved.

And, of course, you *ARE* looking at your Apache error_log, right?...

--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]