From d1c1740741be2c89cb8d694226dc26c8a749e150 Mon Sep 17 00:00:00 2001 From: Quitta Date: Mon, 19 Aug 2013 20:22:01 +0200 Subject: [PATCH] Added encryption by using the openSSL functionality to encrypt the email passwords in the db --HG-- branch : quitta-gsoc-2013 --- .../ams_lib/autoload/mail_handler.php | 51 +++++++++++------- .../ryzom_ams/ams_lib/autoload/mycrypt.php | 53 +++++++++++++++++++ .../ams_lib/autoload/support_group.php | 7 ++- .../tools/server/ryzom_ams/www/config.php | 4 ++ .../www/html/func/modify_email_of_sgroup.php | 7 ++- .../server/ryzom_ams/www/html/sql/install.php | 2 +- 6 files changed, 101 insertions(+), 23 deletions(-) create mode 100644 code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mycrypt.php diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mail_handler.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mail_handler.php index 12553eb69..f509de729 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mail_handler.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mail_handler.php @@ -142,38 +142,49 @@ class Mail_Handler{ } // Check mail $sGroups = Support_Group::getGroups(); + + //decrypt passwords in the db! + $crypter = new MyCrypt($cfg['crypt']); + foreach($sGroups as $group){ + $group->setIMAP_Password($crypter->decrypt($cfg['mail']['default_password'])); + } + $defaultGroup = new Support_Group(); $defaultGroup->setSGroupId(0); $defaultGroup->setGroupEmail($default_groupemail); $defaultGroup->setIMAP_MailServer($cfg['mail']['default_mailserver']); $defaultGroup->setIMAP_Username($cfg['mail']['default_username']); $defaultGroup->setIMAP_Password($cfg['mail']['default_password']); - + + //add default group to the list $sGroups[] = $defaultGroup; foreach($sGroups as $group){ - $mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error()); - $message_count = imap_num_msg($mbox); - - for ($i = 1; $i <= $message_count; ++$i) { - - //return task ID - $tid = self::incoming_mail_handler($mbox, $i,$group); - - if($tid) { - //TODO: base file on Ticket + timestamp - $file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w'); - fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i)); - fclose($file); + //check if group has mailing stuff filled in! + if($group->getGroupEmail() != "" && $group->getIMAP_MailServer() != "" && $group->getIMAP_Username() != "" && $group->getIMAP_Password() != "") + $mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error()); + $message_count = imap_num_msg($mbox); + + for ($i = 1; $i <= $message_count; ++$i) { - //mark message $i of $mbox for deletion! - imap_delete($mbox, $i); + //return task ID + $tid = self::incoming_mail_handler($mbox, $i,$group); + + if($tid) { + //TODO: base file on Ticket + timestamp + $file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w'); + fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i)); + fclose($file); + + //mark message $i of $mbox for deletion! + imap_delete($mbox, $i); + } + } - + //delete marked messages + imap_expunge($mbox); + imap_close($mbox); } - //delete marked messages - imap_expunge($mbox); - imap_close($mbox); } } diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mycrypt.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mycrypt.php new file mode 100644 index 000000000..2a90f21a8 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mycrypt.php @@ -0,0 +1,53 @@ +config = $cryptinfo; + } + + + public function encrypt($data) { + + self::check_methods($this->config['enc_method'], $this->config['hash_method']); + $iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method'])); + $infostr = sprintf('$%s$%s$', $this->config['enc_method'], $this->config['hash_method']); + return $infostr . openssl_encrypt($data, $this->config['enc_method'], $this->config['key'], false, $iv); + } + + public function decrypt($edata) { + $e_arr = explode('$', $edata); + if( count($e_arr) != 4 ) { + Throw new Exception('Given data is missing crucial sections.'); + } + $this->config['enc_method'] = $e_arr[1]; + $this->config['hash_method'] = $e_arr[2]; + self::check_methods($this->config['enc_method'], $this->config['hash_method']); + $iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method'])); + return openssl_decrypt($e_arr[3], $this->config['enc_method'], $this->config['key'], false, $iv); + } + + private static function hashIV($key, $method, $iv_size) { + $myhash = hash($method, $key, TRUE); + while( strlen($myhash) < $iv_size ) { + $myhash .= hash($method, $myhash, TRUE); + } + return substr($myhash, 0, $iv_size); + } + + private static function check_methods($enc, $hash) { + + if( ! function_exists('openssl_encrypt') ) { + Throw new Exception('openssl_encrypt() not supported.'); + } else if( ! in_array($enc, openssl_get_cipher_methods()) ) { + Throw new Exception('Encryption method ' . $enc . ' not supported.'); + } else if( ! in_array(strtolower($hash), hash_algos()) ) { + Throw new Exception('Hashing method ' . $hash . ' not supported.'); + } + } + + + +} \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/support_group.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/support_group.php index b44e1552e..6975cb183 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/support_group.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/support_group.php @@ -51,7 +51,12 @@ class Support_Group{ $sGroup->setGroupEmail($values['GroupEmail']); $sGroup->setIMAP_MailServer($values['IMAP_MailServer']); $sGroup->setIMAP_Username($values['IMAP_Username']); - $sGroup->setIMAP_Password($values['IMAP_Password']); + + //encrypt password! + global $cfg; + $crypter = new MyCrypt($cfg['crypt']); + $enc_password = $crypter->encrypt($values['IMAP_Password']); + $sGroup->setIMAP_Password($enc_password); $sGroup->create(); return "SUCCESS"; diff --git a/code/ryzom/tools/server/ryzom_ams/www/config.php b/code/ryzom/tools/server/ryzom_ams/www/config.php index d4b99a41c..c57d71746 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/config.php +++ b/code/ryzom/tools/server/ryzom_ams/www/config.php @@ -53,6 +53,10 @@ $SUPPORT_GROUP_IMAP_CRYPTKEY = "azerty"; $TICKET_MAILING_SUPPORT = true; $MAIL_DIR = "/tmp"; +$cfg['crypt']['key'] = 'Sup3rS3cr3tStuff'; +$cfg['crypt']['enc_method'] = 'AES-256-CBC'; +$cfg['crypt']['hash_method'] = "SHA512"; + //----------------------------------------------------------------------------------------- // If true= the server will add automatically unknown user in the database // (in nel.user= nel.permission= ring.ring_user and ring.characters diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/modify_email_of_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/modify_email_of_sgroup.php index ff028864b..a21b19eff 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/modify_email_of_sgroup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/modify_email_of_sgroup.php @@ -15,7 +15,12 @@ function modify_email_of_sgroup(){ $group->setGroupEmail($groupemail); $group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'],FILTER_SANITIZE_STRING)); $group->setIMAP_Username(filter_var($_POST['IMAP_Username'],FILTER_SANITIZE_STRING)); - $group->setIMAP_Password($password); + + //encrypt password! + global $cfg; + $crypter = new MyCrypt($cfg['crypt']); + $enc_password = $crypter->encrypt($password); + $group->setIMAP_Password($enc_password); $group->update(); $result['RESULT_OF_MODIFYING'] = "SUCCESS"; }else{ diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php b/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php index f72e0c8bf..2c0ffb6d5 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php @@ -290,7 +290,7 @@ `GroupEmail` VARCHAR(45) NULL , `IMAP_MailServer` VARCHAR(60) NULL , `IMAP_Username` VARCHAR(45) NULL , - `IMAP_Password` VARCHAR(45) NULL , + `IMAP_Password` VARCHAR(90) NULL , PRIMARY KEY (`SGroupId`) , UNIQUE INDEX `Name_UNIQUE` (`Name` ASC) , UNIQUE INDEX `Tag_UNIQUE` (`Tag` ASC) )