diff options
| author | Ian Moore <ian.moore@fireeye.com> | 2015-08-04 23:41:33 -0400 |
|---|---|---|
| committer | Ian Moore <ian.moore@fireeye.com> | 2015-08-04 23:41:33 -0400 |
| commit | b735c0d90e7ecf5ae00696751854ca25c14ff522 (patch) | |
| tree | 07b1f19709c7c801a4f4103423bfa6fedf964098 /endpoints/lib | |
| parent | a87733eb58ba53a75870c1e01d498cb14f116a28 (diff) | |
| download | phpvirtualbox-b735c0d90e7ecf5ae00696751854ca25c14ff522.zip phpvirtualbox-b735c0d90e7ecf5ae00696751854ca25c14ff522.tar.gz phpvirtualbox-b735c0d90e7ecf5ae00696751854ca25c14ff522.tar.bz2 | |
Fix add attachment button context menu in VM storage settings
Standardize on uHash for session pw hash storage
Diffstat (limited to 'endpoints/lib')
| -rw-r--r-- | endpoints/lib/auth/Builtin.php | 72 | ||||
| -rw-r--r-- | endpoints/lib/vboxconnector.php | 2 |
2 files changed, 36 insertions, 38 deletions
diff --git a/endpoints/lib/auth/Builtin.php b/endpoints/lib/auth/Builtin.php index f720c05..30e5a82 100644 --- a/endpoints/lib/auth/Builtin.php +++ b/endpoints/lib/auth/Builtin.php @@ -1,36 +1,36 @@ <?php /** - * + * * Built-in authentication module. Uses VirtualBox's set/getExtraData capability * to store / retrieve user credentials. Called from API when authentication * functions are requested. - * + * * @author Ian Moore (imoore76 at yahoo dot com) * @copyright Copyright (C) 2010-2015 Ian Moore (imoore76 at yahoo dot com) * @version $Id: Builtin.php 595 2015-04-17 09:50:36Z imoore76 $ * @package phpVirtualBox * @see vboxconnector - * + * */ class phpvbAuthBuiltin implements phpvbAuth { - + /** - * + * * A list of capabilities describing this authentication module. * @var array capability values: * @var boolean canChangePassword * @var boolean canModifyUsers * @var boolean canLogout - * + * */ var $capabilities = array( 'canChangePassword' => true, 'canModifyUsers' => true, 'canLogout' => true ); - + /** - * + * * Log in function. Populates $_SESSION * @param string $username user name * @param string $password password @@ -38,12 +38,12 @@ class phpvbAuthBuiltin implements phpvbAuth { function login($username, $password) { global $_SESSION; - + $vbox = new vboxconnector(true); $vbox->skipSessionCheck = true; $vbox->connect(); $p = $vbox->vbox->getExtraData('phpvb/users/'.$username.'/pass'); - + // Check for initial login if($username == 'admin' && !$p && !$vbox->vbox->getExtraData('phpvb/usersSetup')) { $vbox->vbox->setExtraData('phpvb/usersSetup','1'); @@ -51,19 +51,18 @@ class phpvbAuthBuiltin implements phpvbAuth { $vbox->vbox->setExtraData('phpvb/users/'.$username.'/admin', '1'); $p = hash('sha512', 'admin'); } - + if($p == hash('sha512', $password)) { $_SESSION['valid'] = true; $_SESSION['user'] = $username; $_SESSION['admin'] = intval($vbox->vbox->getExtraData('phpvb/users/'.$username.'/admin')); $_SESSION['authCheckHeartbeat'] = time(); $_SESSION['uHash'] = $p; - $_SESSION['uHash256'] = hash('sha256',$password); } } - + /** - * + * * Change password function. * @param string $old old password * @param string $new new password @@ -72,32 +71,31 @@ class phpvbAuthBuiltin implements phpvbAuth { function changePassword($old, $new) { global $_SESSION; - + // Use main / auth server $vbox = new vboxconnector(true); $vbox->connect(); $p = $vbox->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass'); - + if($p == hash('sha512', $old)) { $np = hash('sha512', $new); $vbox->vbox->setExtraData('phpvb/users/'.$_SESSION['user'].'/pass', $np); $response['data']['result'] = 1; $_SESSION['uHash'] = $np; - $_SESSION['uHash256'] = hash('sha256',$np); return true; } return false; } - + /** - * + * * Revalidate login info and set authCheckHeartbeat session variable. * @param vboxconnector $vbox vboxconnector object instance */ function heartbeat($vbox) { global $_SESSION; - + // Check to see if we only have 1 server or are already connected // to the authentication master server if(@$vbox->settings->authMaster || count($vbox->settings->servers) == 1) { @@ -105,7 +103,7 @@ class phpvbAuthBuiltin implements phpvbAuth { } else { $vbcheck = new vboxconnector(true); } - + $vbcheck->connect(); $p = $vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass'); if(!@$p || @$_SESSION['uHash'] != $p) { @@ -115,13 +113,13 @@ class phpvbAuthBuiltin implements phpvbAuth { $_SESSION['admin'] = intval($vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/admin')); $_SESSION['authCheckHeartbeat'] = time(); } - + if(!@$_SESSION['valid']) throw new Exception(trans('Not logged in.','UIUsers'), vboxconnector::PHPVB_ERRNO_FATAL); } - + /** - * + * * Log out user present in $_SESSION * @param array $response response passed byref by API and populated within function */ @@ -132,20 +130,20 @@ class phpvbAuthBuiltin implements phpvbAuth { else unset($_SESSION['valid']); $response['data']['result'] = 1; } - + /** - * + * * Return a list of users * @return array list of users */ function listUsers() { $response = array(); - + // Use main / auth server $vbox = new vboxconnector(true); $vbox->connect(); - + $keys = $vbox->vbox->getExtraDataKeys(); foreach($keys as $k) { if(strpos($k,'phpvb/users/') === 0) { @@ -157,9 +155,9 @@ class phpvbAuthBuiltin implements phpvbAuth { } return $response; } - + /** - * + * * Update user information such as password and admin status * @param array $vboxRequest request passed from API representing the request. Contains user, password and administration level. * @param boolean $skipExistCheck Do not check that the user exists first. Essentially, if this is set and the user does not exist, it is added. @@ -167,26 +165,26 @@ class phpvbAuthBuiltin implements phpvbAuth { function updateUser($vboxRequest, $skipExistCheck) { global $_SESSION; - + // Must be an admin if(!$_SESSION['admin']) break; // Use main / auth server $vbox = new vboxconnector(true); $vbox->connect(); - + // See if it exists if(!$skipExistCheck && $vbox->vbox->getExtraData('phpvb/users/'.$vboxRequest['u'].'/pass')) break; - + if($vboxRequest['p']) $vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/pass', hash('sha512', $vboxRequest['p'])); - + $vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/admin', ($vboxRequest['a'] ? '1' : '0')); } - + /** - * + * * Remove the user $user * @param string $user Username to remove */ @@ -195,7 +193,7 @@ class phpvbAuthBuiltin implements phpvbAuth { // Use main / auth server $vbox = new vboxconnector(true); $vbox->connect(); - + $vbox->vbox->setExtraData('phpvb/users/'.$user.'/pass',''); $vbox->vbox->setExtraData('phpvb/users/'.$user.'/admin',''); $vbox->vbox->setExtraData('phpvb/users/'.$user,''); diff --git a/endpoints/lib/vboxconnector.php b/endpoints/lib/vboxconnector.php index 212c58d..a96746a 100644 --- a/endpoints/lib/vboxconnector.php +++ b/endpoints/lib/vboxconnector.php @@ -3827,7 +3827,7 @@ class vboxconnector { } // set the vboxauthsimple in VM config - $this->session->machine->setExtraData('VBoxAuthSimple/users/'.$_SESSION['user'].'', $_SESSION['uHash256']); + $this->session->machine->setExtraData('VBoxAuthSimple/users/'.$_SESSION['user'].'', $_SESSION['uHash']); // Always set $this->session->machine->setExtraData('GUI/SaveMountedAtRuntime', 'yes'); |