Show a warning in the installer if no secure RNG is available
This commit is contained in:
parent
d6c4b83f13
commit
2c427f050e
|
@ -3,7 +3,6 @@
|
||||||
<input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'></input>
|
<input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'></input>
|
||||||
<input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'></input>
|
<input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'></input>
|
||||||
<form action="index.php" method="post">
|
<form action="index.php" method="post">
|
||||||
|
|
||||||
<input type="hidden" name="install" value="true" />
|
<input type="hidden" name="install" value="true" />
|
||||||
<?php if(count($_['errors']) > 0): ?>
|
<?php if(count($_['errors']) > 0): ?>
|
||||||
<ul class="errors">
|
<ul class="errors">
|
||||||
|
@ -19,7 +18,14 @@
|
||||||
<?php endforeach; ?>
|
<?php endforeach; ?>
|
||||||
</ul>
|
</ul>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
<?php if(!$_['secureRNG']): ?>
|
||||||
|
<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
|
||||||
|
<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
|
||||||
|
<span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span>
|
||||||
|
<br/>
|
||||||
|
<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>
|
||||||
|
</fieldset>
|
||||||
|
<?php endif; ?>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
|
<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
|
||||||
<p class="infield">
|
<p class="infield">
|
||||||
|
|
|
@ -5,12 +5,14 @@ $hasMySQL = is_callable('mysql_connect');
|
||||||
$hasPostgreSQL = is_callable('pg_connect');
|
$hasPostgreSQL = is_callable('pg_connect');
|
||||||
$hasOracle = is_callable('oci_connect');
|
$hasOracle = is_callable('oci_connect');
|
||||||
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
|
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
|
||||||
|
|
||||||
$opts = array(
|
$opts = array(
|
||||||
'hasSQLite' => $hasSQLite,
|
'hasSQLite' => $hasSQLite,
|
||||||
'hasMySQL' => $hasMySQL,
|
'hasMySQL' => $hasMySQL,
|
||||||
'hasPostgreSQL' => $hasPostgreSQL,
|
'hasPostgreSQL' => $hasPostgreSQL,
|
||||||
'hasOracle' => $hasOracle,
|
'hasOracle' => $hasOracle,
|
||||||
'directory' => $datadir,
|
'directory' => $datadir,
|
||||||
|
'secureRNG' => OC_Util::secureRNG_available(),
|
||||||
'errors' => array(),
|
'errors' => array(),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
24
lib/util.php
24
lib/util.php
|
@ -559,6 +559,7 @@ class OC_Util {
|
||||||
* @brief Generates a cryptographical secure pseudorandom string
|
* @brief Generates a cryptographical secure pseudorandom string
|
||||||
* @param Int with the length of the random string
|
* @param Int with the length of the random string
|
||||||
* @return String
|
* @return String
|
||||||
|
* Please also update secureRNG_available if you change something here
|
||||||
*/
|
*/
|
||||||
public static function generate_random_bytes($length = 30) {
|
public static function generate_random_bytes($length = 30) {
|
||||||
|
|
||||||
|
@ -589,4 +590,27 @@ class OC_Util {
|
||||||
}
|
}
|
||||||
return $pseudo_byte;
|
return $pseudo_byte;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @brief Checks if a secure random number generator is available
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function secureRNG_available() {
|
||||||
|
|
||||||
|
// Check openssl_random_pseudo_bytes
|
||||||
|
if(function_exists('openssl_random_pseudo_bytes')) {
|
||||||
|
openssl_random_pseudo_bytes(1, $strong);
|
||||||
|
if($strong == TRUE) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check /dev/random
|
||||||
|
$fp = @file_get_contents('/dev/random', false, null, 0, 1);
|
||||||
|
if ($fp !== FALSE) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue