From 82cfb3e0f540616fce0dbccbb4af6cfbaf5150c4 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Mon, 14 May 2012 12:58:58 +0200
Subject: [PATCH] LDAP: don't store agent password in plain text

---
 apps/user_ldap/appinfo/update.php     | 9 +++++++++
 apps/user_ldap/appinfo/version        | 2 +-
 apps/user_ldap/lib_ldap.php           | 2 +-
 apps/user_ldap/settings.php           | 6 +++++-
 apps/user_ldap/templates/settings.php | 2 +-
 5 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 apps/user_ldap/appinfo/update.php

diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php
new file mode 100644
index 0000000000..07afeeea8a
--- /dev/null
+++ b/apps/user_ldap/appinfo/update.php
@@ -0,0 +1,9 @@
+<?php
+
+//from version 0.1 to 0.2
+$pw = OCP\Config::getAppValue('user_ldap', 'ldap_password');
+if(!is_null($pw)) {
+	$pwEnc = base64_encode($pw);
+	OCP\Config::setAppValue('user_ldap', 'ldap_agent_password', $pwEnc);
+	OC_Appconfig::deleteKey('user_ldap', 'ldap_password');
+}
\ No newline at end of file
diff --git a/apps/user_ldap/appinfo/version b/apps/user_ldap/appinfo/version
index a0d78bd347..d9bf66b186 100644
--- a/apps/user_ldap/appinfo/version
+++ b/apps/user_ldap/appinfo/version
@@ -1 +1 @@
-0.1.90
\ No newline at end of file
+0.1.91
\ No newline at end of file
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index b2d8167379..bd3dbe9534 100755
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -590,7 +590,7 @@ class OC_LDAP {
 			self::$ldapHost             = OCP\Config::getAppValue('user_ldap', 'ldap_host', '');
 			self::$ldapPort             = OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT);
 			self::$ldapAgentName        = OCP\Config::getAppValue('user_ldap', 'ldap_dn','');
-			self::$ldapAgentPassword    = OCP\Config::getAppValue('user_ldap', 'ldap_password','');
+			self::$ldapAgentPassword    = base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password',''));
 			self::$ldapBase             = OCP\Config::getAppValue('user_ldap', 'ldap_base', '');
 			self::$ldapBaseUsers        = OCP\Config::getAppValue('user_ldap', 'ldap_base_users',self::$ldapBase);
 			self::$ldapBaseGroups       = OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase);
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index de7110fe9a..e5a989b9c7 100755
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,13 +20,16 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
 
 OCP\Util::addscript('user_ldap', 'settings');
 
 if ($_POST) {
 	foreach($params as $param){
 		if(isset($_POST[$param])){
+			if('ldap_agent_password' == $param) {
+				OCP\Config::setAppValue('user_ldap', $param, base64_encode($_POST[$param]));
+			}
 			OCP\Config::setAppValue('user_ldap', $param, $_POST[$param]);
 		}
 		elseif('ldap_tls' == $param) {
@@ -51,5 +54,6 @@ foreach($params as $param){
 $tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT));
 $tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME));
 $tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
+$tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password')));
 
 return $tmpl->fetchPage();
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 48e136668d..d6c1a8ec0e 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -7,7 +7,7 @@
 	<fieldset id="ldapSettings-1">
 		<p><label for="ldap_host"><?php echo $l->t('Host');?><input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>"></label> <label for="ldap_base"><?php echo $l->t('Base');?></label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" /></p>
 		<p><label for="ldap_dn"><?php echo $l->t('Name');?></label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" />
-		<label for="ldap_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" />
+		<label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" value="<?php echo $_['ldap_agent_password']; ?>" />
 		<small><?php echo $l->t('Leave both empty for anonymous bind for search, then bind with users credentials.');?></small></p>
 		<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" value="<?php echo $_['ldap_login_filter']; ?>" /><small><?php echo $l->t('use %%uid placeholder, e.g. uid=%%uid');?></small></p>
 		<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" value="<?php echo $_['ldap_userlist_filter']; ?>" /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>