Show a warning in the installer if no secure RNG is available

This commit is contained in:
Lukas Reschke 2012-10-14 17:17:06 +02:00
parent d6c4b83f13
commit 2c427f050e
3 changed files with 34 additions and 2 deletions

View file

@ -3,7 +3,6 @@
<input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'></input>
<input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'></input>
<form action="index.php" method="post">
<input type="hidden" name="install" value="true" />
<?php if(count($_['errors']) > 0): ?>
<ul class="errors">
@ -19,7 +18,14 @@
<?php endforeach; ?>
</ul>
<?php endif; ?>
<?php if(!$_['secureRNG']): ?>
<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
<span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span>
<br/>
<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>
</fieldset>
<?php endif; ?>
<fieldset>
<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
<p class="infield">

View file

@ -5,12 +5,14 @@ $hasMySQL = is_callable('mysql_connect');
$hasPostgreSQL = is_callable('pg_connect');
$hasOracle = is_callable('oci_connect');
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
$opts = array(
'hasSQLite' => $hasSQLite,
'hasMySQL' => $hasMySQL,
'hasPostgreSQL' => $hasPostgreSQL,
'hasOracle' => $hasOracle,
'directory' => $datadir,
'secureRNG' => OC_Util::secureRNG_available(),
'errors' => array(),
);

View file

@ -559,6 +559,7 @@ class OC_Util {
* @brief Generates a cryptographical secure pseudorandom string
* @param Int with the length of the random string
* @return String
* Please also update secureRNG_available if you change something here
*/
public static function generate_random_bytes($length = 30) {
@ -589,4 +590,27 @@ class OC_Util {
}
return $pseudo_byte;
}
/*
* @brief Checks if a secure random number generator is available
* @return bool
*/
public static function secureRNG_available() {
// Check openssl_random_pseudo_bytes
if(function_exists('openssl_random_pseudo_bytes')) {
openssl_random_pseudo_bytes(1, $strong);
if($strong == TRUE) {
return true;
}
}
// Check /dev/random
$fp = @file_get_contents('/dev/random', false, null, 0, 1);
if ($fp !== FALSE) {
return true;
}
return false;
}
}