projects
/
mirror
/
userdir-ldap-cgi.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Various fixes for XSS and bad crypto. No claim to completeness.
[mirror/userdir-ldap-cgi.git]
/
login.cgi
diff --git
a/login.cgi
b/login.cgi
index
55d4d31
..
aa9df4a
100755
(executable)
--- a/
login.cgi
+++ b/
login.cgi
@@
-1,7
+1,8
@@
#!/usr/bin/perl
#!/usr/bin/perl
-# $Id: login.cgi,v 1.
7 2000/05/10 05:01:55 tausq
Exp $
+# $Id: login.cgi,v 1.
10 2006/12/22 08:58:50 rmurray
Exp $
# (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
# (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
+# (c) 2006 Ryan Murray. Licensed under the GPL. <rmurray@debian.org>
use lib '.';
use strict;
use lib '.';
use strict;
@@
-9,24
+10,20
@@
use strict;
use CGI;
use Util;
use URI::Escape;
use CGI;
use Util;
use URI::Escape;
-use Crypt::Blowfish;
-use Net::LDAP qw(:all);
+use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
my %config = &Util::ReadConfigFile;
my $query = new CGI;
my $proto = ($ENV{HTTPS} ? "https" : "http");
my %config = &Util::ReadConfigFile;
my $query = new CGI;
my $proto = ($ENV{HTTPS} ? "https" : "http");
-if (!($query->param('username')) || !($query->param('password'))) {
- print "Location:
$proto://$ENV{SERVER_NAME}/$config{webloginur
l}\n\n";
+if (
$proto eq "http" ||
!($query->param('username')) || !($query->param('password'))) {
+ print "Location:
https://$ENV{SERVER_NAME}/$config{webloginhtm
l}\n\n";
exit;
}
exit;
}
-my $key = &Util::CreateKey($config{blowfishkeylen}); # human-readable version of the key
-my $hrkey = unpack("H".($config{blowfishkeylen}*2), $key);
-my $cipher = new Crypt::Blowfish $key;
-
my $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
my $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
my $username = $query->param('username');
my $password = $query->param('password');
my $username = $query->param('username');
my $password = $query->param('password');
@@
-55,20
+52,19
@@
if ($mesg->code == LDAP_SUCCESS) {
}
## END HACK HACK HACK
}
## END HACK HACK HACK
- my $
cryptid = &Util::SavePasswordToFile($username, $password, $cipher
);
+ my $
authtoken = &Util::SavePasswordToFile($username, $password
);
if ($query->param('update')) {
if ($query->param('update')) {
- my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username&authtoken=$cryptid,$hrkey&editdn=";
- $url .= uri_escape("uid=$username,$config{basedn}", "\x00-\x40\x7f-\xff");
+ my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username;authtoken=$authtoken";
print "Location: $url\n\n";
} else {
print "Location: $url\n\n";
} else {
- my $url = "$proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username
&authtoken=$cryptid,$hrkey
";
+ my $url = "$proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username
;authtoken=$authtoken
";
print "Location: $url\n\n";
}
$ldap->unbind;
} else {
print "Location: $url\n\n";
}
$ldap->unbind;
} else {
- print "Content-type: text/html\n\n";
+ print "Content-type: text/html
; charset=utf-8
\n\n";
print "<html><body><h1>Not authenticated</h1></body></html>\n";
}
print "<html><body><h1>Not authenticated</h1></body></html>\n";
}