Various fixes for XSS and bad crypto. No claim to completeness.

[mirror/userdir-ldap-cgi.git] / login.cgi

diff --git a/login.cgi b/login.cgi
index d820af2..aa9df4a 100755 (executable)
--- a/login.cgi
+++ b/login.cgi
@@ -10,7 +10,6 @@ use strict;
 use CGI;
 use Util;
 use URI::Escape;
-use Crypt::Blowfish;
 use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
 
 my %config = &Util::ReadConfigFile;
@@ -23,10 +22,6 @@ if ($proto eq "http" || !($query->param('username')) || !($query->param('passwor
   exit;
 }
 
-my $key = &Util::CreateKey($config{blowfishkeylen}); # human-readable version of the key
-my $hrkey = unpack("H".($config{blowfishkeylen}*2), $key);
-my $cipher = new Crypt::Blowfish $key;
-
 my $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
 &Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
 
@@ -57,14 +52,13 @@ if ($mesg->code == LDAP_SUCCESS) {
   }
   ## END HACK HACK HACK
   
-  my $cryptid = &Util::SavePasswordToFile($username, $password, $cipher);
+  my $authtoken = &Util::SavePasswordToFile($username, $password);
 
   if ($query->param('update')) {
-    my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username&authtoken=$cryptid,$hrkey&editdn=";
-    $url .= uri_escape("uid=$username,$config{basedn}", "\x00-\x40\x7f-\xff");
+    my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username;authtoken=$authtoken";
     print "Location: $url\n\n";
   } else {
-    my $url = "$proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username&authtoken=$cryptid,$hrkey";
+    my $url = "$proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username;authtoken=$authtoken";
     print "Location: $url\n\n";
   }