Changeset 2491 in subversion

Timestamp:

May 16, 2009 9:01:49 AM (4 years ago)

Author:

alec

Message:

• Added possibility to encrypt received header, option 'http_received_header_encrypt', added some more logic in encrypt/decrypt functions for security

Location:

trunk/roundcubemail

Files:

• CHANGELOG (modified) (1 diff)
• bin/decrypt.php (added)
• config/main.inc.php.dist (modified) (1 diff)
• plugins/password/password.php (modified) (5 diffs)
• plugins/sasl_password/sasl_password.php (modified) (1 diff)
• program/include/rcmail.php (modified) (3 diffs)
• program/include/rcube_config.php (modified) (1 diff)
• program/include/rcube_ldap.php (modified) (1 diff)
• program/include/rcube_smtp.inc (modified) (1 diff)
• program/localization/en_GB/messages.inc (modified) (1 diff)
• program/localization/en_US/messages.inc (modified) (1 diff)
• program/localization/hu_HU/messages.inc (modified) (1 diff)
• program/localization/pl_PL/messages.inc (modified) (1 diff)
• program/steps/mail/sendmail.inc (modified) (3 diffs)

trunk/roundcubemail/CHANGELOG

@@ -2 +2 @@
 ===========================
 
+- Added possibility to encrypt received header, option 'http_received_header_encrypt',
+  added some more logic in encrypt/decrypt functions for security
 - Fix Answered/Forwarded flag setting for messages in subfolders
 - Fix autocomplete problem with capital letters (#1485792)

trunk/roundcubemail/config/main.inc.php.dist

@@ -229 +229 @@
 // add a received header to outgoing mails containing the creators IP and hostname
 $rcmail_config['http_received_header'] = false;
+
+// Whether or not to encrypt the IP address and the host name
+// these could, in some circles, be considered as sensitive information;
+// however, for the administrator, these could be invaluable help
+// when tracking down issues.
+$rcmail_config['http_received_header_encrypt'] = false;
 
 // this string is used as a delimiter for message headers when sending

trunk/roundcubemail/plugins/password/password.php

@@ -8 +8 @@
  *
  * @version 1.1
- * @author Aleksander 'A.L.E.C' Machniak
+ * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
  * @editor Daniel Black
  *
@@ -114 +114 @@
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($confirm && $_SESSION['password'] !=  $rcmail->encrypt_passwd($curpwd))
+      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd)
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       else if (!($res = $this->_save($curpwd,$newpwd))) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
-        $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+        $_SESSION['password'] = $rcmail->encrypt($newpwd);
       } else
         $rcmail->output->command('display_message', $res, 'error');
@@ -148 +148 @@
     $out = '<table' . $attrib_str . ">\n\n";
 
-    $a_show_cols = array('newpasswd'   => array('type' => 'text'),
-                'confpasswd'   => array('type' => 'text'));
-
     if ($confirm) {
-      $a_show_cols['curpasswd'] = array('type' => 'text');
       // show current password selection
       $field_id = 'curpasswd';
-      $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, 'size' => 20));
+      $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id,
+            'size' => 20, 'autocomplete' => 'off'));
   
       $out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
@@ -165 +162 @@
     // show new password selection
     $field_id = 'newpasswd';
-    $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, 'size' => 20));
+    $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id,
+            'size' => 20, 'autocomplete' => 'off'));
 
     $out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
@@ -174 +172 @@
     // show confirm password selection
     $field_id = 'confpasswd';
-    $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, 'size' => 20));
+    $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id,
+            'size' => 20, 'autocomplete' => 'off'));
 
     $out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",

trunk/roundcubemail/plugins/sasl_password/sasl_password.php

@@ -52 +52 @@
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) {
+      if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       }
       else if ($this->_save($newpwd)) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
-        $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+        $_SESSION['password'] = $rcmail->encrypt($newpwd);
       }
       else {

trunk/roundcubemail/program/include/rcmail.php

@@ -393 +393 @@
     
     if ($_SESSION['imap_host'] && !$this->imap->conn) {
-      if (!($conn = $this->imap->connect($_SESSION['imap_host'], $_SESSION['username'], $this->decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']))) {
+      if (!($conn = $this->imap->connect($_SESSION['imap_host'], $_SESSION['username'], $this->decrypt($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']))) {
         if ($this->output)
           $this->output->show_message($this->imap->error_code == -1 ? 'imaperror' : 'sessionerror', 'error');
@@ -519 +519 @@
       $_SESSION['imap_port'] = $imap_port;
       $_SESSION['imap_ssl']  = $imap_ssl;
-      $_SESSION['password']  = $this->encrypt_passwd($pass);
+      $_SESSION['password']  = $this->encrypt($pass);
       $_SESSION['login_time'] = mktime();
       
@@ -874 +874 @@
   }
 
-  /**
-   * Encrypt IMAP password using DES encryption
-   *
-   * @param string Password to encrypt
-   * @return string Encryprted string
-   */
-  public function encrypt_passwd($pass)
-  {
-    if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""))) {
+
+  /**
+   * Encrypt using 3DES
+   *
+   * @param string $clear clear text input
+   * @param string $key encryption key to retrieve from the configuration, defaults to 'des_key'
+   * @param boolean $base64 whether or not to base64_encode() the result before returning
+   *
+   * @return string encrypted text
+   */
+  public function encrypt($clear, $key = 'des_key', $base64 = true)
+  {
+    /*-
+     * Add a single canary byte to the end of the clear text, which
+     * will help find out how much of padding will need to be removed
+     * upon decryption; see http://php.net/mcrypt_generic#68082
+     */
+    $clear = pack("a*H2", $clear, "80");
+  
+    if (function_exists('mcrypt_module_open') &&
+        ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
+    {
       $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
-      mcrypt_generic_init($td, $this->config->get_des_key(), $iv);
-      $cypher = mcrypt_generic($td, $pass);
+      mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
+      $cipher = $iv . mcrypt_generic($td, $clear);
       mcrypt_generic_deinit($td);
       mcrypt_module_close($td);
     }
-    else if (function_exists('des')) {
-      $cypher = des($this->config->get_des_key(), $pass, 1, 0, NULL);
-    }
-    else {
-      $cypher = $pass;
-
+    else if (function_exists('des'))
+    {
+      define('DES_IV_SIZE', 8);
+      $iv = '';
+      for ($i = 0; $i < constant('DES_IV_SIZE'); $i++)
+        $iv .= sprintf("%c", mt_rand(0, 255));
+      $cipher = $iv . des($this->config->get_crypto_key($key), $clear, 1, 1, $iv);
+    }
+    else
+    {
       raise_error(array(
         'code' => 500,
         'type' => 'php',
         'file' => __FILE__,
-        'message' => "Could not convert encrypt password. Make sure Mcrypt is installed or lib/des.inc is available"
-        ), true, false);
-    }
-
-    return base64_encode($cypher);
-  }
-
-
-  /**
-   * Decrypt IMAP password using DES encryption
-   *
-   * @param string Encrypted password
-   * @return string Plain password
-   */
-  public function decrypt_passwd($cypher)
-  {
-    if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""))) {
-      $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
-      mcrypt_generic_init($td, $this->config->get_des_key(), $iv);
-      $pass = mdecrypt_generic($td, base64_decode($cypher));
+        'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available"
+      ), true, true);
+    }
+  
+    return $base64 ? base64_encode($cipher) : $cipher;
+  }
+
+  /**
+   * Decrypt 3DES-encrypted string
+   *
+   * @param string $cipher encrypted text
+   * @param string $key encryption key to retrieve from the configuration, defaults to 'des_key'
+   * @param boolean $base64 whether or not input is base64-encoded
+   *
+   * @return string decrypted text
+   */
+  public function decrypt($cipher, $key = 'des_key', $base64 = true)
+  {
+    $cipher = $base64 ? base64_decode($cipher) : $cipher;
+
+    if (function_exists('mcrypt_module_open') &&
+        ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
+    {
+      $iv = substr($cipher, 0, mcrypt_enc_get_iv_size($td));
+      $cipher = substr($cipher, mcrypt_enc_get_iv_size($td));
+      mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
+      $clear = mdecrypt_generic($td, $cipher);
       mcrypt_generic_deinit($td);
       mcrypt_module_close($td);
     }
-    else if (function_exists('des')) {
-      $pass = des($this->config->get_des_key(), base64_decode($cypher), 0, 0, NULL);
-    }
-    else {
-      $pass = base64_decode($cypher);
-    }
-
-    return preg_replace('/\x00/', '', $pass);
-  }
-
+    else if (function_exists('des'))
+    {
+      define('DES_IV_SIZE', 8);
+      $iv = substr($cipher, 0, constant('DES_IV_SIZE'));
+      $cipher = substr($cipher, constant('DES_IV_SIZE'));
+      $clear = des($this->config->get_crypto_key($key), $cipher, 0, 1, $iv);
+    }
+    else
+    {
+      raise_error(array(
+        'code' => 500,
+        'type' => 'php',
+        'file' => __FILE__,
+        'message' => "Could not perform decryption; make sure Mcrypt is installed or lib/des.inc is available"
+      ), true, true);
+    }
+  
+    /*-
+     * Trim PHP's padding and the canary byte; see note in
+     * rcmail::encrypt() and http://php.net/mcrypt_generic#68082
+     */
+    $clear = substr(rtrim($clear, "\0"), 0, -1);
+  
+    return $clear;
+  }
 
   /**

trunk/roundcubemail/program/include/rcube_config.php

@@ -177 +177 @@
     return $this->prop;
   }
-  
-  
-  /**
-   * Return a 24 byte key for the DES encryption
-   *
-   * @return string DES encryption key
-   */
-  public function get_des_key()
-  {
-    $key = !empty($this->prop['des_key']) ? $this->prop['des_key'] : 'rcmail?24BitPwDkeyF**ECB';
-    $len = strlen($key);
-
-    // make sure the key is exactly 24 chars long
-    if ($len<24)
-      $key .= str_repeat('_', 24-$len);
-    else if ($len>24)
-      substr($key, 0, 24);
+
+  /**
+   * Return requested DES crypto key.
+   *
+   * @param string Crypto key name
+   * @return string Crypto key
+   */
+  public function get_crypto_key($key)
+  {
+    // Bomb out if the requested key does not exist
+    if (!array_key_exists($key, $this->prop))
+    {
+      raise_error(array(
+        'code' => 500,
+        'type' => 'php',
+        'file' => __FILE__,
+        'message' => "Request for unconfigured crypto key \"$key\""
+      ), true, true);
+    }
+  
+    $key = $this->prop[$key];
+  
+    // Bomb out if the configured key is not exactly 24 bytes long
+    if (strlen($key) != 24)
+    {
+      raise_error(array(
+        'code' => 500,
+        'type' => 'php',
+        'file' => __FILE__,
+        'message' => "Configured crypto key \"$key\" is not exactly 24 bytes long"
+      ), true, true);
+    }
 
     return $key;
   }
-  
-  
+
   /**
    * Try to autodetect operating system and find the correct line endings

trunk/roundcubemail/program/include/rcube_ldap.php

@@ -106 +106 @@
         // No password set, use the session password
         if (empty($this->prop['bind_pass'])) {
-          $this->prop['bind_pass'] = $RCMAIL->decrypt_passwd($_SESSION["password"]);
+          $this->prop['bind_pass'] = $RCMAIL->decrypt($_SESSION['password']);
         }
 

trunk/roundcubemail/program/include/rcube_smtp.inc

@@ -104 +104 @@
 
       if (strstr($CONFIG['smtp_pass'], '%p'))
-        $smtp_pass = str_replace('%p', $RCMAIL->decrypt_passwd($_SESSION['password']), $CONFIG['smtp_pass']);
+        $smtp_pass = str_replace('%p', $RCMAIL->decrypt($_SESSION['password']), $CONFIG['smtp_pass']);
       else
         $smtp_pass = $CONFIG['smtp_pass'];

trunk/roundcubemail/program/localization/en_GB/messages.inc

@@ -95 +95 @@
 $messages['nofromaddress'] = 'Missing e-mail address in selected identity';
 $messages['editorwarning'] = 'Switching to the plain text editor will cause all text formatting to be lost. Do you wish to continue?';
+$messages['httpreceivedencrypterror'] = 'A fatal configuration error occurred. Contact your administrator immediately. <b>Your message can not be sent.</b>';
 
 ?>

trunk/roundcubemail/program/localization/en_US/messages.inc

@@ -95 +95 @@
 $messages['nofromaddress'] = 'Missing e-mail address in selected identity';
 $messages['editorwarning'] = 'Switching to the plain text editor will cause all text formatting to be lost. Do you wish to continue?';
+$messages['httpreceivedencrypterror'] = 'A fatal configuration error occurred. Contact your administrator immediately. <b>Your message can not be sent.</b>';
 
 ?>

trunk/roundcubemail/program/localization/hu_HU/messages.inc

@@ -96 +96 @@
 $messages['nofromaddress'] = 'Hiányzó email cím a kiválasztott feladónál';
 $messages['editorwarning'] = 'Az egyszerű szöveges formátumra való váltás az összes formázás elvesztésével jár. Biztosan folytatja?';
+$messages['httpreceivedencrypterror'] = 'Végzetes konfigurációs hiba történt, azonnal lépjen kapcsolatba az ÃŒzemeltetővel. <b>Az ÃŒzenet nem kÃŒldhető el.</b>';
 
 ?>

trunk/roundcubemail/program/localization/pl_PL/messages.inc

@@ -127 +127 @@
 $messages['nofromaddress'] = 'Brak adresu e-mail w wybranej toÅŒsamości';
 $messages['editorwarning'] = 'Zmiana edytora spowoduje utratę formatowania tekstu. Czy jesteś pewien, ÅŒe chcesz to zrobić?';
+$messages['httpreceivedencrypterror'] = 'WystÄ
+pił błÄ
+d systemu. Skontaktuj się z administratorem. <b>Nie moÅŒna wysłać wiadomości.</b>';
 
 ?>

trunk/roundcubemail/program/steps/mail/sendmail.inc

@@ -55 +55 @@
 
 /****** message sending functions ********/
+
+// encrypt parts of the header
+function rcmail_encrypt_header($what)
+{
+  global $CONFIG, $RCMAIL;
+  if (!$CONFIG['http_received_header_encrypt'])
+  {
+    return $what;
+  }
+  return $RCMAIL->encrypt($what);
+}
 
 // get identity record
@@ -212 +223 @@
 
 // compose headers array
-$headers = array('Date' => date('r'),
-                 'From' => rcube_charset_convert($identity_arr['string'], RCMAIL_CHARSET, $message_charset),
-                 'To'   => $mailto);
+$headers = array();
+
+// if configured, the Received headers goes to top, for good measure
+if ($CONFIG['http_received_header'])
+{
+  $nldlm = $RCMAIL->config->header_delimiter() . "\t";
+  $http_header = 'from ';
+  if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+    $http_header .= rcmail_encrypt_header(gethostbyaddr($_SERVER['HTTP_X_FORWARDED_FOR'])) .
+      ' [' . rcmail_encrypt_header($_SERVER['HTTP_X_FORWARDED_FOR']) . ']';
+    $http_header .= $nldlm . ' via ';
+  }
+  $http_header .= rcmail_encrypt_header(gethostbyaddr($_SERVER['REMOTE_ADDR'])) .
+      ' [' . rcmail_encrypt_header($_SERVER['REMOTE_ADDR']) .']';
+  $http_header .= $nldlm . 'with ' . $_SERVER['SERVER_PROTOCOL'] .
+      ' ('.$_SERVER['REQUEST_METHOD'] . '); ' . date('r');
+  $http_header = wordwrap($http_header, 69, $nldlm);
+  $headers['Received'] = $http_header;
+}
+
+$headers['Date'] = date('r');
+$headers['From'] = rcube_charset_convert($identity_arr['string'], RCMAIL_CHARSET, $message_charset);
+$headers['To'] = $mailto;
 
 // additional recipients
@@ -258 +289 @@
 
 // additional headers
-if ($CONFIG['http_received_header'])
-{
-  $nldlm = $RCMAIL->config->header_delimiter() . "\t";
-  $headers['Received'] =  wordwrap('from ' . (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
-      gethostbyaddr($_SERVER['HTTP_X_FORWARDED_FOR']).' ['.$_SERVER['HTTP_X_FORWARDED_FOR'].']'.$nldlm.' via ' : '') .
-    gethostbyaddr($_SERVER['REMOTE_ADDR']).' ['.$_SERVER['REMOTE_ADDR'].']'.$nldlm.'with ' .
-    $_SERVER['SERVER_PROTOCOL'].' ('.$_SERVER['REQUEST_METHOD'].'); ' . date('r'),
-    69, $nldlm);
-}
-
 $headers['Message-ID'] = $message_id;
 $headers['X-Sender'] = $from;