Adds support for SCM/LDAP passwords encryption in the database (#7411).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4950 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
e1ad561cf6
commit
a78d565959
|
@ -16,6 +16,8 @@
|
|||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
class AuthSource < ActiveRecord::Base
|
||||
include Redmine::Ciphering
|
||||
|
||||
has_many :users
|
||||
|
||||
validates_presence_of :name
|
||||
|
@ -31,6 +33,14 @@ class AuthSource < ActiveRecord::Base
|
|||
def auth_method_name
|
||||
"Abstract"
|
||||
end
|
||||
|
||||
def account_password
|
||||
read_ciphered_attribute(:account_password)
|
||||
end
|
||||
|
||||
def account_password=(arg)
|
||||
write_ciphered_attribute(:account_password, arg)
|
||||
end
|
||||
|
||||
def allow_password_changes?
|
||||
self.class.allow_password_changes?
|
||||
|
|
|
@ -20,8 +20,8 @@ require 'iconv'
|
|||
|
||||
class AuthSourceLdap < AuthSource
|
||||
validates_presence_of :host, :port, :attr_login
|
||||
validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
|
||||
validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
|
||||
validates_length_of :name, :host, :maximum => 60, :allow_nil => true
|
||||
validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
|
||||
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
|
||||
validates_numericality_of :port, :only_integer => true
|
||||
|
||||
|
|
|
@ -16,6 +16,8 @@
|
|||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
class Repository < ActiveRecord::Base
|
||||
include Redmine::Ciphering
|
||||
|
||||
belongs_to :project
|
||||
has_many :changesets, :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC"
|
||||
has_many :changes, :through => :changesets
|
||||
|
@ -24,6 +26,7 @@ class Repository < ActiveRecord::Base
|
|||
# has_many :changesets, :dependent => :destroy is too slow for big repositories
|
||||
before_destroy :clear_changesets
|
||||
|
||||
validates_length_of :password, :maximum => 255, :allow_nil => true
|
||||
# Checks if the SCM is enabled when creating a repository
|
||||
validate_on_create { |r| r.errors.add(:type, :invalid) unless Setting.enabled_scm.include?(r.class.name.demodulize) }
|
||||
|
||||
|
@ -36,6 +39,14 @@ class Repository < ActiveRecord::Base
|
|||
def root_url=(arg)
|
||||
write_attribute(:root_url, arg ? arg.to_s.strip : nil)
|
||||
end
|
||||
|
||||
def password
|
||||
read_ciphered_attribute(:password)
|
||||
end
|
||||
|
||||
def password=(arg)
|
||||
write_ciphered_attribute(:password, arg)
|
||||
end
|
||||
|
||||
def scm_adapter
|
||||
self.class.scm_adapter_class
|
||||
|
|
|
@ -124,6 +124,20 @@ default:
|
|||
scm_bazaar_command:
|
||||
scm_darcs_command:
|
||||
|
||||
# Key used to encrypt sensitive data in the database (SCM and LDAP passwords).
|
||||
# If you don't want to enable data encryption, just leave it blank.
|
||||
# WARNING: losing/changing this key will make encrypted data unreadable.
|
||||
#
|
||||
# If you want to encrypt existing passwords in your database:
|
||||
# * set the cipher key here in your configuration file
|
||||
# * encrypt data using 'rake db:encrypt RAILS_ENV=production'
|
||||
#
|
||||
# If you have encrypted data and want to change this key, you have to:
|
||||
# * decrypt data using 'rake db:decrypt RAILS_ENV=production' first
|
||||
# * change the cipher key here in your configuration file
|
||||
# * encrypt data using 'rake db:encrypt RAILS_ENV=production'
|
||||
database_cipher_key:
|
||||
|
||||
# specific configuration options for production environment
|
||||
# that overrides the default ones
|
||||
production:
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
class ChangeRepositoriesPasswordLimit < ActiveRecord::Migration
|
||||
def self.up
|
||||
change_column :repositories, :password, :string, :limit => nil, :default => ''
|
||||
end
|
||||
|
||||
def self.down
|
||||
change_column :repositories, :password, :string, :limit => 60, :default => ''
|
||||
end
|
||||
end
|
|
@ -0,0 +1,9 @@
|
|||
class ChangeAuthSourcesAccountPasswordLimit < ActiveRecord::Migration
|
||||
def self.up
|
||||
change_column :auth_sources, :account_password, :string, :limit => nil, :default => ''
|
||||
end
|
||||
|
||||
def self.down
|
||||
change_column :auth_sources, :account_password, :string, :limit => 60, :default => ''
|
||||
end
|
||||
end
|
|
@ -0,0 +1,95 @@
|
|||
# Redmine - project management software
|
||||
# Copyright (C) 2006-2011 Jean-Philippe Lang
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
module Redmine
|
||||
module Ciphering
|
||||
def self.included(base)
|
||||
base.extend ClassMethods
|
||||
end
|
||||
|
||||
class << self
|
||||
def encrypt_text(text)
|
||||
if cipher_key.blank?
|
||||
text
|
||||
else
|
||||
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
|
||||
iv = c.random_iv
|
||||
c.encrypt
|
||||
c.key = cipher_key
|
||||
c.iv = iv
|
||||
e = c.update(text.to_s)
|
||||
e << c.final
|
||||
"aes-256-cbc:" + [e, iv].map {|v| Base64.encode64(v).strip}.join('--')
|
||||
end
|
||||
end
|
||||
|
||||
def decrypt_text(text)
|
||||
if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/)
|
||||
text = match[1]
|
||||
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
|
||||
e, iv = text.split("--").map {|s| Base64.decode64(s)}
|
||||
c.decrypt
|
||||
c.key = cipher_key
|
||||
c.iv = iv
|
||||
d = c.update(e)
|
||||
d << c.final
|
||||
else
|
||||
text
|
||||
end
|
||||
end
|
||||
|
||||
def cipher_key
|
||||
key = Redmine::Configuration['database_cipher_key'].to_s
|
||||
key.blank? ? nil : Digest::SHA256.hexdigest(key)
|
||||
end
|
||||
end
|
||||
|
||||
module ClassMethods
|
||||
def encrypt_all(attribute)
|
||||
transaction do
|
||||
all.each do |object|
|
||||
clear = object.send(attribute)
|
||||
object.send "#{attribute}=", clear
|
||||
raise(ActiveRecord::Rollback) unless object.save(false)
|
||||
end
|
||||
end ? true : false
|
||||
end
|
||||
|
||||
def decrypt_all(attribute)
|
||||
transaction do
|
||||
all.each do |object|
|
||||
clear = object.send(attribute)
|
||||
object.write_attribute attribute, clear
|
||||
raise(ActiveRecord::Rollback) unless object.save(false)
|
||||
end
|
||||
end
|
||||
end ? true : false
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
# Returns the value of the given ciphered attribute
|
||||
def read_ciphered_attribute(attribute)
|
||||
Redmine::Ciphering.decrypt_text(read_attribute(attribute))
|
||||
end
|
||||
|
||||
# Sets the value of the given ciphered attribute
|
||||
def write_ciphered_attribute(attribute, value)
|
||||
write_attribute(attribute, Redmine::Ciphering.encrypt_text(value))
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,35 @@
|
|||
# Redmine - project management software
|
||||
# Copyright (C) 2006-2011 Jean-Philippe Lang
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
|
||||
namespace :db do
|
||||
desc 'Encrypts SCM and LDAP passwords in the database.'
|
||||
task :encrypt => :environment do
|
||||
unless (Repository.encrypt_all(:password) &&
|
||||
AuthSource.encrypt_all(:account_password))
|
||||
raise "Some objects could not be saved after encryption, update was rollback'ed."
|
||||
end
|
||||
end
|
||||
|
||||
desc 'Decrypts SCM and LDAP passwords in the database.'
|
||||
task :decrypt => :environment do
|
||||
unless (Repository.decrypt_all(:password) &&
|
||||
AuthSource.decrypt_all(:account_password))
|
||||
raise "Some objects could not be saved after decryption, update was rollback'ed."
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,84 @@
|
|||
# Redmine - project management software
|
||||
# Copyright (C) 2006-2011 Jean-Philippe Lang
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
require File.expand_path('../../../../test_helper', __FILE__)
|
||||
|
||||
class Redmine::CipheringTest < ActiveSupport::TestCase
|
||||
|
||||
def test_password_should_be_encrypted
|
||||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do
|
||||
r = Repository::Subversion.generate!(:password => 'foo')
|
||||
assert_equal 'foo', r.password
|
||||
assert r.read_attribute(:password).match(/\Aaes-256-cbc:.+\Z/)
|
||||
end
|
||||
end
|
||||
|
||||
def test_password_should_be_clear_with_blank_key
|
||||
Redmine::Configuration.with 'database_cipher_key' => '' do
|
||||
r = Repository::Subversion.generate!(:password => 'foo')
|
||||
assert_equal 'foo', r.password
|
||||
assert_equal 'foo', r.read_attribute(:password)
|
||||
end
|
||||
end
|
||||
|
||||
def test_password_should_be_clear_with_nil_key
|
||||
Redmine::Configuration.with 'database_cipher_key' => nil do
|
||||
r = Repository::Subversion.generate!(:password => 'foo')
|
||||
assert_equal 'foo', r.password
|
||||
assert_equal 'foo', r.read_attribute(:password)
|
||||
end
|
||||
end
|
||||
|
||||
def test_unciphered_password_should_be_readable
|
||||
Redmine::Configuration.with 'database_cipher_key' => nil do
|
||||
r = Repository::Subversion.generate!(:password => 'clear')
|
||||
end
|
||||
|
||||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do
|
||||
r = Repository.first(:order => 'id DESC')
|
||||
assert_equal 'clear', r.password
|
||||
end
|
||||
end
|
||||
|
||||
def test_encrypt_all
|
||||
Repository.delete_all
|
||||
Redmine::Configuration.with 'database_cipher_key' => nil do
|
||||
Repository::Subversion.generate!(:password => 'foo')
|
||||
Repository::Subversion.generate!(:password => 'bar')
|
||||
end
|
||||
|
||||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do
|
||||
assert Repository.encrypt_all(:password)
|
||||
r = Repository.first(:order => 'id DESC')
|
||||
assert_equal 'bar', r.password
|
||||
assert r.read_attribute(:password).match(/\Aaes-256-cbc:.+\Z/)
|
||||
end
|
||||
end
|
||||
|
||||
def test_decrypt_all
|
||||
Repository.delete_all
|
||||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do
|
||||
Repository::Subversion.generate!(:password => 'foo')
|
||||
Repository::Subversion.generate!(:password => 'bar')
|
||||
|
||||
assert Repository.decrypt_all(:password)
|
||||
r = Repository.first(:order => 'id DESC')
|
||||
assert_equal 'bar', r.password
|
||||
assert_equal 'bar', r.read_attribute(:password)
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue