Require the OpenSSL module instead of providing an unsafe fallback

refs #7163
2014-11-11 10:19:09 +01:00 · 2014-11-11 10:19:09 +01:00 · eb4672923f
parent 8909bd5d59
commit eb4672923f
2 changed files with 10 additions and 6 deletions
--- a/library/Icinga/Authentication/Backend/DbUserBackend.php
+++ b/library/Icinga/Authentication/Backend/DbUserBackend.php
@ -144,12 +144,7 @@ class DbUserBackend extends UserBackend
     */
    protected function generateSalt()
    {
-        if (function_exists('openssl_random_pseudo_bytes')) {
        return openssl_random_pseudo_bytes(self::SALT_LENGTH);
-        } else {
-            // If you know a more secure way to generate a salt, do not hesitate to change this!
-            return substr(md5(mt_rand()), self::SALT_LENGTH);
-        }
    }

    /**
--- a/modules/setup/library/Setup/WebWizard.php
+++ b/modules/setup/library/Setup/WebWizard.php
@ -407,6 +407,15 @@ class WebWizard extends Wizard implements SetupWizard
            sprintf(mt('setup', 'You are running PHP on a %s system.'), Platform::getOperatingSystemName())
        );

+        $requirements->addMandatory(
+            mt('setup', 'PHP Module: OpenSSL'),
+            mt('setup', 'The PHP module for OpenSSL is required to generate cryptographically safe password salts.'),
+            Platform::extensionLoaded('openssl'),
+            Platform::extensionLoaded('openssl') ? mt('setup', 'The PHP module for OpenSSL is available.') : (
+                mt('setup', 'The PHP module for OpenSSL is missing.')
+            )
+        );
+
        $requirements->addOptional(
            mt('setup', 'PHP Module: JSON'),
            mt('setup', 'The JSON module for PHP is required for various export functionalities as well as APIs.'),