[packages/w3pw] add master password support. usable when basic auth is set
glen
glen at pld-linux.org
Mon Nov 17 19:49:50 CET 2014
commit 91c0875d1e44fc5f1f1302e30dd64c155c45822c
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Sun Nov 16 14:57:05 2014 +0200
add master password support. usable when basic auth is set
authpassword.patch | 47 +++++++++++++++++++++++++++++++++++++++++++++++
w3pw.spec | 6 +++++-
2 files changed, 52 insertions(+), 1 deletion(-)
---
diff --git a/w3pw.spec b/w3pw.spec
index e778e09..3eb77b4 100644
--- a/w3pw.spec
+++ b/w3pw.spec
@@ -1,5 +1,5 @@
-%include /usr/lib/rpm/macros.php
%define php_min_version 5.0.0
+%include /usr/lib/rpm/macros.php
Summary: Web-based password wallet manager
Name: w3pw
Version: 1.40
@@ -11,6 +11,7 @@ Source0: http://downloads.sourceforge.net/w3pw/%{name}-%{version}.tar.gz
Source1: apache.conf
Source2: lighttpd.conf
Source3: init.sql
+Patch0: authpassword.patch
URL: http://w3pw.sourceforge.net/
BuildRequires: rpm-php-pearprov >= 4.4.2-11
BuildRequires: rpmbuild(macros) >= 1.268
@@ -53,6 +54,9 @@ Features:
%prep
%setup -q
+mv index.php login.php
+mv main.php index.php
+%patch0 -p1
# simple sql to create and load db schema
cp -p %{SOURCE3} .
diff --git a/authpassword.patch b/authpassword.patch
new file mode 100644
index 0000000..9f8d19b
--- /dev/null
+++ b/authpassword.patch
@@ -0,0 +1,47 @@
+--- ./main.php 2014-11-16 14:53:38.235094774 +0200
++++ ./index.php 2014-11-16 14:52:37.000000000 +0200
+@@ -15,6 +15,20 @@
+
+ <?php
+
++function setup_session(&$cleartext_pw) {
++ $_SESSION['logged_in'] = 1;
++ $_SESSION['key'] = md5("%dJ9&".strtolower($cleartext_pw)."(/&k.=".strtoupper($cleartext_pw)."1x&%");
++ // delete cleartext pw in memory
++ $cleartext_pw = "";
++ unset($cleartext_pw);
++}
++
++// use master password if HTTP Basic Auth is set
++$authenticated = !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']);
++if ($authenticated && isset($master_password)) {
++ setup_session($master_password);
++}
++
+ // session active?
+ if (!isset($_SESSION['logged_in']))
+ {
+@@ -38,8 +52,9 @@
+ if ($crypt_pw == $db_pw)
+ {
+ // password match - proceed
+- $_SESSION['logged_in'] = 1;
+- $_SESSION['key'] = md5("%dJ9&".strtolower($cleartext_pw)."(/&k.=".strtoupper($cleartext_pw)."1x&%");
++
++ setup_session($cleartext_pw);
++
+ // delete cleartext pw in memory
+ unset($cleartext_pw);
+ $_SESSION['version']=$entries->version;
+--- w3pw-1.40/include/config.php 2014-11-16 14:55:26.126783112 +0200
++++ w3pw-1.40/include/config.php 2014-11-16 14:40:39.000000000 +0200
+@@ -22,6 +22,9 @@
+ // generated when adding a new entry
+ $random_pw_length = 12;
+
++// master password -- used when $_SERVER PHP_AUTH_USER and PHP_AUTH_PW are set
++#$master_password = "secret";
++
+ // don't report Database-Errors on Frontend
+ //error_reporting(E_ERROR);
+ ?>
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/w3pw.git/commitdiff/ea6944e85251e920925d8efe8445f3242a896365
More information about the pld-cvs-commit
mailing list