vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jftho...@apache.org
Subject svn commit: r1797695 - in /vcl/trunk/web: .ht-inc/addomain.php .ht-inc/utils.php .ht-inc/vm.php .ht-inc/xmlrpcWrappers.php js/vm.js
Date Mon, 05 Jun 2017 20:10:44 GMT
Author: jfthomps
Date: Mon Jun  5 20:10:44 2017
New Revision: 1797695

URL: http://svn.apache.org/viewvc?rev=1797695&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries

addomain.php:
-modified submitToggleDeleteResourceExtra: changed call to deleteSecrets to call deleteSecretKeys
to reflect function rename
-modified AJsaveResource: added code to handle a web server missing a cryptsecred for a value
being set; now creates a new secret key, encrypts submitted password, and encrypts new secret
key with any public keys already having entries for the old secret key
-modified addResource: changed call to getSecretID to call getSecretKeyID to reflect function
rename
-modified addEditDialogHTML: (unrelated to this JIRA) added help text for domaindnsname and
dnsserverhelp

utils.php:
-modified initGlobals: added defines for crypto parameters: SYMALGO, SYMOPT, SYMLEN, ASYMALGO,
ASYMOPT, and ASYMLEN; when values need to be updated in the future due to standards changing,
these can be changed to cause everything to use new values
-modified checkCryptkey: set algorithm and key length from defined constants; add used crypto
parameters to cryptkey table when inserting keys
-modified encryptData decryptData: added parameters to accept crypto parameters; set used
crypto algorithm, key length, and mode from arguments
-removed encryptDataAsymmetric
-modified encryptDBdata: get crypto parameters from database; renamed call to decryptSecret
to call decryptSecretKey to reflect function rename
-renamed encryptSecret to encryptSecretKey and moved to be before definition of decryptSecretKey;
modified to get padding information from database and default to PKCS1 OAEP if a cryptkey
is passed for $cryptkey instead of a key id
-renamed decryptSecret to decryptSecretKey and added code to determine padding from constant
-renamed getSecretID to getSecretKeyID; renamed call to encryptSecret to call encryptSecretKey
to reflect function rename; added crypto parameters to INSERT; added check for dbLastInsertID
returning < 1; renamed call to encryptSecrets to call encryptWebSecretKeys to reflect function
rename
-renamed deleteSecrets to deleteSecretKeys
-renamed encryptSecrets to encryptWebSecretKeys; renamed call to encryptSecret to call encryptSecretKey
to reflect function rename; added crypto parameters to INSERT
-renamed updateSecrets to checkCryptSecrets; moved chunk of function to separate functions
-added getMNcryptkeyUpdates (code from checkCryptSecrets)
-added addMNcryptkeyUpdates (code from checkCryptSecrets)
-modified addRequest: renamed call to updateSecrets to call checkCryptSecrets to reflect function
rename
-modified getVMProfiles: removed rsakey and rsapub from returned data
-modified addContinuationsEntry: added crypto parameters to call to encryptData
-modified getContinuationsData: added crypto parameters to call to decryptData
-modified xmlrpccall: renamed XMLRPCupdateSecrets to XMLRPCcheckCryptSecrets

vm.php:
-modified editVMInfo: removed fields for RSA Public Key and RSA Private Key File; removed
help for rsapubhelp and rsakeyhelp
-modified AJupdateVMprofileItem: removed rsakey and rsapub from preg_match validation; removed
code that uses rsapub and calls encryptDataAsymmetric and allow new code to handle all password
encryption; renamed call to deleteSecrets to call deleteSecretKeys to reflect function rename;
added code to handle if web server is missing a cryptsecret entry for this password field

xmlrpcWrappers.php: renamed XMLRPCupdateSecrets to XMLRPCcheckCryptSecrets; added check for
specified reservationid existing in database; added code to return 'noupdate' if no secretids
are missing; modified query to handle finding cryptsecrets for management nodes for which
the web server is also missing cryptsecrets; call addMNcryptkeyUpdates to do insert into cryptsecret
table; added error return code for case of web server not being able to add any cryptsecret
entries; added partial return code for when web server can only add some cryptsecret entries

vm.js: modified getVMprofileDataCB: removed references to prsakey and prsapub

Modified:
    vcl/trunk/web/.ht-inc/addomain.php
    vcl/trunk/web/.ht-inc/utils.php
    vcl/trunk/web/.ht-inc/vm.php
    vcl/trunk/web/.ht-inc/xmlrpcWrappers.php
    vcl/trunk/web/js/vm.js

Modified: vcl/trunk/web/.ht-inc/addomain.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1797695&r1=1797694&r2=1797695&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Mon Jun  5 20:10:44 2017
@@ -139,7 +139,7 @@ class ADdomain extends Resource {
 	/////////////////////////////////////////////////////////////////////////////
 	function submitToggleDeleteResourceExtra($rscid, $deleted=0) {
 		$data = $this->getData(array('rscid' => $rscid));
-		deleteSecrets($data[$rscid]['secretid']);
+		deleteSecretKeys($data[$rscid]['secretid']);
 	}
 
 	/////////////////////////////////////////////////////////////////////////////
@@ -185,7 +185,41 @@ class ADdomain extends Resource {
 				$updates[] = "username = '{$data['username']}'";
 			# password
 			if(strlen($data['password'])) {
-				// TODO handle this web server not having an entry for this secret in cryptsecret
+				$oldsecretid = $olddata['secretid'];
+				# check that we have a cryptsecret entry for this secret
+				$cryptkeyid = getCryptKeyID();
+				$query = "SELECT cryptsecret "
+				       . "FROM cryptsecret "
+				       . "WHERE cryptkeyid = $cryptkeyid AND "
+				       .       "secretid = $oldsecretid";
+				$qh = doQuery($query);
+				if(! ($row = mysql_fetch_assoc($qh))) {
+					# generate a new secret
+					$newsecretid = getSecretKeyID('addomain', 'secretid', 0);
+					$delids = array($oldsecretid);
+					if($newsecretid == $oldsecretid) {
+						$delids[] = $newsecretid;
+						$newsecretid = getSecretKeyID('addomain', 'secretid', 0);
+					}
+					$delids = implode(',', $delids);
+					# encrypt new secret with any management node keys
+					$secretidset = array();
+					$query = "SELECT ck.hostid AS mnid "
+					       . "FROM cryptkey ck "
+					       . "JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid) "
+					       . "WHERE cs.secretid = $oldsecretid AND "
+					       .       "ck.hosttype = 'managementnode'";
+					$qh = doQuery($query);
+					while($row = mysql_fetch_assoc($qh))
+						$secretidset[$row['mnid']][$newsecretid] = 1;
+					$values = getMNcryptkeyUpdates($secretidset, $cryptkeyid);
+					addMNcryptkeyUpdates($values);
+					$olddata['secretid'] = $newsecretid;
+					$updates[] = "secretid = $newsecretid";
+					# clean up old cryptsecret entries for management nodes
+					$query = "DELETE FROM cryptsecret WHERE secretid IN ($delids)";
+					doQuery($query);
+				}
 				$encpass = encryptDBdata($data['password'], $olddata['secretid']);
 				if($encpass == NULL) {
 					$ret = array('status' => 'error', 'msg' => "Error encountered while updating password");
@@ -287,7 +321,7 @@ class ADdomain extends Resource {
 
 		$ownerid = getUserlistID($data['owner']);
 
-		$secretid = getSecretID('addomain', 'secretid', 0);
+		$secretid = getSecretKeyID('addomain', 'secretid', 0);
 		$encpass = encryptDBdata($data['password'], $secretid);
 	
 		$query = "INSERT INTO addomain"
@@ -421,10 +455,9 @@ class ADdomain extends Resource {
 		$h .= "</div>\n"; # groupdlg
 
 		$h .= "<div id=\"tooltips\">\n";
-		# todo fill in all help contents
-		$h .= helpTooltip('domaindnsnamehelp', i(""));
+		$h .= helpTooltip('domaindnsnamehelp', i("domain name registered in DNS for Active Directory
Domain (ex: ad.example.com)"));
 		$h .= helpTooltip('usernamehelp', i("These credentials will be used to register reserved
computers with AD."));
-		$h .= helpTooltip('dnsservershelp', i(""));
+		$h .= helpTooltip('dnsservershelp', i("comma delimited list of IP addresses for DNS servers
that handle Domain DNS"));
 		$h .= "</div>\n"; # tooltips
 
 		return $h;

Modified: vcl/trunk/web/.ht-inc/utils.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/utils.php?rev=1797695&r1=1797694&r2=1797695&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/utils.php (original)
+++ vcl/trunk/web/.ht-inc/utils.php Mon Jun  5 20:10:44 2017
@@ -68,6 +68,15 @@ function initGlobals() {
 	define("SECINWEEK", 604800);
 	define("SECINMONTH", 2678400);
 	define("SECINYEAR", 31536000);
+
+	define("SYMALGO", "AES");
+	define("SYMOPT", "CBC");
+	define("SYMLEN", 256);
+
+	define("ASYMALGO", "RSA");
+	define("ASYMOPT", "OAEP");
+	define("ASYMLEN", 4096);
+
 	if(! defined('QUERYLOGGING'))
 		define('QUERYLOGGING', 1);
 	# TODO validate security of this
@@ -617,6 +626,7 @@ function checkAccess() {
 ////////////////////////////////////////////////////////////////////////////////
 function checkCryptkey() {
 	global $pemkey;
+
 	$reg = "|" . SCRIPT . "$|";
 	$filebase = preg_replace($reg, '', $_SERVER['SCRIPT_FILENAME']);
 	$filebase .= "/.ht-inc/cryptkey";
@@ -642,9 +652,10 @@ function checkCryptkey() {
 
 	$keyfile = "$filebase/private.pem";
 
-	$args = array('private_key_bits' => 4096,
-	              'private_key_type' => OPENSSL_KEYTYPE_RSA,
-	              'digest_alg' => 'sha512');
+	$_algorithm = constant("OPENSSL_KEYTYPE_" . ASYMALGO);
+
+	$args = array('private_key_bits' => ASYMLEN,
+	              'private_key_type' => $_algorithm);
 	# open and lock id file before generating key
 	$fh = fopen($idfile, 'w');
 	if(! flock($fh, LOCK_EX | LOCK_NB)) {
@@ -674,10 +685,16 @@ function checkCryptkey() {
 	$query = "INSERT INTO cryptkey "
 	       .        "(hostid, "
 	       .        "hosttype, "
-	       .        "pubkey) "
+	       .        "pubkey, "
+	       .        "algorithm, "
+	       .        "algorithmoption, "
+	       .        "keylength) "
 	       . "SELECT COALESCE(MAX(hostid), 0) + 1, "
 	       .        "'web', "
-	       .        "'$pubkey' "
+	       .        "'$pubkey', "
+	       .        "'" . ASYMALGO . "', "
+	       .        "'" . ASYMOPT . "', "
+	       .        ASYMLEN . " "
 	       . "FROM cryptkey "
 	       . "WHERE hosttype = 'web'";
 	doQuery($query);
@@ -2649,33 +2666,43 @@ function getKey($data) {
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn encryptData($data, $cryptkey)
+/// \fn encryptData($data, $cryptkey, $algo, $option, $keylength)
 ///
 /// \param $data - a string
 /// \param $cryptkey - key for encryption
+/// \param $algo - algorithm to use for decryption
+/// \param $option - an algorithm option (such as CBC)
+/// \param $keylength - length of key being used
 ///
 /// \return an encrypted form of $data that has been base64 encoded or NULL if
 /// encryption failed
 ///
-/// \brief encrypts $data with AES and base64 encodes it; IV is generated and
-/// prepended to encrypted data before base64 encoding
+/// \brief encrypts $data with $algo and $option and base64 encodes it; IV is
+/// generated and prepended to encrypted data before base64 encoding
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function encryptData($data, $cryptkey) {
+function encryptData($data, $cryptkey, $algo, $option, $keylength) {
 	global $ivsize;
 	if(! $data)
 		return false;
 	if(USE_PHPSECLIB) {
-		$iv = crypt_random_string($ivsize);
-		$aes = new Crypt_AES();
+		# only AES is currently supported
+		if($algo == 'AES') {
+			$mode = constant("CRYPT_AES_MODE_$option");
+			$aes = new Crypt_AES($mode);
+		}
+		else
+			return false;
+		$aes->setKeyLength($keylength);
 		$aes->setKey($cryptkey);
+		$iv = crypt_random_string($ivsize);
 		$aes->setIV($iv);
-		$aes->setKeyLength(256);
 		$cryptdata = $aes->encrypt($data);
 	}
 	else {
 		$iv = openssl_random_pseudo_bytes($ivsize);
-		$cryptdata = openssl_encrypt($data, 'AES-256-CBC', $cryptkey, 1, $iv);
+		$mode = "{$algo}-{$keylength}-{$option}";
+		$cryptdata = openssl_encrypt($data, $mode, $cryptkey, 1, $iv);
 		if($cryptdata === FALSE)
 			return NULL;
 	}
@@ -2685,10 +2712,13 @@ function encryptData($data, $cryptkey) {
  
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn decryptData($data, $cryptkey)
+/// \fn decryptData($data, $cryptkey, $algo, $option, $keylength)
 ///
 /// \param $data - a string
 /// \param $cryptkey - key for decryption
+/// \param $algo - algorithm to use for decryption
+/// \param $option - an algorithm option (such as CBC)
+/// \param $keylength - length of key being used
 ///
 /// \return decrypted form of $data or false on error
 ///
@@ -2696,7 +2726,7 @@ function encryptData($data, $cryptkey) {
 /// encrypted data after base64 decoding
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function decryptData($data, $cryptkey) {
+function decryptData($data, $cryptkey, $algo, $option, $keylength) {
 	global $ivsize;
 	if(! $data)
 		return false;
@@ -2704,14 +2734,20 @@ function decryptData($data, $cryptkey) {
 	$iv = substr($cryptdata, 0, $ivsize);
 	$cryptdata = substr($cryptdata, $ivsize);
 	if(USE_PHPSECLIB) {
-		$aes = new Crypt_AES();
+		if($algo == 'AES') {
+			$mode = constant("CRYPT_AES_MODE_$option");
+			$aes = new Crypt_AES($mode);
+		}
+		else
+			return false;
+		$aes->setKeyLength($keylength);
 		$aes->setKey($cryptkey);
 		$aes->setIV($iv);
-		$aes->setKeyLength(256);
 		$decryptdata = $aes->decrypt($cryptdata);
 	}
 	else {
-		$decryptdata = openssl_decrypt($cryptdata, 'AES-256-CBC', $cryptkey, 1, $iv);
+		$mode = "{$algo}-{$keylength}-{$option}";
+		$decryptdata = openssl_decrypt($cryptdata, $mode, $cryptkey, 1, $iv);
 		if($decryptdata === FALSE)
 			return false;
 	}
@@ -2720,34 +2756,6 @@ function decryptData($data, $cryptkey) {
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn encryptDataAsymmetric($data, $public_key)
-///
-/// \param $data - a string
-///
-/// \param $public_key - either a filename for a public key or the public key
-/// itself
-///
-/// \return hex-encoded, encrypted form of $data
-///
-/// \brief generate public key encrypted data
-///
-////////////////////////////////////////////////////////////////////////////////
-function encryptDataAsymmetric($data, $public_key){
-	if(file_exists($public_key)){
-		$key = openssl_pkey_get_public(file_get_contents($public_key));
-	} else {
-		$key = openssl_pkey_get_public($public_key);
-	}    
-
-	openssl_public_encrypt($data, $encrypted, $key, OPENSSL_PKCS1_OAEP_PADDING);
-	openssl_free_key($key);
-
-	$hexformatted = unpack("H*hex", $encrypted);
-	return $hexformatted['hex'];
-}
-
-////////////////////////////////////////////////////////////////////////////////
-///
 /// \fn encryptDBdata($data, $secretid)
 ///
 /// \param $data - a string
@@ -2763,31 +2771,64 @@ function encryptDBdata($data, $secretid)
 	$cryptkeyid = getCryptKeyID();
 	if($cryptkeyid == NULL)
 		return NULL;
-	$query = "SELECT cryptsecret "
+	$query = "SELECT cryptsecret, "
+	       .        "algorithm, "
+	       .        "algorithmoption, "
+	       .        "keylength "
 	       . "FROM cryptsecret "
 	       . "WHERE cryptkeyid = $cryptkeyid AND "
 	       .       "secretid = $secretid";
 	$qh = doQuery($query);
 	if(! ($row = mysql_fetch_assoc($qh)))
 		return NULL;
-	$secret = decryptSecret($row['cryptsecret']);
+	$secret = decryptSecretKey($row['cryptsecret']);
 	if($secret === NULL)
 		return NULL;
-	# encrypt $data using secret
-	if(USE_PHPSECLIB)
-		$iv = crypt_random_string(32);
-	else {
-		$iv = openssl_random_pseudo_bytes(32);
-		if($iv === FALSE)
+	$edata = encryptData($data, $secret, $row['algorithm'], $row['algorithmoption'], $row['keylength']);
+	return $edata;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn encryptSecretKey($secret, $cryptkey)
+///
+/// \param $secret - secret key to encrypt
+/// \param $cryptkey - id from cryptkey table for public key to use or public
+/// key itself
+///
+/// \return encrypted data; returns NULL on error
+///
+/// \brief encrypts $secret with key for $cryptkeyid
+///
+////////////////////////////////////////////////////////////////////////////////
+function encryptSecretKey($secret, $cryptkey) {
+	if(is_numeric($cryptkey)) {
+		$query = "SELECT pubkey, "
+		       .        "algorithmoption "
+		       . "FROM cryptkey "
+		       . "WHERE id = $cryptkey";
+		$qh = doQuery($query);
+		if(! ($row = mysql_fetch_assoc($qh)))
 			return NULL;
+		$cryptkey = $row['pubkey'];
+		if($row['algorithmoption'] == 'OAEP' || 1) # OAEP only currently supported option
+			$padding = constant('OPENSSL_PKCS1_OAEP_PADDING');
 	}
-	$edata = encryptData($data, $secret, $iv);
-	return $edata;
+	else
+		$padding = constant('OPENSSL_PKCS1_OAEP_PADDING');
+	$savehdlr = set_error_handler(create_function('', ''));
+	if(@openssl_public_encrypt($secret, $encdata, $cryptkey, $padding)) {
+		set_error_handler($savehdlr);
+		$b64data = base64_encode($encdata);
+		return $b64data;
+	}
+	set_error_handler($savehdlr);
+	return NULL;
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn decryptSecret($encsecret)
+/// \fn decryptSecretKey($encsecret)
 ///
 /// \param $encsecret - encrypted secret
 ///
@@ -2796,7 +2837,7 @@ function encryptDBdata($data, $secretid)
 /// \brief decrypts $encsecret using web server's secret key
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function decryptSecret($encsecret) {
+function decryptSecretKey($encsecret) {
 	global $pemkey;
 	$cryptsecret = base64_decode($encsecret);
 	# read private key from file
@@ -2806,7 +2847,10 @@ function decryptSecret($encsecret) {
 	$prikey = openssl_pkey_get_private("file://$file", $pemkey);
 	# decrypt secret using private key
 	$savehdlr = set_error_handler(create_function('', ''));
-	if(! openssl_private_decrypt($cryptsecret, $secret, $prikey, OPENSSL_PKCS1_OAEP_PADDING))
{
+	if(ASYMOPT == 'OAEP')
+		$padding = constant('OPENSSL_PKCS1_OAEP_PADDING');
+	# OAEP currently only supported padding option
+	if(! openssl_private_decrypt($cryptsecret, $secret, $prikey, $padding)) {
 		set_error_handler($savehdlr);
 		return NULL;
 	}
@@ -2815,7 +2859,7 @@ function decryptSecret($encsecret) {
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn getSecretID($table, $field, $recordid)
+/// \fn getSecretKeyID($table, $field, $recordid)
 ///
 /// \param $table - name of a database table having a secret
 /// \param $field - name of field in table referencing secretid
@@ -2829,7 +2873,7 @@ function decryptSecret($encsecret) {
 /// saved in cryptsecret
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function getSecretID($table, $field, $recordid) {
+function getSecretKeyID($table, $field, $recordid) {
 	$query = "SELECT $field FROM $table WHERE id = $recordid";
 	$qh = doQuery($query);
 	if(($row = mysql_fetch_row($qh)) && $row[0] != 0)
@@ -2847,39 +2891,47 @@ function getSecretID($table, $field, $re
 	$cryptkeyid = getCryptKeyID();
 	if($cryptkeyid === NULL)
 		return NULL;
-	$encdata = encryptSecret($key, $cryptkeyid);
+	$encdata = encryptSecretKey($key, $cryptkeyid);
 	if($encdata === NULL)
 		return NULL;
 	# write to cryptsecret
 	$query = "INSERT INTO cryptsecret "
 	       .       "(cryptkeyid, "
 	       .       "secretid, "
-	       .       "cryptsecret) "
+	       .       "cryptsecret, "
+	       .       "algorithm, "
+	       .       "algorithmoption, "
+	       .       "keylength) "
 	       . "SELECT $cryptkeyid, "
 	       .        "COALESCE(MAX(secretid), 0) + 1, "
-	       .        "'$encdata' "
+	       .        "'$encdata', "
+	       .        "'" . SYMALGO . "', "
+	       .        "'" . SYMOPT . "', "
+	       .        SYMLEN . " "
 	       . "FROM cryptsecret";
 	doQuery($query);
 	$id = dbLastInsertID();
+	if($id < 1)
+		return NULL;
 	$query = "SELECT secretid FROM cryptsecret WHERE id = $id";
 	$qh = doQuery($query);
 	if(! ($row = mysql_fetch_assoc($qh)))
 		return NULL;
 	# encrypt with all other public keys and write to cryptsecret
-	encryptSecrets($key, $row['secretid'], $cryptkeyid);
+	encryptWebSecretKeys($key, $row['secretid'], $cryptkeyid);
 	return $row['secretid'];
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn deleteSecrets($secretid)
+/// \fn deleteSecretKeys($secretid)
 ///
 /// \param $secretid - secretid value corresponding to cryptsecret.secretid
 ///
 /// \brief deletes all entries in cryptsecret for $secretid
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function deleteSecrets($secretid) {
+function deleteSecretKeys($secretid) {
 	$query = "DELETE FROM cryptsecret WHERE secretid = $secretid";
 	doQuery($query);
 }
@@ -2936,40 +2988,7 @@ function getCryptKeyID() {
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn encryptSecret($secret, $cryptkey)
-///
-/// \param $secret - secret key to encrypt
-/// \param $cryptkey - id from cryptkey table for public key to use or public
-/// key itself
-///
-/// \return encrypted data; returns NULL on error
-///
-/// \brief encrypts $secret with key for $cryptkeyid
-///
-////////////////////////////////////////////////////////////////////////////////
-function encryptSecret($secret, $cryptkey) {
-	if(is_numeric($cryptkey)) {
-		$query = "SELECT pubkey "
-		       . "FROM cryptkey "
-		       . "WHERE id = $cryptkey";
-		$qh = doQuery($query);
-		if(! ($row = mysql_fetch_assoc($qh)))
-			return NULL;
-		$cryptkey = $row['pubkey'];
-	}
-	$savehdlr = set_error_handler(create_function('', ''));
-	if(@openssl_public_encrypt($secret, $encdata, $cryptkey, OPENSSL_PKCS1_OAEP_PADDING)) {
-		set_error_handler($savehdlr);
-		$b64data = base64_encode($encdata);
-		return $b64data;
-	}
-	set_error_handler($savehdlr);
-	return NULL;
-}
-
-////////////////////////////////////////////////////////////////////////////////
-///
-/// \fn encryptSecrets($secret, $secretid, $skipkeyid=0)
+/// \fn encryptWebSecretKeys($secret, $secretid, $skipkeyid=0)
 ///
 /// \param $secret - secret key to encrypt
 /// \param $secretid - id for secret from cryptsecret.secretid
@@ -2979,7 +2998,7 @@ function encryptSecret($secret, $cryptke
 /// \brief encrypts $secret using any existing web server cryptkeys in database
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function encryptSecrets($secret, $secretid, $skipkeyid=0) {
+function encryptWebSecretKeys($secret, $secretid, $skipkeyid=0) {
 	$query = "SELECT id, "
 	       .        "pubkey "
 	       . "FROM cryptkey "
@@ -2988,17 +3007,21 @@ function encryptSecrets($secret, $secret
 	$qh = doQuery($query);
 	$values = array();
 	while($row = mysql_fetch_assoc($qh)) {
-		$cryptsecret = encryptSecret($secret, $row['pubkey']);
+		$cryptsecret = encryptSecretKey($secret, $row['pubkey']);
 		if($cryptsecret === NULL)
 			continue;
-		$values[] = "({$row['id']}, $secretid, '$cryptsecret')";
+		$values[] = "({$row['id']}, $secretid, '$cryptsecret', '"
+		          . SYMALGO . "', '" . SYMOPT . "', " . SYMLEN . ")";
 	}
 	if(! empty($values)) {
 		$allvalues = implode(',', $values);
 		$query = "INSERT INTO cryptsecret "
 		       .        "(cryptkeyid, "
 		       .        "secretid, "
-		       .        "cryptsecret) "
+		       .        "cryptsecret, "
+		       .        "algorithm, "
+		       .        "algorithmoption, "
+		       .        "keylength) "
 		       . "VALUES $allvalues";
 		doQuery($query);
 	}
@@ -3006,7 +3029,7 @@ function encryptSecrets($secret, $secret
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn updateSecrets($requestid)
+/// \fn checkCryptSecrets($requestid)
 ///
 /// \param $requestid - id from request table
 ///
@@ -3014,7 +3037,7 @@ function encryptSecrets($secret, $secret
 /// $requestid
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function updateSecrets($requestid) {
+function checkCryptSecrets($requestid) {
 	# determine any secretids needed from addomain
 	$secretids = array();
 	$query = "SELECT ad.secretid, "
@@ -3050,8 +3073,34 @@ function updateSecrets($requestid) {
 	}
 
 	# find any missing secrets for management nodes
+	$values = getMNcryptkeyUpdates($secretids, $mycryptkeyid);
+	# add secrets
+	addMNcryptkeyUpdates($values);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn getMNcryptkeyUpdates($secretidset, $cryptkeyid)
+///
+/// \param $secretidset - array where keys are management node ids and values
+/// are arrays with keys being secretids to add and values being 1:\n
+/// array('mnid1' =>\n
+///       array('secretid1' => 1,\n
+///             'secretid1' => 1...\n
+///            )\n
+///      )
+/// \param $cryptkeyid - id from cryptkey table
+///
+/// \return array of values to be added to the cryptsecret table
+///
+/// \brief determines what secretids are missing from the set passed in, creates
+/// encrypted values for each passed in management node, and returns a set of
+/// values that can then be inserted into the cryptsecret table
+///
+////////////////////////////////////////////////////////////////////////////////
+function getMNcryptkeyUpdates($secretidset, $cryptkeyid) {
 	$values = array();
-	foreach($secretids as $mnid => $secretids) {
+	foreach($secretidset as $mnid => $secretids) {
 		$secretids = array_keys($secretids);
 		$allsecretids = implode(',', $secretids);
 		$query = "SELECT ck.id as cryptkeyid, "
@@ -3060,30 +3109,47 @@ function updateSecrets($requestid) {
 		       .        "mycs.cryptsecret AS mycryptsecret "
 		       . "FROM cryptkey ck "
 		       . "JOIN (SELECT DISTINCT secretid AS id FROM cryptsecret) AS s "
-		       . "JOIN (SELECT cryptsecret, secretid FROM cryptsecret WHERE cryptkeyid = $mycryptkeyid)
AS mycs "
+		       . "JOIN (SELECT cryptsecret, secretid FROM cryptsecret WHERE cryptkeyid = $cryptkeyid)
AS mycs "
 		       . "LEFT JOIN cryptsecret cs ON (s.id = cs.secretid AND ck.id = cs.cryptkeyid) "
 		       . "WHERE mycs.secretid = s.id AND "
 		       .       "ck.hostid = $mnid AND "
 		       .       "ck.hosttype = 'managementnode' AND "
 		       .       "s.id in ($allsecretids) AND "
-		       .       "cs.id IS NULL";
+		       .       "cs.secretid IS NULL";
 		$qh = doQuery($query);
 		while($row = mysql_fetch_assoc($qh)) {
-			$secret = decryptSecret($row['mycryptsecret']);
-			$encsecret = encryptSecret($secret, $row['cryptkey']);
-			$values[] = "({$row['cryptkeyid']}, {$row['secretid']}, '$encsecret')";
+			$secret = decryptSecretKey($row['mycryptsecret']);
+			$encsecret = encryptSecretKey($secret, $row['cryptkey']);
+			$values[] = "({$row['cryptkeyid']}, {$row['secretid']}, '$encsecret', '"
+			          . SYMALGO . "', '" . SYMOPT . "', " . SYMLEN . ")";
 		}
 	}
-	# add secrets
-	if(! empty($values)) {
-		$allvalues = implode(',', $values);
-		$query = "INSERT INTO cryptsecret "
-		       .       "(cryptkeyid, "
-		       .       "secretid, "
-		       .       "cryptsecret) "
-		       . "VALUES $allvalues";
-		doQuery($query);
-	}
+	return $values;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn addMNcryptkeyUpdates($values)
+///
+/// \param $values - array of cryptsecret values that can be joined by commas
+/// and used as the VALUES portion of an INSERT statement
+///
+/// \brief inserts values into cryptsecret table
+///
+////////////////////////////////////////////////////////////////////////////////
+function addMNcryptkeyUpdates($values) {
+	if(empty($values))
+		return;
+	$allvalues = implode(',', $values);
+	$query = "INSERT INTO cryptsecret "
+	       .       "(cryptkeyid, "
+	       .       "secretid, "
+	       .       "cryptsecret, "
+	       .       "algorithm, "
+	       .       "algorithmoption, "
+	       .       "keylength) "
+	       . "VALUES $allvalues";
+	doQuery($query);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -5783,7 +5849,7 @@ function addRequest($forimaging=0, $revi
 	// release semaphore lock
 	cleanSemaphore();
 
-	updateSecrets($requestid);
+	checkCryptSecrets($requestid);
 
 	return $requestid;
 }
@@ -11926,8 +11992,6 @@ function getVMProfiles($id="") {
 	       .        "vp.username, "
 	       .        "CHAR_LENGTH(vp.password) as pwdlength, "
 	       .        "vp.secretid, "
-	       .        "vp.rsakey, "
-	       .        "vp.rsapub, "
 	       .        "vp.eth0generated, "
 	       .        "vp.eth1generated "
 	       . "FROM vmprofile vp "
@@ -12067,7 +12131,7 @@ function addContinuationsEntry($nextmode
 	$salt = generateString(8);
 	$now = time();
 	$data = "$salt:$contid:{$user['id']}:$now";
-	$edata = encryptData($data, $cryptkey);
+	$edata = encryptData($data, $cryptkey, SYMALGO, SYMOPT, SYMLEN);
 	$udata = urlencode($edata);
 	return $udata;
 }
@@ -12093,7 +12157,7 @@ function getContinuationsData($data) {
 		$edata = urldecode($data);
 	else
 		$edata = $data;
-	if(! ($ddata = decryptData($edata, $cryptkey)))
+	if(! ($ddata = decryptData($edata, $cryptkey, SYMALGO, SYMOPT, SYMLEN)))
 		return array('error' => 'invalid input');
 	$items = explode(':', $ddata);
 	$now = time();
@@ -12529,7 +12593,7 @@ function xmlrpccall() {
 	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCaddImageGroupToComputerGroup", "xmlRPChandler");
 	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCremoveImageGroupFromComputerGroup",
"xmlRPChandler");
 	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCfinishBaseImageCapture", "xmlRPChandler");
-	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCupdateSecrets", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCcheckCryptSecrets", "xmlRPChandler");
 
 	print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, '');
 	xmlrpc_server_destroy($xmlrpc_handle);
@@ -12924,7 +12988,7 @@ function sendJSON($arr, $identifier='',
 	if($REST)
 		print json_encode($arr);
 	elseif(! empty($identifier))
-		print "{} && {identifier: '$identifier', 'items':" . json_encode($arr) . '}'; #
TODO
+		print "{} && {identifier: '$identifier', 'items':" . json_encode($arr) . '}';
 	else
 		print '{} && {"items":' . json_encode($arr) . '}';
 }

Modified: vcl/trunk/web/.ht-inc/vm.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/vm.php?rev=1797695&r1=1797694&r2=1797695&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/vm.php (original)
+++ vcl/trunk/web/.ht-inc/vm.php Mon Jun  5 20:10:44 2017
@@ -259,20 +259,6 @@ function editVMInfo() {
 	print "    </select><img tabindex=0 src=\"images/helpicon.png\" id=\"genmac1help\"
/></td>\n";
 	print "  </tr>\n";
 	print "  <tr>\n";
-	print "    <th align=right>RSA Public Key:</th>\n";
-	print "    <td>\n";
-	print "      <span id=prsapub dojoType=\"dijit.InlineEditBox\" editor=\"dijit.form.Textarea\"
onChange=\"updateProfile('prsapub','rsapub')\"></span>\n";
-	print "      <img tabindex=0 src=\"images/helpicon.png\" id=\"rsapubhelp\" />\n";
-	print "    </td>\n";
-	print "  </tr>\n";
-	print "  <tr>\n";
-	print "    <th align=right>RSA Private Key File:</th>\n";
-	print "    <td>\n";
-	print "      <span id=prsakey dojoType=\"dijit.InlineEditBox\" onChange=\"updateProfile('prsakey','rsakey');\"></span>\n";
-	print "      <img tabindex=0 src=\"images/helpicon.png\" id=\"rsakeyhelp\" />\n";
-	print "    </td>\n";
-	print "  </tr>\n";
-	print "  <tr>\n";
 	print "    <th align=right>Username:</th>\n";
 	print "    <td><span id=pusername dojoType=\"dijit.InlineEditBox\" onChange=\"updateProfile('pusername',
'username');\"></span><img tabindex=0 src=\"images/helpicon.png\" id=\"usernamehelp\"
/></td>\n";
 	print "  </tr>\n";
@@ -346,12 +332,6 @@ function editVMInfo() {
 	print "<div dojoType=\"dijit.Tooltip\" connectId=\"genmac1help\">\n";
 	print i("Specifies whether VMs are assigned MAC addresses defined in the VCL database or
if random MAC addresses should be assigned.");
 	print "</div>\n";
-	print "<div dojoType=\"dijit.Tooltip\" connectId=\"rsapubhelp\">\n";
-	print i("(Optional) In order to encrypt the VM Host password in the database, create an
RSA public/private key pair on the relevant management node. Enter the public key here. Note
that while this value will be available to every management node in your system, only those
management nodes with the designated private key will be able to decrypt the password.");
-	print "</div>\n";
-	print "<div dojoType=\"dijit.Tooltip\" connectId=\"rsakeyhelp\">\n";
-	print i("(Optional) In order to decrypt an encrypted VM Host password, enter the path to
a private key on the management node. Any management node without this private key will not
be able to decrypt the password.");
-	print "</div>\n";
 	print "<div dojoType=\"dijit.Tooltip\" connectId=\"usernamehelp\">\n";
 	print i("Name of the administrative or root user residing on the VM host.");
 	print "</div>\n";
@@ -830,7 +810,7 @@ function AJupdateVMprofileItem() {
 	}
 	$profileid = processInputVar('profileid', ARG_NUMERIC);
 	$item = processInputVar('item', ARG_STRING);
-	if(! preg_match('/^(profilename|imageid|resourcepath|folderpath|repositorypath|repositoryimagetypeid|datastorepath|datastoreimagetypeid|vmdisk|vmpath|virtualswitch[0-3]|username|password|eth0generated|eth1generated|rsakey|rsapub)$/',
$item)) {
+	if(! preg_match('/^(profilename|imageid|resourcepath|folderpath|repositorypath|repositoryimagetypeid|datastorepath|datastoreimagetypeid|vmdisk|vmpath|virtualswitch[0-3]|username|password|eth0generated|eth1generated)$/',
$item)) {
 		print "alert('Invalid data submitted.');";
 		return;
 	}
@@ -867,48 +847,70 @@ function AJupdateVMprofileItem() {
 	$item = mysql_real_escape_string($item);
 	$profile = getVMProfiles($profileid);
 	if($item == 'password') {
-		if($profile[$profileid]['rsapub']) {
-			$encrypted = encryptDataAsymmetric($newvalue, $profile[$profileid]['rsapub']);
-			$escaped = mysql_real_escape_string($encrypted);
-			$query = "UPDATE vmprofile "
-			       . "SET `encryptedpasswd` = '$escaped', "
-			       .     "`password` = NULL "
-			       . "WHERE id = $profileid";
-			doQuery($query);
-		}
-		else {
-			$pwdlen = strlen($newvalue);
-			if($pwdlen == 0) {
-				if($profile[$profileid]['pwdlength'] != 0) {
-					$secretid = getSecretID('vmprofile', 'secretid', $profileid);
-					if($secretid === NULL) {
-						print "dojo.byId('savestatus').innerHTML = '';";
-						print "alert('Error saving password');";
-						return;
-					}
-					deleteSecrets($secretid);
-					$query = "UPDATE vmprofile "
-					       . "SET password = NULL, "
-					       .     "secretid = NULL "
-					       . "WHERE id = $profileid";
-					doQuery($query);
-				}
-			}
-			else {
-				$secretid = getSecretID('vmprofile', 'secretid', $profileid);
+		$pwdlen = strlen($newvalue);
+		if($pwdlen == 0) {
+			if($profile[$profileid]['pwdlength'] != 0) {
+				$secretid = getSecretKeyID('vmprofile', 'secretid', $profileid);
 				if($secretid === NULL) {
 					print "dojo.byId('savestatus').innerHTML = '';";
 					print "alert('Error saving password');";
 					return;
 				}
-				$encpass = encryptDBdata($newvalue, $secretid);
+				deleteSecretKeys($secretid);
 				$query = "UPDATE vmprofile "
-				       . "SET password = '$encpass', "
-				       .     "secretid = '$secretid' "
+				       . "SET password = NULL, "
+				       .     "secretid = NULL "
 				       . "WHERE id = $profileid";
 				doQuery($query);
 			}
 		}
+		else {
+			$secretid = getSecretKeyID('vmprofile', 'secretid', $profileid);
+			# check that we have a cryptsecret entry for this secret
+			$cryptkeyid = getCryptKeyID();
+			$query = "SELECT cryptsecret "
+			       . "FROM cryptsecret "
+			       . "WHERE cryptkeyid = $cryptkeyid AND "
+			       .       "secretid = $secretid";
+			$qh = doQuery($query);
+			if(! ($row = mysql_fetch_assoc($qh))) {
+				# generate a new secret
+				$newsecretid = getSecretKeyID('vmprofile', 'secretid', 0);
+				$delids = array($secretid);
+				if($newsecretid == $secretid) {
+					$delids[] = $secretid;
+					$newsecretid = getSecretKeyID('addomain', 'secretid', 0);
+				}
+				$delids = implode(',', $delids);
+				# encrypt new secret with any management node keys
+				$secretidset = array();
+				$query = "SELECT ck.hostid AS mnid "
+				       . "FROM cryptkey ck "
+				       . "JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid) "
+				       . "WHERE cs.secretid = $secretid AND "
+				       .       "ck.hosttype = 'managementnode'";
+				$qh = doQuery($query);
+				while($row = mysql_fetch_assoc($qh))
+					$secretidset[$row['mnid']][$newsecretid] = 1;
+				$values = getMNcryptkeyUpdates($secretidset, $cryptkeyid);
+				addMNcryptkeyUpdates($values);
+				$secretid = $newsecretid;
+				# clean up old cryptsecret entries for management nodes
+				$query = "DELETE FROM cryptsecret WHERE secretid IN ($delids)";
+				doQuery($query);
+			}
+			if($secretid === NULL) {
+				print "dojo.byId('savestatus').innerHTML = '';";
+				print "alert('Error saving password');";
+				return;
+			}
+			$encpass = encryptDBdata($newvalue, $secretid);
+			$query = "UPDATE vmprofile "
+			       . "SET password = '$encpass', "
+			       .     "secretid = '$secretid' "
+			       . "WHERE id = $profileid";
+			doQuery($query);
+		}
 		print "dojo.byId('savestatus').innerHTML = 'Saved'; ";
 		print "setTimeout(function() {dojo.byId('savestatus').innerHTML = '';}, 3000); ";
 		print "curprofile.pwdlength = $pwdlen;";

Modified: vcl/trunk/web/.ht-inc/xmlrpcWrappers.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php?rev=1797695&r1=1797694&r2=1797695&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/xmlrpcWrappers.php (original)
+++ vcl/trunk/web/.ht-inc/xmlrpcWrappers.php Mon Jun  5 20:10:44 2017
@@ -3739,7 +3739,7 @@ function XMLRPCfinishBaseImageCapture($o
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn XMLRPCupdateSecrets($reservationid)
+/// \fn XMLRPCcheckCryptSecrets($reservationid)
 ///
 /// \param $reservationid - id from reservation table
 ///
@@ -3750,6 +3750,7 @@ function XMLRPCfinishBaseImageCapture($o
 /// \li \b errormsg - error string\n
 /// \b success - indicates all secrets were successfully
 /// updated\n
+/// \b partial - indicates only some needed secrets were successfully updates\n
 /// \b noupdate - indicates no missing values were found to be added to
 /// cryptsecret table
 ///
@@ -3757,12 +3758,13 @@ function XMLRPCfinishBaseImageCapture($o
 /// node to be able to process $reservationid
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function XMLRPCupdateSecrets($reservationid) {
+function XMLRPCcheckCryptSecrets($reservationid) {
 	global $user, $xmlrpcBlockAPIUsers;
+
 	if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) {
 		return array('status' => 'error',
 		             'errorcode' => 99,
-		             'errormsg' => 'access denied for call to XMLRPCupdateSecrets');
+		             'errormsg' => 'access denied for call to XMLRPCcheckCryptSecrets');
 	}
 	# query to find any cryptkeys that don't have values in cryptsecret
 	$mycryptkeyid = getCryptKeyID();
@@ -3771,6 +3773,14 @@ function XMLRPCupdateSecrets($reservatio
 		             'errorcode' => 100,
 		             'errormsg' => 'Encryption key missing for this web server');
 	}
+	# check for existance of $reservationid
+	$query = "SELECT id FROM reservation WHERE id = $reservationid";
+	$qh = doQuery($query);
+	if(! ($row = mysql_fetch_assoc($qh))) {
+		return array('status' => 'error',
+		             'errorcode' => 101,
+		             'errormsg' => 'Specified reservation does not exist');
+	}
 	# determine any secretids needed from addomain
 	$secretids = array();
 	$mnid = 0;
@@ -3801,39 +3811,55 @@ function XMLRPCupdateSecrets($reservatio
 		$mnid = $row['managementnodeid'];
 	}
 
+	if(empty($secretids))
+		return array('status' => 'noupdate');
+
 	# find any missing secrets for management nodes
 	$values = array();
-	$allsecretids = implode(',', $secretids);
+	$fails = array();
+	$secret1 = array_shift($secretids);
+	$subquery = "SELECT $secret1 AS id";
+	if(count($secretids) == 1)
+		$subquery .= " UNION SELECT {$secretids[0]}";
+	else
+		$subquery .= " UNION SELECT " . implode(' UNION SELECT ', $secretids);
 	$query = "SELECT ck.id as cryptkeyid, "
 	       .        "ck.pubkey as cryptkey, "
 	       .        "s.id as secretid, "
 	       .        "mycs.cryptsecret AS mycryptsecret "
 	       . "FROM cryptkey ck "
-	       . "JOIN (SELECT DISTINCT secretid AS id FROM cryptsecret) AS s "
-	       . "JOIN (SELECT cryptsecret, secretid FROM cryptsecret WHERE cryptkeyid = $mycryptkeyid)
AS mycs "
+	       . "JOIN ($subquery) AS s "
+	       . "LEFT JOIN (SELECT cryptsecret, secretid "
+	       .            "FROM cryptsecret "
+	       .            "WHERE cryptkeyid = $mycryptkeyid) AS mycs ON (s.id = mycs.secretid)
"
 	       . "LEFT JOIN cryptsecret cs ON (s.id = cs.secretid AND ck.id = cs.cryptkeyid) "
-	       . "WHERE mycs.secretid = s.id AND "
-	       .       "ck.hostid = $mnid AND "
+	       . "WHERE ck.hostid = $mnid AND "
 	       .       "ck.hosttype = 'managementnode' AND "
-	       .       "s.id in ($allsecretids) AND "
 	       .       "cs.id IS NULL";
 	$qh = doQuery($query);
 	while($row = mysql_fetch_assoc($qh)) {
-		$secret = decryptSecret($row['mycryptsecret']);
-		$encsecret = encryptSecret($secret, $row['cryptkey']);
+		if($row['mycryptsecret'] == NULL) {
+			$fails[] = $row['secretid'];
+			continue;
+		}
+		$secret = decryptSecretKey($row['mycryptsecret']);
+		$encsecret = encryptSecretKey($secret, $row['cryptkey']);
 		$encsecret = mysql_real_escape_string($encsecret);
-		$values[] = "({$row['cryptkeyid']}, {$row['secretid']}, '$encsecret')";
+		$values[] = "({$row['cryptkeyid']}, {$row['secretid']}, '$encsecret', '"
+		          . SYMALGO . "', '" . SYMOPT . "', " . SYMLEN . ")";
 	}
-	if(empty($values))
+	if(empty($values) && empty($fails))
 		return array('status' => 'noupdate');
 
-	$allvalues = implode(',', $values);
-	$query = "INSERT INTO cryptsecret "
-	       .       "(cryptkeyid, "
-	       .       "secretid, "
-	       .       "cryptsecret) "
-	       . "VALUES $allvalues";
-	doQuery($query);
+	addMNcryptkeyUpdates($values);
+
+	if(count($values) && count($fails))
+		return array('status' => 'partial');
+	elseif(count($fails))
+		return array('status' => 'error',
+		             'errorcode' => 102,
+		             'errormsg' => 'Encryption secret missing for this web server');
+
 	return array('status' => 'success');
 }
 

Modified: vcl/trunk/web/js/vm.js
URL: http://svn.apache.org/viewvc/vcl/trunk/web/js/vm.js?rev=1797695&r1=1797694&r2=1797695&view=diff
==============================================================================
--- vcl/trunk/web/js/vm.js (original)
+++ vcl/trunk/web/js/vm.js Mon Jun  5 20:10:44 2017
@@ -519,8 +519,6 @@ function getVMprofileDataCB(data, ioArgs
 	dijit.byId('pvs2').noValueIndicator = '(empty)';
 	dijit.byId('pvs3').noValueIndicator = '(empty)';
 	dijit.byId('pusername').noValueIndicator = '(empty)';
-	dijit.byId('prsakey').noValueIndicator = '(empty)';
-	dijit.byId('prsapub').noValueIndicator = '(empty)';
 
 	dijit.byId('pname').setValue(curprofile.profilename);
 	dijit.byId('presourcepath').setValue(curprofile.resourcepath);
@@ -537,8 +535,6 @@ function getVMprofileDataCB(data, ioArgs
 	dijit.byId('pusername').setValue(curprofile.username);
 	dijit.byId('pgenmac0').setValue(curprofile.eth0generated);
 	dijit.byId('pgenmac1').setValue(curprofile.eth1generated);
-	dijit.byId('prsapub').setValue(curprofile.rsapub);
-	dijit.byId('prsakey').setValue(curprofile.rsakey);
 	if(curprofile.pwdlength == 0) {
 		dojo.byId('ppassword').value = '';
 		dojo.byId('ppwdconfirm').value = '';



Mime
View raw message