vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jftho...@apache.org
Subject svn commit: r1798264 - /vcl/trunk/web/testsetup.php
Date Fri, 09 Jun 2017 19:09:08 GMT
Author: jfthomps
Date: Fri Jun  9 19:09:08 2017
New Revision: 1798264

URL: http://svn.apache.org/viewvc?rev=1798264&view=rev
Log:
testsetup.php:
-added a line to set default timezone to prevent php warning
-added check after fopen'ing URL to self to test including secrets.php and conf.php to check
for 'parse error' in the returned data, and if so, just set $data to ''
-added check for all required constants being defined in conf.php
-added check for cryptkey directory
-added code to attempt to create cryptkey if it doesn't already exist
-added check for being able to base64 decode $cryptkey
-changed check for testing phpseclib to test symmetric encryption - tests for openssl based
if openssl_encrypt exists; test for phpseclib if it doesn't
-added unordered list tags around dojo css theme checks

Modified:
    vcl/trunk/web/testsetup.php

Modified: vcl/trunk/web/testsetup.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/testsetup.php?rev=1798264&r1=1798263&r2=1798264&view=diff
==============================================================================
--- vcl/trunk/web/testsetup.php (original)
+++ vcl/trunk/web/testsetup.php Fri Jun  9 19:09:08 2017
@@ -1,4 +1,5 @@
 <?php
+date_default_timezone_set('America/New_York');
 /*
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
@@ -96,9 +97,11 @@ $allowurlopen = ini_get('allow_url_fopen
 if($includesecrets) {
 	$data = '';
 	if($fp = fopen("$myurl?includesecretstest=1", 'r')) {
-		$data = fread($fp, 100);
+		$data = fread($fp, 1000);
 		fclose($fp);
 	}
+	if(preg_match('/parse error/i', $data))
+		$data = '';
 	if($allowurlopen && (empty($data) || $data == 'unreadable')) {
 		print $header;
 		# php version
@@ -126,9 +129,12 @@ else {
 if($includeconf) {
 	$data = '';
 	if($fp = fopen("$myurl?includeconftest=1", 'r')) {
-		$data = fread($fp, 100);
+		$data = fread($fp, 1000);
 		fclose($fp);
 	}
+	if(preg_match('/parse error/i', $data)) {
+		$data = '';
+	}
 	$allowurlopen = ini_get('allow_url_fopen');
 	if($allowurlopen && (empty($data) || $data == 'unreadable')) {
 		print $header;
@@ -139,7 +145,7 @@ if($includeconf) {
 		if($data == 'unreadable')
 			fail("unable to read .ht-inc/conf.php - check the permissions of the file");
 		else
-			fail("unable to include .ht-inc/conf.php - this is probably due to a syntax error in .ht-inc/conf.php");
+			fail("unable to include .ht-inc/conf.php - this is probably due to a syntax error in .ht-inc/conf.php
(or a file it includes)");
 		fail("skipping tests for contents of .ht-inc/conf.php");
 		print "</ul>\n";
 		$includeconf = 0;
@@ -153,6 +159,7 @@ else {
 }
 
 # conf.php tests
+$createcryptkey = 0;
 if($includeconf && include('.ht-inc/conf.php')) {
 	$host = $_SERVER['HTTP_HOST'];
 	if(! defined('COOKIEDOMAIN')) {
@@ -231,21 +238,36 @@ if($includeconf && include('.ht-inc/conf
 	}
 	print "</ul>\n";
 
+	# check various other constants
+	title("Checking that other required constants are defined");
+	print "<ul>\n";
+	$consts = array('ONLINEDEBUG', 'HELPURL', 'HELPEMAIL', 'ERROREMAIL', 'ENVELOPESENDER', 'DEFAULTLOCALE',
'BASEURL', 'SCRIPT', 'HOMEURL', 'COOKIEDOMAIN', 'DEFAULTGROUP', 'DEFAULT_AFFILID', 'DAYSAHEAD',
'DEFAULT_PRIVNODE', 'SCHEDULER_ALLOCATE_RANDOM_COMPUTER', 'PRIV_CACHE_TIMEOUT', 'MIN_BLOCK_MACHINES',
'MAX_BLOCK_MACHINES', 'DOCUMENTATIONURL', 'USEFILTERINGSELECT', 'FILTERINGSELECTTHRESHOLD',
'SEMTIMEOUT', 'DEFAULTTHEME', 'HELPFAQURL', 'ALLOWADDSHIBUSERS', 'MAXINITIALIMAGINGTIME',
'MAXSUBIMAGES', 'NOAUTH_HOMENAV', 'QUERYLOGGING', 'XMLRPCLOGGING');
+	$fails = array();
+	foreach($consts as $const) {
+		if(! defined("$const"))
+			$fails[] = $const;
+	}
+	if(empty($fails))
+		pass("All required constants are defined in .ht-inc/conf.php");
+	else
+		fail("The following constants need to be defined in .ht-inc/conf.php. Check conf-default.php
for more information about each one.<br>" . implode("<br>\n", $fails));
+	print "</ul>\n";
+
 	# check for existance of maintenance directory
 	title("Checking that .ht-inc/maintenance directory exists");
 	print "<ul>\n";
 	$file = preg_replace('|/testsetup.php|', '', $_SERVER['SCRIPT_FILENAME']);
 	$file .= "/.ht-inc/maintenance";
 	if(! is_dir($file))
-		fail("/.ht-inc/maintenance directory does not exist. Please create it.");
+		fail(".ht-inc/maintenance directory does not exist. Please create it.");
 	else {
-		pass("/.ht-inc/maintenance directory exists");
+		pass(".ht-inc/maintenance directory exists");
 		print "</ul>\n";
 		# check that we can write files to maintenance directory
 		title("Checking that .ht-inc/maintenance directory is writable");
 		print "<ul>\n";
 		if(! is_writable("$file"))
-			fail("Maintenance directory is not writable");
+			fail("maintenance directory is not writable");
 		else {
 			if(! $fh = @fopen("$file/testfile", 'w'))
 				fail("Failed to open file in maintenance directory");
@@ -257,7 +279,42 @@ if($includeconf && include('.ht-inc/conf
 					if(! unlink("$file/testfile"))
 						fail("Failed to remove file from maintenance directory");
 					else
-						pass("Maintenance directory is writable");
+						pass("maintenance directory is writable");
+				}
+			}
+		}
+	}
+	print "</ul>\n";
+
+	# check for existance of cryptkey directory
+	title("Checking that .ht-inc/cryptkey directory exists");
+	print "<ul>\n";
+	$file = preg_replace('|/testsetup.php|', '', $_SERVER['SCRIPT_FILENAME']);
+	$file .= "/.ht-inc/cryptkey";
+	if(! is_dir($file))
+		fail(".ht-inc/cryptkey directory does not exist. Please create it.");
+	else {
+		pass(".ht-inc/cryptkey directory exists");
+		print "</ul>\n";
+		# check that we can write files to cryptkey directory
+		title("Checking that .ht-inc/cryptkey directory is writable");
+		print "<ul>\n";
+		if(! is_writable("$file"))
+			fail("cryptkey directory is not writable");
+		else {
+			if(! $fh = @fopen("$file/testfile", 'w'))
+				fail("Failed to open file in cryptkey directory");
+			else {
+				if(! fwrite($fh, 'test') || ! fclose($fh))
+					fail("Failed to write to file in cryptkey directory");
+				else {
+					# check that we can remove files from cryptkey directory
+					if(! unlink("$file/testfile"))
+						fail("Failed to remove file from cryptkey directory");
+					else {
+						pass("cryptkey directory is writable");
+						$createcryptkey = 1;
+					}
 				}
 			}
 		}
@@ -265,12 +322,48 @@ if($includeconf && include('.ht-inc/conf
 	print "</ul>\n";
 }
 
+if($createcryptkey) {
+	title("Checking asymmetric encryption key for this web server");
+	print "<ul>\n";
+	if(is_readable('.ht-inc/utils.php') && @(include '.ht-inc/utils.php') == TRUE) {
+		$file = preg_replace('|/testsetup.php|', '', $_SERVER['SCRIPT_FILENAME']);
+		$filebase = $file . "/.ht-inc/cryptkey";
+		$file1 = "$filebase/cryptkeyid";
+		$file2 = "$filebase/private.pem";
+		$exist = 0;
+		if(is_readable("$file1") && is_readable("$file2"))
+			$exist = 1;
+		else
+			print "<li>encryption key does not already exist - attempting to create</li>\n";
+		$tmp = $_SERVER['SCRIPT_FILENAME'];
+		$_SERVER['SCRIPT_FILENAME'] = str_replace('testsetup.php', 'index.php', $_SERVER['SCRIPT_FILENAME']);
+		$actions = array('pages' => array());
+		initGlobals();
+		dbConnect();
+		checkCryptkey();
+		dbDisconnect();
+		$_SERVER['SCRIPT_FILENAME'] = $tmp;
+		if(is_readable("$file1") && is_readable("$file2")) {
+			if($exist)
+				pass("Asymmetric key validated");
+			else
+				pass("Successfully created asymmetric encryption key");
+		}
+		else
+			fail("Failed to create asymmetric encryption key");
+	}
+	else {
+		fail("Failed to include .ht-inc/utils.php");
+	}
+	print "</ul>\n";
+}
+
 # required extentions
 title("Testing for required php extensions");
 if(version_compare(phpversion(), "5.2", "<"))
-	$requiredexts = array('gd', 'mysql', 'openssl', 'xml', 'xmlrpc', 'session', 'pcre', 'sockets',
'ldap', 'gettext');
+	$requiredexts = array('mysql', 'openssl', 'xml', 'xmlrpc', 'session', 'pcre', 'sockets',
'ldap');
 else
-	$requiredexts = array('gd', 'mysql', 'openssl', 'xml', 'xmlrpc', 'session', 'pcre', 'sockets',
'ldap', 'gettext', 'json');
+	$requiredexts = array('mysql', 'openssl', 'xml', 'xmlrpc', 'session', 'pcre', 'sockets',
'ldap', 'json');
 $exts = get_loaded_extensions();
 $diff = array_diff($requiredexts, $exts);
 print "<ul>\n";
@@ -315,6 +408,13 @@ if($includesecrets && include('.ht-inc/s
 		fail("\$cryptkey in .ht-inc/secrets.php is not set");
 		$allok = 0;
 	}
+	elseif(function_exists('openssl_encrypt')) {
+		$rc = base64_decode($cryptkey, 1);
+		if($rc === FALSE) {
+			fail("\$cryptkey in .ht-inc/secrets.php is not base64 encoded. Generate new value with
<strong>openssl rand 32 | base64</strong>");
+			$allok = 0;
+		}
+	}
 	if(empty($pemkey)) {
 		fail("\$pemkey in .ht-inc/secrets.php is not set");
 		$allok = 0;
@@ -343,35 +443,62 @@ if($includesecrets && include('.ht-inc/s
 	}
 }
 
-# test mcrypt
-title("Testing phpseclib");
-require_once(".ht-inc/phpseclib/Crypt/AES.php");
-print "<ul>\n";
-if($includesecrets && ! empty($cryptkey)) {
-	$teststring = 'testing';
-	$aes = new Crypt_AES();
-	$aes->setKey($cryptkey);
-	if($cryptdata = $aes->encrypt($teststring)) {
-		pass("Successfully encrypted test string");
-		$decrypted = $aes->decrypt($cryptdata);
-		if(trim($decrypted) == $teststring)
-			pass("Successfully decrypted test string");
-		else
-			fail("Failed to decrypt test string");
+# test symmetric encryption
+title("Testing symmetric encryption");
+if(function_exists('openssl_encrypt')) {
+	print "<ul>\n";
+	if($includesecrets && ! empty($cryptkey)) {
+		$teststring = 'testing';
+		$iv = openssl_random_pseudo_bytes(16);
+		$mode = "AES-256-CBC";
+		if($cryptdata = openssl_encrypt($teststring, $mode, $cryptkey, 1, $iv)) {
+			pass("Successfully encrypted test string");
+			$decrypted = openssl_decrypt($cryptdata, $mode, $cryptkey, 1, $iv);
+			if(trim($decrypted) == $teststring)
+				pass("Successfully decrypted test string");
+			else
+				fail("Failed to decrypt test string");
+		}
+		else {
+			fail("Failed to encrypt data");
+		}
 	}
-	else {
-		fail("Failed to encrypt data with phpseclib");
+	else
+		fail("Cannot test encryption without \$cryptkey from .ht-inc/secrets.php");
+	print "</ul>\n";
+}
+else {
+	require_once(".ht-inc/phpseclib/Crypt/AES.php");
+	print "<ul>\n";
+	if($includesecrets && ! empty($cryptkey)) {
+		$teststring = 'testing';
+		$aes = new Crypt_AES(CRYPT_AES_MODE_CBC);
+		$aes->setKeyLength(256);
+		$iv = crypt_random_string(16);
+		$aes->setIV($iv);
+		$aes->setKey($cryptkey);
+		if($cryptdata = $aes->encrypt($teststring)) {
+			pass("Successfully encrypted test string");
+			$decrypted = $aes->decrypt($cryptdata);
+			if(trim($decrypted) == $teststring)
+				pass("Successfully decrypted test string");
+			else
+				fail("Failed to decrypt test string");
+		}
+		else {
+			fail("Failed to encrypt data");
+		}
 	}
+	else
+		fail("Cannot test encryption without \$cryptkey from .ht-inc/secrets.php");
+	print "</ul>\n";
 }
-else
-	fail("Cannot test encryption without \$cryptkey from .ht-inc/secrets.php");
-print "</ul>\n";
 
 # encryption keys
 $privkeyok = 0;
 $pubkeyok = 0;
 if(in_array('openssl', $exts)) {
-	title("checking openssl encryption keys");
+	title("Testing asymmetric encryption key files");
 	print "<ul>\n";
 	if($includesecrets && ! empty($pemkey)) {
 		if(is_readable(".ht-inc/keys.pem")) {
@@ -408,7 +535,7 @@ if(in_array('openssl', $exts)) {
 		fail("Could not read public key file (.ht-inc/pubkey.pem). Check permissions on the file.");
 	print "</ul>\n";
 
-	title("Testing openssl encryption");
+	title("Testing asymmetric encryption");
 	print "<ul>\n";
 	if(! $privkeyok)
 		fail("cannot test encryption without a valid private key");
@@ -446,7 +573,7 @@ if(is_dir('./dojo')) {
 		fail("dojo directory is not readable. Check permissions on this directory");
 }
 else
-	fail("dojo directory does not exist. Download and install Dojo Toolkit 1.6.2");
+	fail("dojo directory does not exist. Download and install Dojo Toolkit 1.6.5");
 print "</ul>\n";
 
 
@@ -476,6 +603,7 @@ print "</ul>\n";
 
 # check themes directories for dojo content having been copied in
 title("Checking themes for dojo css");
+print "<ul>\n";
 $themes = scandir('themes');
 foreach($themes as $theme) {
 	if($theme == '.' || $theme == '..' || $theme == 'copydojocss.sh')
@@ -485,6 +613,7 @@ foreach($themes as $theme) {
 	else
 		fail("themes/$theme is missing dojo css. Run themes/copydojocss.sh from the themes directory
to correct this if you want to use this theme.");
 }
+print "</ul>\n";
 
 # php display errors
 title("Checking value of PHP display_errors");



Mime
View raw message