mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-03 07:04:07 +01:00
* [FIX] Fixed LDAP uncaught exceptions.
* [FIX] Fixed character encoding on mail sending. * [FIX] Fixed master password changing errors on blank passwords. * [FIX] Disable debug mode.
This commit is contained in:
nuxsmin
@@ -278,7 +278,7 @@ class Account extends AccountBase implements AccountInterface
|
||||
* Esta funcion realiza la consulta a la BBDD y guarda los datos en las variables de la clase.
|
||||
*
|
||||
* @return object
|
||||
* @throws Exception
|
||||
* @throws SPException
|
||||
*/
|
||||
public function getAccountData()
|
||||
{
|
||||
@@ -521,24 +521,28 @@ class Account extends AccountBase implements AccountInterface
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strlen($account->account_IV) < 32) {
|
||||
$errorCount++;
|
||||
$log->addDescription(_('IV de encriptación incorrecto') . " (" . $account->account_id . ")");
|
||||
if (strlen($account->account_pass) === 0){
|
||||
$log->addDescription(_('Clave de cuenta vacía') . ' (' . $account->account_id . ') ' . $account->account_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strlen($account->account_IV) < 32) {
|
||||
$log->addDescription(_('IV de encriptación incorrecto') . ' (' . $account->account_id . ') ' . $account->account_name);
|
||||
}
|
||||
|
||||
$decryptedPass = Crypt::getDecrypt($account->account_pass, $currentMasterPass, $account->account_IV);
|
||||
$this->setAccountPass(Crypt::mkEncrypt($decryptedPass, $newMasterPass));
|
||||
$this->setAccountIV(Crypt::$strInitialVector);
|
||||
|
||||
if ($this->getAccountPass() === false) {
|
||||
$errorCount++;
|
||||
$log->addDescription(_('No es posible desencriptar la clave de la cuenta') . ' (' . $account->account_id . ') ' . $account->account_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!$this->updateAccountPass(true)) {
|
||||
$errorCount++;
|
||||
$log->addDescription(_('Fallo al actualizar la clave de la cuenta') . '(' . $this->getAccountId() . ')');
|
||||
$log->addDescription(_('Fallo al actualizar la clave de la cuenta') . ' (' . $this->getAccountId() . ') ' . $account->acchistory_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -562,10 +566,6 @@ class Account extends AccountBase implements AccountInterface
|
||||
|
||||
Email::sendEmail($log);
|
||||
|
||||
if ($errorCount > 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -576,7 +576,7 @@ class Account extends AccountBase implements AccountInterface
|
||||
*/
|
||||
protected function getAccountsPassData()
|
||||
{
|
||||
$query = 'SELECT account_id, account_pass, account_IV FROM accounts';
|
||||
$query = 'SELECT account_id, account_name, account_pass, account_IV FROM accounts';
|
||||
|
||||
return DB::getResults($query, __FUNCTION__);
|
||||
}
|
||||
|
||||
@@ -152,13 +152,17 @@ class AccountHistory extends AccountBase implements AccountInterface
|
||||
|
||||
if (!$this->checkAccountMPass()) {
|
||||
$errorCount++;
|
||||
$log->addDescription(_('La clave maestra del registro no coincide') . ' (' . $account->acchistory_id . ')');
|
||||
$log->addDescription(_('La clave maestra del registro no coincide') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strlen($account->acchistory_pass) === 0){
|
||||
$log->addDescription(_('Clave de cuenta vacía') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strlen($account->acchistory_IV) < 32) {
|
||||
$log->addDescription(_('IV de encriptación incorrecto') . ' (' . $account->acchistory_id . ')');
|
||||
continue;
|
||||
$log->addDescription(_('IV de encriptación incorrecto') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
|
||||
}
|
||||
|
||||
$decryptedPass = Crypt::getDecrypt($account->acchistory_pass, $currentMasterPass, $account->acchistory_IV);
|
||||
@@ -167,12 +171,13 @@ class AccountHistory extends AccountBase implements AccountInterface
|
||||
|
||||
if ($this->getAccountPass() === false) {
|
||||
$errorCount++;
|
||||
$log->addDescription(_('No es posible desencriptar la clave de la cuenta') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!$this->updateAccountPass($account->acchistory_id, $newHash)) {
|
||||
$errorCount++;
|
||||
$log->addDescription(_('Fallo al actualizar la clave del histórico') . ' (' . $account->acchistory_id . ')');
|
||||
$log->addDescription(_('Fallo al actualizar la clave del histórico') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -194,10 +199,6 @@ class AccountHistory extends AccountBase implements AccountInterface
|
||||
$log->addDescription(_('Fin'));
|
||||
$log->writeLog();
|
||||
|
||||
if ($errorCount > 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -208,7 +209,7 @@ class AccountHistory extends AccountBase implements AccountInterface
|
||||
*/
|
||||
protected function getAccountsPassData()
|
||||
{
|
||||
$query = 'SELECT acchistory_id, acchistory_pass, acchistory_IV FROM accHistory';
|
||||
$query = 'SELECT acchistory_id, acchistory_name, acchistory_pass, acchistory_IV FROM accHistory';
|
||||
|
||||
DB::setReturnArray();
|
||||
|
||||
@@ -296,7 +297,7 @@ class AccountHistory extends AccountBase implements AccountInterface
|
||||
* en las variables de la clase.
|
||||
*
|
||||
* @return object
|
||||
* @throws Exception
|
||||
* @throws SPException
|
||||
*/
|
||||
public function getAccountData()
|
||||
{
|
||||
@@ -339,7 +340,7 @@ class AccountHistory extends AccountBase implements AccountInterface
|
||||
$queryRes = DB::getResults($query, __FUNCTION__, $data);
|
||||
|
||||
if ($queryRes === false) {
|
||||
throw new \Exception(_('No se pudieron obtener los datos de la cuenta'));
|
||||
throw new SPException(SPException::SP_CRITICAL, _('No se pudieron obtener los datos de la cuenta'));
|
||||
}
|
||||
|
||||
$this->setAccountUserId($queryRes->account_userId);
|
||||
|
||||
@@ -57,7 +57,7 @@ class Auth
|
||||
Ldap::ldapConnect();
|
||||
Ldap::ldapBind();
|
||||
Ldap::getUserDN($userLogin);
|
||||
} catch (Exception $e) {
|
||||
} catch (\Exception $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -75,7 +75,7 @@ class Auth
|
||||
try {
|
||||
Ldap::ldapBind($userDN, $userPass);
|
||||
$attribs = Ldap::getLDAPAttr($attribsMap);
|
||||
} catch (Exception $e) {
|
||||
} catch (\Exception $e) {
|
||||
return ldap_errno(Ldap::getConn());
|
||||
}
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ define('MODEL_PATH', __DIR__);
|
||||
define('CONTROLLER_PATH', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'web');
|
||||
define('VIEW_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'tpl');
|
||||
define('EXTENSIONS_DIR', dirname(__FILE__) . DIRECTORY_SEPARATOR . 'ext');
|
||||
define('DEBUG', true);
|
||||
define('DEBUG', false);
|
||||
|
||||
require_once MODEL_PATH . DIRECTORY_SEPARATOR . 'Init.class.php';
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@ class Email
|
||||
return false;
|
||||
}
|
||||
|
||||
$mail = self::getEmailObject($mailTo, $log->getAction());
|
||||
$mail = self::getEmailObject($mailTo, utf8_decode($log->getAction()));
|
||||
|
||||
if (!is_object($mail)) {
|
||||
return false;
|
||||
@@ -57,13 +57,13 @@ class Email
|
||||
|
||||
if ($isEvent === true) {
|
||||
$performer = (Session::getUserLogin()) ? Session::getUserLogin() : _('N/D');
|
||||
$body[] = Html::strongText(_('Acción') . ": ") . $log->getAction();
|
||||
$body[] = Html::strongText(_('Acción') . ": ") . utf8_decode($log->getAction());
|
||||
$body[] = Html::strongText(_('Realizado por') . ": ") . $performer . ' (' . $_SERVER['REMOTE_ADDR'] . ')';
|
||||
|
||||
$mail->addCC(Config::getValue('mail_from'));
|
||||
}
|
||||
|
||||
$body[] = $log->getDescription();
|
||||
$body[] = utf8_decode($log->getDescription());
|
||||
$body[] = '';
|
||||
$body[] = '--';
|
||||
$body[] = Util::getAppInfo('appname') . ' - ' . Util::getAppInfo('appdesc');
|
||||
|
||||
@@ -26,8 +26,6 @@
|
||||
|
||||
namespace SP;
|
||||
|
||||
use Exception;
|
||||
|
||||
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
|
||||
|
||||
/**
|
||||
@@ -82,7 +80,7 @@ class Ldap
|
||||
self::ldapConnect();
|
||||
self::ldapBind();
|
||||
$numObjects = self::searchBase();
|
||||
} catch (Exception $e) {
|
||||
} catch (\Exception $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -92,7 +90,7 @@ class Ldap
|
||||
/**
|
||||
* Realizar la conexión al servidor de LDAP.
|
||||
*
|
||||
* @throws Exception
|
||||
* @throws \Exception
|
||||
* @return bool
|
||||
*/
|
||||
public static function ldapConnect()
|
||||
@@ -105,7 +103,7 @@ class Ldap
|
||||
$log->addDescription('LDAP ERROR: ' . ldap_error(self::$_ldapConn) . '(' . ldap_errno(self::$_ldapConn) . ')');
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('No es posible conectar con el servidor de LDAP'));
|
||||
throw new \Exception(_('No es posible conectar con el servidor de LDAP'));
|
||||
}
|
||||
|
||||
@ldap_set_option(self::$_ldapConn, LDAP_OPT_NETWORK_TIMEOUT, 10); // Set timeout
|
||||
@@ -119,7 +117,7 @@ class Ldap
|
||||
*
|
||||
* @param string $userDN con el DN del usuario
|
||||
* @param string $userPass con la clave del usuario
|
||||
* @throws Exception
|
||||
* @throws \Exception
|
||||
* @return bool
|
||||
*/
|
||||
public static function ldapBind($userDN = '', $userPass = '')
|
||||
@@ -135,7 +133,7 @@ class Ldap
|
||||
$log->addDescription('LDAP DN: ' . $dn);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al conectar (BIND)'));
|
||||
throw new \Exception(_('Error al conectar (BIND)'));
|
||||
}
|
||||
|
||||
return true;
|
||||
@@ -144,7 +142,7 @@ class Ldap
|
||||
/**
|
||||
* Realizar una búsqueda de objetos en la ruta indicada.
|
||||
*
|
||||
* @throws Exception
|
||||
* @throws \Exception
|
||||
* @return int con el número de resultados
|
||||
*/
|
||||
private static function searchBase()
|
||||
@@ -163,7 +161,7 @@ class Ldap
|
||||
$log->addDescription('LDAP FILTER: ' . $filter);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al buscar objetos en DN base'));
|
||||
throw new \Exception(_('Error al buscar objetos en DN base'));
|
||||
}
|
||||
|
||||
return @ldap_count_entries(self::$_ldapConn, $searchRes);
|
||||
@@ -172,7 +170,7 @@ class Ldap
|
||||
/**
|
||||
* Obtener el RDN del grupo.
|
||||
*
|
||||
* @throws Exception
|
||||
* @throws \Exception
|
||||
* @return string con el RDN del grupo
|
||||
*/
|
||||
private static function searchGroupDN()
|
||||
@@ -196,7 +194,7 @@ class Ldap
|
||||
$log->addDescription('LDAP FILTER: ' . $filter);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al buscar RDN de grupo'));
|
||||
throw new \Exception(_('Error al buscar RDN de grupo'));
|
||||
}
|
||||
|
||||
if (@ldap_count_entries(self::$_ldapConn, $searchRes) === 1) {
|
||||
@@ -207,7 +205,7 @@ class Ldap
|
||||
$log->addDescription('LDAP ERROR: ' . ldap_error(self::$_ldapConn) . '(' . ldap_errno(self::$_ldapConn) . ')');
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al buscar RDN de grupo'));
|
||||
throw new \Exception(_('Error al buscar RDN de grupo'));
|
||||
}
|
||||
|
||||
$log->addDescription(_('RDN de grupo encontrado'));
|
||||
@@ -220,7 +218,7 @@ class Ldap
|
||||
$log->addDescription('LDAP FILTER: ' . $filter);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al buscar RDN de grupo'));
|
||||
throw new \Exception(_('Error al buscar RDN de grupo'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -251,7 +249,7 @@ class Ldap
|
||||
* Obtener el RDN del usuario que realiza el login.
|
||||
*
|
||||
* @param string $userLogin con el login del usuario
|
||||
* @throws Exception
|
||||
* @throws \Exception
|
||||
* @return none
|
||||
*/
|
||||
public static function getUserDN($userLogin)
|
||||
@@ -274,7 +272,7 @@ class Ldap
|
||||
$log->addDescription('LDAP FILTER: ' . $filter);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al buscar el DN del usuario'));
|
||||
throw new \Exception(_('Error al buscar el DN del usuario'));
|
||||
}
|
||||
|
||||
if (@ldap_count_entries(self::$_ldapConn, $searchRes) === 1) {
|
||||
@@ -285,14 +283,14 @@ class Ldap
|
||||
$log->addDescription('LDAP ERROR: ' . ldap_error(self::$_ldapConn) . '(' . ldap_errno(self::$_ldapConn) . ')');
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al localizar el usuario en LDAP'));
|
||||
throw new \Exception(_('Error al localizar el usuario en LDAP'));
|
||||
}
|
||||
} else {
|
||||
$log->addDescription(_('Error al buscar el DN del usuario'));
|
||||
$log->addDescription('LDAP FILTER: ' . $filter);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al buscar el DN del usuario'));
|
||||
throw new \Exception(_('Error al buscar el DN del usuario'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -339,7 +337,7 @@ class Ldap
|
||||
* Buscar al usuario en un grupo.
|
||||
*
|
||||
* @param string $userDN con el RDN del usuario
|
||||
* @throws Exception
|
||||
* @throws \Exception
|
||||
* @return bool
|
||||
*/
|
||||
public static function searchUserInGroup($userDN)
|
||||
@@ -371,7 +369,7 @@ class Ldap
|
||||
$log->addDescription('LDAP FILTER: ' . $filter);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('Error al buscar el grupo de usuarios'));
|
||||
throw new \Exception(_('Error al buscar el grupo de usuarios'));
|
||||
}
|
||||
|
||||
if (!@ldap_count_entries(self::$_ldapConn, $searchRes) === 1) {
|
||||
@@ -380,7 +378,7 @@ class Ldap
|
||||
$log->addDescription('LDAP FILTER: ' . $filter);
|
||||
$log->writeLog();
|
||||
|
||||
throw new Exception(_('No se encontró el grupo con ese nombre'));
|
||||
throw new \Exception(_('No se encontró el grupo con ese nombre'));
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
@@ -31,6 +31,7 @@ use SP\Acl;
|
||||
use SP\Common;
|
||||
use SP\Groups;
|
||||
use SP\Session;
|
||||
use SP\SPException;
|
||||
use SP\Users;
|
||||
|
||||
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
|
||||
@@ -272,7 +273,7 @@ class AccountC extends Controller implements ActionsInterface
|
||||
$this->setGotData(true);
|
||||
|
||||
Session::setLastAcountId($this->getId());
|
||||
} catch (\Exception $e) {
|
||||
} catch (SPException $e) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
@@ -401,7 +402,7 @@ class AccountC extends Controller implements ActionsInterface
|
||||
$this->setGotData(true);
|
||||
|
||||
Session::setLastAcountId(\SP\Session::getAccountParentId());
|
||||
} catch (\Exception $e) {
|
||||
} catch (SPException $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user