FS#76857 - phpLDAPadmin - openssl 3.0 problem
Attached to Project:
Community Packages
Opened by Klaus Tachtler (tachtler) - Saturday, 17 December 2022, 12:00 GMT
Last edited by Toolybird (Toolybird) - Sunday, 18 December 2022, 07:00 GMT
Opened by Klaus Tachtler (tachtler) - Saturday, 17 December 2022, 12:00 GMT
Last edited by Toolybird (Toolybird) - Sunday, 18 December 2022, 07:00 GMT
|
Details
Description:
On archlinux, php7 has been updated with openssl 3.0 and now it's impossible to open a connection in phpldapadmin: connection is anonymous and is rejected by ldap server. For information, the problem is in lib/functions.php line 772: Additional info: * package version(s) phpldapadmin 1.2.6.4-1 * config and/or log files etc. * link to upstream bug report, if any --> SOLUTION: https://github.com/leenooks/phpLDAPadmin/pull/176 OR see https://github.com/tachtler/phpLDAPadmin as patched version, Thank you! Steps to reproduce: 1. Install phpldapadmin 2. configure /etc/webapps/phpldapadmin/config.php 3. use a OpenLDAP-Server with disallowed anonymous_bind 4. ldap bind is NOT possible |
This task depends upon
Closed by Toolybird (Toolybird)
Sunday, 18 December 2022, 07:00 GMT
Reason for closing: Fixed
Additional comments about closing: phpldapadmin 1.2.6.4-2
Sunday, 18 December 2022, 07:00 GMT
Reason for closing: Fixed
Additional comments about closing: phpldapadmin 1.2.6.4-2
+++ functions.php 2022-12-17 14:49:47.083703256 +0100
@@ -21,6 +21,7 @@
define('DOCDIR',sprintf('%s/',realpath(LIBDIR.'../doc/')));
define('HOOKSDIR',sprintf('%s/',realpath(LIBDIR.'../hooks/')));
define('JSDIR','js/');
+define('SESSION_CIPHER','aes256-gcm');
/**
* Supplimental functions
@@ -769,11 +770,10 @@
if (! trim($secret))
return $data;
- if (! empty($data) && function_exists('openssl_encrypt') && in_array('bf-ecb', openssl_get_cipher_methods())) {
- $keylen = openssl_cipher_iv_length('bf-ecb') * 2;
- return openssl_encrypt($data, 'bf-ecb', substr($secret,0,$keylen));
+ if (! empty($data) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
+ $keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
+ return openssl_encrypt($data, SESSION_CIPHER, substr($secret,0,$keylen));
}
-
/*
if (function_exists('mcrypt_module_open') && ! empty($data)) {
$td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
@@ -831,9 +831,9 @@
if (! trim($secret))
return $encdata;
- if (! empty($encdata) && function_exists('openssl_encrypt') && in_array('bf-ecb', openssl_get_cipher_methods())) {
- $keylen = openssl_cipher_iv_length('bf-ecb') * 2;
- return trim(openssl_decrypt($encdata, 'bf-ecb', substr($secret,0,$keylen)));
+ if (! empty($encdata) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
+ $keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
+ return trim(openssl_decrypt($encdata, SESSION_CIPHER, substr($secret,0,$keylen)));
}
/*
==============
# cp -a /usr/share/webapps/phpldapadmin/lib/functions.php /usr/share/webapps/phpldapadmin/lib/functions.php.orig
# patch /usr/share/webapps/phpldapadmin/lib/functions.php /tmp/openssl3.0.patch
Done!
thank you for your fast reply. I will try the new package and give you feedback.
Thank you in advance.
Klaus.
installing the new package version phpldapadmin-1.2.6.4-2 solves the problem with OpenSSL 3.0 - login problems.
Thank you!
Klaus.