mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 08:42:41 +01:00
Use Filesystem::readRandomBytes() instead of copy/pasting reads of /dev/urandom
everywhere. Summary: Test Plan: Logged out and in a few times, verified I got reasonable session keys assigned. Reviewers: CC:
This commit is contained in:
parent
3671f88a52
commit
bacf622178
4 changed files with 5 additions and 24 deletions
|
@ -68,26 +68,12 @@ class PhabricatorUser extends PhabricatorUserDAO {
|
||||||
}
|
}
|
||||||
|
|
||||||
private function generateConduitCertificate() {
|
private function generateConduitCertificate() {
|
||||||
$entropy = $this->generateEntropy($bytes = 256);
|
$entropy = Filesystem::readRandomBytes(256);
|
||||||
$entropy = base64_encode($entropy);
|
$entropy = base64_encode($entropy);
|
||||||
$entropy = substr($entropy, 0, 255);
|
$entropy = substr($entropy, 0, 255);
|
||||||
return $entropy;
|
return $entropy;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function generateEntropy($bytes) {
|
|
||||||
$urandom = fopen('/dev/urandom', 'r');
|
|
||||||
if (!$urandom) {
|
|
||||||
throw new Exception("Failed to open /dev/urandom!");
|
|
||||||
}
|
|
||||||
|
|
||||||
$entropy = fread($urandom, $bytes);
|
|
||||||
if (strlen($entropy) != $bytes) {
|
|
||||||
throw new Exception("Failed to read /dev/urandom!");
|
|
||||||
}
|
|
||||||
|
|
||||||
return $entropy;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function comparePassword($password) {
|
public function comparePassword($password) {
|
||||||
$password = $this->hashPassword($password);
|
$password = $this->hashPassword($password);
|
||||||
return ($password === $this->getPasswordHash());
|
return ($password === $this->getPasswordHash());
|
||||||
|
@ -137,7 +123,7 @@ class PhabricatorUser extends PhabricatorUserDAO {
|
||||||
public function establishSession($session_type) {
|
public function establishSession($session_type) {
|
||||||
$conn_w = $this->establishConnection('w');
|
$conn_w = $this->establishConnection('w');
|
||||||
|
|
||||||
$entropy = $this->generateEntropy($bytes = 20);
|
$entropy = Filesystem::readRandomBytes(20);
|
||||||
|
|
||||||
$session_key = sha1($entropy);
|
$session_key = sha1($entropy);
|
||||||
queryfx(
|
queryfx(
|
||||||
|
|
|
@ -11,6 +11,7 @@ phutil_require_module('phabricator', 'applications/phid/storage/phid');
|
||||||
phutil_require_module('phabricator', 'infrastructure/env');
|
phutil_require_module('phabricator', 'infrastructure/env');
|
||||||
phutil_require_module('phabricator', 'storage/queryfx');
|
phutil_require_module('phabricator', 'storage/queryfx');
|
||||||
|
|
||||||
|
phutil_require_module('phutil', 'filesystem');
|
||||||
phutil_require_module('phutil', 'utils');
|
phutil_require_module('phutil', 'utils');
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -31,14 +31,7 @@ class PhabricatorPHID extends PhabricatorPHIDDAO {
|
||||||
throw new Exception("Can not generate PHID with no type.");
|
throw new Exception("Can not generate PHID with no type.");
|
||||||
}
|
}
|
||||||
|
|
||||||
$urandom = @fopen('/dev/urandom', 'r');
|
$entropy = Filesystem::readRandomBytes(20);
|
||||||
if (!$urandom) {
|
|
||||||
throw new Exception("Failed to open /dev/urandom!");
|
|
||||||
}
|
|
||||||
$entropy = fread($urandom, 20);
|
|
||||||
if (strlen($entropy) != 20) {
|
|
||||||
throw new Exception("Failed to read from /dev/urandom!");
|
|
||||||
}
|
|
||||||
|
|
||||||
$uniq = sha1($entropy);
|
$uniq = sha1($entropy);
|
||||||
$uniq = substr($uniq, 0, 20);
|
$uniq = substr($uniq, 0, 20);
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
|
|
||||||
phutil_require_module('phabricator', 'applications/phid/storage/base');
|
phutil_require_module('phabricator', 'applications/phid/storage/base');
|
||||||
|
|
||||||
|
phutil_require_module('phutil', 'filesystem');
|
||||||
phutil_require_module('phutil', 'utils');
|
phutil_require_module('phutil', 'utils');
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue