Pass session credentials to command line via ENV variable.

Generate a unique secret key at install for tokenisation of CLI calls instead of using default one.

Author: cdujeu

core/src/cmd.php

@@ -68,7 +68,17 @@
     } else {
         // Consider "u" is a crypted version of u:p
         $optToken = $options["t"];
-        $optUser = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($optToken."\1CDAFx¨op#"), base64_decode($optUser), MCRYPT_MODE_ECB), "\0");
+        $cKey = ConfService::getCoreConf("AJXP_CLI_SECRET_KEY", "conf");
+        if(empty($cKey)) $cKey = "\1CDAFx¨op#";
+        $optUser = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($optToken.$cKey), base64_decode($optUser), MCRYPT_MODE_ECB), "\0");
+        $env = getenv("AJXP_SAFE_CREDENTIALS");
+        if(!empty($env)){
+            $array = AJXP_Safe::getCredentialsFromEncodedString($env);
+            if(isSet($array["user"]) && $array["user"] == $optUser){
+                unset($optToken);
+                $optPass = $array["password"];
+            }
+        }
     }
     if (strpos($optUser,",") !== false) {
         $originalOptUser = $optUser;

core/src/core/classes/class.AJXP_Controller.php

@@ -331,7 +331,11 @@ public static function applyActionInBackground($currentRepositoryId, $actionName
             else $user = "shared";
         }
         if (AuthService::usersEnabled()) {
-            $user = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,  md5($token."\1CDAFx¨op#"), $user, MCRYPT_MODE_ECB));
+            $cKey = ConfService::getCoreConf("AJXP_CLI_SECRET_KEY", "conf");
+            if(empty($cKey)){
+                $cKey = "\1CDAFx¨op#";
+            }
+            $user = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,  md5($token.$cKey), $user, MCRYPT_MODE_ECB));
         }
         $robustInstallPath = str_replace("/", DIRECTORY_SEPARATOR, AJXP_INSTALL_PATH);
         $cmd = ConfService::getCoreConf("CLI_PHP")." ".$robustInstallPath.DIRECTORY_SEPARATOR."cmd.php -u=$user -t=$token -a=$actionName -r=$currentRepositoryId";
@@ -355,7 +359,21 @@ public static function applyActionInBackground($currentRepositoryId, $actionName
             }
         }
 
-        return self::runCommandInBackground($cmd, $logFile);
+        $repoObject = ConfService::getRepository();
+        $clearEnv = false;
+        if($repoObject->getOption("USE_SESSION_CREDENTIALS")){
+            $encodedCreds = AJXP_Safe::getEncodedCredentialString();
+            if(!empty($encodedCreds)){
+                putenv("AJXP_SAFE_CREDENTIALS=".$encodedCreds);
+                $clearEnv = "AJXP_SAFE_CREDENTIALS";
+            }
+        }
+
+        $res = self::runCommandInBackground($cmd, $logFile);
+        if(!empty($clearEnv)){
+            putenv($clearEnv);
+        }
+        return $res;
     }
 
     /**

core/src/plugins/boot.conf/class.BootConfLoader.php

@@ -143,6 +143,7 @@ public function applyInstallerForm($action, $httpVars, $fileVars)
         $this->_loadPluginConfig("core.auth", $coreAuth);
         if(!isSet($coreConf["UNIQUE_INSTANCE_CONFIG"])) $coreConf["UNIQUE_INSTANCE_CONFIG"] = array();
         if(!isSet($coreAuth["MASTER_INSTANCE_CONFIG"])) $coreAuth["MASTER_INSTANCE_CONFIG"] = array();
+        $coreConf["AJXP_CLI_SECRET_KEY"] = AJXP_Utils::generateRandomString(24, true);
 
         $storageType = $data["STORAGE_TYPE"]["type"];
         if ($storageType == "db") {