From b44e501d556bf3084e56ed135633f69dacbcb13c Mon Sep 17 00:00:00 2001 From: Max Semenik Date: Tue, 29 Mar 2011 19:00:23 +0000 Subject: [PATCH] Tweaks for key generation: * Don't show that scary message for every key, just once with list of them all * If we're on Windows, we will probably be unable to open /dev/urandom, right? * Tweaked the meaning of warning message, previously it sounded a bit like "we couldn't generate the key at all" --- includes/installer/Installer.i18n.php | 6 +-- includes/installer/Installer.php | 69 ++++++++++++------------- includes/installer/WebInstallerPage.php | 3 +- 3 files changed, 35 insertions(+), 43 deletions(-) diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php index 290be8ea01..6864b730a4 100644 --- a/includes/installer/Installer.i18n.php +++ b/includes/installer/Installer.i18n.php @@ -490,10 +490,8 @@ Skipping creation.", 'config-install-interwiki-exists' => "'''Warning''': The interwiki table seems to already have entries. Skipping default list.", 'config-install-stats' => 'Initializing statistics', - 'config-install-secretkey' => 'Generating secret key', - 'config-insecure-secret' => "'''Warning:''' Unable to create a secure $1. -Consider changing it manually.", - 'config-install-upgradekey' => 'Generating default upgrade key', + 'config-install-keys' => 'Generating secret keys', + 'config-insecure-keys' => "'''Warning:''' {{PLURAL:$2|A secure key|Secure keys}} $1 generated during installation are not completely safe. Consider changing {{PLURAL:$2|it|them}} manually.", 'config-install-sysop' => 'Creating administrator user account', 'config-install-subscribe-fail' => 'Unable to subscribe to mediawiki-announce', 'config-install-mainpage' => 'Creating main page with default content', diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php index 5f982d7ef3..b25a601cdb 100644 --- a/includes/installer/Installer.php +++ b/includes/installer/Installer.php @@ -1228,8 +1228,7 @@ abstract class Installer { array( 'name' => 'tables', 'callback' => array( $installer, 'createTables' ) ), array( 'name' => 'interwiki', 'callback' => array( $installer, 'populateInterwikiTable' ) ), array( 'name' => 'stats', 'callback' => array( $this, 'populateSiteStats' ) ), - array( 'name' => 'secretkey', 'callback' => array( $this, 'generateSecretKey' ) ), - array( 'name' => 'upgradekey', 'callback' => array( $this, 'generateUpgradeKey' ) ), + array( 'name' => 'keys', 'callback' => array( $this, 'generateKeys' ) ), array( 'name' => 'sysop', 'callback' => array( $this, 'createSysop' ) ), array( 'name' => 'mainpage', 'callback' => array( $this, 'createMainpage' ) ), ); @@ -1309,58 +1308,54 @@ abstract class Installer { * * @return Status */ - public function generateSecretKey() { - return $this->generateSecret( 'wgSecretKey' ); + public function generateKeys() { + $keys = array( 'wgSecretKey' => 64 ); + if ( strval( $this->getVar( 'wgUpgradeKey' ) ) === '' ) { + $keys['wgUpgradeKey'] = 16; + } + return $this->doGenerateKeys( $keys ); } /** - * Generate a secret value for a variable using either - * /dev/urandom or mt_rand() Produce a warning in the later case. + * Generate a secret value for variables using either + * /dev/urandom or mt_rand(). Produce a warning in the later case. * + * @param $keys Array * @return Status */ - protected function generateSecret( $secretName, $length = 64 ) { - if ( wfIsWindows() ) { - $file = null; - } else { - wfSuppressWarnings(); - $file = fopen( "/dev/urandom", "r" ); - wfRestoreWarnings(); - } - + protected function doGenerateKeys( $keys ) { $status = Status::newGood(); - if ( $file ) { - $secretKey = bin2hex( fread( $file, $length / 2 ) ); - fclose( $file ); - } else { - $secretKey = ''; + wfSuppressWarnings(); + $file = fopen( "/dev/urandom", "r" ); + wfRestoreWarnings(); + + foreach ( $keys as $name => $length ) { + if ( $file ) { + $secretKey = bin2hex( fread( $file, $length / 2 ) ); + } else { + $secretKey = ''; - for ( $i = 0; $i < $length / 8; $i++ ) { - $secretKey .= dechex( mt_rand( 0, 0x7fffffff ) ); + for ( $i = 0; $i < $length / 8; $i++ ) { + $secretKey .= dechex( mt_rand( 0, 0x7fffffff ) ); + } } - $status->warning( 'config-insecure-secret', '$' . $secretName ); + $this->setVar( $name, $secretKey ); } - $this->setVar( $secretName, $secretKey ); + if ( $file ) { + fclose( $file ); + } else { + $names = array_keys ( $keys ); + $names = preg_replace( '/^(.*)$/', '\$$1', $names ); + global $wgLang; + $status->warning( 'config-insecure-keys', $wgLang->listToText( $names ), count( $names ) ); + } return $status; } - /** - * Generate a default $wgUpgradeKey. Will warn if we had to use - * mt_rand() instead of /dev/urandom - * - * @return Status - */ - public function generateUpgradeKey() { - if ( strval( $this->getVar( 'wgUpgradeKey' ) ) === '' ) { - return $this->generateSecret( 'wgUpgradeKey', 16 ); - } - return Status::newGood(); - } - /** * Create the first user account, grant it sysop and bureaucrat rights * diff --git a/includes/installer/WebInstallerPage.php b/includes/installer/WebInstallerPage.php index 8fa9c0badf..38b12d5589 100644 --- a/includes/installer/WebInstallerPage.php +++ b/includes/installer/WebInstallerPage.php @@ -478,8 +478,7 @@ class WebInstaller_Upgrade extends WebInstallerPage { // If they're going to possibly regenerate LocalSettings, we // need to create the upgrade/secret keys. Bug 26481 if( !$this->getVar( '_ExistingDBSettings' ) ) { - $this->parent->generateSecretKey(); - $this->parent->generateUpgradeKey(); + $this->parent->generateKeys(); } $this->setVar( '_UpgradeDone', true ); $this->showDoneMessage(); -- 2.20.1