Commit 868915b6 authored by gdd's avatar gdd
Browse files

Issue #128110 by kasperg: Replace key.php file with an entry in settings.php

parent acbd1a7a
......@@ -13,7 +13,6 @@
echo '<br>That should be bar';
die();
config_write_signed_file_storage_key();
//echo config_sign_data('onetwothree');
$sfs = new SignedFileStorage('one.two');
......
......@@ -716,7 +716,7 @@ function drupal_settings_initialize() {
global $base_url, $base_path, $base_root;
// Export the following settings.php variables to the global namespace
global $databases, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $db_prefix, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url, $drupal_config_directory_name;
global $databases, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $db_prefix, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url, $drupal_config_directory_name, $drupal_config_key;
$conf = array();
if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) {
......
......@@ -42,23 +42,6 @@ function config_get_signed_file_storage_names_with_prefix($prefix = '') {
return array_map($clean_name, $files);
}
/**
* Write our signing key out to the filesystem.
*
* @param $force_rekey
* Boolean to specify whether we should force a new key to be generated
* and written, even if a key file exists already.
*/
function config_write_signed_file_storage_key($force_rekey = FALSE) {
$file_path = conf_path() . '/key.php';
if (!file_exists($file_path) || $force_rekey) {
$key = drupal_hash_base64(drupal_random_bytes(55));
if (!file_put_contents($file_path, '<?php die(); ' . $key . "\n")) {
throw new Exception('Failed to write configuration signing key.');
}
}
}
/**
* Generate a hash of a config file's contents using our encryption key.
*
......@@ -68,17 +51,11 @@ function config_write_signed_file_storage_key($force_rekey = FALSE) {
* A hash of the data.
*/
function config_sign_data($data) {
$file = file_get_contents(conf_path() . '/key.php');
if ($file === FALSE) {
throw new Exception('Key file not found.');
}
// Strip the header from the file contents.
$parts = explode(' ', $file);
$key = $parts[2];
// The configuration key is loaded from settings.php and imported into the global namespace
global $drupal_config_key;
// SHA-512 is both secure and very fast on 64 bit CPUs.
return hash_hmac('sha512', $data, $key);
return hash_hmac('sha512', $data, $drupal_config_key);
}
class ConfigException extends Exception {}
......
......@@ -969,13 +969,20 @@ function install_settings_form_submit($form, &$form_state) {
'value' => drupal_hash_base64(drupal_random_bytes(55)),
'required' => TRUE,
);
$settings['drupal_config_key'] = array(
'value' => drupal_hash_base64(drupal_random_bytes(55)),
'required' => TRUE,
);
// This duplicates drupal_get_token() because that function can't work yet.
// Wondering if it makes sense to move this later in the process, but its
// nice having all the settings stuff here.
$settings['drupal_config_directory_name'] = array(
'value' => 'config_' . drupal_hmac_base64('', session_id() . drupal_hash_base64(drupal_random_bytes(55)) . $settings['drupal_hash_salt']['value']),
'value' => 'config_' . drupal_hmac_base64('', session_id() . $settings['drupal_config_key']['value'] . $settings['drupal_hash_salt']['value']),
'required' => TRUE,
);
drupal_rewrite_settings($settings);
// Actually create the config directory named above.
$config_path = conf_path() . '/files/' . $settings['drupal_config_directory_name']['value'];
......
......@@ -437,6 +437,10 @@ function module_enable($module_list, $enable_dependencies = TRUE) {
$versions = drupal_get_schema_versions($module);
$version = $versions ? max($versions) : SCHEMA_INSTALLED;
// Copy any default configuration data to the system config directory/
// if (is_dir()) {
// # code...
// }
// If the module has no current updates, but has some that were
// previously removed, set the version to the value of
// hook_update_last_removed().
......
......@@ -227,6 +227,13 @@
*/
$drupal_config_directory_name = '';
/**
* Configuration key.
*
* Drupal configuration files are signed using this key.
*/
$drupal_config_key = '';
/**
* Base URL (optional).
*
......
<?php die(); qDYpUJKq-cF1sQLjx2uqNSyw4AlCmG6CER5GHG-cy68
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment