r84976 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r84975‎ \| r84976 \| r84977 >
Date:	19:00, 29 March 2011
Author:	maxsem
Status:	resolved (Comments)
Tags:
Comment:	Tweaks for key generation: * Don't show that scary message for every key, just once with list of them all * If we're on Windows, we will probably be unable to open /dev/urandom, right? * Tweaked the meaning of warning message, previously it sounded a bit like "we couldn't generate the key at all"
Modified paths:	/trunk/phase3/includes/installer/Installer.i18n.php (modified) (history) /trunk/phase3/includes/installer/Installer.php (modified) (history) /trunk/phase3/includes/installer/WebInstallerPage.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/installer/WebInstallerPage.php
—	—	@@ -478,8 +478,7 @@
479	479	// If they're going to possibly regenerate LocalSettings, we
480	480	// need to create the upgrade/secret keys. Bug 26481
481	481	if( !$this->getVar( '_ExistingDBSettings' ) ) {
482		~~- $this->parent->generateSecretKey();~~
483		~~- $this->parent->generateUpgradeKey();~~
	482	+ $this->parent->generateKeys();
484	483	}
485	484	$this->setVar( '_UpgradeDone', true );
486	485	$this->showDoneMessage();
Index: trunk/phase3/includes/installer/Installer.php
—	—	@@ -1228,8 +1228,7 @@
1229	1229	array( 'name' => 'tables', 'callback' => array( $installer, 'createTables' ) ),
1230	1230	array( 'name' => 'interwiki', 'callback' => array( $installer, 'populateInterwikiTable' ) ),
1231	1231	array( 'name' => 'stats', 'callback' => array( $this, 'populateSiteStats' ) ),
1232		~~- array( 'name' => 'secretkey', 'callback' => array( $this, 'generateSecretKey' ) ),~~
1233		~~- array( 'name' => 'upgradekey', 'callback' => array( $this, 'generateUpgradeKey' ) ),~~
	1232	+ array( 'name' => 'keys', 'callback' => array( $this, 'generateKeys' ) ),
1234	1233	array( 'name' => 'sysop', 'callback' => array( $this, 'createSysop' ) ),
1235	1234	array( 'name' => 'mainpage', 'callback' => array( $this, 'createMainpage' ) ),
1236	1235	);
—	—	@@ -1309,59 +1308,55 @@
1310	1309	*
1311	1310	* @return Status
1312	1311	*/
1313		~~- public function generateSecretKey() {~~
1314		~~- return $this->generateSecret( 'wgSecretKey' );~~
	1312	+ public function generateKeys() {
	1313	+ $keys = array( 'wgSecretKey' => 64 );
	1314	+ if ( strval( $this->getVar( 'wgUpgradeKey' ) ) === '' ) {
	1315	+ $keys['wgUpgradeKey'] = 16;
	1316	+ }
	1317	+ return $this->doGenerateKeys( $keys );
1315	1318	}
1316	1319
1317	1320	/**
1318		~~- * Generate a secret value for a variable using either~~
1319		~~- * /dev/urandom or mt_rand() Produce a warning in the later case.~~
	1321	+ * Generate a secret value for variables using either
	1322	+ * /dev/urandom or mt_rand(). Produce a warning in the later case.
1320	1323	*
	1324	+ * @param $keys Array
1321	1325	* @return Status
1322	1326	*/
1323		~~- protected function generateSecret( $secretName, $length = 64 ) {~~
1324		~~- if ( wfIsWindows() ) {~~
1325		~~- $file = null;~~
1326		~~- } else {~~
1327		~~- wfSuppressWarnings();~~
1328		~~- $file = fopen( "/dev/urandom", "r" );~~
1329		~~- wfRestoreWarnings();~~
1330		~~- }~~
1331		-
	1327	+ protected function doGenerateKeys( $keys ) {
1332	1328	$status = Status::newGood();
1333	1329
1334		~~- if ( $file ) {~~
1335		~~- $secretKey = bin2hex( fread( $file, $length / 2 ) );~~
1336		~~- fclose( $file );~~
1337		~~- } else {~~
1338		~~- $secretKey = '';~~
	1330	+ wfSuppressWarnings();
	1331	+ $file = fopen( "/dev/urandom", "r" );
	1332	+ wfRestoreWarnings();
1339	1333
1340		~~- for ( $i = 0; $i < $length / 8; $i++ ) {~~
1341		~~- $secretKey .= dechex( mt_rand( 0, 0x7fffffff ) );~~
	1334	+ foreach ( $keys as $name => $length ) {
	1335	+ if ( $file ) {
	1336	+ $secretKey = bin2hex( fread( $file, $length / 2 ) );
	1337	+ } else {
	1338	+ $secretKey = '';
	1339	+
	1340	+ for ( $i = 0; $i < $length / 8; $i++ ) {
	1341	+ $secretKey .= dechex( mt_rand( 0, 0x7fffffff ) );
	1342	+ }
1342	1343	}
1343	1344
1344		~~- $status->warning( 'config-insecure-secret', '$' . $secretName );~~
	1345	+ $this->setVar( $name, $secretKey );
1345	1346	}
1346	1347
1347		~~- $this->setVar( $secretName, $secretKey );~~
	1348	+ if ( $file ) {
	1349	+ fclose( $file );
	1350	+ } else {
	1351	+ $names = array_keys ( $keys );
	1352	+ $names = preg_replace( '/^(.*)$/', '\$$1', $names );
	1353	+ global $wgLang;
	1354	+ $status->warning( 'config-insecure-keys', $wgLang->listToText( $names ), count( $names ) );
	1355	+ }
1348	1356
1349	1357	return $status;
1350	1358	}
1351	1359
1352	1360	/**
1353		~~- * Generate a default $wgUpgradeKey. Will warn if we had to use~~
1354		~~- * mt_rand() instead of /dev/urandom~~
1355		- *
1356		~~- * @return Status~~
1357		~~- */~~
1358		~~- public function generateUpgradeKey() {~~
1359		~~- if ( strval( $this->getVar( 'wgUpgradeKey' ) ) === '' ) {~~
1360		~~- return $this->generateSecret( 'wgUpgradeKey', 16 );~~
1361		~~- }~~
1362		~~- return Status::newGood();~~
1363		~~- }~~
1364		-
1365		- /**
1366	1361	* Create the first user account, grant it sysop and bureaucrat rights
1367	1362	*
1368	1363	* @return Status
Index: trunk/phase3/includes/installer/Installer.i18n.php
—	—	@@ -490,10 +490,8 @@
491	491	'config-install-interwiki-exists' => "'''Warning''': The interwiki table seems to already have entries.
492	492	Skipping default list.",
493	493	'config-install-stats' => 'Initializing statistics',
494		~~- 'config-install-secretkey' => 'Generating secret key',~~
495		~~- 'config-insecure-secret' => "'''Warning:''' Unable to create a secure <code>$1</code>.~~
496		~~-Consider changing it manually.",~~
497		~~- 'config-install-upgradekey' => 'Generating default upgrade key',~~
	494	+ 'config-install-keys' => 'Generating secret keys',
	495	+ 'config-insecure-keys' => "'''Warning:''' {{PLURAL:$2\|A secure key\|Secure keys}} $1 generated during installation are not completely safe. Consider changing {{PLURAL:$2\|it\|them}} manually.",
498	496	'config-install-sysop' => 'Creating administrator user account',
499	497	'config-install-subscribe-fail' => 'Unable to subscribe to mediawiki-announce',
500	498	'config-install-mainpage' => 'Creating main page with default content',

Follow-up revisions

Revision	Commit summary	Author	Date
r85012	MFT installer changes: r84755, r84756, r84875, r84881, r84882, r84970, r84976	demon	14:46, 30 March 2011

Comments

#Comment by Tim Starling (talk | contribs) 07:18, 5 May 2011

Fatal error: Call to undefined method WebInstaller::generateUpgradeKey() in /home/tstarling/src/mediawiki/branches/REL1_17/phase3/includes/installer/WebInstallerPage.php on line 247

#Comment by MaxSem (talk | contribs) 08:30, 5 May 2011

Fixed in r87488, backported in r87489.

Status & tagging log

14:50, 16 May 2011 😂 (talk | contribs) changed the status of r84976 [removed: new added: resolved]
08:30, 5 May 2011 MaxSem (talk | contribs) changed the status of r84976 [removed: fixme added: new]
07:18, 5 May 2011 Tim Starling (talk | contribs) changed the status of r84976 [removed: ok added: fixme]
14:46, 30 March 2011 😂 (talk | contribs) changed the tags for r84976 [removed: 1.17]
14:39, 30 March 2011 😂 (talk | contribs) changed the status of r84976 [removed: new added: ok]
19:00, 29 March 2011 MaxSem (talk | contribs) changed the tags for r84976 [added: 1.17]