Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-28 Thread Benjamin Zapiec 
Hello,


there are two new commits that should keep the goto plugin alive.

https://github.com/gosa-project/gosa-plugins-goto/commit/e7f4515574e7f76612470b0a398252db81dd1501

Therefore the DaemonEvent classes remain available and
I reworked the patch for the systems plugin.

https://github.com/gosa-project/gosa-plugins-systems/commit/cf34737977a97e0090e09390b209078dabdc77af




Best regards

-- 
Benjamin Zapiec  (System Engineer)
* GONICUS GmbH * Moehnestrasse 55 (Kaiserhaus) * D-59755 Arnsberg
* Tel.: +49 (0) 29 32 / 9 16 - 0 * Fax: +49 (0) 29 32 / 9 16 - 245
* http://www.GONICUS.de

* Sitz der Gesellschaft: Moehnestrasse 55 * D-59755 Arnsberg
* Geschaeftsfuehrer: Rainer Luelsdorf, Alfred Schroeder
* Vorsitzender des Beirats: Juergen Michels
* Amtsgericht Arnsberg * HRB 1968





signature.asc
Description: OpenPGP digital signature

Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-28 Thread Wolfgang Schweer 
On Wed, Feb 28, 2018 at 02:24:59PM +0100, Benjamin Zapiec wrote:
> the plugin uses gosaSupportDaemon for communication.
> This class uses mcrypt extension. That is the reason why
> it was removed.
> 
> Using an incompatible openssl implementation is useless
> so the only other option is to provide further support
> for the Daemon. But this is most likely not to happen.
> 
> Another way, I want to mention, is that it looks like
> the communication to the daemon can be unencrypted.
> This would allow the communication classes without
> mcrypt dependencies.
> 
> But even if I wouldn't strongly recommend not
> to use unencrypted network traffic, the daemon
> remains unsupported.
> 
> I don't know if there is a benefit in using this
> plugin without gosaSupportDaemon.
> 
> If you do think so, tell me and I may revert the commit.
> Do you have a running setup with gosa-si?
 
Thanks for the feedback.

Debian Edu doesn't use gosa-si. AFAIK there's no need for the 
gosaSupportDaemon as there's no communication happening; only the LDAP 
related goto plugin features are needed.

It would be nice if the goto plugin could live on, stripped down like 
that.

Wolfgang


signature.asc
Description: PGP signature

Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-28 Thread Wolfgang Schweer 
Hi Benjamin,

thanks for your work.

On Tue, Feb 27, 2018 at 03:18:18PM +0100, Benjamin Zapiec wrote:
> Since the password hashing script wasn't the only part of the GOsa² 
> code that was using the php mcrypt extension i needed to clean up some 
> more code.
[..]
> https://github.com/gosa-project/gosa-plugins-goto/commit/1a29481e8eef32f980f61ecb4b83a7981e6913b3
[..]
> These commits basically remove their plugin. I don't think the plugins 
> do something useful without the possibility to communicate with the so 
> called "gosa support infrastructure daemon". (gosa-si)

With the goto plugin removed, Debian Edu would loose some machine
management functionality. ATM it is possible to add systems of type
workstations, terminals and printers (besides servers and devices)
allowing one to have a better overview. To get an impression about 
the details, see the related manual chapter:
https://wiki.debian.org/DebianEdu/Documentation/Stretch/GettingStarted#Machine_Management_with_GOsa.2BALI-

While the related instructions could be adjusted for new installations,
existing installations would be badly hit upon upgrades. I figure all
systems other than servers and devices would disappear from the GOsa² 
system overview. These systems would still work o.k., but admins 
are expected to be confused.

Wolfgang


signature.asc
Description: PGP signature

Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-27 Thread Benjamin Zapiec 
Hello,


this specific bug is addressed with the following commit:
https://github.com/gosa-project/gosa-core/commit/8a57db04f84337903f7de202e3c897d9b76d9b5f

Since the password hashing script wasn't the only part
of the GOsa² code that was using the php mcrypt extension
i needed to clean up some more code.

The following commits were necessary to completely remove
mcrypt dependencies:
https://github.com/gosa-project/gosa-plugins-heimdal/commit/c892f11a4fd679c6ee5a9210dc2f0bf4386bc17d

https://github.com/gosa-project/gosa-plugins-goto/commit/1a29481e8eef32f980f61ecb4b83a7981e6913b3

https://github.com/gosa-project/gosa-plugins-goto-ng/commit/764c3a113368071c3d678cc2c437ea565422611e

https://github.com/gosa-project/gosa-plugins-opsi/commit/10c974ec6718ed745ea3476a5f258975415a1abf

https://github.com/gosa-project/gosa-plugins-fai/commit/76aceb00ceda6de661abb9620f1a54ca6fd10ac1

These commits basically remove their plugin.
I don't think the plugins do something useful
without the possibility to communicate with
the so called "gosa support infrastructure daemon".
(gosa-si)

The support for this daemon stopped long time ago
so we can consider it as broken.

The next commits are "minor" changes to the plugins
that additionally could interact with gosa-si but
don't necessarily need to.

https://github.com/gosa-project/gosa-plugins-systems/commit/c6d2271eaf08ebb9ba8773fdc56c817920a081e2

https://github.com/gosa-project/gosa-plugins-mail/commit/e6d6e1bfe630c1e0ac0842e922cd235fa315ca2e





Best regards

-- 
Benjamin Zapiec  (System Engineer)
* GONICUS GmbH * Moehnestrasse 55 (Kaiserhaus) * D-59755 Arnsberg
* Tel.: +49 (0) 29 32 / 9 16 - 0 * Fax: +49 (0) 29 32 / 9 16 - 245
* http://www.GONICUS.de

* Sitz der Gesellschaft: Moehnestrasse 55 * D-59755 Arnsberg
* Geschaeftsfuehrer: Rainer Luelsdorf, Alfred Schroeder
* Vorsitzender des Beirats: Juergen Michels
* Amtsgericht Arnsberg * HRB 1968



signature.asc
Description: OpenPGP digital signature

Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-23 Thread Nish Aravamudan 
On Thu, 15 Feb 2018 09:33:27 + Mike Gabriel 
 wrote:
> Hi,
> 
> On  Mi 07 Feb 2018 14:01:53 CET, Holger Levsen wrote:
> 
> > control: affects -1 src:debian-edu
> > # thanks for this bug report, Wolfgang!
> 
> I just notified GONICUS about this issue and Benjamin Zapiec said,  
> that they will work on a patch.

FYI, upstream is resolving this in 
https://github.com/gosa-project/gosa-core/issues/12

-Nish

Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-15 Thread Mike Gabriel 

Hi,

On  Mi 07 Feb 2018 14:01:53 CET, Holger Levsen wrote:


control: affects -1 src:debian-edu
# thanks for this bug report, Wolfgang!


I just notified GONICUS about this issue and Benjamin Zapiec said,  
that they will work on a patch.


Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpSdS5LUVMsO.pgp
Description: Digitale PGP-Signatur

Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-07 Thread Holger Levsen 
control: affects -1 src:debian-edu
# thanks for this bug report, Wolfgang!

-- 
cheers,
Holger


signature.asc
Description: PGP signature

Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal

2018-02-07 Thread Wolfgang Schweer 
Package:  gosa
Version:  2.7.4+reloaded2-13
Severity: serious
User: debian-...@lists.debian.org
Usertags: debian-edu

Hi,

trying to set up a new LDAP in Debian Edu Buster failed because 
/usr/sbin/gosa-encrypt-passwords is now broken in testing. The 
encryption uses mcrypt, but php-mcrypt has been deprecated in PHP7.1 and 
has been removed in PHP7.2 (which is now the PHP version in testing).

AFAIK gosa-encrypt-passwords is used by default in a non Debian Edu case 
as well.

Please check and use a different tool than mcrypt.

Wolfgang


signature.asc
Description: PGP signature