PassBroker

PassBroker is a Php extension written in C that dispatches secrets to requesting PHP scripts according to a set of rules.

How PB Works

pb_get_info

pb_get_info - ritorna informazioni che non dovrebbero essere visualizzabili a tutti.

array pb_get_info(string tid,string sid)

Quick & Dirty Installation

./configure
make make install

PassBroker XML Specifications

PB expects two main XML structures, one whose root node is named <PassBroker> and the other whose root node is named <PassBrokerSecret>.
The first one is read at the beginning of configuration stage and must be unique. It could be see as a repository of PassBrokerSecret files around on local HD. The second one contains effective secrets and optional ACL for accessing it.

Using the following example let's explain PassBroker XML structure and specifications:
Suppose this xml file is stored in /etc/pb/pbacl.xml:

 

<PassBroker>
  <Trust tid="postnuke" >
    <File XMLFilename="/etc/pb/stefano/acl.xml" XMLOwnerUId="stefano" XMLOwnerGId="stefano"  >
       <PHPolicy>
    	 <FromCallerScript ScriptName="^/home/stefano/public_html/PN/html/.*" ScriptFunctionName=".*"  ScriptOwnerUId="501" ScriptOwnerGId="501"  >
	     <FromCallerScript ScriptName="/home/stefano/public_html/PN/html/(includes/pnAPI\.php|index\.php)" ScriptFunctionName="[~|pninit]"  ScriptOwnerUId="501" ScriptOwnerGId="501" >
		 <FromCallerScript ScriptName="/home/stefano/public_html/PN/html/(includes/pnAPI\.php|config\.php)" ScriptFunctionName="[~|pb_get_info]"  ScriptOwnerUId="501" ScriptOwnerGId="501" />
	     </FromCallerScript>
	 </FromCallerScript>
       </PHPolicy>
    </File>   
  </Trust>  
  <Trust tid="db3" >
    <File XMLFilename="/etc/pb/phpnuke/phpnukeacl.xml" XMLOwnerUId="root" XMLOwnerGId="root" />
  </Trust>
</PassBroker>
 
And the following is the content of /etc/pb/stefano/acl.xml.
 

<PassBrokerSecret>
   <Secret  sid="postnuke">
    <Info name="dbuname"    value="cm9vdA==" />
    <Info name="dbpass"     value="cGFzc3dvcmQ=" />
    <PHPolicy>
      <FromCallerScript ScriptName="^/home/stefano/public_html/PN/html/.*" ScriptFunctionName=".*"  ScriptOwnerUId="501" ScriptOwnerGId="501"  >
    	  <FromCallerScript ScriptName="/home/stefano/public_html/PN/html/(includes/pnAPI\.php|index\.php)" ScriptFunctionName="[~|pninit]"  ScriptOwnerUId="501" ScriptOwnerGId="501" >
    	      <FromCallerScript ScriptName="/home/stefano/public_html/PN/html/(includes/pnAPI\.php|config\.php)" ScriptFunctionName="[~|pb_get_info]"  ScriptOwnerUId="501" ScriptOwnerGId="501" />
    	  </FromCallerScript>
      </FromCallerScript>
    </PHPolicy>
   </Secret>
   <Secret sid="acl2">
    <Info name="dbname"    value="DBNAME2" />
    <Info name="dbserver"  value="localhost2" />
    <Info name="tablename" value="ACLtable_name2" />
    <Info name="username"  value="ACLuser2" />
    <Info name="password"  value="p455w0£d!2" />
   </Secret>
</PassBrokerSecret>