Free and secure password repository (PHP/JQuery/Ajax)

ITPWD_main

ITPWD_section

Update :

New features have been added :

Using a new PHP tool to work with Active Directory : http://adldap.sourceforge.net/
Multiple group support
Login/logout
New design
Fix ‘New entry’ bug
Password sections are now in a configuration file
Improved security
Edit tabs through the interface
Tested on Internet Explorer 9 and Firefox 16

Purpose :
This project is a secure password repository to store and manage them based on Apache web server, PHP and MySQL. The features are :

Apache Web server using SSL
website access require an Active Directory authentication
individual ACL for each password record
password are located on a MySQL database and encrypted using AES algorithm
search easily a password record
keep a browsing history : you know who read a password entry and when

Pre-requesites :

Windows OS
WAMP Server
WAMP SSL (or my mirror)
MySQL Database creation script : pwd_db.sql
Password database website : itpwd.tar

Installation :

Wamp

Install WAMP Server with all default settings (default path is c:\wamp)
After the installation, create a folder “bkp” under c:\wamp\www
create a folder “ssl” under c:\wamp\www
Move the files located in c:\wamp\www to c:\wamp\www\bkp
Extract the files contained in the file WampSSL.zip to the path c:\openssl
Follow this guide (thanks to JLBN) to configure WAMP to use SSL
- Open a command prompt
  - Type : c:
  - Type : cd C:\openssl\WampSSL
  - Type : openssl genrsa -aes256 -out pass.key 2048
  - Enter a pass phrase and keep it
  - Type : openssl rsa -in pass.key -out pwd_db.key
  - Enter the pass phrase that you have created before
  - Type : openssl req -new -x509 -nodes -sha1 -key pwd_db.key -out pwd_db.crt -days 999 -config C:\wamp\bin\apache\apache2.2.17\conf\openssl.cnf
  - Enter the informations required to create your certificate
  - For the common name, enter the domain pwd_db
- Open the folder c:\wamp\bin\apache\apache2.2.17\conf and then create the folder ssl
- Copy the files pwd_db.key and pwd_db.crt to the folder c:\wamp\bin\apache\apache2.2.17\conf\ssl
- Create the folder c:\wamp\bin\apache\apache2.2.17\conf\ssl\logs
- Edit the file c:\wamp\bin\apache\apache2.2.17\conf\extra\httpd-ssl.conf
  - Replace the line :

SSLSessionCache “shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
by this line
SSLSessionCache “shmcb:C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_scache(512000)”

Replace the line :

SSLCertificateFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt”
by this line
SSLCertificateFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.crt”

Replace the line :

SSLCertificateKeyFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key”
by this line
SSLCertificateKeyFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.key”

Replace the line in the Virtual Host section :

# General setup for the virtual host
DocumentRoot “C:/Program Files/Apache Software Foundation/Apache2.2/htdocs”
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/error_log”
TransferLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/access_log”

by this line
# General setup for the virtual host
DocumentRoot “C:/wamp/www/ssl”
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_error.log”
TransferLog “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_access.log”

Replace the line in the Virtual Host section :

<Directory “C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
by this line

<Directory “C:/wamp/www/ssl”>
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

Replace the line :

CustomLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request_log” \”%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
by these lines
CustomLog “C:/wamp/logs/ssl_request.log” \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

Open file httpd.conf in folder C:/wamp/bin/Apache/apache2.2.17/conf and uncomment the lines :
- Include conf/extra/httpd-ssl.conf
- LoadModule ldap_module modules/mod_ldap.so
- LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Save and close all the files
Left click on WAMP tray icon and navigate to Apache modules
Scroll down until seeing ssl_module; then, left click on it to enable SSL on WAMP
Next, navigate to PHP extensions
Scroll down until seeing php_openssl; then, left click on it to enable open_ssl on WAMP
Scroll down until seeing php_ldap; then, left click on it to enable php_ldap on WAMP
Open folder C:\wamp\bin\apache\apache2.2.17\bin and copy 2 files libeay32.dll and ssleay32.dll to C:\Windows\System32
Restart All Services on WAMP tray icon

MySQL

Go to https://localhost/phpmyadmin
Click on “Import” tab
Select the file pwd_db.sql
Click “Execute” button

Password database configuration files

Extract the files contained in the file pwd_db_ws.zip to the path c:\wamp\www\ssl
Edit the file C:\wamp\www\ssl\index.php and configure the following variable :
- protected $auth_realm
- line 615 (replace groupITPWD-adm by the admin group name allowed to edit the tabs) : if (strpos($groupIDStr, “groupITPWD-adm”)) {
Edit and configure the following variables in the file C:\wamp\www\ssl\adLDAP\src\adLDAP.php :
- protected $accountSuffix
- protected $baseDn
- protected $domainControllers
- protected $adminUsername
- protected $adminPassword
Edit the file C:\wamp\www\ssl\@.security to define the allowed groups (DO NOT ADD BLANK LINES IN THIS FILE)

Edit the file C:\wamp\www\ssl\section.cfg to create your own password categories

If you have any problems, contact me !

Thank you to

JLBN

My Powershell script categories

Free and secure password repository (PHP/JQuery/Ajax)

Leave a Reply Cancel reply