geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security Audit - Marshal export file to CASAManager for saving.

Browse Source
This commit is contained in:
Jim Norman 2006-12-20 10:22:27 +00:00
parent 98c12387a6
commit 43009ada4f
4 changed files with 198 additions and 207 deletions

44
CASA/gui/ExportSecrets.cs

@ -107,8 +107,7 @@ namespace Novell.CASA.GUI
} }
#endif #endif
//Store off this location for next export //Store off this location for next export
int iLastSlash = sFileName.LastIndexOf("/"); int iLastSlash = sFileName.LastIndexOf("/");
if (Common.IS_WINDOWS) if (Common.IS_WINDOWS)
iLastSlash = sFileName.LastIndexOf("\\"); iLastSlash = sFileName.LastIndexOf("\\");
@ -125,25 +124,28 @@ namespace Novell.CASA.GUI
m_config.WriteConfig(); m_config.WriteConfig();
// call our daemon to get the users secrets // call our daemon to get the users secrets
ExportXMLSecrets exportSecrets = new ExportXMLSecrets(sMasterPWD, sEncryptString, sFileName); ExportXMLSecrets exportSecrets = new ExportXMLSecrets(sMasterPWD, sEncryptString, null);
byte[] baSecrets = (byte[])Novell.CASA.MiCasa.Communication.MiCasaRequestReply.Send(MiCasaRequestReply.VERB_EXPORT_SECRETS, null, null, null, exportSecrets);
object obj = Novell.CASA.MiCasa.Communication.MiCasaRequestReply.Send(MiCasaRequestReply.VERB_EXPORT_SECRETS, null, null, null, exportSecrets);
if (baSecrets != null)
{
/* try
byte[] theSecrets = (byte[])Novell.CASA.MiCasa.Communication.MiCasaRequestReply.Send(MiCasaRequestReply.VERB_EXPORT_SECRETS, null, null, null, exportSecrets); {
FileStream fs = new FileStream(sFileName, FileMode.Create);
// write em out. fs.Write(baSecrets, 0, baSecrets.Length);
fs.Flush();
fs.Close();
FileStream fs = new FileStream(sFileName, FileMode.Create); CommonGUI.DisplayMessage(MessageType.Info, "Secrets saved to: \r\n" + sFileName);
fs.Write(theSecrets, 0, theSecrets.Length); }
fs.Flush(); catch
fs.Close(); {
*/ CommonGUI.DisplayMessage(MessageType.Error, "Failed to save secrets");
}
CommonGUI.DisplayMessage(MessageType.Info, "Secrets saved to: \r\n" + sFileName); }
else
{
CommonGUI.DisplayMessage(MessageType.Error, "No Secrets found");
}
} }
} }
else else

8
CASA/micasad/cache/SecretStore.cs vendored

@ -1030,7 +1030,7 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE; return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
} }
internal string GetSecretsForExport(string sEncryptionString) internal byte[] GetSecretsForExport(string sEncryptionString)
{ {
byte[] baIV = null; byte[] baIV = null;
byte[] baSecrets = GetSecrets(sEncryptionString, ref baIV); byte[] baSecrets = GetSecrets(sEncryptionString, ref baIV);
@ -1040,13 +1040,11 @@ namespace sscs.cache
byte[] baCombined = new byte[baIV.Length + baSecrets.Length]; byte[] baCombined = new byte[baIV.Length + baSecrets.Length];
baIV.CopyTo(baCombined, 0); baIV.CopyTo(baCombined, 0);
baSecrets.CopyTo(baCombined, baIV.Length); baSecrets.CopyTo(baCombined, baIV.Length);
return baCombined;
string sB64 = Convert.ToBase64String(baCombined);
return sB64;
} }
else else
{ {
return Convert.ToBase64String(baSecrets); return baSecrets;
} }
} }

316
CASA/micasad/lib/communication/UnixIPCClientChannel.cs

@ -18,161 +18,165 @@
* To contact Novell about this file by physical or electronic mail, * To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com. * you may find current contact information at www.novell.com.
* *
***********************************************************************/ ***********************************************************************/
using System; using System;
using System.Net; using System.Net;
using System.IO; using System.IO;
using System.Net.Sockets; using System.Net.Sockets;
using Mono.Unix; using Mono.Unix;
using System.Text; using System.Text;
namespace Novell.CASA.MiCasa.Communication namespace Novell.CASA.MiCasa.Communication
{ {
/// <summary> /// <summary>
/// Summary description for UnixIPCClientChannel. /// Summary description for UnixIPCClientChannel.
/// </summary> /// </summary>
public class UnixIPCClientChannel : ClientChannel public class UnixIPCClientChannel : ClientChannel
{ {
private Socket mSocket = null; private Socket mSocket = null;
private string socketFileName = "/tmp/.novellCASA"; private string socketFileName = "/tmp/.novellCASA";
private EndPoint sockEndPoint; private EndPoint sockEndPoint;
public UnixIPCClientChannel() public UnixIPCClientChannel()
{ {
} }
public void Open() public void Open()
{ {
mSocket = new Socket( AddressFamily.Unix, mSocket = new Socket(AddressFamily.Unix,
SocketType.Stream, SocketType.Stream,
ProtocolType.IP ); ProtocolType.IP);
if (mSocket == null) if (mSocket == null)
{ {
throw new Exception("could not get socket"); throw new Exception("could not get socket");
} }
sockEndPoint = new UnixEndPoint(socketFileName); sockEndPoint = new UnixEndPoint(socketFileName);
UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName); UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName);
UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser; UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser;
// root is the owner of the file "/tmp/.novellCASA" // root is the owner of the file "/tmp/.novellCASA"
if (sockFileOwner.UserId == 0) if (sockFileOwner.UserId == 0)
{ {
mSocket.Connect(sockEndPoint); mSocket.Connect(sockEndPoint);
} }
else else
{ {
throw new Exception("not a valid miCASA service"); throw new Exception("not a valid miCASA service");
} }
} }
public int Read(byte[] buf) public int Read(byte[] buf)
{ {
buf = Read(); buf = Read();
if (buf != null) if (buf != null)
{ {
//Console.WriteLine("Bytes read = " + buf.Length); //Console.WriteLine("Bytes read = " + buf.Length);
return buf.Length; return buf.Length;
} }
else else
return 0; return 0;
} }
public byte[] Read() public byte[] Read()
{ {
byte[] returnBuffer = null; byte[] returnBuffer = null;
int bytesRecvd = 0; int bytesRecvd = 0;
try try
{ {
/* We need to read 'msgLen' to know how many bytes to /* We need to read 'msgLen' to know how many bytes to
* allocate. * allocate.
*/ */
byte[] msgIdBytes = new byte[2]; byte[] msgIdBytes = new byte[2];
bytesRecvd = mSocket.Receive(msgIdBytes); bytesRecvd = mSocket.Receive(msgIdBytes);
if( 0 == bytesRecvd ) if (0 == bytesRecvd)
{ {
return null; return null;
} }
byte[] msgLenBytes = new byte[4]; byte[] msgLenBytes = new byte[4];
bytesRecvd = mSocket.Receive(msgLenBytes); bytesRecvd = mSocket.Receive(msgLenBytes);
if( 0 == bytesRecvd ) if (0 == bytesRecvd)
{ {
return null; return null;
} }
uint msgLen = BitConverter.ToUInt32(msgLenBytes,0); uint msgLen = BitConverter.ToUInt32(msgLenBytes, 0);
if( msgLen > 6 ) if (msgLen > 6)
{ {
System.Text.Encoding encoding = System.Text.Encoding.ASCII; byte[] buf = null;
byte[] buf = null; int bytesAvailable;
int bytesAvailable; int totalBytes = 0;
int totalBytes = 0; int msgLencount = 0;
int msgLencount = 0; string bufstring = null;
string bufstring = null;
byte[] temp = null; // buffer for data
while(totalBytes<(msgLen-6)) MemoryStream ms = new MemoryStream();
{
bytesAvailable = mSocket.Available; while (totalBytes < (msgLen - 6))
if( 0 == bytesAvailable) {
{ bytesAvailable = mSocket.Available;
break; if (0 == bytesAvailable)
} {
buf = new byte[bytesAvailable]; break;
bytesRecvd = mSocket.Receive (buf); }
bufstring = bufstring + encoding.GetString(buf); //keep buffering in a string buf = new byte[bytesAvailable];
totalBytes = totalBytes + bytesAvailable; bytesRecvd = mSocket.Receive(buf);
} ms.Write(buf, 0, bytesRecvd);
if(totalBytes==0)
return null; totalBytes = totalBytes + bytesAvailable;
}
byte[] finalbuf = encoding.GetBytes(bufstring);//finally, convert the string to a byte array of size 'totalBytes' if (totalBytes == 0)
int returnBufferLen = msgIdBytes.Length+msgLenBytes.Length+totalBytes; return null;
returnBuffer = new byte[returnBufferLen];
Array.Copy(msgIdBytes,returnBuffer,2); byte[] finalbuf = ms.ToArray();
Array.Copy(msgLenBytes,0,returnBuffer,2,4);
Array.Copy(finalbuf,0,returnBuffer,6,finalbuf.Length); int returnBufferLen = msgIdBytes.Length + msgLenBytes.Length + totalBytes;
return returnBuffer; returnBuffer = new byte[returnBufferLen];
} Array.Copy(msgIdBytes, returnBuffer, 2);
else Array.Copy(msgLenBytes, 0, returnBuffer, 2, 4);
{ Array.Copy(finalbuf, 0, returnBuffer, 6, finalbuf.Length);
returnBuffer = new byte[6]; return returnBuffer;
Array.Copy(msgIdBytes,returnBuffer,2); }
Array.Copy(msgLenBytes,0,returnBuffer,2,4); else
return returnBuffer; {
} returnBuffer = new byte[6];
} Array.Copy(msgIdBytes, returnBuffer, 2);
catch (Exception e) Array.Copy(msgLenBytes, 0, returnBuffer, 2, 4);
{ return returnBuffer;
Console.WriteLine(e.ToString()); }
return null; }
} catch (Exception e)
} {
Console.WriteLine(e.ToString());
public int Write(byte[] buf) return null;
{ }
try }
{
mSocket.Send(buf); public int Write(byte[] buf)
//Console.WriteLine("Bytes written = " + buf.Length); {
return buf.Length; try
} {
catch (Exception e) mSocket.Send(buf);
{ //Console.WriteLine("Bytes written = " + buf.Length);
Console.WriteLine(e.ToString()); return buf.Length;
return 0; }
} catch (Exception e)
} {
Console.WriteLine(e.ToString());
public void Close() return 0;
{ }
mSocket.Close(); }
}
} public void Close()
} {
mSocket.Close();
}
}
}

37
CASA/micasad/verbs/ObjectSerialization.cs

@ -410,32 +410,19 @@ namespace sscs.verbs
string sEncrpyptionPassphrase = secrets.GetPassphrase(); string sEncrpyptionPassphrase = secrets.GetPassphrase();
// get all secrets // get all secrets
//byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV); byte[] baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase);
string baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase);
if (baSecrets != null)
string sFilePath = secrets.GetFilePath(); {
if (sFilePath != null) wo.SetObject(baSecrets);
{ wo.SetError(constants.RetCodes.SUCCESS, "");
// write em out }
FileStream fs = new FileStream(sFilePath, FileMode.Create); else
// write the secrets now {
//fs.Write(baSecrets, 0, baSecrets.Length); wo.SetError(constants.RetCodes.FAILURE, "No Secrets for Export");
fs.Flush(); }
fs.Close();
#if LINUX
// change file ownership to the user
Mono.Unix.Native.Syscall.chown(sFilePath, (uint)userId.GetUID(), (uint)userId.GetUID());
#endif
}
else
{
wo.SetObject(baSecrets);
}
wo.SetError(constants.RetCodes.SUCCESS, "");
return wo; return wo;
} }