From 91d35ccb7ceb2e8e6b4e89559dec6118a97dec87 Mon Sep 17 00:00:00 2001 From: Jim Norman Date: Thu, 27 Mar 2008 16:43:13 +0000 Subject: [PATCH] Commit ZEN/security issue changes --- CASA/micasad/cache/SecretStore.cs | 25 +++++++++- CASA/micasad/common/CSSSUtils.cs | 12 ++++- CASA/micasad/init/CredMgr.cs | 2 +- .../init/WinSecretStoreClientService.cs | 3 +- CASA/micasad/verbs/MergeCache.cs | 8 ++-- CASA/micasad/verbs/WriteKey.cs | 46 ++++++++++++++----- 6 files changed, 74 insertions(+), 22 deletions(-) diff --git a/CASA/micasad/cache/SecretStore.cs b/CASA/micasad/cache/SecretStore.cs index cd5153d5..ec3550aa 100644 --- a/CASA/micasad/cache/SecretStore.cs +++ b/CASA/micasad/cache/SecretStore.cs @@ -68,7 +68,9 @@ namespace sscs.cache string m_persistenceDirectory = null; private static string POLICY_DIRECTORY = "/home/.casa"; - private MPFileWatcher mpWatcher = null; + private MPFileWatcher mpWatcher = null; + + private Secret m_DesktopSecret = new Secret(ConstStrings.MICASA_DESKTOP_PASSWD); private DateTime createTime; public DateTime CreateTime @@ -883,10 +885,27 @@ namespace sscs.cache { if (mpWatcher != null) mpWatcher.resumeWatcher(); + } + + internal Secret GetDesktopSecret() + { + return m_DesktopSecret; } internal string GetDesktopPasswd() - { + { + + try + { + Secret secret = GetDesktopSecret(); + string passwd = secret.GetKeyValue(ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME).GetValue(); + return passwd; + } + catch + { + CSSSLogger.DbgLog("Desktop password not set in Session"); + } + try { string keyChainId = ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0"; @@ -899,7 +918,9 @@ namespace sscs.cache { CSSSLogger.DbgLog("Desktop password not set"); } + return null; + } internal string GetUserHomeDirectory() diff --git a/CASA/micasad/common/CSSSUtils.cs b/CASA/micasad/common/CSSSUtils.cs index 768dacf1..60979927 100644 --- a/CASA/micasad/common/CSSSUtils.cs +++ b/CASA/micasad/common/CSSSUtils.cs @@ -33,7 +33,17 @@ using sscs.constants; namespace sscs.common { class CSSSUtils - { + { + + public static bool AllowDesktopPasswordAccess() + { +#if LINUX + return true; +#else + return true; +#endif + } + public static bool IsFileOwnedByRoot(string filePath) { #if LINUX diff --git a/CASA/micasad/init/CredMgr.cs b/CASA/micasad/init/CredMgr.cs index c47b059a..2c289258 100644 --- a/CASA/micasad/init/CredMgr.cs +++ b/CASA/micasad/init/CredMgr.cs @@ -44,7 +44,7 @@ namespace sscs.init string sCredMgrPath = GetCredMgrPath(); if (sCredMgrPath != null) { - RunProcess(sExePath, "/i /n /s " + "\"" + sCredMgrPath + "\""); + RunProcess(sExePath, "/i:thecommandline /n /s " + "\"" + sCredMgrPath + "\""); } } } diff --git a/CASA/micasad/init/WinSecretStoreClientService.cs b/CASA/micasad/init/WinSecretStoreClientService.cs index dda35bdd..2c87ebf4 100644 --- a/CASA/micasad/init/WinSecretStoreClientService.cs +++ b/CASA/micasad/init/WinSecretStoreClientService.cs @@ -96,8 +96,7 @@ namespace sscs.init } foreach (string arg in args) - { - System.Diagnostics.Trace.WriteLine("arg: " + arg); + { System.Diagnostics.Debug.WriteLine("arg: " + arg); } diff --git a/CASA/micasad/verbs/MergeCache.cs b/CASA/micasad/verbs/MergeCache.cs index fca05ade..d60f7c82 100644 --- a/CASA/micasad/verbs/MergeCache.cs +++ b/CASA/micasad/verbs/MergeCache.cs @@ -77,8 +77,8 @@ namespace sscs.verbs // get the store for the src try { - WinUserIdentifier srcUser = new WinUserIdentifier(luidLow, luidHigh); - SecretStore srcStore = SessionManager.GetUserSecretStore(srcUser); + //WinUserIdentifier srcUser = new WinUserIdentifier(luidLow, luidHigh); + SecretStore srcStore = SessionManager.GetUserSecretStore(userId); KeyChain kcSrc = null; KeyChain kcDest = null; @@ -103,8 +103,8 @@ namespace sscs.verbs } if (iDestroySrcCache > 0) - { - SessionManager.RemoveUserSession(srcUser, true); + { + srcStore.RemoveKeyChain(luidHigh.ToString() + luidLow.ToString()); } } else diff --git a/CASA/micasad/verbs/WriteKey.cs b/CASA/micasad/verbs/WriteKey.cs index 8c3265a0..737be148 100644 --- a/CASA/micasad/verbs/WriteKey.cs +++ b/CASA/micasad/verbs/WriteKey.cs @@ -204,19 +204,41 @@ namespace sscs.verbs if( ssStore.CheckIfKeyChainExists(keyChainId) ) { keyChain = ssStore.GetKeyChain(keyChainId); - Secret secret = null; + Secret secret = null; + + + if (ConstStrings.MICASA_DESKTOP_PASSWD == secretId) + { + secret = ssStore.GetDesktopSecret(); + + if (common.CSSSUtils.AllowDesktopPasswordAccess()) + { + if (keyChain.CheckIfSecretExists(secretId) == false) + { + keyChain.AddSecret(secret); + } + } + else + { + // NOTE: This removes secret is session too... + //keyChain.RemoveSecret(secretId); + } + } + else + { + // add this secret if it doesn't already exist + if (keyChain.CheckIfSecretExists(secretId) == false) + { + secret = new Secret(secretId); + keyChain.AddSecret(secret); + } + else + { + secret = keyChain.GetSecret(secretId); + } + } - // add this secret if it doesn't already exist - if( keyChain.CheckIfSecretExists(secretId) == false) - { - secret = new Secret(secretId); - keyChain.AddSecret(secret); - } - else - { - secret = keyChain.GetSecret(secretId); - } - string oldPasswd = null; + string oldPasswd = null; if((ConstStrings.MICASA_DESKTOP_PASSWD == secretId) && (ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME == key) )