Commit ZEN/security issue changes
This commit is contained in:
parent
c17c298d72
commit
91d35ccb7c
21
CASA/micasad/cache/SecretStore.cs
vendored
21
CASA/micasad/cache/SecretStore.cs
vendored
@ -70,6 +70,8 @@ namespace sscs.cache
|
||||
private static string POLICY_DIRECTORY = "/home/.casa";
|
||||
private MPFileWatcher mpWatcher = null;
|
||||
|
||||
private Secret m_DesktopSecret = new Secret(ConstStrings.MICASA_DESKTOP_PASSWD);
|
||||
|
||||
private DateTime createTime;
|
||||
public DateTime CreateTime
|
||||
{
|
||||
@ -885,8 +887,25 @@ namespace sscs.cache
|
||||
mpWatcher.resumeWatcher();
|
||||
}
|
||||
|
||||
internal Secret GetDesktopSecret()
|
||||
{
|
||||
return m_DesktopSecret;
|
||||
}
|
||||
|
||||
internal string GetDesktopPasswd()
|
||||
{
|
||||
|
||||
try
|
||||
{
|
||||
Secret secret = GetDesktopSecret();
|
||||
string passwd = secret.GetKeyValue(ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME).GetValue();
|
||||
return passwd;
|
||||
}
|
||||
catch
|
||||
{
|
||||
CSSSLogger.DbgLog("Desktop password not set in Session");
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
string keyChainId = ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0";
|
||||
@ -899,7 +918,9 @@ namespace sscs.cache
|
||||
{
|
||||
CSSSLogger.DbgLog("Desktop password not set");
|
||||
}
|
||||
|
||||
return null;
|
||||
|
||||
}
|
||||
|
||||
internal string GetUserHomeDirectory()
|
||||
|
@ -34,6 +34,16 @@ namespace sscs.common
|
||||
{
|
||||
class CSSSUtils
|
||||
{
|
||||
|
||||
public static bool AllowDesktopPasswordAccess()
|
||||
{
|
||||
#if LINUX
|
||||
return true;
|
||||
#else
|
||||
return true;
|
||||
#endif
|
||||
}
|
||||
|
||||
public static bool IsFileOwnedByRoot(string filePath)
|
||||
{
|
||||
#if LINUX
|
||||
|
@ -44,7 +44,7 @@ namespace sscs.init
|
||||
string sCredMgrPath = GetCredMgrPath();
|
||||
if (sCredMgrPath != null)
|
||||
{
|
||||
RunProcess(sExePath, "/i /n /s " + "\"" + sCredMgrPath + "\"");
|
||||
RunProcess(sExePath, "/i:thecommandline /n /s " + "\"" + sCredMgrPath + "\"");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -97,7 +97,6 @@ namespace sscs.init
|
||||
|
||||
foreach (string arg in args)
|
||||
{
|
||||
System.Diagnostics.Trace.WriteLine("arg: " + arg);
|
||||
System.Diagnostics.Debug.WriteLine("arg: " + arg);
|
||||
}
|
||||
|
||||
|
@ -77,8 +77,8 @@ namespace sscs.verbs
|
||||
// get the store for the src
|
||||
try
|
||||
{
|
||||
WinUserIdentifier srcUser = new WinUserIdentifier(luidLow, luidHigh);
|
||||
SecretStore srcStore = SessionManager.GetUserSecretStore(srcUser);
|
||||
//WinUserIdentifier srcUser = new WinUserIdentifier(luidLow, luidHigh);
|
||||
SecretStore srcStore = SessionManager.GetUserSecretStore(userId);
|
||||
KeyChain kcSrc = null;
|
||||
KeyChain kcDest = null;
|
||||
|
||||
@ -104,7 +104,7 @@ namespace sscs.verbs
|
||||
|
||||
if (iDestroySrcCache > 0)
|
||||
{
|
||||
SessionManager.RemoveUserSession(srcUser, true);
|
||||
srcStore.RemoveKeyChain(luidHigh.ToString() + luidLow.ToString());
|
||||
}
|
||||
}
|
||||
else
|
||||
|
@ -206,8 +206,28 @@ namespace sscs.verbs
|
||||
keyChain = ssStore.GetKeyChain(keyChainId);
|
||||
Secret secret = null;
|
||||
|
||||
|
||||
if (ConstStrings.MICASA_DESKTOP_PASSWD == secretId)
|
||||
{
|
||||
secret = ssStore.GetDesktopSecret();
|
||||
|
||||
if (common.CSSSUtils.AllowDesktopPasswordAccess())
|
||||
{
|
||||
if (keyChain.CheckIfSecretExists(secretId) == false)
|
||||
{
|
||||
keyChain.AddSecret(secret);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// NOTE: This removes secret is session too...
|
||||
//keyChain.RemoveSecret(secretId);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// add this secret if it doesn't already exist
|
||||
if( keyChain.CheckIfSecretExists(secretId) == false)
|
||||
if (keyChain.CheckIfSecretExists(secretId) == false)
|
||||
{
|
||||
secret = new Secret(secretId);
|
||||
keyChain.AddSecret(secret);
|
||||
@ -216,6 +236,8 @@ namespace sscs.verbs
|
||||
{
|
||||
secret = keyChain.GetSecret(secretId);
|
||||
}
|
||||
}
|
||||
|
||||
string oldPasswd = null;
|
||||
if((ConstStrings.MICASA_DESKTOP_PASSWD == secretId) &&
|
||||
(ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME == key)
|
||||
|
Loading…
Reference in New Issue
Block a user