geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security Audit - Marshal export file to CASAManager for saving.

Browse Source
This commit is contained in:
Jim Norman 2006-12-20 10:22:27 +00:00
parent 98c12387a6
commit 43009ada4f
4 changed files with 198 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CASA/gui/ExportSecrets.cs
View File

@ -107,8 +107,7 @@ namespace Novell.CASA.GUI
}
#endif
//Store off this location for next export
//Store off this location for next export
int iLastSlash = sFileName.LastIndexOf("/");
if (Common.IS_WINDOWS)
iLastSlash = sFileName.LastIndexOf("\\");
@ -125,25 +124,28 @@ namespace Novell.CASA.GUI
m_config.WriteConfig();
// call our daemon to get the users secrets
ExportXMLSecrets exportSecrets = new ExportXMLSecrets(sMasterPWD, sEncryptString, sFileName);
object obj = Novell.CASA.MiCasa.Communication.MiCasaRequestReply.Send(MiCasaRequestReply.VERB_EXPORT_SECRETS, null, null, null, exportSecrets);
/*
byte[] theSecrets = (byte[])Novell.CASA.MiCasa.Communication.MiCasaRequestReply.Send(MiCasaRequestReply.VERB_EXPORT_SECRETS, null, null, null, exportSecrets);
// write em out.
FileStream fs = new FileStream(sFileName, FileMode.Create);
fs.Write(theSecrets, 0, theSecrets.Length);
fs.Flush();
fs.Close();
*/
CommonGUI.DisplayMessage(MessageType.Info, "Secrets saved to: \r\n" + sFileName);
ExportXMLSecrets exportSecrets = new ExportXMLSecrets(sMasterPWD, sEncryptString, null);
byte[] baSecrets = (byte[])Novell.CASA.MiCasa.Communication.MiCasaRequestReply.Send(MiCasaRequestReply.VERB_EXPORT_SECRETS, null, null, null, exportSecrets);
if (baSecrets != null)
{
try
{
FileStream fs = new FileStream(sFileName, FileMode.Create);
fs.Write(baSecrets, 0, baSecrets.Length);
fs.Flush();
fs.Close();
CommonGUI.DisplayMessage(MessageType.Info, "Secrets saved to: \r\n" + sFileName);
}
catch
{
CommonGUI.DisplayMessage(MessageType.Error, "Failed to save secrets");
}
}
else
{
CommonGUI.DisplayMessage(MessageType.Error, "No Secrets found");
}
}
}
else

8
CASA/micasad/cache/SecretStore.cs vendored
View File

@ -1030,7 +1030,7 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
}
internal string GetSecretsForExport(string sEncryptionString)
internal byte[] GetSecretsForExport(string sEncryptionString)
{
byte[] baIV = null;
byte[] baSecrets = GetSecrets(sEncryptionString, ref baIV);
@ -1040,13 +1040,11 @@ namespace sscs.cache
byte[] baCombined = new byte[baIV.Length + baSecrets.Length];
baIV.CopyTo(baCombined, 0);
baSecrets.CopyTo(baCombined, baIV.Length);
string sB64 = Convert.ToBase64String(baCombined);
return sB64;
return baCombined;
}
else
{
return Convert.ToBase64String(baSecrets);
return baSecrets;
}
}

316
CASA/micasad/lib/communication/UnixIPCClientChannel.cs
View File

@ -18,161 +18,165 @@
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
***********************************************************************/
using System;
using System.Net;
using System.IO;
using System.Net.Sockets;
using Mono.Unix;
using System.Text;
namespace Novell.CASA.MiCasa.Communication
{
/// <summary>
/// Summary description for UnixIPCClientChannel.
/// </summary>
public class UnixIPCClientChannel : ClientChannel
{
private Socket mSocket = null;
private string socketFileName = "/tmp/.novellCASA";
private EndPoint sockEndPoint;
public UnixIPCClientChannel()
{
}
public void Open()
{
mSocket = new Socket( AddressFamily.Unix,
SocketType.Stream,
ProtocolType.IP );
if (mSocket == null)
{
throw new Exception("could not get socket");
}
sockEndPoint = new UnixEndPoint(socketFileName);
UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName);
UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser;
// root is the owner of the file "/tmp/.novellCASA"
if (sockFileOwner.UserId == 0)
{
mSocket.Connect(sockEndPoint);
}
else
{
throw new Exception("not a valid miCASA service");
}
}
public int Read(byte[] buf)
{
buf = Read();
if (buf != null)
{
//Console.WriteLine("Bytes read = " + buf.Length);
return buf.Length;
}
else
return 0;
}
public byte[] Read()
{
byte[] returnBuffer = null;
int bytesRecvd = 0;
try
{
***********************************************************************/
using System;
using System.Net;
using System.IO;
using System.Net.Sockets;
using Mono.Unix;
using System.Text;
namespace Novell.CASA.MiCasa.Communication
{
/// <summary>
/// Summary description for UnixIPCClientChannel.
/// </summary>
public class UnixIPCClientChannel : ClientChannel
{
private Socket mSocket = null;
private string socketFileName = "/tmp/.novellCASA";
private EndPoint sockEndPoint;
public UnixIPCClientChannel()
{
}
public void Open()
{
mSocket = new Socket(AddressFamily.Unix,
SocketType.Stream,
ProtocolType.IP);
if (mSocket == null)
{
throw new Exception("could not get socket");
}
sockEndPoint = new UnixEndPoint(socketFileName);
UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName);
UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser;
// root is the owner of the file "/tmp/.novellCASA"
if (sockFileOwner.UserId == 0)
{
mSocket.Connect(sockEndPoint);
}
else
{
throw new Exception("not a valid miCASA service");
}
}
public int Read(byte[] buf)
{
buf = Read();
if (buf != null)
{
//Console.WriteLine("Bytes read = " + buf.Length);
return buf.Length;
}
else
return 0;
}
public byte[] Read()
{
byte[] returnBuffer = null;
int bytesRecvd = 0;
try
{
/* We need to read 'msgLen' to know how many bytes to
* allocate.
*/
byte[] msgIdBytes = new byte[2];
bytesRecvd = mSocket.Receive(msgIdBytes);
if( 0 == bytesRecvd )
{
return null;
}
byte[] msgLenBytes = new byte[4];
bytesRecvd = mSocket.Receive(msgLenBytes);
if( 0 == bytesRecvd )
{
return null;
}
uint msgLen = BitConverter.ToUInt32(msgLenBytes,0);
if( msgLen > 6 )
{
System.Text.Encoding encoding = System.Text.Encoding.ASCII;
byte[] buf = null;
int bytesAvailable;
int totalBytes = 0;
int msgLencount = 0;
string bufstring = null;
byte[] temp = null;
while(totalBytes<(msgLen-6))
{
bytesAvailable = mSocket.Available;
if( 0 == bytesAvailable)
{
break;
}
buf = new byte[bytesAvailable];
bytesRecvd = mSocket.Receive (buf);
bufstring = bufstring + encoding.GetString(buf); //keep buffering in a string
totalBytes = totalBytes + bytesAvailable;
}
if(totalBytes==0)
return null;
byte[] finalbuf = encoding.GetBytes(bufstring);//finally, convert the string to a byte array of size 'totalBytes'
int returnBufferLen = msgIdBytes.Length+msgLenBytes.Length+totalBytes;
returnBuffer = new byte[returnBufferLen];
Array.Copy(msgIdBytes,returnBuffer,2);
Array.Copy(msgLenBytes,0,returnBuffer,2,4);
Array.Copy(finalbuf,0,returnBuffer,6,finalbuf.Length);
return returnBuffer;
}
else
{
returnBuffer = new byte[6];
Array.Copy(msgIdBytes,returnBuffer,2);
Array.Copy(msgLenBytes,0,returnBuffer,2,4);
return returnBuffer;
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
return null;
}
}
public int Write(byte[] buf)
{
try
{
mSocket.Send(buf);
//Console.WriteLine("Bytes written = " + buf.Length);
return buf.Length;
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
return 0;
}
}
public void Close()
{
mSocket.Close();
}
}
}
*/
byte[] msgIdBytes = new byte[2];
bytesRecvd = mSocket.Receive(msgIdBytes);
if (0 == bytesRecvd)
{
return null;
}
byte[] msgLenBytes = new byte[4];
bytesRecvd = mSocket.Receive(msgLenBytes);
if (0 == bytesRecvd)
{
return null;
}
uint msgLen = BitConverter.ToUInt32(msgLenBytes, 0);
if (msgLen > 6)
{
byte[] buf = null;
int bytesAvailable;
int totalBytes = 0;
int msgLencount = 0;
string bufstring = null;
// buffer for data
MemoryStream ms = new MemoryStream();
while (totalBytes < (msgLen - 6))
{
bytesAvailable = mSocket.Available;
if (0 == bytesAvailable)
{
break;
}
buf = new byte[bytesAvailable];
bytesRecvd = mSocket.Receive(buf);
ms.Write(buf, 0, bytesRecvd);
totalBytes = totalBytes + bytesAvailable;
}
if (totalBytes == 0)
return null;
byte[] finalbuf = ms.ToArray();
int returnBufferLen = msgIdBytes.Length + msgLenBytes.Length + totalBytes;
returnBuffer = new byte[returnBufferLen];
Array.Copy(msgIdBytes, returnBuffer, 2);
Array.Copy(msgLenBytes, 0, returnBuffer, 2, 4);
Array.Copy(finalbuf, 0, returnBuffer, 6, finalbuf.Length);
return returnBuffer;
}
else
{
returnBuffer = new byte[6];
Array.Copy(msgIdBytes, returnBuffer, 2);
Array.Copy(msgLenBytes, 0, returnBuffer, 2, 4);
return returnBuffer;
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
return null;
}
}
public int Write(byte[] buf)
{
try
{
mSocket.Send(buf);
//Console.WriteLine("Bytes written = " + buf.Length);
return buf.Length;
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
return 0;
}
}
public void Close()
{
mSocket.Close();
}
}
}

37
CASA/micasad/verbs/ObjectSerialization.cs
View File

@ -410,32 +410,19 @@ namespace sscs.verbs
string sEncrpyptionPassphrase = secrets.GetPassphrase();
// get all secrets
//byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV);
string baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase);
string sFilePath = secrets.GetFilePath();
if (sFilePath != null)
{
// write em out
FileStream fs = new FileStream(sFilePath, FileMode.Create);
// write the secrets now
//fs.Write(baSecrets, 0, baSecrets.Length);
fs.Flush();
fs.Close();
// get all secrets
byte[] baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase);
if (baSecrets != null)
{
wo.SetObject(baSecrets);
wo.SetError(constants.RetCodes.SUCCESS, "");
}
else
{
wo.SetError(constants.RetCodes.FAILURE, "No Secrets for Export");
}
#if LINUX
// change file ownership to the user
Mono.Unix.Native.Syscall.chown(sFilePath, (uint)userId.GetUID(), (uint)userId.GetUID());
#endif
}
else
{
wo.SetObject(baSecrets);
}
wo.SetError(constants.RetCodes.SUCCESS, "");
return wo;
}