geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Support for storing and retrieving the services' secrets in CASA, so

Browse Source 
that the secrets can be retrieved during the system boot-up.
This commit is contained in:
Rajasekaran Nagarajan 2006-10-19 09:27:10 +00:00
parent 86515d118a
commit 879eaa39d6
11 changed files with 765 additions and 417 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CASA/configure.in
View File

@ -41,7 +41,7 @@ case $host_os in
;; ;;
*) *)
AC_CHECK_PROG(CSC, csc, csc) AC_CHECK_PROG(CSC, csc, csc)
test -z "$CSC" && AC_CHECK_PROG(CSC, mcs, mcs) test -z "$CSC" && AC_CHECK_PROG(CSC, gmcs, gmcs)
test -z "$CSC" && AC_MSG_ERROR([no acceptable C Sharp compiler found in \$PATH]) test -z "$CSC" && AC_MSG_ERROR([no acceptable C Sharp compiler found in \$PATH])
;; ;;
@ -51,7 +51,7 @@ case $CSC in
# #
# Mono-specific configuration # Mono-specific configuration
# #
mcs) gmcs)
CSC_EXEFLAG=/target:exe CSC_EXEFLAG=/target:exe
CSC_LIBFLAG=/target:library CSC_LIBFLAG=/target:library
CSC_EXEFLAG=/target:exe CSC_EXEFLAG=/target:exe

1
CASA/micasad/Makefile.am
View File

@ -126,6 +126,7 @@ CSFILES_CSC := $(subst /,$(SEP),$(CSFILES))
CS_FLAGS = -d:LINUX -nowarn:169 CS_FLAGS = -d:LINUX -nowarn:169
CS_RESOURCES = CS_RESOURCES =
CS_LIBS =Mono.Posix.dll \ CS_LIBS =Mono.Posix.dll \
System.Security.dll \
nunit.core.dll \ nunit.core.dll \
nunit.framework.dll \ nunit.framework.dll \
nunit.extensions.dll \ nunit.extensions.dll \

142
CASA/micasad/cache/SecretStore.cs vendored
View File

@ -55,11 +55,15 @@ namespace sscs.cache
private static int STATE_LOCKED = 2; private static int STATE_LOCKED = 2;
private LocalStorage lss = null; private LocalStorage lss = null;
private LocalStorage slss = null; // For Server Secrets
bool bIsStorePersistent = false; bool bIsStorePersistent = false;
string m_persistenceDirectory = null; bool bIsServerStorePersistent = false;
private static string POLICY_DIRECTORY = "/home/.casa";
string m_persistenceDirectory = null;
private MPFileWatcher mpWatcher = null; private static string POLICY_DIRECTORY = "/home/.casa";
private MPFileWatcher mpWatcher = null;
private DateTime createTime; private DateTime createTime;
public DateTime CreateTime public DateTime CreateTime
@ -175,10 +179,74 @@ namespace sscs.cache
catch catch
{ {
} }
return false; return false;
} }
internal bool StartPersistenceOfServerSecretsBySystemKey()
{
// make sure we have a Persistence Directory
if (GetPersistenceDirectory() == null || GetPersistenceDirectory().Length < 1 || !Directory.Exists(GetPersistenceDirectory()))
{
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - No Persistence directory yet");
CSSSLogger.DbgLog("Directory: [" + GetPersistenceDirectory() + "]");
return false;
}
try
{
byte[] baPasscode;
/* Persistence could have started because the user
* could have set master password.
*/
if(slss != null && bIsServerStorePersistent == true)
{
CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " Server Secrets Store is already persistent");
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - Started");
return true;
}
if(!File.Exists(GetServerPasscodeBySystemKeyFilePath()))
{
/*
if (File.Exists(GetServerPasscodeByMasterPasswdFilePath()))
{
// wait for the user to start the Persistence by entering MP
return false;
}
*/
baPasscode = CASACrypto.GenerateServerMasterPasscode(
GetServerPasscodeBySystemKeyFilePath(),
GetServerValidationFilePath());
if( null == baPasscode )
{
return false;
}
if(!File.Exists(GetServerKeyFilePath()))
{
GenerateAndStoreEncryptionKey(baPasscode, GetServerKeyFilePath());
slss = new LocalStorage(this, baPasscode, true);
bIsServerStorePersistent = true;
return true;
}
}
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(GetServerPasscodeBySystemKeyFilePath());
if(CASACrypto.ValidatePasscode(baPasscode,GetServerValidationFilePath()))
{
slss = new LocalStorage(this, baPasscode, true);
bIsServerStorePersistent = true;
return true;
}
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
}
return false;
}
internal bool StartPersistenceByDesktopPasswd(string desktopPasswd) internal bool StartPersistenceByDesktopPasswd(string desktopPasswd)
{ {
CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Called"); CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Called");
@ -246,7 +314,7 @@ namespace sscs.cache
if(!File.Exists(GetKeyFilePath())) if(!File.Exists(GetKeyFilePath()))
{ {
GenerateAndStoreEncryptionKey(baPasscode); GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
lss = new LocalStorage(this,baPasscode); lss = new LocalStorage(this,baPasscode);
bIsStorePersistent = true; bIsStorePersistent = true;
return true; return true;
@ -286,7 +354,7 @@ namespace sscs.cache
return false; return false;
} }
internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode) internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode, string fileName)
{ {
RijndaelManaged myRijndael = new RijndaelManaged(); RijndaelManaged myRijndael = new RijndaelManaged();
byte[] key; byte[] key;
@ -297,9 +365,7 @@ namespace sscs.cache
myRijndael.GenerateKey(); myRijndael.GenerateKey();
key = myRijndael.Key; key = myRijndael.Key;
CASACrypto.StoreKeySetUsingMasterPasscode(key,IV, CASACrypto.StoreKeySetUsingMasterPasscode(key, IV, baPasscode, fileName);
baPasscode,
GetKeyFilePath());
} }
catch (Exception e) catch (Exception e)
{ {
@ -308,7 +374,6 @@ namespace sscs.cache
return true; return true;
} }
internal bool SetMasterPassword(string mPasswdFromIDK) internal bool SetMasterPassword(string mPasswdFromIDK)
{ {
try try
@ -341,12 +406,17 @@ namespace sscs.cache
else else
{ {
// try old method // try old method
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true); baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(
desktopPasswd,
GetPasscodeByDesktopFilePath(),
true);
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
{ {
// rewrite file using new method // rewrite file using new method
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath()); CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
baPasscode,
desktopPasswd,
GetPasscodeByDesktopFilePath());
CASACrypto.EncryptAndStoreMasterPasscodeUsingString( CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
baPasscode, baPasscode,
@ -406,7 +476,7 @@ namespace sscs.cache
{ {
if(!File.Exists(GetKeyFilePath())) if(!File.Exists(GetKeyFilePath()))
{ {
GenerateAndStoreEncryptionKey(baPasscode); GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
} }
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath()); CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath());
@ -674,6 +744,8 @@ namespace sscs.cache
{ {
if (lss != null) if (lss != null)
lss.PersistStoreWithDelay(); lss.PersistStoreWithDelay();
if (slss != null)
slss.PersistServerStoreWithDelay();
} }
/* This function would need to do any storage/cleanup required /* This function would need to do any storage/cleanup required
@ -682,7 +754,9 @@ namespace sscs.cache
internal bool CommitStore() internal bool CommitStore()
{ {
if(lss != null) if(lss != null)
lss.PersistStore(); lss.PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
if(slss != null)
slss.PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
return true; return true;
} }
@ -724,6 +798,7 @@ namespace sscs.cache
{ {
return state; return state;
} }
internal int GetNumKeyChains() internal int GetNumKeyChains()
{ {
return keyChainList.Count; return keyChainList.Count;
@ -824,7 +899,8 @@ namespace sscs.cache
// let's migrate the files if needed // let's migrate the files if needed
string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName(); string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName();
try { try
{
if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0) if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0)
return sNewPath; return sNewPath;
@ -846,7 +922,6 @@ namespace sscs.cache
} }
return (sNewPath); return (sNewPath);
} }
internal bool SetPeristenceDirectory(string sNewDirectory) internal bool SetPeristenceDirectory(string sNewDirectory)
@ -866,7 +941,6 @@ namespace sscs.cache
} }
return false; return false;
} }
internal string GetKeyFilePath() internal string GetKeyFilePath()
@ -897,14 +971,42 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_VALIDATION_FILE; return persistDir + ConstStrings.MICASA_VALIDATION_FILE;
} }
internal string GetServerKeyFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_KEY_FILE;
}
internal string GetServerPasscodeBySystemKeyFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE;
}
internal string GetServerPasscodeByMasterPasswdFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE;
}
internal string GetServerSecretsPersistenceFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PERSISTENCE_FILE;
}
internal string GetServerValidationFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
}
internal byte[] GetSecrets(string sEncryptionString) internal byte[] GetSecrets(string sEncryptionString)
{ {
if (lss != null) if (lss != null)
{ {
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this); MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null);
byte[] baSecrets = ms.ToArray(); byte[] baSecrets = ms.ToArray();
// encrypt if an encryptionstring was passed // encrypt if an encryptionstring was passed

278
CASA/micasad/common/Constants.cs
View File

@ -21,133 +21,151 @@
***********************************************************************/ ***********************************************************************/
using System; using System;
namespace sscs.constants namespace sscs.constants
{ {
class IPCRetCodes class IPCRetCodes
{ {
internal static int SSCS_REPLY_SUCCESS = 0; internal static int SSCS_REPLY_SUCCESS = 0;
internal static int SSCS_E_INVALID_MESSAGE = -1; internal static int SSCS_E_INVALID_MESSAGE = -1;
internal static int SSCS_E_VERSION_NOT_SUPPORTED = -2; internal static int SSCS_E_VERSION_NOT_SUPPORTED = -2;
internal static int SSCS_E_SYSTEM_ERROR = -3; internal static int SSCS_E_SYSTEM_ERROR = -3;
internal static int SSCS_E_REPLY_NOT_AVAILABLE = -4; internal static int SSCS_E_REPLY_NOT_AVAILABLE = -4;
internal static int SSCS_E_INVALID_KEYCHAIN = -5; internal static int SSCS_E_INVALID_KEYCHAIN = -5;
internal static int SSCS_E_INVALID_SECRETID = -6; internal static int SSCS_E_INVALID_SECRETID = -6;
internal static int SSCS_E_KEYCHAIN_ALREADY_EXISTS = -7; internal static int SSCS_E_KEYCHAIN_ALREADY_EXISTS = -7;
internal static int SSCS_E_MAX_KEYCHAINS_REACHED = -8; internal static int SSCS_E_MAX_KEYCHAINS_REACHED = -8;
internal static int SSCS_E_ADD_KEYCHAIN_FAILED = -9; internal static int SSCS_E_ADD_KEYCHAIN_FAILED = -9;
internal static int SSCS_E_NO_KEYCHAINS_EXIST = -10; internal static int SSCS_E_NO_KEYCHAINS_EXIST = -10;
internal static int SSCS_E_KEYCHAIN_DOES_NOT_EXIST = -11; internal static int SSCS_E_KEYCHAIN_DOES_NOT_EXIST = -11;
internal static int SSCS_E_REMOVE_KEYCHAIN_FAILED = -12; internal static int SSCS_E_REMOVE_KEYCHAIN_FAILED = -12;
internal static int SSCS_E_WRITE_SECRET_FAILED = -13; internal static int SSCS_E_WRITE_SECRET_FAILED = -13;
internal static int SSCS_E_ADDING_DEFAULT_KEYCHAIN_FAILED = -14; internal static int SSCS_E_ADDING_DEFAULT_KEYCHAIN_FAILED = -14;
internal static int SSCS_E_NO_SECRETS_EXIST = -15; internal static int SSCS_E_NO_SECRETS_EXIST = -15;
internal static int SSCS_E_REMOVE_SECRET_FAILED = -16; internal static int SSCS_E_REMOVE_SECRET_FAILED = -16;
internal static int SSCS_E_GET_SOCKET_PATH_FAILED = -17; internal static int SSCS_E_GET_SOCKET_PATH_FAILED = -17;
internal static int SSCS_E_CREATE_SOCKET_FAILED = -18; internal static int SSCS_E_CREATE_SOCKET_FAILED = -18;
internal static int SSCS_E_SECRETID_DOES_NOT_EXIST = -19; internal static int SSCS_E_SECRETID_DOES_NOT_EXIST = -19;
internal static int SSCS_E_INVALID_INPUT = -20; internal static int SSCS_E_INVALID_INPUT = -20;
internal static int SSCS_E_SETTING_PASSCODE_FAILED = -21; internal static int SSCS_E_SETTING_PASSCODE_FAILED = -21;
internal static int SSCS_PROMPT_PASSCODE = 1; internal static int SSCS_PROMPT_PASSCODE = 1;
internal static int SSCS_STORE_IS_PERSISTENT = -22; internal static int SSCS_STORE_IS_PERSISTENT = -22;
internal static int SSCS_STORE_IS_NOT_PERSISTENT = -23; internal static int SSCS_STORE_IS_NOT_PERSISTENT = -23;
internal static int SSCS_SECRET_IS_PERSISTENT = -24; internal static int SSCS_SECRET_IS_PERSISTENT = -24;
internal static int SSCS_SECRET_IS_NOT_PERSISTENT = -25; internal static int SSCS_SECRET_IS_NOT_PERSISTENT = -25;
internal static int SSCS_SECRET_STORE_IS_LOCKED = -26; internal static int SSCS_SECRET_STORE_IS_LOCKED = -26;
} }
internal class ReqMsgId internal class ReqMsgId
{ {
} }
internal class RespMsgId internal class RespMsgId
{ {
} }
internal class RetCodes internal class RetCodes
{ {
internal static int SUCCESS = 0; internal static int SUCCESS = 0;
internal static int FAILURE = -1; internal static int FAILURE = -1;
internal static int LOAD_HIDDEN_ONLY = 1; internal static int LOAD_HIDDEN_ONLY = 1;
internal static int LOAD_ALL_EXCEPT_HIDDEN = 2; internal static int LOAD_ALL_EXCEPT_HIDDEN = 2;
internal static int WRITE_HIDDEN_ONLY = 3; internal static int WRITE_HIDDEN_ONLY = 3;
internal static int WRITE_ALL_EXCEPT_HIDDEN = 4; internal static int WRITE_ALL_EXCEPT_HIDDEN = 4;
internal static int WRITE_ALL = 5; internal static int WRITE_ALL = 5;
} }
internal class ConstStrings internal class ConstStrings
{ {
internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID"; internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID";
internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID"; internal static string SSCS_SERVER_KEY_CHAIN_ID = "SSCS_SERVER_KEY_CHAIN_ID";
internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID"; internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID";
internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID"; internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID";
internal static string SSCS_LOCAL_REMOTE_KEYCHAIN_ID = "SSCS_LOCAL_REMOTE_KEYCHAIN_ID"; internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID";
internal static string SSCS_LOCAL_REMOTE_KEYCHAIN_ID = "SSCS_LOCAL_REMOTE_KEYCHAIN_ID";
//TBD , Need to look at Novell standard for the desktop
internal static string SSCS_WIN_ENGINELOG = "c:\\CSSS.log"; //TBD , Need to look at Novell standard for the desktop
internal static string SSCS_WIN_DEBUGLOG = "c:\\CSSSDEBUG.log"; internal static string SSCS_WIN_ENGINELOG = "c:\\CSSS.log";
internal static string SSCS_WIN_DEBUGLOG = "c:\\CSSSDEBUG.log";
//TBD , Need to look at Novell standard for the desktop
internal static string SSCS_LINUX_ENGINELOG = "/var/log/localmessages"; //TBD , Need to look at Novell standard for the desktop
internal static string SSCS_LINUX_DEBUGLOG = "/var/log/micasad_debug.log"; internal static string SSCS_LINUX_ENGINELOG = "/var/log/localmessages";
internal static string SSCS_LINUX_PIDFILE = "/var/run/micasad.pid"; internal static string SSCS_LINUX_DEBUGLOG = "/var/log/micasad_debug.log";
internal static string SSCS_LINUX_PIDFILE = "/var/run/micasad.pid";
internal static bool STATUS = true;
internal static bool DEBUG = false; internal static bool STATUS = true;
internal static bool DEBUG = false;
internal static string MICASA_DESKTOP_PASSWD = "SS_CredSet:Desktop\0";
internal static string MICASA_DESKTOP_PASSWD = "SS_CredSet:Desktop\0";
// internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password\0";
internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password"; // internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password\0";
internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password";
// The file where the key (encrypted with master passcode)
// would be stored // The file where the key (encrypted with master passcode)
internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop"; // would be stored
internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop";
internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd";
// The file where the passcode is stored encrypted with the system key.
//The file where all possible passwds are cross encrypted and // The system key here is the key used with the default key container
//stored to provide multiple recovery points. // for the user in Mono environment.
internal static string MICASA_KEY_FILE = "/.miCASAKey"; internal static string MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE = "/.miCASASrvPCBySysKey";
//The file where the user's credentials are persisted. internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd";
internal static string MICASA_PERSISTENCE_FILE = "/.miCASA";
// The passcode encrypted with the key derived from the masster password.
//The file required to validate the desktop passwd // The master password is the same as the one used with the user's application credentials.
internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate"; internal static string MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASASrvPCByMPasswd";
internal static string MICASA_VALIDATION_STRING = "miCASAValidationString"; //The file where all possible passwds are cross encrypted and
//stored to provide multiple recovery points.
// these are used in the GUI too. internal static string MICASA_KEY_FILE = "/.miCASAKey";
internal static string CONFIG_PERSISTENT_DIRECTORY = "PersistentDirectory";
internal static string CONFIG_PERSIST_SECRETS = "PersistSecrets"; internal static string MICASA_SERVER_KEY_FILE = "/.miCASASrvKey";
internal static string CONFIG_DECRYPT_USING_DESKTOP_PASS = "DecryptUsingDesktopPassword";
//The file where the user's credentials are persisted.
} internal static string MICASA_PERSISTENCE_FILE = "/.miCASA";
internal class ConstFlags //The file where the services' credentials are persisted.
{ internal static string MICASA_SERVER_PERSISTENCE_FILE = "/.miCASASrv";
internal static uint SSFLAGS_DESTROY_SESSION_F = 1;
} //The file required to validate the desktop passwd
internal class XmlConsts internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate";
{
internal static string miCASANode = "miCASA"; //The file required to validate the passcode
internal static string versionAttr = "version"; internal static string MICASA_SERVER_VALIDATION_FILE = "/.miCASASrvValidate";
internal static string keyChainNode = "KeyChain";
internal static string idAttr = "id"; internal static string MICASA_VALIDATION_STRING = "miCASAValidationString";
internal static string secretNode = "Secret";
internal static string valueNode = "Value"; // these are used in the GUI too.
internal static string timeNode = "Time"; internal static string CONFIG_PERSISTENT_DIRECTORY = "PersistentDirectory";
internal static string createdTimeNode = "created"; internal static string CONFIG_PERSIST_SECRETS = "PersistSecrets";
internal static string modifiedTimeNode = "modified"; internal static string CONFIG_DECRYPT_USING_DESKTOP_PASS = "DecryptUsingDesktopPassword";
internal static string keyNode = "Key";
internal static string keyValueNode = "KeyValue"; }
internal static string linkedKeyNode = "LinkedKey";
internal static string linkedTargetSecretNode = "TargetSecret"; internal class ConstFlags
internal static string linkedTargetKeyNode = "TargetKey"; {
} internal static uint SSFLAGS_DESTROY_SESSION_F = 1;
} }
internal class XmlConsts
{
internal static string miCASANode = "miCASA";
internal static string versionAttr = "version";
internal static string keyChainNode = "KeyChain";
internal static string idAttr = "id";
internal static string secretNode = "Secret";
internal static string valueNode = "Value";
internal static string timeNode = "Time";
internal static string createdTimeNode = "created";
internal static string modifiedTimeNode = "modified";
internal static string keyNode = "Key";
internal static string keyValueNode = "KeyValue";
internal static string linkedKeyNode = "LinkedKey";
internal static string linkedTargetSecretNode = "TargetSecret";
internal static string linkedTargetKeyNode = "TargetKey";
}
}

1
CASA/micasad/common/SessionManager.cs
View File

@ -91,6 +91,7 @@ namespace sscs.common
ss = user.GetSecretStore(); ss = user.GetSecretStore();
ss.IncrRefCount(); ss.IncrRefCount();
ss.CreateTime = DateTime.Now; ss.CreateTime = DateTime.Now;
ss.StartPersistenceOfServerSecretsBySystemKey();
return ss; return ss;
} }
} }

81
CASA/micasad/communication/IPCChannel.cs
View File

@ -20,43 +20,44 @@
* *
***********************************************************************/ ***********************************************************************/
using System; using System;
using System.Net; using System.Net;
using System.Net.Sockets; using System.Net.Sockets;
#if W32 #if W32
using AppModule.NamedPipes; using AppModule.NamedPipes;
#endif #endif
using sscs.common; using sscs.common;
namespace sscs.communication namespace sscs.communication
{ {
abstract class IPCChannel abstract class IPCChannel
{ {
/* This must check for the platform and return an /* This must check for the platform and return an
* appropriate IPCChannel. * appropriate IPCChannel.
*/ */
#if LINUX #if LINUX
internal static IPCChannel Create(Socket socket) internal static IPCChannel Create(Socket socket)
{ {
if(( (int)Environment.OSVersion.Platform) == 128) int platform = (int)Environment.OSVersion.Platform;
return (new UnixIPCChannel(socket) ); if(( platform ==4 ) || ( platform == 128 ))
else return (new UnixIPCChannel(socket) ) ;
return null; else
} return null;
}
#endif
#endif
#if W32
internal static IPCChannel Create(ServerPipeConnection serverPipe) #if W32
{ internal static IPCChannel Create(ServerPipeConnection serverPipe)
return (new WinIPCChannel(serverPipe)); {
} return (new WinIPCChannel(serverPipe));
#endif }
abstract internal UserIdentifier GetIPCChannelUserId(); #endif
abstract internal int Read(byte[] buf); abstract internal UserIdentifier GetIPCChannelUserId();
abstract internal byte[] Read(); abstract internal int Read(byte[] buf);
abstract internal int Write(byte[] buf); abstract internal byte[] Read();
abstract internal void Close(); abstract internal int Write(byte[] buf);
abstract internal void Close();
}
} }
}

338
CASA/micasad/lss/CASACrypto.cs
View File

@ -251,15 +251,15 @@ namespace sscs.crypto
byte[] hash = sha.ComputeHash(xmlData); byte[] hash = sha.ComputeHash(xmlData);
fsEncrypt.Write(hash,0,hash.Length); fsEncrypt.Write(hash,0,hash.Length);
fsEncrypt.Flush(); fsEncrypt.Flush();
#if CLEAR #if true//#if CLEAR //RAJ
byte[] dup = (byte[])xmlData.Clone(); byte[] dup = (byte[])xmlData.Clone();
// write clear file // write clear file
FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create); FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create);
fsClear.Write(dup, 0, dup.Length); fsClear.Write(dup, 0, dup.Length);
fsClear.Flush(); fsClear.Flush();
fsClear.Close(); fsClear.Close();
#endif #endif
@ -343,24 +343,24 @@ namespace sscs.crypto
fsDecrypt.Close(); fsDecrypt.Close();
return null; return null;
} }
} }
try try
{ {
csDecrypt.Close(); csDecrypt.Close();
} }
catch { } catch { }
try try
{ {
fsDecrypt.Close(); fsDecrypt.Close();
} }
catch { } catch { }
return tmpEncrypt; return tmpEncrypt;
} }
catch(Exception e) catch(Exception e)
{ {
CSSSLogger.DbgLog(e.ToString()); CSSSLogger.DbgLog(e.ToString());
} }
@ -533,55 +533,55 @@ namespace sscs.crypto
{ {
FileStream fsDecrypt = null; FileStream fsDecrypt = null;
CryptoStream csDecrypt = null; CryptoStream csDecrypt = null;
byte[] baSavedMasterPasscode = null; byte[] baSavedMasterPasscode = null;
try try
{ {
byte[] baKey = Generate16ByteKeyFromString(passwd, fileName, bTryOldMethod); byte[] baKey = Generate16ByteKeyFromString(passwd, fileName, bTryOldMethod);
/* Get a decryptor that uses the same key and /* Get a decryptor that uses the same key and
* IV as the encryptor. * IV as the encryptor.
*/ */
RijndaelManaged myRijndael = new RijndaelManaged(); RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey, RetrieveIV(fileName, baKey)); ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey, RetrieveIV(fileName, baKey));
//Now decrypt //Now decrypt
#if LINUX #if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName); UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink) if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else #else
if (!File.Exists(fileName)) if (!File.Exists(fileName))
#endif #endif
{ {
return null; return null;
} }
fsDecrypt = new FileStream(fileName, FileMode.Open); fsDecrypt = new FileStream(fileName, FileMode.Open);
csDecrypt = new CryptoStream(fsDecrypt, decryptor, csDecrypt = new CryptoStream(fsDecrypt, decryptor,
CryptoStreamMode.Read); CryptoStreamMode.Read);
baSavedMasterPasscode = new byte[16]; baSavedMasterPasscode = new byte[16];
//Read the data out of the crypto stream. //Read the data out of the crypto stream.
csDecrypt.Read(baSavedMasterPasscode, 0, 16); csDecrypt.Read(baSavedMasterPasscode, 0, 16);
} }
catch (Exception e) catch (Exception e)
{ {
CSSSLogger.ExpLog(e.ToString()); CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to decrypt master passode"); CSSSLogger.DbgLog("Unable to decrypt master passode");
baSavedMasterPasscode = null; baSavedMasterPasscode = null;
} }
try try
{ {
if (csDecrypt != null) if (csDecrypt != null)
csDecrypt.Close(); csDecrypt.Close();
} }
catch { } catch { }
if (fsDecrypt != null) if (fsDecrypt != null)
fsDecrypt.Close(); fsDecrypt.Close();
return baSavedMasterPasscode; return baSavedMasterPasscode;
@ -642,7 +642,49 @@ namespace sscs.crypto
} }
return null; return null;
} }
//internal static string GenerateMasterPasscodeUsingDesktopPasswd(
internal static byte[] GetServerMasterPasscodeUsingMasterPasswd(
string mPasswd,
string fileName,
bool bUseOldMethod)
{
return GetMasterPasscodeUsingMasterPasswd ( mPasswd, fileName, bUseOldMethod);
}
internal static byte[] GetServerMasterPasscodeUsingSystemKey(string fileName)
{
byte[] baSavedMasterPasscode = null;
try
{
#if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else
if (!File.Exists(fileName))
#endif
{
return null;
}
FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
byte [] encryptedMasterPasscode = new byte[fs.Length];
fs.Read(encryptedMasterPasscode, 0, (int) fs.Length);
fs.Close();
baSavedMasterPasscode = new byte[16];
baSavedMasterPasscode = ProtectedData.Unprotect( encryptedMasterPasscode, null, DataProtectionScope.CurrentUser );
}
catch (CryptographicException e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to decrypt master passode using the system key");
baSavedMasterPasscode = null;
}
return baSavedMasterPasscode;
}
internal static byte[] GenerateMasterPasscodeUsingString( internal static byte[] GenerateMasterPasscodeUsingString(
string desktopPasswd, string desktopPasswd,
string fileName, string fileName,
@ -678,13 +720,49 @@ namespace sscs.crypto
return null; return null;
} }
internal static byte[] GenerateServerMasterPasscode(
string fileName,
string validationFile
)
{
byte[] baPasscode = null;
try
{
// use AES to generate a random 16 byte key;
RijndaelManaged myRijndael = new RijndaelManaged();
myRijndael.KeySize = 128;
//Create a new key and initialization vector.
myRijndael.GenerateKey();
baPasscode = myRijndael.Key;
byte [] encryptedMasterPasscode = ProtectedData.Protect( baPasscode, null, DataProtectionScope.CurrentUser );
FileStream fs = new FileStream(fileName, FileMode.Create);
File.SetAttributes(fileName, FileAttributes.Hidden);
fs.Write(encryptedMasterPasscode, 0, encryptedMasterPasscode.Length);
fs.Flush();
fs.Close();
EncryptDataAndWriteToFile(
Encoding.Default.GetBytes(ConstStrings.MICASA_VALIDATION_STRING),
baPasscode,
validationFile);
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Generation of master passcode failed.");
baPasscode = null;
}
return baPasscode;
}
public static bool ValidatePasscode(byte[] baPasscode, string fileName) public static bool ValidatePasscode(byte[] baPasscode, string fileName)
{ {
/* Here we decrpyt a well known string, throw exception /* Here we decrpyt a well known string, throw exception
* if not successful * if not successful
* A well-known string is encrpyted by the Passcode and saved * A well-known string is encrpyted by the Passcode and saved
*/ */
CSSSLogger.DbgLog("Validate called"); CSSSLogger.DbgLog("Validate called");
if ((baPasscode == null) || baPasscode.Length < 1 ) if ((baPasscode == null) || baPasscode.Length < 1 )
@ -697,12 +775,12 @@ namespace sscs.crypto
char[] trimChars = {'\0'}; char[] trimChars = {'\0'};
sString = sString.TrimEnd(trimChars); sString = sString.TrimEnd(trimChars);
if( ConstStrings.MICASA_VALIDATION_STRING.Equals(sString)) if( ConstStrings.MICASA_VALIDATION_STRING.Equals(sString))
{ {
CSSSLogger.DbgLog("Passed"); CSSSLogger.DbgLog("Passed");
return true; return true;
} }
else else
{ {
CSSSLogger.DbgLog("Failed"); CSSSLogger.DbgLog("Failed");
return false; return false;
} }
@ -713,65 +791,65 @@ namespace sscs.crypto
CSSSLogger.DbgLog("Validation of passcode failed."); CSSSLogger.DbgLog("Validation of passcode failed.");
} }
return false; return false;
} }
private static byte[] GenerateAndSaveIV(string sFileName, RijndaelManaged theRiManaged) private static byte[] GenerateAndSaveIV(string sFileName, RijndaelManaged theRiManaged)
{ {
theRiManaged.GenerateIV(); theRiManaged.GenerateIV();
byte[] baIV = theRiManaged.IV; byte[] baIV = theRiManaged.IV;
try try
{ {
if (File.Exists(sFileName + ".IV")) if (File.Exists(sFileName + ".IV"))
File.Delete(sFileName + ".IV"); File.Delete(sFileName + ".IV");
// now save this // now save this
FileStream fs = new FileStream(sFileName + ".IV", FileMode.Create); FileStream fs = new FileStream(sFileName + ".IV", FileMode.Create);
fs.Write(baIV, 0, 16); fs.Write(baIV, 0, 16);
fs.Flush(); fs.Flush();
fs.Close(); fs.Close();
File.SetAttributes(sFileName + ".IV", FileAttributes.Hidden); File.SetAttributes(sFileName + ".IV", FileAttributes.Hidden);
} }
catch (Exception e) catch (Exception e)
{ {
CSSSLogger.DbgLog(e.ToString()); CSSSLogger.DbgLog(e.ToString());
} }
return baIV; return baIV;
} }
private static byte[] RetrieveIV(string sFileName, byte[] baOrigValue) private static byte[] RetrieveIV(string sFileName, byte[] baOrigValue)
{ {
byte[] IV = new byte[16]; byte[] IV = new byte[16];
// check for file existence // check for file existence
try try
{ {
FileStream fs = new FileStream(sFileName + ".IV", FileMode.Open); FileStream fs = new FileStream(sFileName + ".IV", FileMode.Open);
fs.Read(IV, 0, 16); fs.Read(IV, 0, 16);
fs.Close(); fs.Close();
return IV; return IV;
} }
catch (Exception e) catch (Exception e)
{ {
CSSSLogger.DbgLog(e.ToString()); CSSSLogger.DbgLog(e.ToString());
} }
// original IV size was 16 bytes, copy that much // original IV size was 16 bytes, copy that much
if (baOrigValue.Length == 16) if (baOrigValue.Length == 16)
{ {
return (byte[])baOrigValue.Clone(); return (byte[])baOrigValue.Clone();
} }
else else
{ {
for (int i=0; i<16; i++) for (int i=0; i<16; i++)
{ {
IV[i] = baOrigValue[i]; IV[i] = baOrigValue[i];
} }
return IV; return IV;
} }
} }
private static void DumpIV(byte[] iv) private static void DumpIV(byte[] iv)

326
CASA/micasad/lss/LocalStorage.cs
View File

@ -65,21 +65,31 @@ namespace sscs.lss
private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30; private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30;
private Thread persistThread = null; private Thread persistThread = null;
private Thread sPersistThread = null;
#if LINUX #if LINUX
Mono.Unix.UnixFileSystemInfo sockFileInfo; Mono.Unix.UnixFileSystemInfo sockFileInfo;
Mono.Unix.UnixUserInfo sockFileOwner; Mono.Unix.UnixUserInfo sockFileOwner;
#endif #endif
private static string LINUXID = "Unix"; private static string LINUXID = "Unix";
internal LocalStorage(SecretStore store, byte[] baMasterPasscode, bool dummy) // Merge this with the next cons - RAJ
{
userStore = store;
m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
//userStore.DumpSecretstore();
}
internal LocalStorage(SecretStore store,byte[] baMasterPasscode) internal LocalStorage(SecretStore store,byte[] baMasterPasscode)
{ {
userStore = store; userStore = store;
m_baGeneratedKey = baMasterPasscode; m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore(); LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
userStore.DumpSecretstore(); userStore.DumpSecretstore();
} }
~LocalStorage() ~LocalStorage()
{ {
if(persistThread != null) if(persistThread != null)
@ -87,6 +97,12 @@ namespace sscs.lss
persistThread.Abort(); persistThread.Abort();
persistThread.Join(); persistThread.Join();
} }
if(sPersistThread != null)
{
sPersistThread.Abort();
sPersistThread.Join();
}
} }
// allowing a user to choose the storage location is not approved yet // allowing a user to choose the storage location is not approved yet
@ -95,7 +111,7 @@ namespace sscs.lss
{ {
userStore = store; userStore = store;
m_baGeneratedKey = baMasterPasscode; m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore(); LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
userStore.DumpSecretstore(); userStore.DumpSecretstore();
} }
@ -120,6 +136,15 @@ namespace sscs.lss
} }
} }
public void PersistServerStoreWithDelay()
{
if (sPersistThread == null)
{
sPersistThread = new Thread(new ThreadStart(PersistServerStoreDelayThreadFn));
sPersistThread.Start();
}
}
public bool StopPersistence() public bool StopPersistence()
{ {
if(persistThread != null) if(persistThread != null)
@ -130,56 +155,133 @@ namespace sscs.lss
return true; return true;
} }
public bool IsOwnedByRoot(string fileName) public bool StopServerPersistence()
{ {
#if LINUX if(sPersistThread != null)
sockFileInfo = new Mono.Unix.UnixFileInfo(fileName); {
sockFileOwner = sockFileInfo.OwnerUser; sPersistThread.Abort();
if(0==sockFileOwner.UserId) sPersistThread.Join();
return true; }
else return true;
return false; }
#else
return true; public bool IsOwnedByRoot(string fileName)
#endif {
#if LINUX
sockFileInfo = new Mono.Unix.UnixFileInfo(fileName);
sockFileOwner = sockFileInfo.OwnerUser;
if(0==sockFileOwner.UserId)
return true;
else
return false;
#else
return true;
#endif
} }
private string GetDecryptedServerSecretsXml()
{
try
{
string fileName = userStore.GetServerSecretsPersistenceFilePath();
string tempFile = fileName;
int count = 0;
if(!File.Exists(fileName))
{
while(true)
{
// check for tmp file
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Move(tempFile+".tmp", fileName);
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
return null;
}
// delete tmp file if there
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
}
byte[] baPasscode = null;
if (null != m_baGeneratedKey)
baPasscode = m_baGeneratedKey;
else
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(userStore.GetServerPasscodeBySystemKeyFilePath());
if( null == baPasscode )
return null;
byte[] key = CASACrypto.GetKeySetFromFile(baPasscode,userStore.GetServerKeyFilePath());
if( null == key )
return null;
byte[] decryptedBuffer = CASACrypto.ReadFileAndDecryptData(key,fileName);
if( null == decryptedBuffer )
return null;
string temp = Encoding.UTF8.GetString(decryptedBuffer, 0, decryptedBuffer.Length);
return temp;
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to get persistent store");
}
return null;
}
private string GetDecryptedXml() private string GetDecryptedXml()
{ {
try try
{ {
string fileName = userStore.GetPersistenceFilePath(); string fileName = userStore.GetPersistenceFilePath();
string tempFile = fileName; string tempFile = fileName;
int count = 0; int count = 0;
if(!File.Exists(fileName)) if(!File.Exists(fileName))
{ {
while(true) while(true)
{ {
// check for tmp file // check for tmp file
if (File.Exists(tempFile+".tmp")) if (File.Exists(tempFile+".tmp"))
{ {
if(IsOwnedByRoot(tempFile+".tmp")) if(IsOwnedByRoot(tempFile+".tmp"))
{ {
File.Move(tempFile+".tmp", fileName); File.Move(tempFile+".tmp", fileName);
break; break;
} }
else else
{ {
count++; count++;
tempFile = fileName + count.ToString(); tempFile = fileName + count.ToString();
} }
} }
else else
return null; return null;
} }
// delete tmp file if there // delete tmp file if there
if (File.Exists(tempFile+".tmp")) if (File.Exists(tempFile+".tmp"))
{ {
if(IsOwnedByRoot(tempFile+".tmp")) if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp"); File.Delete(tempFile+".tmp");
} }
} }
@ -212,17 +314,23 @@ namespace sscs.lss
} }
return null; return null;
} }
/* This method, uses the key to decrypt the persistent store /* This method, uses the key to decrypt the persistent store
* and populates userStore with the persistent data. * and populates userStore with the persistent data.
*/ */
private bool LoadPersistentStore() private bool LoadPersistentStore(string keyChainId)
{ {
try try
{ {
string xpath = ""; //string xpath = "";
XmlDocument doc = new XmlDocument(); XmlDocument doc = new XmlDocument();
string xmlToLoad = GetDecryptedXml(); string xmlToLoad = null;
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
xmlToLoad = GetDecryptedXml();
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
xmlToLoad = GetDecryptedServerSecretsXml();
if(xmlToLoad != null) if(xmlToLoad != null)
{ {
doc.LoadXml(xmlToLoad); doc.LoadXml(xmlToLoad);
@ -403,24 +511,40 @@ namespace sscs.lss
private void PersistStoreDelayThreadFn() private void PersistStoreDelayThreadFn()
{ {
Thread.Sleep(15000); Thread.Sleep(15000);
PersistStore(); PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
persistThread = null; persistThread = null;
} }
private void PersistServerStoreDelayThreadFn()
{
Thread.Sleep(15000);
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
sPersistThread = null;
}
private void PersistStoreThreadFn() private void PersistStoreThreadFn()
{ {
while(true) while(true)
{ {
Thread.Sleep(persistThreadSleepTime); Thread.Sleep(persistThreadSleepTime);
PersistStore(); PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
} }
} }
private void PersistServerStoreThreadFn()
{
while(true)
{
Thread.Sleep(persistThreadSleepTime);
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
}
}
/* Persists the store to an xml file. /* Persists the store to an xml file.
* TBD : Would we require any form of encoding? * TBD : Would we require any form of encoding?
*/ */
internal void PersistStore() internal void PersistStore(string keyChainId)
{ {
string sPeristSecrets = null; string sPeristSecrets = null;
@ -434,53 +558,66 @@ namespace sscs.lss
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0"))) if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
{ {
// delete .miCASA file and .IV file // delete .miCASA file and .IV file
File.Delete(userStore.GetPersistenceFilePath()); if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
File.Delete(userStore.GetPersistenceFilePath());
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
File.Delete(userStore.GetServerSecretsPersistenceFilePath());
return; return;
} }
//userStore.DumpSecretstore(); //userStore.DumpSecretstore();
try try
{ {
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore); MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore, keyChainId);
//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath()); byte[] key = null;
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath()); string fileName = null;
string fileName = userStore.GetPersistenceFilePath(); if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
string tempFile = fileName; {
int count=0; key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
fileName = userStore.GetPersistenceFilePath();
// rename existing file }
if(File.Exists(fileName)) else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
{ {
while(true) key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetServerKeyFilePath());
{ fileName = userStore.GetServerSecretsPersistenceFilePath();
if (File.Exists(tempFile+".tmp")) }
{
if(IsOwnedByRoot(tempFile+".tmp")) string tempFile = fileName;
{ int count=0;
File.Delete(tempFile+".tmp");
break; // rename existing file
} if(File.Exists(fileName))
else {
{ while(true)
count++; {
tempFile = fileName + count.ToString(); if (File.Exists(tempFile+".tmp"))
} {
} if(IsOwnedByRoot(tempFile+".tmp"))
else {
break; File.Delete(tempFile+".tmp");
} break;
File.Move(fileName, tempFile+".tmp"); }
} else
{
CASACrypto.EncryptDataAndWriteToFile(ms1.ToArray(),key,fileName); count++;
tempFile = fileName + count.ToString();
//remove temp }
if(File.Exists(tempFile+".tmp")) }
{ else
if(IsOwnedByRoot(tempFile+".tmp")) break;
File.Delete(tempFile+".tmp"); }
} File.Move(fileName, tempFile+".tmp");
}
CASACrypto.EncryptDataAndWriteToFile(ms1.ToArray(),key,fileName);
//remove temp
if(File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
} }
catch(Exception e) catch(Exception e)
{ {
@ -488,7 +625,7 @@ namespace sscs.lss
} }
} }
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore) internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore, string keyChainId)
{ {
try try
{ {
@ -506,13 +643,16 @@ namespace sscs.lss
while( iter.MoveNext() ) while( iter.MoveNext() )
{ {
KeyChain kc = (KeyChain)iter.Value; KeyChain kc = (KeyChain)iter.Value;
writer.WriteStartElement(XmlConsts.keyChainNode);
string kcId = kc.GetKey(); string kcId = kc.GetKey();
tmpId = new char[kcId.Length-1]; tmpId = new char[kcId.Length-1];
for(int i = 0; i < kcId.Length-1; i++ ) for(int i = 0; i < kcId.Length-1; i++ )
tmpId[i] = kcId[i]; tmpId[i] = kcId[i];
sTmpId = new string(tmpId); sTmpId = new string(tmpId);
if( ( keyChainId != null ) && ( keyChainId != sTmpId ))
continue;
writer.WriteStartElement(XmlConsts.keyChainNode);
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId); writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
// If we need to store time // If we need to store time
writer.WriteStartElement(XmlConsts.timeNode); writer.WriteStartElement(XmlConsts.timeNode);

1
CASA/micasad/startup/micasad
View File

@ -50,6 +50,7 @@ case "$1" in
if ! is_running; then \ if ! is_running; then \
echo -n "Starting miCASA daemon" echo -n "Starting miCASA daemon"
$MICASAD_BIN $MICASAD_BIN
sleep 2
fi fi
# Remember status and be verbose # Remember status and be verbose
rc_status -v rc_status -v

7
CASA/micasad/verbs/WriteKey.cs
View File

@ -165,6 +165,11 @@ namespace sscs.verbs
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId); SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked()) if (!ssStore.IsStoreLocked())
{ {
if((keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0") && (!ssStore.CheckIfKeyChainExists(keyChainId)))
{
ssStore.AddKeyChain(new KeyChain(keyChainId));
}
if( ssStore.CheckIfKeyChainExists(keyChainId) ) if( ssStore.CheckIfKeyChainExists(keyChainId) )
{ {
keyChain = ssStore.GetKeyChain(keyChainId); keyChain = ssStore.GetKeyChain(keyChainId);
@ -222,7 +227,7 @@ namespace sscs.verbs
} }
} }
else else
{ {
retCode = IPCRetCodes.SSCS_SECRET_STORE_IS_LOCKED; retCode = IPCRetCodes.SSCS_SECRET_STORE_IS_LOCKED;
} }

3
CASA/micasad/verbs/WriteSecret.cs
View File

@ -171,6 +171,7 @@ namespace sscs.verbs
ssStore.StartPersistenceByDesktopPasswd(passwd); ssStore.StartPersistenceByDesktopPasswd(passwd);
} }
} }
ssStore.UpdatePersistentStore();
} }
else else
{ {
@ -204,7 +205,7 @@ namespace sscs.verbs
} }
} }
else else
{ {
retCode = IPCRetCodes.SSCS_SECRET_STORE_IS_LOCKED; retCode = IPCRetCodes.SSCS_SECRET_STORE_IS_LOCKED;
} }
} }