geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security Audit - Remove assumption of username.

Browse Source
This commit is contained in:
Jim Norman 2006-12-18 11:13:23 +00:00
parent 174b0eb88c
commit 8b6a60e9ab
4 changed files with 59 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CASA/micasad/cache/SecretStore.cs vendored
View File

@ -882,8 +882,13 @@ namespace sscs.cache
internal string GetUserHomeDirectory()
{
return user.GetUserHomeDir();
}
internal string GetUserName()
{
return user.GetUserName();
}
internal string GetPersistenceDirectory()
{
if (m_persistenceDirectory != null)
@ -897,7 +902,7 @@ namespace sscs.cache
{
// the user might have set a different one
// load the policy file and check.
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, GetUserHomeDirectory());
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, GetUserHomeDirectory(), GetUserName());
if (uiPolicy != null)
{
string sDir = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSISTENT_DIRECTORY);
@ -1023,6 +1028,26 @@ namespace sscs.cache
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
}
internal string GetSecretsForExport(string sEncryptionString)
{
byte[] baIV = null;
byte[] baSecrets = GetSecrets(sEncryptionString, ref baIV);
if ((baIV != null) && (baSecrets != null))
{
byte[] baCombined = new byte[baIV.Length + baSecrets.Length];
baIV.CopyTo(baCombined, 0);
baSecrets.CopyTo(baCombined, baIV.Length);
string sB64 = Convert.ToBase64String(baCombined);
return sB64;
}
else
{
return Convert.ToBase64String(baSecrets);
}
}
internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV)

4
CASA/micasad/lss/LocalStorage.cs
View File

@ -609,7 +609,7 @@ namespace sscs.lss
string sPeristSecrets = null;
// is policy set to persist secrets
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory());
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory(), userStore.GetUserName());
if (uiPolicy != null)
{
sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS);
@ -739,7 +739,7 @@ namespace sscs.lss
// TODO: Does Policy allow persisting this secret.
if (policy == null)
{
policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory());
policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory(), userStore.GetUserName());
}
bool bSaveValues = true;

35
CASA/micasad/verbs/ObjectSerialization.cs
View File

@ -105,7 +105,7 @@ namespace sscs.verbs
// Serialize the WrappedObject and send the reply
ms = new MemoryStream();
formatter.Serialize(ms, reply);
formatter.Serialize(ms, reply);
int msLen = (int)ms.Length;
outBuf = new byte[4+msLen];
@ -276,11 +276,12 @@ namespace sscs.verbs
{
cpd.SetErrorMessage("Directory not allowed");
return wo;
}
#endif
// copy all .miCASA* files to new location
}
#endif
// copy all .miCASA* files to new location
string[] files = Directory.GetFiles(sOldDir, ".miCASA*");
if (files != null)
{
@ -392,8 +393,7 @@ namespace sscs.verbs
}
private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId)
{
byte[] baIV = null;
{
ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject();
// validate masterpassword
@ -411,21 +411,16 @@ namespace sscs.verbs
string sEncrpyptionPassphrase = secrets.GetPassphrase();
// get all secrets
byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV);
string sFilePath = secrets.GetFilePath();
//byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV);
string baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase);
string sFilePath = secrets.GetFilePath();
if (sFilePath != null)
{
// write em out
FileStream fs = new FileStream(sFilePath, FileMode.Create);
// if a IV was set, write it out.
if (baIV != null)
{
fs.Write(baIV, 0, 16);
}
// write the secrets now
fs.Write(baSecrets, 0, baSecrets.Length);
//fs.Write(baSecrets, 0, baSecrets.Length);
fs.Flush();
fs.Close();
@ -436,8 +431,8 @@ namespace sscs.verbs
}
else
{
wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV));
{
wo.SetObject(baSecrets);
}
wo.SetError(constants.RetCodes.SUCCESS, "");

27
CASA/policy/PolicyImpl.cs
View File

@ -36,10 +36,10 @@ public class ICASAPol
static string GetPolicyFilePath()
{
return GetPolicyFilePath(null);
return GetPolicyFilePath(null, null);
}
static string GetPolicyFilePath(string sUserHomeDir)
static string GetPolicyFilePath(string sUserHomeDir, string sUserName)
{
try
@ -64,14 +64,17 @@ public class ICASAPol
homeDir = System.Environment.GetEnvironmentVariable("HOME");
}
// get users name
string sUsername = homeDir.Substring(homeDir.LastIndexOf("/") + 1);
if (sUsername != null)
// get users name
if (sUserName == null)
{
sUserName = System.Environment.GetEnvironmentVariable("USER");
}
if (sUserName != null)
{
// check for existing files
string sOldLocation = homeDir + XmlConsts.policyFileName;
string sNewLocation = "/home/.casa/" + sUsername + XmlConsts.policyFileName;
string sOldLocation = homeDir + XmlConsts.policyFileName;
string sNewLocation = "/home/.casa/" + sUserName + XmlConsts.policyFileName;
// move file if needed
if ((!File.Exists(sNewLocation)) && (File.Exists(sOldLocation)))
@ -421,18 +424,18 @@ public class ICASAPol
static public CASAPol GetPolicy(CASAPolType policyType)
{
return GetPolicy(policyType, null);
return GetPolicy(policyType, null, null);
}
static public CASAPol GetPolicy(CASAPolType policyType, string sDir)
static public CASAPol GetPolicy(CASAPolType policyType, string sDir, string sUserName)
{
CASAPol pol = null;
try
{
XmlDocument doc = new XmlDocument();
if(!File.Exists(GetPolicyFilePath(sDir)))
if(!File.Exists(GetPolicyFilePath(sDir, sUserName)))
return null;
doc.Load(GetPolicyFilePath(sDir));
doc.Load(GetPolicyFilePath(sDir, sUserName));
switch(policyType)
{
case CASAPolType.AGGREGATION_POL: