geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security Audit - Remove assumption of username.

Browse Source
This commit is contained in:
Jim Norman
2006-12-18 11:13:23 +00:00
parent 174b0eb88c
commit 8b6a60e9ab
4 changed files with 59 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
CASA/micasad/cache/SecretStore.cs vendored
View File

@@ -884,6 +884,11 @@ namespace sscs.cache
return user.GetUserHomeDir(); return user.GetUserHomeDir();
} }
internal string GetUserName()
{
return user.GetUserName();
}
internal string GetPersistenceDirectory() internal string GetPersistenceDirectory()
{ {
if (m_persistenceDirectory != null) if (m_persistenceDirectory != null)
@@ -897,7 +902,7 @@ namespace sscs.cache
{ {
// the user might have set a different one // the user might have set a different one
// load the policy file and check. // load the policy file and check.
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, GetUserHomeDirectory()); UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, GetUserHomeDirectory(), GetUserName());
if (uiPolicy != null) if (uiPolicy != null)
{ {
string sDir = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSISTENT_DIRECTORY); string sDir = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSISTENT_DIRECTORY);
@@ -1025,6 +1030,26 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE; return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
} }
internal string GetSecretsForExport(string sEncryptionString)
{
byte[] baIV = null;
byte[] baSecrets = GetSecrets(sEncryptionString, ref baIV);
if ((baIV != null) && (baSecrets != null))
{
byte[] baCombined = new byte[baIV.Length + baSecrets.Length];
baIV.CopyTo(baCombined, 0);
baSecrets.CopyTo(baCombined, baIV.Length);
string sB64 = Convert.ToBase64String(baCombined);
return sB64;
}
else
{
return Convert.ToBase64String(baSecrets);
}
}
internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV) internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV)
{ {
if (lss != null) if (lss != null)

4
CASA/micasad/lss/LocalStorage.cs
View File

@@ -609,7 +609,7 @@ namespace sscs.lss
string sPeristSecrets = null; string sPeristSecrets = null;
// is policy set to persist secrets // is policy set to persist secrets
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory()); UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory(), userStore.GetUserName());
if (uiPolicy != null) if (uiPolicy != null)
{ {
sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS); sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS);
@@ -739,7 +739,7 @@ namespace sscs.lss
// TODO: Does Policy allow persisting this secret. // TODO: Does Policy allow persisting this secret.
if (policy == null) if (policy == null)
{ {
policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory()); policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory(), userStore.GetUserName());
} }
bool bSaveValues = true; bool bSaveValues = true;

17
CASA/micasad/verbs/ObjectSerialization.cs
View File

@@ -277,6 +277,7 @@ namespace sscs.verbs
cpd.SetErrorMessage("Directory not allowed"); cpd.SetErrorMessage("Directory not allowed");
return wo; return wo;
} }
#endif #endif
@@ -393,7 +394,6 @@ namespace sscs.verbs
private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId) private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId)
{ {
byte[] baIV = null;
ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject(); ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject();
// validate masterpassword // validate masterpassword
@@ -411,21 +411,16 @@ namespace sscs.verbs
string sEncrpyptionPassphrase = secrets.GetPassphrase(); string sEncrpyptionPassphrase = secrets.GetPassphrase();
// get all secrets // get all secrets
byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV); //byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV);
string baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase);
string sFilePath = secrets.GetFilePath(); string sFilePath = secrets.GetFilePath();
if (sFilePath != null) if (sFilePath != null)
{ {
// write em out // write em out
FileStream fs = new FileStream(sFilePath, FileMode.Create); FileStream fs = new FileStream(sFilePath, FileMode.Create);
// if a IV was set, write it out.
if (baIV != null)
{
fs.Write(baIV, 0, 16);
}
// write the secrets now // write the secrets now
fs.Write(baSecrets, 0, baSecrets.Length); //fs.Write(baSecrets, 0, baSecrets.Length);
fs.Flush(); fs.Flush();
fs.Close(); fs.Close();
@@ -437,7 +432,7 @@ namespace sscs.verbs
} }
else else
{ {
wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV)); wo.SetObject(baSecrets);
} }
wo.SetError(constants.RetCodes.SUCCESS, ""); wo.SetError(constants.RetCodes.SUCCESS, "");

21
CASA/policy/PolicyImpl.cs
View File

@@ -36,10 +36,10 @@ public class ICASAPol
static string GetPolicyFilePath() static string GetPolicyFilePath()
{ {
return GetPolicyFilePath(null); return GetPolicyFilePath(null, null);
} }
static string GetPolicyFilePath(string sUserHomeDir) static string GetPolicyFilePath(string sUserHomeDir, string sUserName)
{ {
try try
@@ -65,13 +65,16 @@ public class ICASAPol
} }
// get users name // get users name
string sUsername = homeDir.Substring(homeDir.LastIndexOf("/") + 1); if (sUserName == null)
{
sUserName = System.Environment.GetEnvironmentVariable("USER");
}
if (sUsername != null) if (sUserName != null)
{ {
// check for existing files // check for existing files
string sOldLocation = homeDir + XmlConsts.policyFileName; string sOldLocation = homeDir + XmlConsts.policyFileName;
string sNewLocation = "/home/.casa/" + sUsername + XmlConsts.policyFileName; string sNewLocation = "/home/.casa/" + sUserName + XmlConsts.policyFileName;
// move file if needed // move file if needed
if ((!File.Exists(sNewLocation)) && (File.Exists(sOldLocation))) if ((!File.Exists(sNewLocation)) && (File.Exists(sOldLocation)))
@@ -421,18 +424,18 @@ public class ICASAPol
static public CASAPol GetPolicy(CASAPolType policyType) static public CASAPol GetPolicy(CASAPolType policyType)
{ {
return GetPolicy(policyType, null); return GetPolicy(policyType, null, null);
} }
static public CASAPol GetPolicy(CASAPolType policyType, string sDir) static public CASAPol GetPolicy(CASAPolType policyType, string sDir, string sUserName)
{ {
CASAPol pol = null; CASAPol pol = null;
try try
{ {
XmlDocument doc = new XmlDocument(); XmlDocument doc = new XmlDocument();
if(!File.Exists(GetPolicyFilePath(sDir))) if(!File.Exists(GetPolicyFilePath(sDir, sUserName)))
return null; return null;
doc.Load(GetPolicyFilePath(sDir)); doc.Load(GetPolicyFilePath(sDir, sUserName));
switch(policyType) switch(policyType)
{ {
case CASAPolType.AGGREGATION_POL: case CASAPolType.AGGREGATION_POL: