diff --git a/CASA/CASA.changes b/CASA/CASA.changes index 022b7a07..b391abf7 100644 --- a/CASA/CASA.changes +++ b/CASA/CASA.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jan 4 13:37:03 MST 2007 - jnorman@novell.com + +- Bug 221012. Based on code review, enhance persistent directory + policy. + ------------------------------------------------------------------- Wed Jan 3 08:12:10 MST 2007 - jnorman@novell.com diff --git a/CASA/micasad/cache/SecretStore.cs b/CASA/micasad/cache/SecretStore.cs index e8605d4b..463e1dd7 100644 --- a/CASA/micasad/cache/SecretStore.cs +++ b/CASA/micasad/cache/SecretStore.cs @@ -37,6 +37,11 @@ using sscs.crypto; using Novell.CASA.CASAPolicy; +#if LINUX +using Mono.Unix.Native; +#endif + + namespace sscs.cache { class SecretStore @@ -47,23 +52,23 @@ namespace sscs.cache private Hashtable tKeyChainList = new Hashtable(); private Hashtable keyChainList; //= Hashtable.Synchronized(tKeyChainList); internal User user; - private Mutex ssMutex ; //reqd only for refCount + private Mutex ssMutex; //reqd only for refCount private int state; // Maintains the state of SS ( keychain - // type availability). TODO: Convert to a class. + // type availability). TODO: Convert to a class. - private static int STATE_NOT_DEFINED = 0; - private static int STATE_OK = 1; - private static int STATE_LOCKED = 2; + private static int STATE_NOT_DEFINED = 0; + private static int STATE_OK = 1; + private static int STATE_LOCKED = 2; - private LocalStorage lss = null; + private LocalStorage lss = null; private LocalStorage slss = null; // For Server Secrets - bool bIsStorePersistent = false; - bool bIsServerStorePersistent = false; + bool bIsStorePersistent = false; + bool bIsServerStorePersistent = false; - string m_persistenceDirectory = null; - private static string POLICY_DIRECTORY = "/home/.casa"; - private MPFileWatcher mpWatcher = null; + string m_persistenceDirectory = null; + private static string POLICY_DIRECTORY = "/home/.casa"; + private MPFileWatcher mpWatcher = null; private DateTime createTime; public DateTime CreateTime @@ -80,110 +85,110 @@ namespace sscs.cache ~SecretStore() { - ssMutex.Close(); + ssMutex.Close(); } internal SecretStore(User ssUser) { secretStoreName = ssUser.GetUserName(); - version = 1; - state = STATE_NOT_DEFINED; - user = ssUser; - refCount = 0; - keyChainList = Hashtable.Synchronized(tKeyChainList); - - ssMutex = new Mutex(); + version = 1; + state = STATE_NOT_DEFINED; + user = ssUser; + refCount = 0; + keyChainList = Hashtable.Synchronized(tKeyChainList); - // create the policy directory for this user - CreatePolicyDirectory(); - - // start a MPFileWatcher if necessary - if (mpWatcher == null) - { - // make sure Persistence Directory exists - String sPersistentDir = GetPersistenceDirectory(); - if (sPersistentDir != null && sPersistentDir.Length > 0) - { - mpWatcher = new MPFileWatcher(GetPersistenceDirectory(), ConstStrings.MICASA_PASSCODE_BY_MASTERPASSWD_FILE); - } - } + ssMutex = new Mutex(); + + // create the policy directory for this user + CreatePolicyDirectory(); + + // start a MPFileWatcher if necessary + if (mpWatcher == null) + { + // make sure Persistence Directory exists + String sPersistentDir = GetPersistenceDirectory(); + if (sPersistentDir != null && sPersistentDir.Length > 0) + { + mpWatcher = new MPFileWatcher(GetPersistenceDirectory(), ConstStrings.MICASA_PASSCODE_BY_MASTERPASSWD_FILE); + } + } } internal bool IsStorePersistent() { return bIsStorePersistent; } - - public bool StopPersistence() - { - if(lss != null && bIsStorePersistent == true) - { - lss.StopPersistence(); - lss = null; - bIsStorePersistent = false; - } - return true; - } - - public bool IsStoreLocked() - { - if (state == STATE_LOCKED) - return true; - else - return false; - } - public void LockStore() - { - state = STATE_LOCKED; - } + public bool StopPersistence() + { + if (lss != null && bIsStorePersistent == true) + { + lss.StopPersistence(); + lss = null; + bIsStorePersistent = false; + } + return true; + } - public bool UnlockStore(string sDesktopPassword, string sMasterPassword) - { - if (sDesktopPassword != null) - { - // verify Desktop password - //state = STATE_OK; - //return true; - } + public bool IsStoreLocked() + { + if (state == STATE_LOCKED) + return true; + else + return false; + } - if (sMasterPassword != null) - { - // verify MasterPassword - if (SetMasterPassword(sMasterPassword)) - { - state = STATE_OK; - return true; - } - } + public void LockStore() + { + state = STATE_LOCKED; + } - return false; - } + public bool UnlockStore(string sDesktopPassword, string sMasterPassword) + { + if (sDesktopPassword != null) + { + // verify Desktop password + //state = STATE_OK; + //return true; + } - public bool IsDesktopPassword(string sDesktopPassword) - { - try - { - byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(sDesktopPassword, GetPasscodeByDesktopFilePath(), false); - if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) - { - return true; - } - // try old salt - baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(sDesktopPassword, GetPasscodeByDesktopFilePath(), true); - if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) - { - return true; - } - } - catch - { - } - return false; - } - - internal bool StartPersistenceOfServerSecretsBySystemKey() - { + if (sMasterPassword != null) + { + // verify MasterPassword + if (SetMasterPassword(sMasterPassword)) + { + state = STATE_OK; + return true; + } + } + + return false; + } + + public bool IsDesktopPassword(string sDesktopPassword) + { + try + { + byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(sDesktopPassword, GetPasscodeByDesktopFilePath(), false); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + return true; + } + // try old salt + baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(sDesktopPassword, GetPasscodeByDesktopFilePath(), true); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + return true; + } + } + catch + { + } + return false; + } + + internal bool StartPersistenceOfServerSecretsBySystemKey() + { // make sure we have a Persistence Directory if (GetPersistenceDirectory() == null || GetPersistenceDirectory().Length < 1 || !Directory.Exists(GetPersistenceDirectory())) { @@ -198,32 +203,32 @@ namespace sscs.cache /* Persistence could have started because the user * could have set master password. */ - if(slss != null && bIsServerStorePersistent == true) + if (slss != null && bIsServerStorePersistent == true) { CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " Server Secrets Store is already persistent"); CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - Started"); return true; } - if(!File.Exists(GetServerPasscodeBySystemKeyFilePath())) + if (!File.Exists(GetServerPasscodeBySystemKeyFilePath())) { -/* - if (File.Exists(GetServerPasscodeByMasterPasswdFilePath())) - { - // wait for the user to start the Persistence by entering MP - return false; - } -*/ + /* + if (File.Exists(GetServerPasscodeByMasterPasswdFilePath())) + { + // wait for the user to start the Persistence by entering MP + return false; + } + */ baPasscode = CASACrypto.GenerateServerMasterPasscode( GetServerPasscodeBySystemKeyFilePath(), GetServerValidationFilePath()); - if( null == baPasscode ) - { + if (null == baPasscode) + { return false; - } + } - if(!File.Exists(GetServerKeyFilePath())) + if (!File.Exists(GetServerKeyFilePath())) { GenerateAndStoreEncryptionKey(baPasscode, GetServerKeyFilePath()); slss = new LocalStorage(this, baPasscode, true); @@ -233,40 +238,40 @@ namespace sscs.cache } baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(GetServerPasscodeBySystemKeyFilePath()); - if(CASACrypto.ValidatePasscode(baPasscode,GetServerValidationFilePath())) + if (CASACrypto.ValidatePasscode(baPasscode, GetServerValidationFilePath())) { slss = new LocalStorage(this, baPasscode, true); bIsServerStorePersistent = true; return true; } } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); } return false; - } + } - internal bool StartPersistenceByDesktopPasswd(string desktopPasswd) + internal bool StartPersistenceByDesktopPasswd(string desktopPasswd) { - CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Called"); + CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Called"); - // make sure we have a Persistence Directory - if (GetPersistenceDirectory() == null || GetPersistenceDirectory().Length < 1) - { - CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - No Peristence directory yet"); - CSSSLogger.DbgLog("Directory: [" + GetPersistenceDirectory() + "]"); - return false; - } - else - { - if (!Directory.Exists(GetPersistenceDirectory())) - { - CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Peristence directory is not created yet"); - CSSSLogger.DbgLog("Directory: " + GetPersistenceDirectory() + "]"); - return false; - } - } + // make sure we have a Persistence Directory + if (GetPersistenceDirectory() == null || GetPersistenceDirectory().Length < 1) + { + CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - No Peristence directory yet"); + CSSSLogger.DbgLog("Directory: [" + GetPersistenceDirectory() + "]"); + return false; + } + else + { + if (!Directory.Exists(GetPersistenceDirectory())) + { + CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Peristence directory is not created yet"); + CSSSLogger.DbgLog("Directory: " + GetPersistenceDirectory() + "]"); + return false; + } + } try @@ -275,12 +280,12 @@ namespace sscs.cache /* Persistence could have started because the user * could have set master password. */ - if(lss != null && bIsStorePersistent == true) + if (lss != null && bIsStorePersistent == true) { /* Verify passcode and if validation fails, rewrite * desktop file. */ - if(File.Exists(GetPasscodeByDesktopFilePath())) + if (File.Exists(GetPasscodeByDesktopFilePath())) { } else @@ -289,42 +294,42 @@ namespace sscs.cache */ } CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " Store is already persistent"); - CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Started"); + CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Started"); return true; } - - - if(!File.Exists(GetPasscodeByDesktopFilePath())) - { - if (File.Exists(GetPasscodeByMasterPasswdFilePath())) - { - // wait for the user to start the Persistence by entering MP - return false; - } + + + if (!File.Exists(GetPasscodeByDesktopFilePath())) + { + if (File.Exists(GetPasscodeByMasterPasswdFilePath())) + { + // wait for the user to start the Persistence by entering MP + return false; + } //Else passcode needs to be generated. baPasscode = CASACrypto.GenerateMasterPasscodeUsingString( desktopPasswd, - GetPasscodeByDesktopFilePath(), + GetPasscodeByDesktopFilePath(), GetValidationFilePath(), user.UserIdentifier); - if( null == baPasscode ) + if (null == baPasscode) return false; - if(!File.Exists(GetKeyFilePath())) + if (!File.Exists(GetKeyFilePath())) { - GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath()); - lss = new LocalStorage(this,baPasscode); - bIsStorePersistent = true; - return true; + GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath()); + lss = new LocalStorage(this, baPasscode); + bIsStorePersistent = true; + return true; } } baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), false); - if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) { - lss = new LocalStorage(this,baPasscode); + lss = new LocalStorage(this, baPasscode); bIsStorePersistent = true; return true; } @@ -334,7 +339,7 @@ namespace sscs.cache baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true); if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) { - // rewrite file using new encryption + // rewrite file using new encryption CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath()); lss = new LocalStorage(this, baPasscode); bIsStorePersistent = true; @@ -344,58 +349,58 @@ namespace sscs.cache { lss = null; bIsStorePersistent = false; //till masterPasswd is verified - } + } } } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); } return false; } - internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode, string fileName) - { - RijndaelManaged myRijndael = new RijndaelManaged(); - byte[] key; - byte[] IV = new byte[16]; - //Create a new key and initialization vector. - try - { - myRijndael.GenerateKey(); - key = myRijndael.Key; - - CASACrypto.StoreKeySetUsingMasterPasscode(key, IV, baPasscode, fileName); - } - catch (Exception) - { - return false; - } - return true; - } + internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode, string fileName) + { + RijndaelManaged myRijndael = new RijndaelManaged(); + byte[] key; + byte[] IV = new byte[16]; + //Create a new key and initialization vector. + try + { + myRijndael.GenerateKey(); + key = myRijndael.Key; + + CASACrypto.StoreKeySetUsingMasterPasscode(key, IV, baPasscode, fileName); + } + catch (Exception) + { + return false; + } + return true; + } internal bool SetMasterPassword(string mPasswdFromIDK) { try { - char[] trimChars = {'\0'}; + char[] trimChars = { '\0' }; string mPasswd = mPasswdFromIDK.TrimEnd(trimChars); bool isVerifyOperation = false; string mPasswdFileName = GetPasscodeByMasterPasswdFilePath(); byte[] baPasscode; - if(File.Exists(mPasswdFileName)) + if (File.Exists(mPasswdFileName)) isVerifyOperation = true; //else it is a set operation. string desktopPasswd = GetDesktopPasswd(); - - if(isVerifyOperation == false) + + if (isVerifyOperation == false) { /* Here the master password file needs to be generated. */ - if(desktopPasswd != null) + if (desktopPasswd != null) { baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), false); - if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) { CASACrypto.EncryptAndStoreMasterPasscodeUsingString( baPasscode, @@ -407,17 +412,17 @@ namespace sscs.cache { // try old method baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd( - desktopPasswd, - GetPasscodeByDesktopFilePath(), - true); + desktopPasswd, + GetPasscodeByDesktopFilePath(), + true); if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) { // rewrite file using new method CASACrypto.EncryptAndStoreMasterPasscodeUsingString( - baPasscode, - desktopPasswd, - GetPasscodeByDesktopFilePath()); - + baPasscode, + desktopPasswd, + GetPasscodeByDesktopFilePath()); + CASACrypto.EncryptAndStoreMasterPasscodeUsingString( baPasscode, mPasswd, @@ -460,29 +465,29 @@ namespace sscs.cache /* If desktop passwd is not there and user sets * master password. */ - if(File.Exists(GetPersistenceFilePath())) + if (File.Exists(GetPersistenceFilePath())) { File.Delete(GetPersistenceFilePath()); CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now. - Desktop passwd is not there and Master password is being set"); } - if(File.Exists((GetPasscodeByDesktopFilePath()))) + if (File.Exists((GetPasscodeByDesktopFilePath()))) { File.Delete((GetPasscodeByDesktopFilePath())); CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now. - Desktop passwd is not there and Master password is being set"); } - - baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd,GetPasscodeByMasterPasswdFilePath(),GetValidationFilePath(), user.UserIdentifier); - if(baPasscode != null) - { - if(!File.Exists(GetKeyFilePath())) - { - GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath()); - } - CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath()); - if( bIsStorePersistent == false ) + baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), GetValidationFilePath(), user.UserIdentifier); + if (baPasscode != null) + { + if (!File.Exists(GetKeyFilePath())) { - lss = new LocalStorage(this,baPasscode); + GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath()); + } + + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, mPasswd, GetPasscodeByMasterPasswdFilePath()); + if (bIsStorePersistent == false) + { + lss = new LocalStorage(this, baPasscode); bIsStorePersistent = true; } return true; @@ -498,14 +503,14 @@ namespace sscs.cache //Get the passcode from master passwd file and validate. //If validation succeeds,start persistence. - if(desktopPasswd == null) + if (desktopPasswd == null) { baPasscode = CASACrypto.DecryptMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), false); - if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) - { - if(bIsStorePersistent == false) + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + if (bIsStorePersistent == false) { - lss = new LocalStorage(this,baPasscode); + lss = new LocalStorage(this, baPasscode); bIsStorePersistent = true; } return true; @@ -533,14 +538,14 @@ namespace sscs.cache } else { //There are 2 cases - either desktop passwd has changed - //or it hasnt. + //or it hasnt. baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(mPasswd, GetPasscodeByMasterPasswdFilePath(), false); - if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) { - RewriteDesktopPasswdFile(baPasscode,desktopPasswd); - if(bIsStorePersistent == false) + RewriteDesktopPasswdFile(baPasscode, desktopPasswd); + if (bIsStorePersistent == false) { - lss = new LocalStorage(this,baPasscode); + lss = new LocalStorage(this, baPasscode); bIsStorePersistent = true; } return true; @@ -561,10 +566,10 @@ namespace sscs.cache return false; } - } + } } } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); } @@ -578,7 +583,7 @@ namespace sscs.cache CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath()); CSSSLogger.DbgLog("Re-encryted passcode with desktop passwd"); } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); } @@ -608,12 +613,12 @@ namespace sscs.cache } } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); } return null; - } + } /* This method would be called, when the user is setting his * master passcode for the first time. @@ -621,7 +626,7 @@ namespace sscs.cache internal bool SetMasterPasscode(string sMasterPasscode) { - return true; + return true; #if false bool bRet = false; try @@ -663,7 +668,7 @@ namespace sscs.cache ssMutex.ReleaseMutex(); CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " : RefCount = " + refCount); } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); throw e; @@ -679,7 +684,7 @@ namespace sscs.cache ssMutex.ReleaseMutex(); CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " : RefCount = " + refCount); } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); throw e; @@ -692,15 +697,15 @@ namespace sscs.cache try { keychain.CreatedTime = DateTime.Now; - keyChainList.Add(keychain.GetKey(),keychain); + keyChainList.Add(keychain.GetKey(), keychain); } - catch(Exception e) + catch (Exception e) { - CSSSLogger.DbgLog(e.ToString()); - throw e; + CSSSLogger.DbgLog(e.ToString()); + throw e; } - CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " - Successfully added Keychain = "+ keychain.GetKey() + " length = "+ (keychain.GetKey()).Length); + CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " - Successfully added Keychain = " + keychain.GetKey() + " length = " + (keychain.GetKey()).Length); return true; } @@ -734,91 +739,91 @@ namespace sscs.cache return kc; } - internal KeyChain GetKeyChainDefault() - { - return GetKeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"); - } + internal KeyChain GetKeyChainDefault() + { + return GetKeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"); + } - internal KeyChain GetKeyChain(string id) - { - if(keyChainList.ContainsKey(id)) + internal KeyChain GetKeyChain(string id) + { + if (keyChainList.ContainsKey(id)) { - CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Keychain already exists."); - KeyChain kc = (KeyChain)(keyChainList[id]); - kc.AccessedTime = DateTime.Now; - return kc; - } + CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Keychain already exists."); + KeyChain kc = (KeyChain)(keyChainList[id]); + kc.AccessedTime = DateTime.Now; + return kc; + } else { - CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Keychain doesnot exist.Returning null."); + CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Keychain doesnot exist.Returning null."); throw new KeyChainDoesNotExistException(id); } } - - internal bool CheckIfKeyChainExists(string id) + + internal bool CheckIfKeyChainExists(string id) { - if(keyChainList.ContainsKey(id)) + if (keyChainList.ContainsKey(id)) return true; else return false; } - internal void UpdatePersistentStore() - { - if (lss != null) - lss.PersistStoreWithDelay(); - if (slss != null) - slss.PersistServerStoreWithDelay(); - } + internal void UpdatePersistentStore() + { + if (lss != null) + lss.PersistStoreWithDelay(); + if (slss != null) + slss.PersistServerStoreWithDelay(); + } /* This function would need to do any storage/cleanup required * before removing a user session. */ internal bool CommitStore() { - if(lss != null) + if (lss != null) lss.PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID); - if(slss != null) + if (slss != null) slss.PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID); return true; } internal IEnumerator GetKeyChainEnumerator() { - //TBD - // Return an Enumerator class which has all secrets in this keychain - return keyChainList.GetEnumerator(); + //TBD + // Return an Enumerator class which has all secrets in this keychain + return keyChainList.GetEnumerator(); } internal void DumpSecretstore() { - lock(keyChainList.SyncRoot) + lock (keyChainList.SyncRoot) { - IDictionaryEnumerator iter = (IDictionaryEnumerator)GetKeyChainEnumerator(); - while( iter.MoveNext() ) - { - int i = 0; - KeyChain kc = (KeyChain)iter.Value; - CSSSLogger.DbgLog("\nKeychain id = " + kc.GetKey()); - CSSSLogger.DbgLog("Secret List is "); - IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets()); - while(secIter.MoveNext()) + IDictionaryEnumerator iter = (IDictionaryEnumerator)GetKeyChainEnumerator(); + while (iter.MoveNext()) { - Secret secret = (Secret)secIter.Value; - CSSSLogger.DbgLog("Secret " + i.ToString() + " id = " + secret.GetKey() + " value = " + secret.GetValue() ); - IDictionaryEnumerator etor = (IDictionaryEnumerator) secret.GetKeyValueEnumerator(); - while(etor.MoveNext()) + int i = 0; + KeyChain kc = (KeyChain)iter.Value; + CSSSLogger.DbgLog("\nKeychain id = " + kc.GetKey()); + CSSSLogger.DbgLog("Secret List is "); + IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets()); + while (secIter.MoveNext()) { - KeyValue kv = (KeyValue)etor.Value; - CSSSLogger.DbgLog("Key = " + kv.Key +" Value = " + kv.GetValue()); + Secret secret = (Secret)secIter.Value; + CSSSLogger.DbgLog("Secret " + i.ToString() + " id = " + secret.GetKey() + " value = " + secret.GetValue()); + IDictionaryEnumerator etor = (IDictionaryEnumerator)secret.GetKeyValueEnumerator(); + while (etor.MoveNext()) + { + KeyValue kv = (KeyValue)etor.Value; + CSSSLogger.DbgLog("Key = " + kv.Key + " Value = " + kv.GetValue()); + } + i++; } - i++; } } - } } - internal int GetSecretStoreState() + internal int GetSecretStoreState() { return state; } @@ -830,40 +835,40 @@ namespace sscs.cache internal bool SetSecretStoreState(int stateToSet) { - //BrainShare Special Only - Only Session keychains state 1 - - state = STATE_OK; - return true; + //BrainShare Special Only - Only Session keychains state 1 + + state = STATE_OK; + return true; } - internal bool ChangeMasterPassword(string sCurrentPWD, string sNewPWD) - { - string sMasterFilePath = GetPasscodeByMasterPasswdFilePath(); - byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(sCurrentPWD, sMasterFilePath, false); - if (baPasscode != null) - { - PauseFileWatcher(); - CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, sNewPWD, sMasterFilePath); - ResumeFileWatcher(); - return true; - } - return false; - } + internal bool ChangeMasterPassword(string sCurrentPWD, string sNewPWD) + { + string sMasterFilePath = GetPasscodeByMasterPasswdFilePath(); + byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(sCurrentPWD, sMasterFilePath, false); + if (baPasscode != null) + { + PauseFileWatcher(); + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, sNewPWD, sMasterFilePath); + ResumeFileWatcher(); + return true; + } + return false; + } - internal void PauseFileWatcher() - { - if (mpWatcher != null) - mpWatcher.pauseWatcher(); - } + internal void PauseFileWatcher() + { + if (mpWatcher != null) + mpWatcher.pauseWatcher(); + } - internal void ResumeFileWatcher() - { - if (mpWatcher != null) - mpWatcher.resumeWatcher(); - } + internal void ResumeFileWatcher() + { + if (mpWatcher != null) + mpWatcher.resumeWatcher(); + } internal string GetDesktopPasswd() - { + { try { string keyChainId = ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0"; @@ -872,7 +877,7 @@ namespace sscs.cache string passwd = secret.GetKeyValue(ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME).GetValue(); return passwd; } - catch(Exception e) + catch (Exception e) { CSSSLogger.ExpLog(e.ToString()); } @@ -882,95 +887,95 @@ namespace sscs.cache internal string GetUserHomeDirectory() { return user.GetUserHomeDir(); - } - - internal string GetUserName() - { - return user.GetUserName(); } - - internal string GetPersistenceDirectory() - { - if (m_persistenceDirectory != null) - { - if (Directory.Exists(m_persistenceDirectory)) - return m_persistenceDirectory; - else - return null; - } - else - { - // the user might have set a different one - // load the policy file and check. - UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, GetUserHomeDirectory(), GetUserName()); - if (uiPolicy != null) - { - string sDir = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSISTENT_DIRECTORY); - if ((sDir != null) && (sDir.Length > 0)) - { - m_persistenceDirectory = sDir; - return m_persistenceDirectory; - } - } - } + + internal string GetUserName() + { + return user.GetUserName(); + } + + internal string GetPersistenceDirectory() + { + if (m_persistenceDirectory != null) + { + if (Directory.Exists(m_persistenceDirectory)) + return m_persistenceDirectory; + else + return null; + } + else + { + // the user might have set a different one + // load the policy file and check. + UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, GetUserHomeDirectory(), GetUserName()); + if (uiPolicy != null) + { + string sDir = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSISTENT_DIRECTORY); + if ((sDir != null) && (sDir.Length > 0)) + { + m_persistenceDirectory = sDir; + return m_persistenceDirectory; + } + } + } #if LINUX m_persistenceDirectory = MigrateMiCasaFiles(); return m_persistenceDirectory; -#else - return GetUserHomeDirectory(); +#else + return GetUserHomeDirectory(); #endif - } - - internal string MigrateMiCasaFiles() - { - // for v1.7, we are storing MiCasa files in /home/.casa/[username] - // let's migrate the files if needed - string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName(); - - try - { - if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0) - return sNewPath; - - // check users home directory and move them if necessary - String[] miCASAFiles = Directory.GetFiles(GetUserHomeDirectory(), ".miCASA*"); - - if ((miCASAFiles != null) && (miCASAFiles.Length > 0)) - { - for (int i=0; i 0) + return sNewPath; + + // check users home directory and move them if necessary + String[] miCASAFiles = Directory.GetFiles(GetUserHomeDirectory(), ".miCASA*"); + + if ((miCASAFiles != null) && (miCASAFiles.Length > 0)) + { + for (int i = 0; i < miCASAFiles.Length; i++) + { + string sFileName = miCASAFiles[i].Substring(miCASAFiles[i].LastIndexOf("/")); + File.Move(miCASAFiles[i], sNewPath + sFileName); + } + } + } + catch (Exception e) + { + CSSSLogger.DbgLog(e.ToString()); + } + + return (sNewPath); + } + + internal bool SetPeristenceDirectory(string sNewDirectory) + { + if (Directory.Exists(sNewDirectory)) + { + // reset the FileWatcher + if (mpWatcher != null) + { + mpWatcher.pauseWatcher(); + mpWatcher = new MPFileWatcher(sNewDirectory, ConstStrings.MICASA_PASSCODE_BY_MASTERPASSWD_FILE); + mpWatcher.resumeWatcher(); + } + + m_persistenceDirectory = sNewDirectory; + return true; + } + + return false; + } internal string GetKeyFilePath() { @@ -1028,71 +1033,71 @@ namespace sscs.cache { string persistDir = GetPersistenceDirectory(); return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE; - } - - internal byte[] GetSecretsForExport(string sEncryptionString) - { - byte[] baIV = null; - byte[] baSecrets = GetSecrets(sEncryptionString, ref baIV); - - if ((baIV != null) && (baSecrets != null)) - { - byte[] baCombined = new byte[baIV.Length + baSecrets.Length]; - baIV.CopyTo(baCombined, 0); - baSecrets.CopyTo(baCombined, baIV.Length); - return baCombined; - } - else - { - return baSecrets; - } } - internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV) - { - if (lss != null) - { + internal byte[] GetSecretsForExport(string sEncryptionString) + { + byte[] baIV = null; + byte[] baSecrets = GetSecrets(sEncryptionString, ref baIV); + + if ((baIV != null) && (baSecrets != null)) + { + byte[] baCombined = new byte[baIV.Length + baSecrets.Length]; + baIV.CopyTo(baCombined, 0); + baSecrets.CopyTo(baCombined, baIV.Length); + return baCombined; + } + else + { + return baSecrets; + } + } + + internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV) + { + if (lss != null) + { MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, ConstStrings.SSCS_SESSION_KEY_CHAIN_ID); - byte[] baSecrets = ms.ToArray(); + byte[] baSecrets = ms.ToArray(); - // encrypt if an encryptionstring was passed - if ((sEncryptionString != null) && (sEncryptionString.Length > 0)) - { - byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); + // encrypt if an encryptionstring was passed + if ((sEncryptionString != null) && (sEncryptionString.Length > 0)) + { + byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); - // now encypt it. - baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey, ref baIV); - } - return baSecrets; - } - else - { - return null; - } - } + // now encypt it. + baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey, ref baIV); + } + return baSecrets; + } + else + { + return null; + } + } - internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString, byte[] baIV) - { - if (sEncryptionString != null) - { - // decrypt the buffer using the string passed in. - byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); - byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey, baIV); - MergeXMLSecrets(baBuffer); - } - } + internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString, byte[] baIV) + { + if (sEncryptionString != null) + { + // decrypt the buffer using the string passed in. + byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); + byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey, baIV); + MergeXMLSecrets(baBuffer); + } + } - internal void MergeXMLSecrets(byte[] decryptedXmlSecrets) - { - XmlDocument doc = new XmlDocument(); - String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets); - doc.LoadXml(sXMLData); - LocalStorage.AddXMLSecretsToStore(this, doc); - } + internal void MergeXMLSecrets(byte[] decryptedXmlSecrets) + { + XmlDocument doc = new XmlDocument(); + String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets); + doc.LoadXml(sXMLData); + LocalStorage.AddXMLSecretsToStore(this, doc); + } - internal void CreatePolicyDirectory() - { + internal void CreatePolicyDirectory() + { #if LINUX // set up mask @@ -1133,7 +1138,45 @@ namespace sscs.cache // restore umask Mono.Unix.Native.Syscall.umask(permissions); -#endif - } +#endif + } + + internal bool IsDirectoryOwnedByUser(string sPath) + { + +#if LINUX + try + { + Stat stat = new Stat(); + int rcode = Syscall.stat(sPath, out stat); + + if (stat.st_uid == (uint)this.user.UserIdentifier.GetUID()) + { + FilePermissions fp = stat.st_mode; + if ((fp & FilePermissions.S_IWUSR) != FilePermissions.S_IWUSR) + { + return false; + } + else + { + return true; + } + } + else + { + return false; + } + + } + catch (Exception e) + { + return false; + } + +#else + return true; +#endif + } } } + diff --git a/CASA/micasad/verbs/ObjectSerialization.cs b/CASA/micasad/verbs/ObjectSerialization.cs index 02b91b70..b9ea655f 100644 --- a/CASA/micasad/verbs/ObjectSerialization.cs +++ b/CASA/micasad/verbs/ObjectSerialization.cs @@ -276,11 +276,14 @@ namespace sscs.verbs { cpd.SetErrorMessage("Directory not allowed"); return wo; - } - -#endif - - + } +#endif + if (!ssStore.IsDirectoryOwnedByUser(sNewDir)) + { + cpd.SetErrorMessage("Directory not owned by user"); + return wo; + } + // copy all .miCASA* files to new location string[] files = Directory.GetFiles(sOldDir, ".miCASA*"); if (files != null) @@ -320,7 +323,7 @@ namespace sscs.verbs } private WrappedObject DoMergeXMLSecrets(SecretStore ssStore, WrappedObject wo) - { + { byte[] baIV = new byte[16]; ImportXMLSecrets addSecrets = (ImportXMLSecrets)wo.GetObject(); string sMasterPassword = addSecrets.GetMasterPasssword(); @@ -333,23 +336,23 @@ namespace sscs.verbs { // let's read it - FileStream fs = new FileStream(sFilePath, FileMode.Open); + FileStream fs = new FileStream(sFilePath, FileMode.Open); int iBytes = 0; - // if a master password was sent, read the first 16 bytes as IV. - if (sMasterPassword != null) - { - baXMLSecrets = new byte[fs.Length - 16]; - iBytes = fs.Read(baIV, 0, 16); - iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length - 16); - } - else - { - baXMLSecrets = new byte[fs.Length]; - iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length); - } - - fs.Flush(); + // if a master password was sent, read the first 16 bytes as IV. + if (sMasterPassword != null) + { + baXMLSecrets = new byte[fs.Length - 16]; + iBytes = fs.Read(baIV, 0, 16); + iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length - 16); + } + else + { + baXMLSecrets = new byte[fs.Length]; + iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length); + } + + fs.Flush(); fs.Close(); } } @@ -410,17 +413,17 @@ namespace sscs.verbs string sEncrpyptionPassphrase = secrets.GetPassphrase(); - // get all secrets - byte[] baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase); - - if (baSecrets != null) - { - wo.SetObject(baSecrets); - wo.SetError(constants.RetCodes.SUCCESS, ""); - } - else - { - wo.SetError(constants.RetCodes.FAILURE, "No Secrets for Export"); + // get all secrets + byte[] baSecrets = ssStore.GetSecretsForExport(sEncrpyptionPassphrase); + + if (baSecrets != null) + { + wo.SetObject(baSecrets); + wo.SetError(constants.RetCodes.SUCCESS, ""); + } + else + { + wo.SetError(constants.RetCodes.FAILURE, "No Secrets for Export"); } return wo;