Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-07-01 09:36:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

- made the SSL passwd more secure (10^126 different passwds now) and random, based on the internal Mersenne twister.

Browse source 
- kepts compatibility with existing autologin passwds. Only new locations will have a long 64 chars passwd.
- implemented storage of SSL password in gnome keyring for autologin on ubuntu
- added UBUNTU define in both .pro files.
- suppressed display of SSL passwd at login



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3993 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2011-01-29 14:27:16 +00:00
parent 25056b3623
commit 29d143bebc
5 changed files with 110 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

4
libretroshare/src/libretroshare.pro
View file

@ -137,6 +137,10 @@ PUBLIC_HEADERS = retroshare/rsblogs.h \
HEADERS += $$PUBLIC_HEADERS HEADERS += $$PUBLIC_HEADERS
DEFINES *= UBUNTU
INCLUDEPATH += /usr/include/glib-2.0/ /usr/lib/glib-2.0/include
LIBS *= -lgnome-keyring
# public headers to be... # public headers to be...
HEADERS += retroshare/rsgame.h \ HEADERS += retroshare/rsgame.h \
retroshare/rsphoto.h retroshare/rsphoto.h

99
libretroshare/src/rsserver/rsinit.cc
View file

@ -139,7 +139,7 @@ static const std::string configKeyDir = "keys";
static const std::string configCaFile = "cacerts.pem"; static const std::string configCaFile = "cacerts.pem";
static const std::string configLogFileName = "retro.log"; static const std::string configLogFileName = "retro.log";
static const std::string configHelpName = "retro.htm"; static const std::string configHelpName = "retro.htm";
static const int SSLPWD_LEN = 6; static const int SSLPWD_LEN = 64;
std::list<accountId> RsInitConfig::accountIds; std::list<accountId> RsInitConfig::accountIds;
std::string RsInitConfig::preferedId; std::string RsInitConfig::preferedId;
@ -422,7 +422,7 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored, bool strictCheck
break; break;
case 'w': case 'w':
RsInitConfig::passwd = optarg; RsInitConfig::passwd = optarg;
std::cerr << "Password Specified(" << RsInitConfig::passwd; std::cerr << "Password Specified(********" ; //<< RsInitConfig::passwd;
std::cerr << ") Selected" << std::endl; std::cerr << ") Selected" << std::endl;
RsInitConfig::havePasswd = true; RsInitConfig::havePasswd = true;
break; break;
@ -659,6 +659,7 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored, bool strictCheck
if (RsTryAutoLogin()) if (RsTryAutoLogin())
{ {
RsInit::setAutoLogin(true); RsInit::setAutoLogin(true);
std::cerr << "Autologin has succeeded" << std::endl;
return RS_INIT_HAVE_ACCOUNT; return RS_INIT_HAVE_ACCOUNT;
} }
} }
@ -1469,6 +1470,8 @@ int RsInit::LoadCertificates(bool autoLoginNT)
bool have_help = false; bool have_help = false;
// Check if help file exists // Check if help file exists
#ifndef UBUNTU
std::cerr << "Warning; in NOT ubuntu mode" << std::endl;
std::string help_file_name = RsInitConfig::configDir + RsInitConfig::dirSeperator + std::string help_file_name = RsInitConfig::configDir + RsInitConfig::dirSeperator +
configKeyDir + RsInitConfig::dirSeperator + "help.dta"; configKeyDir + RsInitConfig::dirSeperator + "help.dta";
FILE* helpFile = fopen(help_file_name.c_str(), "r"); FILE* helpFile = fopen(help_file_name.c_str(), "r");
@ -1484,6 +1487,13 @@ int RsInit::LoadCertificates(bool autoLoginNT)
} }
#else
if(RsInitConfig::passwd == ""){ // in case user chooses a different user later in setup
std::cerr << "Calling RsTryAutoLogin()" << std::endl;
RsInitConfig::havePasswd = RsTryAutoLogin();
}
have_help = RsInitConfig::havePasswd;
#endif
/* The SSL / SSL + PGP version requires, SSL init + PGP init. */ /* The SSL / SSL + PGP version requires, SSL init + PGP init. */
const char* sslPassword; const char* sslPassword;
@ -1538,7 +1548,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
std::cerr << "Decrypting went ok !" << std::endl; std::cerr << "Decrypting went ok !" << std::endl;
gpgme_data_write (plain, "", 1); gpgme_data_write (plain, "", 1);
sslPassword = gpgme_data_release_and_get_mem(plain, NULL); sslPassword = gpgme_data_release_and_get_mem(plain, NULL);
std::cerr << "sslpassword: " << sslPassword << std::endl; std::cerr << "sslpassword: " << "********************" << std::endl;
} else { } else {
gpgme_data_release (plain); gpgme_data_release (plain);
std::cerr << "Error : decrypting went wrong !" << std::endl; std::cerr << "Error : decrypting went wrong !" << std::endl;
@ -1555,7 +1565,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
sslPassword = RsInitConfig::passwd.c_str(); sslPassword = RsInitConfig::passwd.c_str();
} }
else{ else{
RsInitConfig::passwd.insert(0, sslPassword, RsInit::getSslPwdLen()); RsInitConfig::passwd = sslPassword ; //.insert(0, sslPassword, RsInit::getSslPwdLen());
} }
@ -1774,6 +1784,18 @@ extern BOOL WINAPI CryptUnprotectData(
#endif #endif
/******************************** WINDOWS/UNIX SPECIFIC PART ******************/ /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
#ifdef UBUNTU
#include <gnome-keyring-1/gnome-keyring.h>
GnomeKeyringPasswordSchema my_schema = {
GNOME_KEYRING_ITEM_ENCRYPTION_KEY_PASSWORD,
{
{ "RetroShare SSL Id", GNOME_KEYRING_ATTRIBUTE_TYPE_STRING },
{ NULL, (GnomeKeyringAttributeType)0 }
}
};
#endif
bool RsInit::RsStoreAutoLogin() bool RsInit::RsStoreAutoLogin()
@ -1782,6 +1804,18 @@ bool RsInit::RsStoreAutoLogin()
/******************************** WINDOWS/UNIX SPECIFIC PART ******************/ /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
#ifndef WINDOWS_SYS /* UNIX */ #ifndef WINDOWS_SYS /* UNIX */
#ifdef UBUNTU
if(GNOME_KEYRING_RESULT_OK == gnome_keyring_store_password_sync(&my_schema, NULL, (gchar*)("RetroShare password for SSL Id "+RsInitConfig::preferedId).c_str(),(gchar*)RsInitConfig::passwd.c_str(),"RetroShare SSL Id",RsInitConfig::preferedId.c_str(),NULL))
{
std::cerr << "Stored passwd " << "************************" << " into gnome keyring" << std::endl;
return true ;
}
else
{
std::cerr << "Could not store passwd into gnome keyring" << std::endl;
return false ;
}
#else
/* WARNING: Autologin is inherently unsafe */ /* WARNING: Autologin is inherently unsafe */
std::string helpFileName = RsInitConfig::configDir + RsInitConfig::dirSeperator + std::string helpFileName = RsInitConfig::configDir + RsInitConfig::dirSeperator +
@ -1815,6 +1849,7 @@ bool RsInit::RsStoreAutoLogin()
return true; return true;
#endif
#else #else
/* store password encrypted in a file */ /* store password encrypted in a file */
@ -1900,7 +1935,6 @@ bool RsInit::RsStoreAutoLogin()
} }
bool RsInit::RsTryAutoLogin() bool RsInit::RsTryAutoLogin()
{ {
@ -1908,6 +1942,26 @@ bool RsInit::RsTryAutoLogin()
/******************************** WINDOWS/UNIX SPECIFIC PART ******************/ /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
#ifndef WINDOWS_SYS /* UNIX */ #ifndef WINDOWS_SYS /* UNIX */
#ifdef UBUNTU
gchar *passwd = NULL;
std::cerr << "Using attribute: " << RsInitConfig::preferedId << std::endl;
if( gnome_keyring_find_password_sync(&my_schema, &passwd,"RetroShare SSL Id",RsInitConfig::preferedId.c_str(),NULL) == GNOME_KEYRING_RESULT_OK )
{
std::cerr << "Got SSL passwd ********************" /*<< passwd*/ << " from gnome keyring" << std::endl;
RsInitConfig::passwd.clear();
RsInitConfig::passwd.insert(0, (char*)passwd, strlen(passwd));
RsInitConfig::havePasswd = true ;
return true ;
}
else
{
std::cerr << "Could not get passwd from gnome keyring" << std::endl;
return false ;
}
#else
std::string helpFileName = RsInitConfig::basedir + RsInitConfig::dirSeperator + RsInitConfig::preferedId + RsInitConfig::dirSeperator + std::string helpFileName = RsInitConfig::basedir + RsInitConfig::dirSeperator + RsInitConfig::preferedId + RsInitConfig::dirSeperator +
configKeyDir + RsInitConfig::dirSeperator + "help.dta"; configKeyDir + RsInitConfig::dirSeperator + "help.dta";
@ -1920,17 +1974,25 @@ bool RsInit::RsTryAutoLogin()
/* decrypt help */ /* decrypt help */
const int DAT_LEN = RsInit::getSslPwdLen(); int c ;
std::string passwd ;
while( (c = getc(helpFile)) != EOF )
passwd += (char)c ;
const int DAT_LEN = passwd.length();
const int KEY_DAT_LEN = RsInitConfig::load_cert.length(); const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
unsigned char* key_data = (unsigned char*)RsInitConfig::load_cert.c_str(); unsigned char* key_data = (unsigned char*)RsInitConfig::load_cert.c_str();
unsigned char* indata = new unsigned char[DAT_LEN]; unsigned char* indata = new unsigned char[DAT_LEN];
unsigned char* outdata = new unsigned char[DAT_LEN]; unsigned char* outdata = new unsigned char[DAT_LEN];
if(fscanf(helpFile, "%s", indata) != 1) for(int i=0;i<DAT_LEN;++i)
{ indata[i] = passwd[i] ;
std::cerr << "Can't read RSA key in help file " << helpFileName << ". Sorry." << std::endl ;
return false ; // if(fscanf(helpFile, "%s", indata) != 1)
} // {
// std::cerr << "Can't read RSA key in help file " << helpFileName << ". Sorry." << std::endl ;
// return false ;
// }
RC4_KEY* key = new RC4_KEY; RC4_KEY* key = new RC4_KEY;
RC4_set_key(key, KEY_DAT_LEN, key_data); RC4_set_key(key, KEY_DAT_LEN, key_data);
@ -1951,6 +2013,7 @@ bool RsInit::RsTryAutoLogin()
delete key; delete key;
return true; return true;
#endif // UBUNTU
#else #else
/* try to load from file */ /* try to load from file */
@ -2065,6 +2128,18 @@ bool RsInit::RsTryAutoLogin()
bool RsInit::RsClearAutoLogin() bool RsInit::RsClearAutoLogin()
{ {
#ifdef UBUNTU
if(GNOME_KEYRING_RESULT_OK == gnome_keyring_delete_password_sync(&my_schema,"RetroShare SSL Id", RsInitConfig::preferedId.c_str(),NULL))
{
std::cerr << "Successfully Cleared gnome keyring passwd for SSLID " << RsInitConfig::preferedId << std::endl;
return true ;
}
else
{
std::cerr << "Could not clear gnome keyring passwd for SSLID " << RsInitConfig::preferedId << std::endl;
return false ;
}
#else
std::string passwdfile = RsInitConfig::configDir; std::string passwdfile = RsInitConfig::configDir;
passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator; passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
passwdfile += "help.dta"; passwdfile += "help.dta";
@ -2085,7 +2160,7 @@ bool RsInit::RsClearAutoLogin()
} }
return false; return false;
#endif
} }

3
retroshare-gui/src/RetroShare.pro
View file

@ -38,8 +38,9 @@ linux-* {
PRE_TARGETDEPS *= ../../libretroshare/src/lib/libretroshare.a PRE_TARGETDEPS *= ../../libretroshare/src/lib/libretroshare.a
LIBS += ../../libretroshare/src/lib/libretroshare.a LIBS += ../../libretroshare/src/lib/libretroshare.a
LIBS += -lssl -lgpgme -lupnp -lXss LIBS += -lssl -lgpgme -lupnp -lXss -lgnome-keyring
DEFINES *= HAVE_XSS # for idle time, libx screensaver extensions DEFINES *= HAVE_XSS # for idle time, libx screensaver extensions
DEFINES *= UBUNTU
} }
linux-g++ { linux-g++ {

21
retroshare-gui/src/gui/GenCertDialog.cpp
View file

@ -20,6 +20,7 @@
****************************************************************/ ****************************************************************/
#include <rshare.h> #include <rshare.h>
#include <util/rsrandom.h>
#include <retroshare/rsinit.h> #include <retroshare/rsinit.h>
#include "GenCertDialog.h" #include "GenCertDialog.h"
#include "InfoDialog.h" #include "InfoDialog.h"
@ -232,17 +233,17 @@ void GenCertDialog::genPerson()
//generate a random ssl password //generate a random ssl password
std::cerr << " generating sslPasswd." << std::endl; std::string sslPasswd = RSRandom::random_alphaNumericString(RsInit::getSslPwdLen()) ;
qsrand(time(NULL)); std::cerr << "Generated sslPasswd: " << sslPasswd << std::endl;
std::string sslPasswd = "";
const int PWD_LEN = RsInit::getSslPwdLen();
for( int i = 0 ; i < PWD_LEN ; ++i ) // const int PWD_LEN = RsInit::getSslPwdLen();
{ //
int iNumber; // for( int i = 0 ; i < PWD_LEN ; ++i )
iNumber = qrand()%25 + 65; // {
sslPasswd += (char)iNumber; // int iNumber;
} // iNumber = qrand()%(127-33) + 33;
// sslPasswd += (char)iNumber;
// }
/* Initialise the PGP user first */ /* Initialise the PGP user first */
RsInit::SelectGPGAccount(PGPId); RsInit::SelectGPGAccount(PGPId);

12
retroshare-gui/src/gui/StartDialog.cpp
View file

@ -209,12 +209,12 @@ LogoBar & StartDialog::getLogoBar() const {
void StartDialog::notSecureWarning() { void StartDialog::notSecureWarning() {
/* some error msg */ /* some error msg */
if(ui.autologin_checkbox->isChecked()){ if(ui.autologin_checkbox->isChecked())
QMessageBox::warning ( this, #ifdef UBUNTU
tr("Insecure"), QMessageBox::warning ( this, tr("Warning"), tr(" The passwd to your SSL certificate (your location) will be stored encrypted in your Gnome Keyring. \n\n Your PGP passwd will not be stored.\n\nThis choice can be reverted in settings."), QMessageBox::Ok);
tr("Auto Login is not so much secure:\n - Your SSL certificate will be stored unprotected. \n - Your PGP key will however not be stored.\nThis choice be reverted in settings."), #else
QMessageBox::Ok); QMessageBox::warning ( this, tr("Warning"), tr(" The passwd to your SSL certificate (your location) will be stored encrypted in the keys/help.dta file. This is not secure. \n\n Your PGP passwd will not be stored.\n\nThis choice can be reverted in settings."), QMessageBox::Ok);
} #endif
return; return;
} }