- made the SSL passwd more secure (10^126 different passwds now) and random, based on the internal Mersenne twister.

- kepts compatibility with existing autologin passwds. Only new locations will have a long 64 chars passwd. - implemented storage of SSL password in gnome keyring for autologin on ubuntu - added UBUNTU define in both .pro files. - suppressed display of SSL passwd at login git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3993 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-10-01 02:35:48 -04:00 · 2011-01-29 14:27:16 +00:00 · 2011-01-29 14:27:16 +00:00 · 29d143bebc
commit 29d143bebc
parent 25056b3623
5 changed files with 110 additions and 29 deletions
--- a/libretroshare/src/libretroshare.pro
+++ b/libretroshare/src/libretroshare.pro
@ -137,6 +137,10 @@ PUBLIC_HEADERS =	retroshare/rsblogs.h \

 HEADERS += $$PUBLIC_HEADERS

+DEFINES *= UBUNTU
+INCLUDEPATH += /usr/include/glib-2.0/ /usr/lib/glib-2.0/include
+LIBS *= -lgnome-keyring
+
 # public headers to be...
 HEADERS +=		retroshare/rsgame.h \
 					retroshare/rsphoto.h
--- a/libretroshare/src/rsserver/rsinit.cc
+++ b/libretroshare/src/rsserver/rsinit.cc
@ -139,7 +139,7 @@ static const std::string configKeyDir = "keys";
 static const std::string configCaFile = "cacerts.pem";
 static const std::string configLogFileName = "retro.log";
 static const std::string configHelpName = "retro.htm";
-static const int SSLPWD_LEN = 6;
+static const int SSLPWD_LEN = 64;

 std::list<accountId> RsInitConfig::accountIds;
 std::string RsInitConfig::preferedId;
@ -422,7 +422,7 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored, bool strictCheck
                                 break;
                         case 'w':
                                 RsInitConfig::passwd = optarg;
-                                 std::cerr << "Password Specified(" << RsInitConfig::passwd;
+                                 std::cerr << "Password Specified(********" ; //<< RsInitConfig::passwd;
                                 std::cerr << ") Selected" << std::endl;
                                 RsInitConfig::havePasswd = true;
                                 break;
@ -659,6 +659,7 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored, bool strictCheck
 		if (RsTryAutoLogin())
 		{
 			RsInit::setAutoLogin(true);
+			std::cerr << "Autologin has succeeded" << std::endl;
 			return RS_INIT_HAVE_ACCOUNT;
 		}
 	}
@ -1469,6 +1470,8 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 	bool have_help = false;

 	// Check if help file exists
+#ifndef UBUNTU
+	std::cerr << "Warning; in NOT ubuntu mode" << std::endl;
 	std::string help_file_name = RsInitConfig::configDir + RsInitConfig::dirSeperator +
 				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
 	FILE* helpFile = fopen(help_file_name.c_str(), "r");
@ -1484,6 +1487,13 @@ int RsInit::LoadCertificates(bool autoLoginNT)


 	}
+#else
+	if(RsInitConfig::passwd == ""){ // in case user chooses a different user later in setup
+		std::cerr << "Calling RsTryAutoLogin()" << std::endl;
+		RsInitConfig::havePasswd = RsTryAutoLogin();
+	}
+	have_help = RsInitConfig::havePasswd;
+#endif

 	/* The SSL / SSL + PGP version requires, SSL init + PGP init.  */
 	const char* sslPassword;
@ -1538,7 +1548,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 			    std::cerr << "Decrypting went ok !" << std::endl;
                            gpgme_data_write (plain, "", 1);
 			    sslPassword = gpgme_data_release_and_get_mem(plain, NULL);
-			    std::cerr << "sslpassword: " << sslPassword << std::endl;
+			    std::cerr << "sslpassword: " << "********************" << std::endl;
 			} else {
 			    gpgme_data_release (plain);
                            std::cerr << "Error : decrypting went wrong !" << std::endl;
@ -1555,7 +1565,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		sslPassword = RsInitConfig::passwd.c_str();
 	}
 	else{
-		RsInitConfig::passwd.insert(0, sslPassword, RsInit::getSslPwdLen());
+		RsInitConfig::passwd = sslPassword ; //.insert(0, sslPassword, RsInit::getSslPwdLen());
 	}


@ -1774,6 +1784,18 @@ extern BOOL WINAPI CryptUnprotectData(
 #endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/

+#ifdef UBUNTU
+#include <gnome-keyring-1/gnome-keyring.h>
+
+	GnomeKeyringPasswordSchema my_schema = {
+      GNOME_KEYRING_ITEM_ENCRYPTION_KEY_PASSWORD,
+      {
+           { "RetroShare SSL Id", GNOME_KEYRING_ATTRIBUTE_TYPE_STRING },
+           { NULL, (GnomeKeyringAttributeType)0 }
+      }
+  };
+#endif
+


 bool  RsInit::RsStoreAutoLogin()
@ -1782,6 +1804,18 @@ bool  RsInit::RsStoreAutoLogin()

 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
+#ifdef UBUNTU
+	if(GNOME_KEYRING_RESULT_OK == gnome_keyring_store_password_sync(&my_schema, NULL, (gchar*)("RetroShare password for SSL Id "+RsInitConfig::preferedId).c_str(),(gchar*)RsInitConfig::passwd.c_str(),"RetroShare SSL Id",RsInitConfig::preferedId.c_str(),NULL)) 
+	{
+		std::cerr << "Stored passwd " << "************************" << " into gnome keyring" << std::endl;
+		return true ;
+	}
+	else
+	{
+		std::cerr << "Could not store passwd into gnome keyring" << std::endl;
+		return false ;
+	}
+#else

 	/* WARNING: Autologin is inherently unsafe */
 	std::string helpFileName = RsInitConfig::configDir + RsInitConfig::dirSeperator +
@ -1815,6 +1849,7 @@ bool  RsInit::RsStoreAutoLogin()


 	return true;
+#endif
 #else

 	/* store password encrypted in a file */
@ -1900,7 +1935,6 @@ bool  RsInit::RsStoreAutoLogin()
 }


-
 bool  RsInit::RsTryAutoLogin()
 {

@ -1908,6 +1942,26 @@ bool  RsInit::RsTryAutoLogin()

 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
+#ifdef UBUNTU
+
+	gchar *passwd = NULL;
+
+	std::cerr << "Using attribute: " << RsInitConfig::preferedId << std::endl;
+	if( gnome_keyring_find_password_sync(&my_schema, &passwd,"RetroShare SSL Id",RsInitConfig::preferedId.c_str(),NULL) == GNOME_KEYRING_RESULT_OK )
+	{
+		std::cerr << "Got SSL passwd ********************" /*<< passwd*/ << " from gnome keyring" << std::endl;
+		RsInitConfig::passwd.clear();
+		RsInitConfig::passwd.insert(0, (char*)passwd, strlen(passwd));
+		RsInitConfig::havePasswd = true ;
+		return true ;
+	}
+	else
+	{
+		std::cerr << "Could not get passwd from gnome keyring" << std::endl;
+		return false ;
+	}
+
+#else
 	std::string helpFileName = RsInitConfig::basedir + RsInitConfig::dirSeperator + RsInitConfig::preferedId + RsInitConfig::dirSeperator +
 				configKeyDir + RsInitConfig::dirSeperator + "help.dta";

@ -1920,17 +1974,25 @@ bool  RsInit::RsTryAutoLogin()

 	/* decrypt help */

-	const int DAT_LEN = RsInit::getSslPwdLen();
+	int c ;
+	std::string passwd ;
+	while( (c = getc(helpFile)) != EOF )
+		passwd += (char)c ;
+
+	const int DAT_LEN = passwd.length();
 	const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
 	unsigned char* key_data  = (unsigned char*)RsInitConfig::load_cert.c_str();
 	unsigned char* indata = new unsigned char[DAT_LEN];
 	unsigned char* outdata = new unsigned char[DAT_LEN];

-	if(fscanf(helpFile, "%s", indata) != 1)
-	{
-		std::cerr << "Can't read RSA key in help file " << helpFileName << ". Sorry." << std::endl ;
-		return false ;
-	}
+	for(int i=0;i<DAT_LEN;++i)
+		indata[i] = passwd[i] ;
+
+//	if(fscanf(helpFile, "%s", indata) != 1)
+//	{
+//		std::cerr << "Can't read RSA key in help file " << helpFileName << ". Sorry." << std::endl ;
+//		return false ;
+//	}

 	RC4_KEY* key = new RC4_KEY;
 	RC4_set_key(key, KEY_DAT_LEN, key_data);
@ -1951,6 +2013,7 @@ bool  RsInit::RsTryAutoLogin()
 		delete key;

 	return true;
+#endif	// UBUNTU
 #else

 	/* try to load from file */
@ -2065,6 +2128,18 @@ bool  RsInit::RsTryAutoLogin()

 bool  RsInit::RsClearAutoLogin()
 {
+#ifdef UBUNTU
+	if(GNOME_KEYRING_RESULT_OK == gnome_keyring_delete_password_sync(&my_schema,"RetroShare SSL Id", RsInitConfig::preferedId.c_str(),NULL))
+	{
+		std::cerr << "Successfully Cleared gnome keyring passwd for SSLID " << RsInitConfig::preferedId << std::endl;
+		return true ;
+	}
+	else
+	{
+		std::cerr << "Could not clear gnome keyring passwd for SSLID " << RsInitConfig::preferedId << std::endl;
+		return false ;
+	}
+#else
 	std::string passwdfile = RsInitConfig::configDir;
 	passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
 	passwdfile += "help.dta";
@ -2085,7 +2160,7 @@ bool  RsInit::RsClearAutoLogin()
 	}

 	return false;
-
+#endif
 }


--- a/retroshare-gui/src/RetroShare.pro
+++ b/retroshare-gui/src/RetroShare.pro
@ -38,8 +38,9 @@ linux-* {
 	PRE_TARGETDEPS *= ../../libretroshare/src/lib/libretroshare.a

 	LIBS += ../../libretroshare/src/lib/libretroshare.a
-	LIBS += -lssl -lgpgme -lupnp -lXss
+	LIBS += -lssl -lgpgme -lupnp -lXss -lgnome-keyring
 	DEFINES *= HAVE_XSS # for idle time, libx screensaver extensions
+	DEFINES *= UBUNTU
 }

 linux-g++ {
--- a/retroshare-gui/src/gui/GenCertDialog.cpp
+++ b/retroshare-gui/src/gui/GenCertDialog.cpp
@ -20,6 +20,7 @@
 ****************************************************************/

 #include <rshare.h>
+#include <util/rsrandom.h>
 #include <retroshare/rsinit.h>
 #include "GenCertDialog.h"
 #include "InfoDialog.h"
@ -232,17 +233,17 @@ void GenCertDialog::genPerson()


 	//generate a random ssl password
-	std::cerr << " generating sslPasswd." << std::endl;
-	qsrand(time(NULL));
-	std::string sslPasswd = "";
-	const int PWD_LEN = RsInit::getSslPwdLen();
+	std::string sslPasswd = RSRandom::random_alphaNumericString(RsInit::getSslPwdLen()) ;
+	std::cerr << "Generated sslPasswd: " << sslPasswd << std::endl;

-	for( int i = 0 ; i < PWD_LEN ; ++i )
-	{
-	    int iNumber;
-	    iNumber = qrand()%25 + 65;
-	    sslPasswd += (char)iNumber;
-	}
+//	const int PWD_LEN = RsInit::getSslPwdLen();
+//
+//	for( int i = 0 ; i < PWD_LEN ; ++i )
+//	{
+//	    int iNumber;
+//	    iNumber = qrand()%(127-33) + 33;
+//	    sslPasswd += (char)iNumber;
+//	}

 	/* Initialise the PGP user first */
 	RsInit::SelectGPGAccount(PGPId);
--- a/retroshare-gui/src/gui/StartDialog.cpp
+++ b/retroshare-gui/src/gui/StartDialog.cpp
@ -209,12 +209,12 @@ LogoBar & StartDialog::getLogoBar() const {
 void StartDialog::notSecureWarning() {

 	/* some error msg */
-		if(ui.autologin_checkbox->isChecked()){
-            QMessageBox::warning ( this,
-                            tr("Insecure"),
-                            tr("Auto Login is not so much secure:\n    - Your SSL certificate will be stored unprotected. \n    - Your PGP key will however not be stored.\nThis choice be reverted in settings."),
-			QMessageBox::Ok);
-		}
+		if(ui.autologin_checkbox->isChecked())
+#ifdef UBUNTU
+				QMessageBox::warning ( this, tr("Warning"), tr(" The passwd to your SSL certificate (your location) will be stored encrypted in your Gnome Keyring. \n\n Your PGP passwd will not be stored.\n\nThis choice can be reverted in settings."), QMessageBox::Ok);
+#else
+				QMessageBox::warning ( this, tr("Warning"), tr(" The passwd to your SSL certificate (your location) will be stored encrypted in the keys/help.dta file. This is not secure. \n\n Your PGP passwd will not be stored.\n\nThis choice can be reverted in settings."), QMessageBox::Ok);
+#endif

 		return;
 }