Added support for Auto-login

- Using rc4 to store ssl pword on file for linux,  for windows already using cryptprotect
 - yes its not safe, but its the user's choice to keep pword or not
 - consider using method closely hooked to linux kernel (another layer of obfuscation)
 - windows i believe is stronger (because its proprietary/ heavily obfuscated)

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2690 b45a01b8-16f6-495d-af2f-9b41ad6348cc

libretroshare/src/rsiface/rsinit.h

@@ -71,7 +71,7 @@ class RsInit
 		/* Login SSL */
 		static bool	LoadPassword(std::string id, std::string passwd) ;
 
-		/* Final Certificate load. This can be called if:
+		/** Final Certificate load. This can be called if:
 		 * a) InitRetroshare() returns true -> autoLoad/password Set.
 		 * b) SelectGPGAccount() && LoadPassword()
 		 */
@@ -83,6 +83,11 @@ class RsInit
                 static std::string      RsProfileConfigDirectory();
 		static bool	setStartMinimised() ;
 
+		static int getSslPwdLen();
+		static bool getAutoLogin();
+		static void setAutoLogin(bool autoLogin);
+		static bool RsClearAutoLogin() ;
+
 
 	private:
 		/* PreLogin */
@@ -98,9 +103,10 @@ class RsInit
 		/* Auto Login */
 		static bool RsStoreAutoLogin() ;
 		static bool RsTryAutoLogin() ;
-		static bool RsClearAutoLogin() ;
+
 
 };
 
 
+
 #endif

libretroshare/src/rsserver/p3face-config.cc

@@ -31,7 +31,7 @@
 #include <sstream>
 #include "pqi/authssl.h"
 #include "pqi/authgpg.h"
-
+#include "rsiface/rsinit.h"
 #include "util/rsdebug.h"
 const int p3facemsgzone = 11453;
 
@@ -157,6 +157,8 @@ void    RsServer::ConfigFinalSave()
 {
 	/* force saving of transfers TODO */
 	//ftserver->saveFileTransferStatus();
+	if(!RsInit::getAutoLogin())
+		RsInit::RsClearAutoLogin();
 
         //AuthSSL::getAuthSSL()->FinalSaveCertificates();
 	mConfigMgr->completeConfiguration();
@@ -164,6 +166,8 @@ void    RsServer::ConfigFinalSave()
 
 void RsServer::rsGlobalShutDown()
 {
+
+
 	ConfigFinalSave(); // save configuration before exit
 	mConnMgr->shutdown(); /* Handles UPnP */
 }

libretroshare/src/rsserver/rsinit.cc

@@ -125,6 +125,7 @@ static const std::string configKeyDir = "keys";
 static const std::string configCaFile = "cacerts.pem";
 static const std::string configLogFileName = "retro.log";
 static const std::string configHelpName = "retro.htm";
+static const int SSLPWD_LEN = 6;
 
 std::list<accountId> RsInitConfig::accountIds;
 std::string RsInitConfig::preferedId;
@@ -193,7 +194,7 @@ void RsInit::InitRsConfig()
 	strcpy(RsInitConfig::inet, "127.0.0.1");
 	strcpy(RsInitConfig::logfname, "");
 
-	RsInitConfig::autoLogin      = true; // Always on now.
+	RsInitConfig::autoLogin      = false; // .
 	RsInitConfig::startMinimised = false;
 	RsInitConfig::passwd         = "";
 	RsInitConfig::havePasswd     = false;
@@ -503,12 +504,17 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored)
 	/* if existing user, and havePasswd .... we can skip the login prompt */
 	if (existingUser)
 	{
+
 		if (RsInitConfig::havePasswd)
 		{
 			return 1;
 		}
+
+		RsInit::LoadPassword(RsInitConfig::preferedId, "");
+
 		if (RsTryAutoLogin())
 		{
+			RsInit::setAutoLogin(true);
 			return 1;
 		}
 	}
@@ -1066,6 +1072,7 @@ bool     RsInit::LoadPassword(std::string id, std::string inPwd)
 	RsInitConfig::preferedId = id;
 	RsInitConfig::configDir = RsInitConfig::basedir + RsInitConfig::dirSeperator + id;
 	RsInitConfig::passwd = inPwd;
+
 	RsInitConfig::havePasswd = true;
 
         // Create the filename.
@@ -1090,6 +1097,7 @@ bool     RsInit::LoadPassword(std::string id, std::string inPwd)
 
 int RsInit::LoadCertificates(bool autoLoginNT)
 {
+
 	if (RsInitConfig::load_cert == "")
 	{
 	  std::cerr << "RetroShare needs a certificate" << std::endl;
@@ -1102,15 +1110,29 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 	  return 0;
 	}
 
+	RsInitConfig::autoLogin = autoLoginNT;
 	bool ok = false;
+	bool have_help = false;
+
+	// Check if help file exists
+	std::string help_file_name = RsInitConfig::configDir + RsInitConfig::dirSeperator +
+				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
+	FILE* helpFile = fopen(help_file_name.c_str(), "r");
+
+	if(helpFile != NULL){
+		have_help = true;
+		fclose(helpFile);
+	}
 
 	/* The SSL / SSL + PGP version requires, SSL init + PGP init.  */
 	const char* sslPassword;
 	sslPassword = RsInitConfig::passwd.c_str();
+
+
 	//check if password is already in memory
-	if ((RsInitConfig::havePasswd) && (RsInitConfig::passwd != ""))
+	if (((RsInitConfig::havePasswd) && (RsInitConfig::passwd != "")) && !have_help)
 	{
-		std::cerr << "RetroShare have a ssl Password" << std::endl;
+		std::cerr << "RetroShare has a ssl Password" << std::endl;
 		sslPassword = RsInitConfig::passwd.c_str();
 
 		std::cerr << "let's store the ssl Password into a pgp ecrypted file" << std::endl;
@@ -1129,7 +1151,10 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		gpgme_data_release (plain);
 		fclose(sslPassphraseFile);
 
-	} else {
+	} else
+	if(!have_help)	{
+
+
 		//let's read the password from an encrypted file
 		//let's check if there's a ssl_passpharese_file that we can decrypt with PGP
 		FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "r");
@@ -1152,6 +1177,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 			    std::cerr << "Decrypting went ok !" << std::endl;
                             gpgme_data_write (plain, "", 1);
 			    sslPassword = gpgme_data_release_and_get_mem(plain, NULL);
+			    std::cerr << "sslpassword: " << sslPassword << std::endl;
 			} else {
 			    gpgme_data_release (plain);
                             std::cerr << "Error : decrypting went wrong !" << std::endl;
@@ -1162,7 +1188,19 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		}
 	}
 
+
+
+	if(have_help){
+		sslPassword = RsInitConfig::passwd.c_str();
+	}
+	else{
+		RsInitConfig::passwd.insert(0, sslPassword, RsInit::getSslPwdLen());
+	}
+
+
+
 	std::cerr << "RsInitConfig::load_key.c_str() : " << RsInitConfig::load_key.c_str() << std::endl;
+
         if (0 < AuthSSL::getAuthSSL() -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(), sslPassword))
 	{
 		ok = true;
@@ -1175,7 +1213,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 
 	if (ok)
 	{
-		if (autoLoginNT)
+		if (autoLoginNT && (!have_help))
 		{
 			std::cerr << "RetroShare will AutoLogin next time";
 			std::cerr << std::endl;
@@ -1306,6 +1344,9 @@ std::string make_path_unix(std::string path)
 /* WINDOWS STRUCTURES FOR DPAPI */
 
 #ifndef WINDOWS_SYS /* UNIX */
+
+#include <openssl/rc4.h>
+
 #else
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 
@@ -1375,11 +1416,45 @@ extern BOOL WINAPI CryptUnprotectData(
 bool  RsInit::RsStoreAutoLogin()
 {
 	std::cerr << "RsStoreAutoLogin()" << std::endl;
-	/* Windows only */
+
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
-	return false;
+
+	/* WARNING: Autologin is inherently unsafe */
+	std::string helpFileName = RsInitConfig::configDir + RsInitConfig::dirSeperator +
+				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
+	FILE* helpFile = fopen(helpFileName.c_str(), "w");
+
+	if(helpFile == NULL){
+		std::cerr << "\nRsStoreAutoLogin(): Failed to open help file\n" << std::endl;
+		return false;
+	}
+
+	/* encrypt help */
+
+	const int DAT_LEN = RsInitConfig::passwd.length();
+	const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
+	unsigned char* key_data = (unsigned char*)RsInitConfig::load_cert.c_str();
+	unsigned char* indata = (unsigned char*)RsInitConfig::passwd.c_str();
+	unsigned char* outdata = new unsigned char[DAT_LEN];
+
+	RC4_KEY* key = new RC4_KEY;
+	RC4_set_key(key, KEY_DAT_LEN, key_data);
+
+	RC4(key, DAT_LEN, indata, outdata);
+
+
+	fprintf(helpFile, "%s", outdata);
+	fclose(helpFile);
+
+	delete key;
+	delete[] outdata;
+
+
+	return true;
 #else
+//XXX temp
+#ifdef 0
 	/* store password encrypted in a file */
 	std::string entropy = RsInitConfig::load_cert;
 
@@ -1432,7 +1507,7 @@ bool  RsInit::RsStoreAutoLogin()
 
 		/* save the data to the file */
 		std::string passwdfile = RsInitConfig::configDir;
-		passwdfile += RsInitConfig::dirSeperator;
+		passwdfile += RsInitConfig::dirSeperator  + configKeyDir + RsInitConfig::dirSeperator;
 		passwdfile += "help.dta";
 
      		//std::cerr << "Save to: " << passwdfile;
@@ -1457,7 +1532,7 @@ bool  RsInit::RsStoreAutoLogin()
 	free(pbDataInput);
 	free(pbDataEnt);
 	LocalFree(DataOut.pbData);
-
+#endif
 #endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 
@@ -1468,25 +1543,56 @@ bool  RsInit::RsStoreAutoLogin()
 
 bool  RsInit::RsTryAutoLogin()
 {
+
 	std::cerr << "RsTryAutoLogin()" << std::endl;
-	/* Windows only */
+
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
-	return false;
-#else
-	/* Require a AutoLogin flag in the config to do this */
-	if (!RsInitConfig::autoLogin)
-	{
+	std::string helpFileName = RsInitConfig::basedir + RsInitConfig::dirSeperator + RsInitConfig::preferedId + RsInitConfig::dirSeperator +
+				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
+
+	FILE* helpFile = fopen(helpFileName.c_str(), "r");
+
+	if(helpFile == NULL){
+		std::cerr << "\nFailed to open help file\n" << std::endl;
 		return false;
 	}
 
+	/* decrypt help */
+
+	const int DAT_LEN = RsInit::getSslPwdLen();
+	const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
+	unsigned char* key_data  = (unsigned char*)RsInitConfig::load_cert.c_str();
+	unsigned char* indata = new unsigned char[DAT_LEN];
+	unsigned char* outdata = new unsigned char[DAT_LEN];
+
+	fscanf(helpFile, "%s", indata);
+
+	RC4_KEY* key = new RC4_KEY;
+	RC4_set_key(key, KEY_DAT_LEN, key_data);
+
+	RC4(key, DAT_LEN, indata, outdata);
+
+	RsInitConfig::passwd.clear();
+	RsInitConfig::passwd.insert(0, (char*)outdata, DAT_LEN);
+
+
+	fclose(helpFile);
+
+	delete[] indata;
+	delete[] outdata;
+	delete key;
+	return true;
+#else
+
+#ifdef 0 //XXX Temp
 	/* try to load from file */
 	std::string entropy = RsInitConfig::load_cert;
 	/* get the data out */
 
 	/* open the data to the file */
 	std::string passwdfile = RsInitConfig::configDir;
-	passwdfile += RsInitConfig::dirSeperator;
+	passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
 	passwdfile += "help.dta";
 
 	DATA_BLOB DataIn;
@@ -1585,6 +1691,7 @@ bool  RsInit::RsTryAutoLogin()
 
 	return isDecrypt;
 #endif
+#endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 
 	return false;
@@ -1592,12 +1699,9 @@ bool  RsInit::RsTryAutoLogin()
 
 bool  RsInit::RsClearAutoLogin()
 {
-/******************************** WINDOWS/UNIX SPECIFIC PART ******************/
-#ifndef WINDOWS_SYS /* UNIX */
-	return false;
-#else
+#ifndef WINDOWS_SYS
 	std::string passwdfile = RsInitConfig::configDir;
-	passwdfile += RsInitConfig::dirSeperator;
+	passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
 	passwdfile += "help.dta";
 
 	FILE *fp = fopen(passwdfile.c_str(), "wb");
@@ -1605,15 +1709,18 @@ bool  RsInit::RsClearAutoLogin()
 	{
 		fwrite(" ", 1, 1, fp);
 		fclose(fp);
+		bool removed = remove(passwdfile.c_str());
 
-     		std::cerr << "AutoLogin Data cleared! ";
+		if(removed != 0)
+			std::cerr << "RsClearAutoLogin(): Failed to Removed help file" << std::endl;
+
+     		std::cerr << "AutoLogin Data cleared ";
      		std::cerr << std::endl;
 		return true;
 	}
-	return false;
 #endif
-/******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 	return false;
+
 }
 
 
@@ -1648,6 +1755,17 @@ bool	RsInit::setStartMinimised()
 	return RsInitConfig::startMinimised;
 }
 
+int RsInit::getSslPwdLen(){
+	return SSLPWD_LEN;
+}
+
+bool RsInit::getAutoLogin(){
+	return RsInitConfig::autoLogin;
+}
+
+void RsInit::setAutoLogin(bool autoLogin){
+	RsInitConfig::autoLogin = autoLogin;
+}
 
 /*
  *