diff --git a/libretroshare/src/rsiface/rsinit.h b/libretroshare/src/rsiface/rsinit.h index 99344f2f3..6f3c0cbe2 100644 --- a/libretroshare/src/rsiface/rsinit.h +++ b/libretroshare/src/rsiface/rsinit.h @@ -71,7 +71,7 @@ class RsInit /* Login SSL */ static bool LoadPassword(std::string id, std::string passwd) ; - /* Final Certificate load. This can be called if: + /** Final Certificate load. This can be called if: * a) InitRetroshare() returns true -> autoLoad/password Set. * b) SelectGPGAccount() && LoadPassword() */ @@ -83,6 +83,11 @@ class RsInit static std::string RsProfileConfigDirectory(); static bool setStartMinimised() ; + static int getSslPwdLen(); + static bool getAutoLogin(); + static void setAutoLogin(bool autoLogin); + static bool RsClearAutoLogin() ; + private: /* PreLogin */ @@ -98,9 +103,10 @@ class RsInit /* Auto Login */ static bool RsStoreAutoLogin() ; static bool RsTryAutoLogin() ; - static bool RsClearAutoLogin() ; + }; + #endif diff --git a/libretroshare/src/rsserver/p3face-config.cc b/libretroshare/src/rsserver/p3face-config.cc index c82bd99f0..bdab147f0 100644 --- a/libretroshare/src/rsserver/p3face-config.cc +++ b/libretroshare/src/rsserver/p3face-config.cc @@ -31,7 +31,7 @@ #include #include "pqi/authssl.h" #include "pqi/authgpg.h" - +#include "rsiface/rsinit.h" #include "util/rsdebug.h" const int p3facemsgzone = 11453; @@ -157,6 +157,8 @@ void RsServer::ConfigFinalSave() { /* force saving of transfers TODO */ //ftserver->saveFileTransferStatus(); + if(!RsInit::getAutoLogin()) + RsInit::RsClearAutoLogin(); //AuthSSL::getAuthSSL()->FinalSaveCertificates(); mConfigMgr->completeConfiguration(); @@ -164,6 +166,8 @@ void RsServer::ConfigFinalSave() void RsServer::rsGlobalShutDown() { + + ConfigFinalSave(); // save configuration before exit mConnMgr->shutdown(); /* Handles UPnP */ } diff --git a/libretroshare/src/rsserver/rsinit.cc b/libretroshare/src/rsserver/rsinit.cc index 855618418..8c2367cdc 100644 --- a/libretroshare/src/rsserver/rsinit.cc +++ b/libretroshare/src/rsserver/rsinit.cc @@ -125,6 +125,7 @@ static const std::string configKeyDir = "keys"; static const std::string configCaFile = "cacerts.pem"; static const std::string configLogFileName = "retro.log"; static const std::string configHelpName = "retro.htm"; +static const int SSLPWD_LEN = 6; std::list RsInitConfig::accountIds; std::string RsInitConfig::preferedId; @@ -193,7 +194,7 @@ void RsInit::InitRsConfig() strcpy(RsInitConfig::inet, "127.0.0.1"); strcpy(RsInitConfig::logfname, ""); - RsInitConfig::autoLogin = true; // Always on now. + RsInitConfig::autoLogin = false; // . RsInitConfig::startMinimised = false; RsInitConfig::passwd = ""; RsInitConfig::havePasswd = false; @@ -503,12 +504,17 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored) /* if existing user, and havePasswd .... we can skip the login prompt */ if (existingUser) { + if (RsInitConfig::havePasswd) { return 1; } + + RsInit::LoadPassword(RsInitConfig::preferedId, ""); + if (RsTryAutoLogin()) { + RsInit::setAutoLogin(true); return 1; } } @@ -1066,6 +1072,7 @@ bool RsInit::LoadPassword(std::string id, std::string inPwd) RsInitConfig::preferedId = id; RsInitConfig::configDir = RsInitConfig::basedir + RsInitConfig::dirSeperator + id; RsInitConfig::passwd = inPwd; + RsInitConfig::havePasswd = true; // Create the filename. @@ -1090,6 +1097,7 @@ bool RsInit::LoadPassword(std::string id, std::string inPwd) int RsInit::LoadCertificates(bool autoLoginNT) { + if (RsInitConfig::load_cert == "") { std::cerr << "RetroShare needs a certificate" << std::endl; @@ -1102,15 +1110,29 @@ int RsInit::LoadCertificates(bool autoLoginNT) return 0; } + RsInitConfig::autoLogin = autoLoginNT; bool ok = false; + bool have_help = false; + + // Check if help file exists + std::string help_file_name = RsInitConfig::configDir + RsInitConfig::dirSeperator + + configKeyDir + RsInitConfig::dirSeperator + "help.dta"; + FILE* helpFile = fopen(help_file_name.c_str(), "r"); + + if(helpFile != NULL){ + have_help = true; + fclose(helpFile); + } /* The SSL / SSL + PGP version requires, SSL init + PGP init. */ const char* sslPassword; sslPassword = RsInitConfig::passwd.c_str(); + + //check if password is already in memory - if ((RsInitConfig::havePasswd) && (RsInitConfig::passwd != "")) + if (((RsInitConfig::havePasswd) && (RsInitConfig::passwd != "")) && !have_help) { - std::cerr << "RetroShare have a ssl Password" << std::endl; + std::cerr << "RetroShare has a ssl Password" << std::endl; sslPassword = RsInitConfig::passwd.c_str(); std::cerr << "let's store the ssl Password into a pgp ecrypted file" << std::endl; @@ -1129,7 +1151,10 @@ int RsInit::LoadCertificates(bool autoLoginNT) gpgme_data_release (plain); fclose(sslPassphraseFile); - } else { + } else + if(!have_help) { + + //let's read the password from an encrypted file //let's check if there's a ssl_passpharese_file that we can decrypt with PGP FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "r"); @@ -1152,6 +1177,7 @@ int RsInit::LoadCertificates(bool autoLoginNT) std::cerr << "Decrypting went ok !" << std::endl; gpgme_data_write (plain, "", 1); sslPassword = gpgme_data_release_and_get_mem(plain, NULL); + std::cerr << "sslpassword: " << sslPassword << std::endl; } else { gpgme_data_release (plain); std::cerr << "Error : decrypting went wrong !" << std::endl; @@ -1162,7 +1188,19 @@ int RsInit::LoadCertificates(bool autoLoginNT) } } + + + if(have_help){ + sslPassword = RsInitConfig::passwd.c_str(); + } + else{ + RsInitConfig::passwd.insert(0, sslPassword, RsInit::getSslPwdLen()); + } + + + std::cerr << "RsInitConfig::load_key.c_str() : " << RsInitConfig::load_key.c_str() << std::endl; + if (0 < AuthSSL::getAuthSSL() -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(), sslPassword)) { ok = true; @@ -1175,7 +1213,7 @@ int RsInit::LoadCertificates(bool autoLoginNT) if (ok) { - if (autoLoginNT) + if (autoLoginNT && (!have_help)) { std::cerr << "RetroShare will AutoLogin next time"; std::cerr << std::endl; @@ -1306,6 +1344,9 @@ std::string make_path_unix(std::string path) /* WINDOWS STRUCTURES FOR DPAPI */ #ifndef WINDOWS_SYS /* UNIX */ + +#include + #else /******************************** WINDOWS/UNIX SPECIFIC PART ******************/ @@ -1375,11 +1416,45 @@ extern BOOL WINAPI CryptUnprotectData( bool RsInit::RsStoreAutoLogin() { std::cerr << "RsStoreAutoLogin()" << std::endl; - /* Windows only */ + /******************************** WINDOWS/UNIX SPECIFIC PART ******************/ #ifndef WINDOWS_SYS /* UNIX */ - return false; + + /* WARNING: Autologin is inherently unsafe */ + std::string helpFileName = RsInitConfig::configDir + RsInitConfig::dirSeperator + + configKeyDir + RsInitConfig::dirSeperator + "help.dta"; + FILE* helpFile = fopen(helpFileName.c_str(), "w"); + + if(helpFile == NULL){ + std::cerr << "\nRsStoreAutoLogin(): Failed to open help file\n" << std::endl; + return false; + } + + /* encrypt help */ + + const int DAT_LEN = RsInitConfig::passwd.length(); + const int KEY_DAT_LEN = RsInitConfig::load_cert.length(); + unsigned char* key_data = (unsigned char*)RsInitConfig::load_cert.c_str(); + unsigned char* indata = (unsigned char*)RsInitConfig::passwd.c_str(); + unsigned char* outdata = new unsigned char[DAT_LEN]; + + RC4_KEY* key = new RC4_KEY; + RC4_set_key(key, KEY_DAT_LEN, key_data); + + RC4(key, DAT_LEN, indata, outdata); + + + fprintf(helpFile, "%s", outdata); + fclose(helpFile); + + delete key; + delete[] outdata; + + + return true; #else +//XXX temp +#ifdef 0 /* store password encrypted in a file */ std::string entropy = RsInitConfig::load_cert; @@ -1432,7 +1507,7 @@ bool RsInit::RsStoreAutoLogin() /* save the data to the file */ std::string passwdfile = RsInitConfig::configDir; - passwdfile += RsInitConfig::dirSeperator; + passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator; passwdfile += "help.dta"; //std::cerr << "Save to: " << passwdfile; @@ -1457,7 +1532,7 @@ bool RsInit::RsStoreAutoLogin() free(pbDataInput); free(pbDataEnt); LocalFree(DataOut.pbData); - +#endif #endif /******************************** WINDOWS/UNIX SPECIFIC PART ******************/ @@ -1468,25 +1543,56 @@ bool RsInit::RsStoreAutoLogin() bool RsInit::RsTryAutoLogin() { + std::cerr << "RsTryAutoLogin()" << std::endl; - /* Windows only */ + /******************************** WINDOWS/UNIX SPECIFIC PART ******************/ #ifndef WINDOWS_SYS /* UNIX */ - return false; -#else - /* Require a AutoLogin flag in the config to do this */ - if (!RsInitConfig::autoLogin) - { + std::string helpFileName = RsInitConfig::basedir + RsInitConfig::dirSeperator + RsInitConfig::preferedId + RsInitConfig::dirSeperator + + configKeyDir + RsInitConfig::dirSeperator + "help.dta"; + + FILE* helpFile = fopen(helpFileName.c_str(), "r"); + + if(helpFile == NULL){ + std::cerr << "\nFailed to open help file\n" << std::endl; return false; } + /* decrypt help */ + + const int DAT_LEN = RsInit::getSslPwdLen(); + const int KEY_DAT_LEN = RsInitConfig::load_cert.length(); + unsigned char* key_data = (unsigned char*)RsInitConfig::load_cert.c_str(); + unsigned char* indata = new unsigned char[DAT_LEN]; + unsigned char* outdata = new unsigned char[DAT_LEN]; + + fscanf(helpFile, "%s", indata); + + RC4_KEY* key = new RC4_KEY; + RC4_set_key(key, KEY_DAT_LEN, key_data); + + RC4(key, DAT_LEN, indata, outdata); + + RsInitConfig::passwd.clear(); + RsInitConfig::passwd.insert(0, (char*)outdata, DAT_LEN); + + + fclose(helpFile); + + delete[] indata; + delete[] outdata; + delete key; + return true; +#else + +#ifdef 0 //XXX Temp /* try to load from file */ std::string entropy = RsInitConfig::load_cert; /* get the data out */ /* open the data to the file */ std::string passwdfile = RsInitConfig::configDir; - passwdfile += RsInitConfig::dirSeperator; + passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator; passwdfile += "help.dta"; DATA_BLOB DataIn; @@ -1585,6 +1691,7 @@ bool RsInit::RsTryAutoLogin() return isDecrypt; #endif +#endif /******************************** WINDOWS/UNIX SPECIFIC PART ******************/ return false; @@ -1592,12 +1699,9 @@ bool RsInit::RsTryAutoLogin() bool RsInit::RsClearAutoLogin() { -/******************************** WINDOWS/UNIX SPECIFIC PART ******************/ -#ifndef WINDOWS_SYS /* UNIX */ - return false; -#else +#ifndef WINDOWS_SYS std::string passwdfile = RsInitConfig::configDir; - passwdfile += RsInitConfig::dirSeperator; + passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator; passwdfile += "help.dta"; FILE *fp = fopen(passwdfile.c_str(), "wb"); @@ -1605,15 +1709,18 @@ bool RsInit::RsClearAutoLogin() { fwrite(" ", 1, 1, fp); fclose(fp); + bool removed = remove(passwdfile.c_str()); - std::cerr << "AutoLogin Data cleared! "; + if(removed != 0) + std::cerr << "RsClearAutoLogin(): Failed to Removed help file" << std::endl; + + std::cerr << "AutoLogin Data cleared "; std::cerr << std::endl; return true; } - return false; #endif -/******************************** WINDOWS/UNIX SPECIFIC PART ******************/ return false; + } @@ -1648,6 +1755,17 @@ bool RsInit::setStartMinimised() return RsInitConfig::startMinimised; } +int RsInit::getSslPwdLen(){ + return SSLPWD_LEN; +} + +bool RsInit::getAutoLogin(){ + return RsInitConfig::autoLogin; +} + +void RsInit::setAutoLogin(bool autoLogin){ + RsInitConfig::autoLogin = autoLogin; +} /* *