Added support for Auto-login

- Using rc4 to store ssl pword on file for linux, for windows already using cryptprotect - yes its not safe, but its the user's choice to keep pword or not - consider using method closely hooked to linux kernel (another layer of obfuscation) - windows i believe is stronger (because its proprietary/ heavily obfuscated) git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2690 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-12-15 10:54:22 -05:00 · 2010-04-08 12:02:46 +00:00 · 2010-04-08 12:02:46 +00:00 · 658946bcd2
commit 658946bcd2
parent 6b8f62d8f0
3 changed files with 155 additions and 27 deletions
--- a/libretroshare/src/rsiface/rsinit.h
+++ b/libretroshare/src/rsiface/rsinit.h
@ -71,7 +71,7 @@ class RsInit
 		/* Login SSL */
 		static bool	LoadPassword(std::string id, std::string passwd) ;
-		/* Final Certificate load. This can be called if:
+		/** Final Certificate load. This can be called if:
 		 * a) InitRetroshare() returns true -> autoLoad/password Set.
 		 * b) SelectGPGAccount() && LoadPassword()
 		 */
@ -83,6 +83,11 @@ class RsInit
                static std::string      RsProfileConfigDirectory();
 		static bool	setStartMinimised() ;
 		static int getSslPwdLen();
 		static bool getAutoLogin();
 		static void setAutoLogin(bool autoLogin);
 		static bool RsClearAutoLogin() ;
 	private:
 		/* PreLogin */
@ -98,9 +103,10 @@ class RsInit
 		/* Auto Login */
 		static bool RsStoreAutoLogin() ;
 		static bool RsTryAutoLogin() ;
-		static bool RsClearAutoLogin() ;
+
 };
 #endif
--- a/libretroshare/src/rsserver/p3face-config.cc
+++ b/libretroshare/src/rsserver/p3face-config.cc
@ -31,7 +31,7 @@
 #include <sstream>
 #include "pqi/authssl.h"
 #include "pqi/authgpg.h"
-
+#include "rsiface/rsinit.h"
 #include "util/rsdebug.h"
 const int p3facemsgzone = 11453;
@ -157,6 +157,8 @@ void    RsServer::ConfigFinalSave()
 {
 	/* force saving of transfers TODO */
 	//ftserver->saveFileTransferStatus();
 	if(!RsInit::getAutoLogin())
 		RsInit::RsClearAutoLogin();
        //AuthSSL::getAuthSSL()->FinalSaveCertificates();
 	mConfigMgr->completeConfiguration();
@ -164,6 +166,8 @@ void    RsServer::ConfigFinalSave()
 void RsServer::rsGlobalShutDown()
 {
 	ConfigFinalSave(); // save configuration before exit
 	mConnMgr->shutdown(); /* Handles UPnP */
 }
--- a/libretroshare/src/rsserver/rsinit.cc
+++ b/libretroshare/src/rsserver/rsinit.cc
@ -125,6 +125,7 @@ static const std::string configKeyDir = "keys";
 static const std::string configCaFile = "cacerts.pem";
 static const std::string configLogFileName = "retro.log";
 static const std::string configHelpName = "retro.htm";
 static const int SSLPWD_LEN = 6;
 std::list<accountId> RsInitConfig::accountIds;
 std::string RsInitConfig::preferedId;
@ -193,7 +194,7 @@ void RsInit::InitRsConfig()
 	strcpy(RsInitConfig::inet, "127.0.0.1");
 	strcpy(RsInitConfig::logfname, "");
-	RsInitConfig::autoLogin      = true; // Always on now.
+	RsInitConfig::autoLogin      = false; // .
 	RsInitConfig::startMinimised = false;
 	RsInitConfig::passwd         = "";
 	RsInitConfig::havePasswd     = false;
@ -503,12 +504,17 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored)
 	/* if existing user, and havePasswd .... we can skip the login prompt */
 	if (existingUser)
 	{
 		if (RsInitConfig::havePasswd)
 		{
 			return 1;
 		}
 		RsInit::LoadPassword(RsInitConfig::preferedId, "");
 		if (RsTryAutoLogin())
 		{
 			RsInit::setAutoLogin(true);
 			return 1;
 		}
 	}
@ -1066,6 +1072,7 @@ bool     RsInit::LoadPassword(std::string id, std::string inPwd)
 	RsInitConfig::preferedId = id;
 	RsInitConfig::configDir = RsInitConfig::basedir + RsInitConfig::dirSeperator + id;
 	RsInitConfig::passwd = inPwd;
 	RsInitConfig::havePasswd = true;
        // Create the filename.
@ -1090,6 +1097,7 @@ bool     RsInit::LoadPassword(std::string id, std::string inPwd)
 int RsInit::LoadCertificates(bool autoLoginNT)
 {
 	if (RsInitConfig::load_cert == "")
 	{
 	  std::cerr << "RetroShare needs a certificate" << std::endl;
@ -1102,15 +1110,29 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 	  return 0;
 	}
 	RsInitConfig::autoLogin = autoLoginNT;
 	bool ok = false;
 	bool have_help = false;
 	// Check if help file exists
 	std::string help_file_name = RsInitConfig::configDir + RsInitConfig::dirSeperator +
 				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
 	FILE* helpFile = fopen(help_file_name.c_str(), "r");
 	if(helpFile != NULL){
 		have_help = true;
 		fclose(helpFile);
 	}
 	/* The SSL / SSL + PGP version requires, SSL init + PGP init.  */
 	const char* sslPassword;
 	sslPassword = RsInitConfig::passwd.c_str();
 	//check if password is already in memory
-	if ((RsInitConfig::havePasswd) && (RsInitConfig::passwd != ""))
+	if (((RsInitConfig::havePasswd) && (RsInitConfig::passwd != "")) && !have_help)
 	{
-		std::cerr << "RetroShare have a ssl Password" << std::endl;
+		std::cerr << "RetroShare has a ssl Password" << std::endl;
 		sslPassword = RsInitConfig::passwd.c_str();
 		std::cerr << "let's store the ssl Password into a pgp ecrypted file" << std::endl;
@ -1129,7 +1151,10 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		gpgme_data_release (plain);
 		fclose(sslPassphraseFile);
-	} else {
+	} else
 	if(!have_help)	{
 		//let's read the password from an encrypted file
 		//let's check if there's a ssl_passpharese_file that we can decrypt with PGP
 		FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "r");
@ -1152,6 +1177,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 			    std::cerr << "Decrypting went ok !" << std::endl;
                            gpgme_data_write (plain, "", 1);
 			    sslPassword = gpgme_data_release_and_get_mem(plain, NULL);
 			    std::cerr << "sslpassword: " << sslPassword << std::endl;
 			} else {
 			    gpgme_data_release (plain);
                            std::cerr << "Error : decrypting went wrong !" << std::endl;
@ -1162,7 +1188,19 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		}
 	}
 	if(have_help){
 		sslPassword = RsInitConfig::passwd.c_str();
 	}
 	else{
 		RsInitConfig::passwd.insert(0, sslPassword, RsInit::getSslPwdLen());
 	}
 	std::cerr << "RsInitConfig::load_key.c_str() : " << RsInitConfig::load_key.c_str() << std::endl;
        if (0 < AuthSSL::getAuthSSL() -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(), sslPassword))
 	{
 		ok = true;
@ -1175,7 +1213,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 	if (ok)
 	{
-		if (autoLoginNT)
+		if (autoLoginNT && (!have_help))
 		{
 			std::cerr << "RetroShare will AutoLogin next time";
 			std::cerr << std::endl;
@ -1306,6 +1344,9 @@ std::string make_path_unix(std::string path)
 /* WINDOWS STRUCTURES FOR DPAPI */
 #ifndef WINDOWS_SYS /* UNIX */
 #include <openssl/rc4.h>
 #else
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
@ -1375,11 +1416,45 @@ extern BOOL WINAPI CryptUnprotectData(
 bool  RsInit::RsStoreAutoLogin()
 {
 	std::cerr << "RsStoreAutoLogin()" << std::endl;
-	/* Windows only */
+
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
-	return false;
+
 	/* WARNING: Autologin is inherently unsafe */
 	std::string helpFileName = RsInitConfig::configDir + RsInitConfig::dirSeperator +
 				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
 	FILE* helpFile = fopen(helpFileName.c_str(), "w");
 	if(helpFile == NULL){
 		std::cerr << "\nRsStoreAutoLogin(): Failed to open help file\n" << std::endl;
 		return false;
 	}
 	/* encrypt help */
 	const int DAT_LEN = RsInitConfig::passwd.length();
 	const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
 	unsigned char* key_data = (unsigned char*)RsInitConfig::load_cert.c_str();
 	unsigned char* indata = (unsigned char*)RsInitConfig::passwd.c_str();
 	unsigned char* outdata = new unsigned char[DAT_LEN];
 	RC4_KEY* key = new RC4_KEY;
 	RC4_set_key(key, KEY_DAT_LEN, key_data);
 	RC4(key, DAT_LEN, indata, outdata);
 	fprintf(helpFile, "%s", outdata);
 	fclose(helpFile);
 	delete key;
 	delete[] outdata;
 	return true;
 #else
 //XXX temp
 #ifdef 0
 	/* store password encrypted in a file */
 	std::string entropy = RsInitConfig::load_cert;
@ -1432,7 +1507,7 @@ bool  RsInit::RsStoreAutoLogin()
 		/* save the data to the file */
 		std::string passwdfile = RsInitConfig::configDir;
-		passwdfile += RsInitConfig::dirSeperator;
+		passwdfile += RsInitConfig::dirSeperator  + configKeyDir + RsInitConfig::dirSeperator;
 		passwdfile += "help.dta";
     		//std::cerr << "Save to: " << passwdfile;
@ -1457,7 +1532,7 @@ bool  RsInit::RsStoreAutoLogin()
 	free(pbDataInput);
 	free(pbDataEnt);
 	LocalFree(DataOut.pbData);
-
+#endif
 #endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
@ -1468,25 +1543,56 @@ bool  RsInit::RsStoreAutoLogin()
 bool  RsInit::RsTryAutoLogin()
 {
 	std::cerr << "RsTryAutoLogin()" << std::endl;
-	/* Windows only */
+
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
-	return false;
+	std::string helpFileName = RsInitConfig::basedir + RsInitConfig::dirSeperator + RsInitConfig::preferedId + RsInitConfig::dirSeperator +
-#else
+				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
-	/* Require a AutoLogin flag in the config to do this */
+
-	if (!RsInitConfig::autoLogin)
+	FILE* helpFile = fopen(helpFileName.c_str(), "r");
-	{
+
 	if(helpFile == NULL){
 		std::cerr << "\nFailed to open help file\n" << std::endl;
 		return false;
 	}
 	/* decrypt help */
 	const int DAT_LEN = RsInit::getSslPwdLen();
 	const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
 	unsigned char* key_data  = (unsigned char*)RsInitConfig::load_cert.c_str();
 	unsigned char* indata = new unsigned char[DAT_LEN];
 	unsigned char* outdata = new unsigned char[DAT_LEN];
 	fscanf(helpFile, "%s", indata);
 	RC4_KEY* key = new RC4_KEY;
 	RC4_set_key(key, KEY_DAT_LEN, key_data);
 	RC4(key, DAT_LEN, indata, outdata);
 	RsInitConfig::passwd.clear();
 	RsInitConfig::passwd.insert(0, (char*)outdata, DAT_LEN);
 	fclose(helpFile);
 	delete[] indata;
 	delete[] outdata;
 	delete key;
 	return true;
 #else
 #ifdef 0 //XXX Temp
 	/* try to load from file */
 	std::string entropy = RsInitConfig::load_cert;
 	/* get the data out */
 	/* open the data to the file */
 	std::string passwdfile = RsInitConfig::configDir;
-	passwdfile += RsInitConfig::dirSeperator;
+	passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
 	passwdfile += "help.dta";
 	DATA_BLOB DataIn;
@ -1585,6 +1691,7 @@ bool  RsInit::RsTryAutoLogin()
 	return isDecrypt;
 #endif
 #endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 	return false;
@ -1592,12 +1699,9 @@ bool  RsInit::RsTryAutoLogin()
 bool  RsInit::RsClearAutoLogin()
 {
-/******************************** WINDOWS/UNIX SPECIFIC PART ******************/
+#ifndef WINDOWS_SYS
 #ifndef WINDOWS_SYS /* UNIX */
 	return false;
 #else
 	std::string passwdfile = RsInitConfig::configDir;
-	passwdfile += RsInitConfig::dirSeperator;
+	passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
 	passwdfile += "help.dta";
 	FILE *fp = fopen(passwdfile.c_str(), "wb");
@ -1605,15 +1709,18 @@ bool  RsInit::RsClearAutoLogin()
 	{
 		fwrite(" ", 1, 1, fp);
 		fclose(fp);
 		bool removed = remove(passwdfile.c_str());
-     		std::cerr << "AutoLogin Data cleared! ";
+		if(removed != 0)
 			std::cerr << "RsClearAutoLogin(): Failed to Removed help file" << std::endl;
     		std::cerr << "AutoLogin Data cleared ";
     		std::cerr << std::endl;
 		return true;
 	}
 	return false;
 #endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 	return false;
 }
@ -1648,6 +1755,17 @@ bool	RsInit::setStartMinimised()
 	return RsInitConfig::startMinimised;
 }
 int RsInit::getSslPwdLen(){
 	return SSLPWD_LEN;
 }
 bool RsInit::getAutoLogin(){
 	return RsInitConfig::autoLogin;
 }
 void RsInit::setAutoLogin(bool autoLogin){
 	RsInitConfig::autoLogin = autoLogin;
 }
 /*
 *