Added support for Auto-login

- Using rc4 to store ssl pword on file for linux, for windows already using cryptprotect - yes its not safe, but its the user's choice to keep pword or not - consider using method closely hooked to linux kernel (another layer of obfuscation) - windows i believe is stronger (because its proprietary/ heavily obfuscated) git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2690 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-12-15 02:44:20 -05:00 · 2010-04-08 12:02:46 +00:00 · 2010-04-08 12:02:46 +00:00 · 658946bcd2
commit 658946bcd2
parent 6b8f62d8f0
3 changed files with 155 additions and 27 deletions
--- a/libretroshare/src/rsiface/rsinit.h
+++ b/libretroshare/src/rsiface/rsinit.h
@ -71,7 +71,7 @@ class RsInit
 		/* Login SSL */
 		static bool	LoadPassword(std::string id, std::string passwd) ;

-		/* Final Certificate load. This can be called if:
+		/** Final Certificate load. This can be called if:
 		 * a) InitRetroshare() returns true -> autoLoad/password Set.
 		 * b) SelectGPGAccount() && LoadPassword()
 		 */
@ -83,6 +83,11 @@ class RsInit
                static std::string      RsProfileConfigDirectory();
 		static bool	setStartMinimised() ;

+		static int getSslPwdLen();
+		static bool getAutoLogin();
+		static void setAutoLogin(bool autoLogin);
+		static bool RsClearAutoLogin() ;
+

 	private:
 		/* PreLogin */
@ -98,9 +103,10 @@ class RsInit
 		/* Auto Login */
 		static bool RsStoreAutoLogin() ;
 		static bool RsTryAutoLogin() ;
-		static bool RsClearAutoLogin() ;
+

 };


+
 #endif
--- a/libretroshare/src/rsserver/p3face-config.cc
+++ b/libretroshare/src/rsserver/p3face-config.cc
@ -31,7 +31,7 @@
 #include <sstream>
 #include "pqi/authssl.h"
 #include "pqi/authgpg.h"
-
+#include "rsiface/rsinit.h"
 #include "util/rsdebug.h"
 const int p3facemsgzone = 11453;

@ -157,6 +157,8 @@ void    RsServer::ConfigFinalSave()
 {
 	/* force saving of transfers TODO */
 	//ftserver->saveFileTransferStatus();
+	if(!RsInit::getAutoLogin())
+		RsInit::RsClearAutoLogin();

        //AuthSSL::getAuthSSL()->FinalSaveCertificates();
 	mConfigMgr->completeConfiguration();
@ -164,6 +166,8 @@ void    RsServer::ConfigFinalSave()

 void RsServer::rsGlobalShutDown()
 {
+
+
 	ConfigFinalSave(); // save configuration before exit
 	mConnMgr->shutdown(); /* Handles UPnP */
 }
--- a/libretroshare/src/rsserver/rsinit.cc
+++ b/libretroshare/src/rsserver/rsinit.cc
@ -125,6 +125,7 @@ static const std::string configKeyDir = "keys";
 static const std::string configCaFile = "cacerts.pem";
 static const std::string configLogFileName = "retro.log";
 static const std::string configHelpName = "retro.htm";
+static const int SSLPWD_LEN = 6;

 std::list<accountId> RsInitConfig::accountIds;
 std::string RsInitConfig::preferedId;
@ -193,7 +194,7 @@ void RsInit::InitRsConfig()
 	strcpy(RsInitConfig::inet, "127.0.0.1");
 	strcpy(RsInitConfig::logfname, "");

-	RsInitConfig::autoLogin      = true; // Always on now.
+	RsInitConfig::autoLogin      = false; // .
 	RsInitConfig::startMinimised = false;
 	RsInitConfig::passwd         = "";
 	RsInitConfig::havePasswd     = false;
@ -503,12 +504,17 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored)
 	/* if existing user, and havePasswd .... we can skip the login prompt */
 	if (existingUser)
 	{
+
 		if (RsInitConfig::havePasswd)
 		{
 			return 1;
 		}
+
+		RsInit::LoadPassword(RsInitConfig::preferedId, "");
+
 		if (RsTryAutoLogin())
 		{
+			RsInit::setAutoLogin(true);
 			return 1;
 		}
 	}
@ -1066,6 +1072,7 @@ bool     RsInit::LoadPassword(std::string id, std::string inPwd)
 	RsInitConfig::preferedId = id;
 	RsInitConfig::configDir = RsInitConfig::basedir + RsInitConfig::dirSeperator + id;
 	RsInitConfig::passwd = inPwd;
+
 	RsInitConfig::havePasswd = true;

        // Create the filename.
@ -1090,6 +1097,7 @@ bool     RsInit::LoadPassword(std::string id, std::string inPwd)

 int RsInit::LoadCertificates(bool autoLoginNT)
 {
+
 	if (RsInitConfig::load_cert == "")
 	{
 	  std::cerr << "RetroShare needs a certificate" << std::endl;
@ -1102,15 +1110,29 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 	  return 0;
 	}

+	RsInitConfig::autoLogin = autoLoginNT;
 	bool ok = false;
+	bool have_help = false;
+
+	// Check if help file exists
+	std::string help_file_name = RsInitConfig::configDir + RsInitConfig::dirSeperator +
+				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
+	FILE* helpFile = fopen(help_file_name.c_str(), "r");
+
+	if(helpFile != NULL){
+		have_help = true;
+		fclose(helpFile);
+	}

 	/* The SSL / SSL + PGP version requires, SSL init + PGP init.  */
 	const char* sslPassword;
 	sslPassword = RsInitConfig::passwd.c_str();
+
+
 	//check if password is already in memory
-	if ((RsInitConfig::havePasswd) && (RsInitConfig::passwd != ""))
+	if (((RsInitConfig::havePasswd) && (RsInitConfig::passwd != "")) && !have_help)
 	{
-		std::cerr << "RetroShare have a ssl Password" << std::endl;
+		std::cerr << "RetroShare has a ssl Password" << std::endl;
 		sslPassword = RsInitConfig::passwd.c_str();

 		std::cerr << "let's store the ssl Password into a pgp ecrypted file" << std::endl;
@ -1129,7 +1151,10 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		gpgme_data_release (plain);
 		fclose(sslPassphraseFile);

-	} else {
+	} else
+	if(!have_help)	{
+
+
 		//let's read the password from an encrypted file
 		//let's check if there's a ssl_passpharese_file that we can decrypt with PGP
 		FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "r");
@ -1152,6 +1177,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 			    std::cerr << "Decrypting went ok !" << std::endl;
                            gpgme_data_write (plain, "", 1);
 			    sslPassword = gpgme_data_release_and_get_mem(plain, NULL);
+			    std::cerr << "sslpassword: " << sslPassword << std::endl;
 			} else {
 			    gpgme_data_release (plain);
                            std::cerr << "Error : decrypting went wrong !" << std::endl;
@ -1162,7 +1188,19 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		}
 	}

+
+
+	if(have_help){
+		sslPassword = RsInitConfig::passwd.c_str();
+	}
+	else{
+		RsInitConfig::passwd.insert(0, sslPassword, RsInit::getSslPwdLen());
+	}
+
+
+
 	std::cerr << "RsInitConfig::load_key.c_str() : " << RsInitConfig::load_key.c_str() << std::endl;
+
        if (0 < AuthSSL::getAuthSSL() -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(), sslPassword))
 	{
 		ok = true;
@ -1175,7 +1213,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)

 	if (ok)
 	{
-		if (autoLoginNT)
+		if (autoLoginNT && (!have_help))
 		{
 			std::cerr << "RetroShare will AutoLogin next time";
 			std::cerr << std::endl;
@ -1306,6 +1344,9 @@ std::string make_path_unix(std::string path)
 /* WINDOWS STRUCTURES FOR DPAPI */

 #ifndef WINDOWS_SYS /* UNIX */
+
+#include <openssl/rc4.h>
+
 #else
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/

@ -1375,11 +1416,45 @@ extern BOOL WINAPI CryptUnprotectData(
 bool  RsInit::RsStoreAutoLogin()
 {
 	std::cerr << "RsStoreAutoLogin()" << std::endl;
-	/* Windows only */
+
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
-	return false;
+
+	/* WARNING: Autologin is inherently unsafe */
+	std::string helpFileName = RsInitConfig::configDir + RsInitConfig::dirSeperator +
+				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
+	FILE* helpFile = fopen(helpFileName.c_str(), "w");
+
+	if(helpFile == NULL){
+		std::cerr << "\nRsStoreAutoLogin(): Failed to open help file\n" << std::endl;
+		return false;
+	}
+
+	/* encrypt help */
+
+	const int DAT_LEN = RsInitConfig::passwd.length();
+	const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
+	unsigned char* key_data = (unsigned char*)RsInitConfig::load_cert.c_str();
+	unsigned char* indata = (unsigned char*)RsInitConfig::passwd.c_str();
+	unsigned char* outdata = new unsigned char[DAT_LEN];
+
+	RC4_KEY* key = new RC4_KEY;
+	RC4_set_key(key, KEY_DAT_LEN, key_data);
+
+	RC4(key, DAT_LEN, indata, outdata);
+
+
+	fprintf(helpFile, "%s", outdata);
+	fclose(helpFile);
+
+	delete key;
+	delete[] outdata;
+
+
+	return true;
 #else
+//XXX temp
+#ifdef 0
 	/* store password encrypted in a file */
 	std::string entropy = RsInitConfig::load_cert;

@ -1432,7 +1507,7 @@ bool  RsInit::RsStoreAutoLogin()

 		/* save the data to the file */
 		std::string passwdfile = RsInitConfig::configDir;
-		passwdfile += RsInitConfig::dirSeperator;
+		passwdfile += RsInitConfig::dirSeperator  + configKeyDir + RsInitConfig::dirSeperator;
 		passwdfile += "help.dta";

     		//std::cerr << "Save to: " << passwdfile;
@ -1457,7 +1532,7 @@ bool  RsInit::RsStoreAutoLogin()
 	free(pbDataInput);
 	free(pbDataEnt);
 	LocalFree(DataOut.pbData);
-
+#endif
 #endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/

@ -1468,25 +1543,56 @@ bool  RsInit::RsStoreAutoLogin()

 bool  RsInit::RsTryAutoLogin()
 {
+
 	std::cerr << "RsTryAutoLogin()" << std::endl;
-	/* Windows only */
+
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 #ifndef WINDOWS_SYS /* UNIX */
-	return false;
-#else
-	/* Require a AutoLogin flag in the config to do this */
-	if (!RsInitConfig::autoLogin)
-	{
+	std::string helpFileName = RsInitConfig::basedir + RsInitConfig::dirSeperator + RsInitConfig::preferedId + RsInitConfig::dirSeperator +
+				configKeyDir + RsInitConfig::dirSeperator + "help.dta";
+
+	FILE* helpFile = fopen(helpFileName.c_str(), "r");
+
+	if(helpFile == NULL){
+		std::cerr << "\nFailed to open help file\n" << std::endl;
 		return false;
 	}

+	/* decrypt help */
+
+	const int DAT_LEN = RsInit::getSslPwdLen();
+	const int KEY_DAT_LEN = RsInitConfig::load_cert.length();
+	unsigned char* key_data  = (unsigned char*)RsInitConfig::load_cert.c_str();
+	unsigned char* indata = new unsigned char[DAT_LEN];
+	unsigned char* outdata = new unsigned char[DAT_LEN];
+
+	fscanf(helpFile, "%s", indata);
+
+	RC4_KEY* key = new RC4_KEY;
+	RC4_set_key(key, KEY_DAT_LEN, key_data);
+
+	RC4(key, DAT_LEN, indata, outdata);
+
+	RsInitConfig::passwd.clear();
+	RsInitConfig::passwd.insert(0, (char*)outdata, DAT_LEN);
+
+
+	fclose(helpFile);
+
+	delete[] indata;
+	delete[] outdata;
+	delete key;
+	return true;
+#else
+
+#ifdef 0 //XXX Temp
 	/* try to load from file */
 	std::string entropy = RsInitConfig::load_cert;
 	/* get the data out */

 	/* open the data to the file */
 	std::string passwdfile = RsInitConfig::configDir;
-	passwdfile += RsInitConfig::dirSeperator;
+	passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
 	passwdfile += "help.dta";

 	DATA_BLOB DataIn;
@ -1585,6 +1691,7 @@ bool  RsInit::RsTryAutoLogin()

 	return isDecrypt;
 #endif
+#endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/

 	return false;
@ -1592,12 +1699,9 @@ bool  RsInit::RsTryAutoLogin()

 bool  RsInit::RsClearAutoLogin()
 {
-/******************************** WINDOWS/UNIX SPECIFIC PART ******************/
-#ifndef WINDOWS_SYS /* UNIX */
-	return false;
-#else
+#ifndef WINDOWS_SYS
 	std::string passwdfile = RsInitConfig::configDir;
-	passwdfile += RsInitConfig::dirSeperator;
+	passwdfile += RsInitConfig::dirSeperator + configKeyDir + RsInitConfig::dirSeperator;
 	passwdfile += "help.dta";

 	FILE *fp = fopen(passwdfile.c_str(), "wb");
@ -1605,15 +1709,18 @@ bool  RsInit::RsClearAutoLogin()
 	{
 		fwrite(" ", 1, 1, fp);
 		fclose(fp);
+		bool removed = remove(passwdfile.c_str());

-     		std::cerr << "AutoLogin Data cleared! ";
+		if(removed != 0)
+			std::cerr << "RsClearAutoLogin(): Failed to Removed help file" << std::endl;
+
+     		std::cerr << "AutoLogin Data cleared ";
     		std::cerr << std::endl;
 		return true;
 	}
-	return false;
 #endif
-/******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 	return false;
+
 }


@ -1648,6 +1755,17 @@ bool	RsInit::setStartMinimised()
 	return RsInitConfig::startMinimised;
 }

+int RsInit::getSslPwdLen(){
+	return SSLPWD_LEN;
+}
+
+bool RsInit::getAutoLogin(){
+	return RsInitConfig::autoLogin;
+}
+
+void RsInit::setAutoLogin(bool autoLogin){
+	RsInitConfig::autoLogin = autoLogin;
+}

 /*
 *