mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

for security purposes, use random names for data files

This commit is contained in:
morse%netscape.com 1999-08-30 04:56:18 +00:00
Родитель a21ae9a5cd
Коммит ab2d7a4a31
2 изменённых файлов: 109 добавлений и 11 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

56
extensions/wallet/src/singsign.cpp
Просмотреть файл

@ -311,6 +311,8 @@ extern PRBool Wallet_KeySet();
extern PRBool Wallet_SetKey(PRBool newkey); extern PRBool Wallet_SetKey(PRBool newkey);
extern char * Wallet_Localize(char * genericString); extern char * Wallet_Localize(char * genericString);
char* signonFileName = nsnull;
PRIVATE void PRIVATE void
si_RestartKey() { si_RestartKey() {
Wallet_RestartKey(); Wallet_RestartKey();
@ -429,6 +431,40 @@ SI_GetBoolPref(const char * prefname, PRBool defaultvalue) {
return prefvalue; return prefvalue;
} }
PUBLIC void
SI_SetCharPref(const char * prefname, const char * prefvalue) {
nsresult ret;
nsIPref* pPrefService = nsnull;
ret = nsServiceManager::GetService(kPrefServiceCID, kIPrefServiceIID,
(nsISupports**) &pPrefService);
if (!NS_FAILED(ret)) {
ret = pPrefService->SetCharPref(prefname, prefvalue);
if (!NS_FAILED(ret)) {
ret = pPrefService->SavePrefFile();
}
nsServiceManager::ReleaseService(kPrefServiceCID, pPrefService);
}
}
PUBLIC void
SI_GetCharPref(const char * prefname, char** aPrefvalue) {
nsresult ret;
nsIPref* pPrefService = nsnull;
ret = nsServiceManager::GetService(kPrefServiceCID, kIPrefServiceIID,
(nsISupports**) &pPrefService);
if (!NS_FAILED(ret)) {
ret = pPrefService->CopyCharPref(prefname, aPrefvalue);
if (!NS_FAILED(ret)) {
ret = pPrefService->SavePrefFile();
} else {
*aPrefvalue = nsnull;
}
nsServiceManager::ReleaseService(kPrefServiceCID, pPrefService);
} else {
*aPrefvalue = nsnull;
}
}
/********************************* /*********************************
* Preferences for Single Signon * * Preferences for Single Signon *
@ -436,6 +472,7 @@ SI_GetBoolPref(const char * prefname, PRBool defaultvalue) {
static const char *pref_rememberSignons = "signon.rememberSignons"; static const char *pref_rememberSignons = "signon.rememberSignons";
static const char *pref_Notified = "signon.Notified"; static const char *pref_Notified = "signon.Notified";
static const char *pref_SignonFileName = "signon.SignonFileName";
PRIVATE PRBool si_RememberSignons = PR_FALSE; PRIVATE PRBool si_RememberSignons = PR_FALSE;
PRIVATE PRBool si_Notified = PR_FALSE; PRIVATE PRBool si_Notified = PR_FALSE;
@ -527,6 +564,17 @@ si_GetSignonRememberingPref(void) {
} }
} }
extern char* Wallet_RandomName(char* suffix);
PUBLIC void
SI_InitSignonFileName() {
SI_GetCharPref(pref_SignonFileName, &signonFileName);
if (!signonFileName) {
signonFileName = Wallet_RandomName("psw");
SI_SetCharPref(pref_SignonFileName, signonFileName);
}
}
/******************** /********************
* Utility Routines * * Utility Routines *
@ -1572,7 +1620,7 @@ SI_LoadSignonData(PRBool fullLoad) {
if (!strm.is_open()) { if (!strm.is_open()) {
return -1; return -1;
} }
nsInputFileStream strmx(dirSpec + "signonx.tbl"); nsInputFileStream strmx(dirSpec + signonFileName);
if (!strmx.is_open()) { if (!strmx.is_open()) {
return -1; return -1;
} }
@ -1762,7 +1810,7 @@ si_SaveSignonDataLocked(PRBool fullSave) {
if (!strm.is_open()) { if (!strm.is_open()) {
return 0; return 0;
} }
nsOutputFileStream strmx(dirSpec + "signonx.tbl"); nsOutputFileStream strmx(dirSpec + signonFileName);
if (fullSave) { if (fullSave) {
if (!strmx.is_open()) { if (!strmx.is_open()) {
return 0; return 0;
@ -2140,12 +2188,14 @@ si_RememberSignonDataFromBrowser(char* URLName, char* username, char* password)
PR_Free(value_array[1]); PR_Free(value_array[1]);
} }
#ifdef xxx
PUBLIC void PUBLIC void
SI_RememberSignonDataFromBrowser (char* URLName, char* username, char* password) { SI_RememberSignonDataFromBrowser (char* URLName, char* username, char* password) {
if (si_OkToSave(URLName, username)) { if (si_OkToSave(URLName, username)) {
si_RememberSignonDataFromBrowser (URLName, username, password); si_RememberSignonDataFromBrowser (URLName, username, password);
} }
} }
#endif
/* /*
* Check for remembered data from a previous browser-generated password dialog * Check for remembered data from a previous browser-generated password dialog
@ -2183,6 +2233,7 @@ si_RestoreOldSignonDataFromBrowser
si_unlock_signon_list(); si_unlock_signon_list();
} }
#ifdef xxx
/* Browser-generated prompt for user-name and password */ /* Browser-generated prompt for user-name and password */
PUBLIC PRBool PUBLIC PRBool
SINGSIGN_PromptUsernameAndPassword2 SINGSIGN_PromptUsernameAndPassword2
@ -2350,6 +2401,7 @@ SINGSIGN_Prompt2 (char *prompt, char* defaultUsername, char *URLName)
PR_FREEIF(copyOfPrompt); PR_FREEIF(copyOfPrompt);
return result; return result;
} }
#endif
PUBLIC nsresult PUBLIC nsresult
SINGSIGN_PromptUsernameAndPassword SINGSIGN_PromptUsernameAndPassword

64
extensions/wallet/src/wallet.cpp
Просмотреть файл

@ -539,8 +539,16 @@ SI_GetBoolPref(const char * prefname, PRBool defaultvalue);
extern void extern void
SI_SetBoolPref(const char * prefname, PRBool prefvalue); SI_SetBoolPref(const char * prefname, PRBool prefvalue);
extern void
SI_SetCharPref(const char * prefname, const char * prefvalue);
extern void
SI_GetCharPref(const char * prefname, char** aPrefvalue);
static const char *pref_captureForms = "wallet.captureForms"; static const char *pref_captureForms = "wallet.captureForms";
static const char *pref_WalletNotified = "wallet.Notified"; static const char *pref_WalletNotified = "wallet.Notified";
static const char *pref_WalletKeyFileName = "wallet.KeyFileName";
static const char *pref_WalletSchemaValueFileName = "wallet.SchemaValueFileName";
PRIVATE PRBool wallet_captureForms = PR_FALSE; PRIVATE PRBool wallet_captureForms = PR_FALSE;
PRIVATE PRBool wallet_Notified = PR_FALSE; PRIVATE PRBool wallet_Notified = PR_FALSE;
@ -1127,8 +1135,11 @@ PRUint32 keyPosition = 0;
PRBool keyCancel = PR_FALSE; PRBool keyCancel = PR_FALSE;
PRBool keySet = PR_FALSE; PRBool keySet = PR_FALSE;
time_t keyExpiresTime; time_t keyExpiresTime;
// 30 minute duration (60*30=1800 seconds) // 30 minute duration (60*30=1800 seconds)
#define keyDuration 1800 #define keyDuration 1800
char* keyFileName = nsnull;
char* schemaValueFileName = nsnull;
PUBLIC void PUBLIC void
Wallet_RestartKey() { Wallet_RestartKey() {
@ -1186,15 +1197,50 @@ PUBLIC nsresult Wallet_ResourceDirectory(nsFileSpec& dirSpec) {
return res; return res;
} }
extern void SI_InitSignonFileName();
PUBLIC char *
Wallet_RandomName(char* suffix)
{
/* pick the current time as the random number */
time_t curTime = time(NULL);
/* take 8 least-significant digits as the file name */
char name[9];
PR_snprintf(name, 13, "%lu.%s", (curTime%100000000), suffix);
return PL_strdup(name);
}
PRIVATE void
wallet_InitKeyFileName() {
static PRBool namesInitialized = PR_FALSE;
if (!namesInitialized) {
SI_GetCharPref(pref_WalletKeyFileName, &keyFileName);
if (!keyFileName) {
keyFileName = Wallet_RandomName("key");
SI_SetCharPref(pref_WalletKeyFileName, keyFileName);
}
SI_GetCharPref(pref_WalletSchemaValueFileName, &schemaValueFileName);
if (!schemaValueFileName) {
schemaValueFileName = Wallet_RandomName("wlt");
SI_SetCharPref(pref_WalletSchemaValueFileName, schemaValueFileName);
}
SI_InitSignonFileName();
namesInitialized = PR_TRUE;
}
}
/* returns -1 if key does not exist, 0 if key is of length 0, 1 otherwise */ /* returns -1 if key does not exist, 0 if key is of length 0, 1 otherwise */
PRIVATE PRInt32 PRIVATE PRInt32
wallet_KeySize() { wallet_KeySize() {
wallet_InitKeyFileName();
nsFileSpec dirSpec; nsFileSpec dirSpec;
nsresult rv = Wallet_ProfileDirectory(dirSpec); nsresult rv = Wallet_ProfileDirectory(dirSpec);
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
return -1; return -1;
} }
nsInputFileStream strm(dirSpec + "key"); nsInputFileStream strm(dirSpec + keyFileName);
if (!strm.is_open()) { if (!strm.is_open()) {
return -1; return -1;
} else { } else {
@ -1265,7 +1311,7 @@ Wallet_SetKey(PRBool isNewkey) {
if (NS_FAILED(rval)) { if (NS_FAILED(rval)) {
return PR_FALSE; return PR_FALSE;
} }
nsOutputFileStream strm2(dirSpec + "key"); nsOutputFileStream strm2(dirSpec + keyFileName);
if (!strm2.is_open()) { if (!strm2.is_open()) {
*key = '\0'; *key = '\0';
return PR_FALSE; return PR_FALSE;
@ -1313,7 +1359,7 @@ Wallet_SetKey(PRBool isNewkey) {
if (NS_FAILED(rval)) { if (NS_FAILED(rval)) {
return PR_FALSE; return PR_FALSE;
} }
nsInputFileStream strm(dirSpec + "key"); nsInputFileStream strm(dirSpec + keyFileName);
Wallet_RestartKey(); Wallet_RestartKey();
char* p = key+1; char* p = key+1;
while (*p) { while (*p) {
@ -1941,7 +1987,7 @@ wallet_Initialize() {
} }
} }
PR_FREEIF(message); PR_FREEIF(message);
wallet_ReadFromFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE, PR_TRUE); wallet_ReadFromFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE, PR_TRUE);
wallet_keyInitialized = PR_TRUE; wallet_keyInitialized = PR_TRUE;
} }
@ -1996,7 +2042,7 @@ void WLLT_ChangePassword() {
Wallet_SetKey(PR_TRUE); Wallet_SetKey(PR_TRUE);
/* write out user data using new key */ /* write out user data using new key */
wallet_WriteToFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE); wallet_WriteToFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE);
#ifdef SingleSignon #ifdef SingleSignon
SI_SaveSignonData(); SI_SaveSignonData();
#endif #endif
@ -2306,7 +2352,7 @@ wallet_Capture(nsIDocument* doc, nsString field, nsString value, nsString vcard)
nsAutoString * aSchema = new nsAutoString(schema); nsAutoString * aSchema = new nsAutoString(schema);
dummy = 0; dummy = 0;
wallet_WriteToList(*aSchema, *aValue, dummy, wallet_SchemaToValue_list); wallet_WriteToList(*aSchema, *aValue, dummy, wallet_SchemaToValue_list);
wallet_WriteToFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE); wallet_WriteToFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE);
} else { } else {
@ -2342,7 +2388,7 @@ wallet_Capture(nsIDocument* doc, nsString field, nsString value, nsString vcard)
nsAutoString * aValue = new nsAutoString(value); nsAutoString * aValue = new nsAutoString(value);
dummy = 0; dummy = 0;
wallet_WriteToList(*aField, *aValue, dummy, wallet_SchemaToValue_list); wallet_WriteToList(*aField, *aValue, dummy, wallet_SchemaToValue_list);
wallet_WriteToFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE); wallet_WriteToFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE);
} }
} }
@ -2447,7 +2493,7 @@ WLLT_PostEdit(nsAutoString walletList) {
*separator = BREAK; *separator = BREAK;
/* open SchemaValue file */ /* open SchemaValue file */
nsOutputFileStream strm(dirSpec + "SchemaValue.tbl"); nsOutputFileStream strm(dirSpec + schemaValueFileName);
if (!strm.is_open()) { if (!strm.is_open()) {
NS_ERROR("unable to open file"); NS_ERROR("unable to open file");
delete []walletListAsCString; delete []walletListAsCString;
@ -2474,7 +2520,7 @@ WLLT_PostEdit(nsAutoString walletList) {
/* close the file and read it back into the SchemaToValue list */ /* close the file and read it back into the SchemaToValue list */
strm.close(); strm.close();
wallet_Clear(&wallet_SchemaToValue_list); wallet_Clear(&wallet_SchemaToValue_list);
wallet_ReadFromFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE, PR_TRUE); wallet_ReadFromFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE, PR_TRUE);
delete []walletListAsCString; delete []walletListAsCString;
} }