for security purposes, use random names for data files

1999-08-30 04:56:18 +00:00 · 1999-08-30 04:56:18 +00:00 · ab2d7a4a31
--- a/extensions/wallet/src/singsign.cpp
+++ b/extensions/wallet/src/singsign.cpp
@ -311,6 +311,8 @@ extern PRBool Wallet_KeySet();
 extern PRBool Wallet_SetKey(PRBool newkey);
 extern char * Wallet_Localize(char * genericString);

+char* signonFileName = nsnull;
+
 PRIVATE void
 si_RestartKey() {
  Wallet_RestartKey();
@ -429,6 +431,40 @@ SI_GetBoolPref(const char * prefname, PRBool defaultvalue) {
  return prefvalue;
 }

+PUBLIC void
+SI_SetCharPref(const char * prefname, const char * prefvalue) {
+  nsresult ret;
+  nsIPref* pPrefService = nsnull;
+  ret = nsServiceManager::GetService(kPrefServiceCID, kIPrefServiceIID,
+    (nsISupports**) &pPrefService);
+  if (!NS_FAILED(ret)) {
+    ret = pPrefService->SetCharPref(prefname, prefvalue);
+    if (!NS_FAILED(ret)) {
+      ret = pPrefService->SavePrefFile(); 
+    }
+    nsServiceManager::ReleaseService(kPrefServiceCID, pPrefService);
+  }
+}
+
+PUBLIC void
+SI_GetCharPref(const char * prefname, char** aPrefvalue) {
+  nsresult ret;
+  nsIPref* pPrefService = nsnull;
+  ret = nsServiceManager::GetService(kPrefServiceCID, kIPrefServiceIID,
+    (nsISupports**) &pPrefService);
+  if (!NS_FAILED(ret)) {
+    ret = pPrefService->CopyCharPref(prefname, aPrefvalue);
+    if (!NS_FAILED(ret)) {
+      ret = pPrefService->SavePrefFile(); 
+    } else {
+      *aPrefvalue = nsnull;
+    }
+    nsServiceManager::ReleaseService(kPrefServiceCID, pPrefService);
+  } else {
+    *aPrefvalue = nsnull;
+  }
+}
+

 /*********************************
 * Preferences for Single Signon *
@ -436,6 +472,7 @@ SI_GetBoolPref(const char * prefname, PRBool defaultvalue) {

 static const char *pref_rememberSignons = "signon.rememberSignons";
 static const char *pref_Notified = "signon.Notified";
+static const char *pref_SignonFileName = "signon.SignonFileName";

 PRIVATE PRBool si_RememberSignons = PR_FALSE;
 PRIVATE PRBool si_Notified = PR_FALSE;
@ -527,6 +564,17 @@ si_GetSignonRememberingPref(void) {
  }
 }

+extern char* Wallet_RandomName(char* suffix);
+
+PUBLIC void
+SI_InitSignonFileName() {
+  SI_GetCharPref(pref_SignonFileName, &signonFileName);
+  if (!signonFileName) {
+    signonFileName = Wallet_RandomName("psw");
+    SI_SetCharPref(pref_SignonFileName, signonFileName);
+  }
+}
+

 /********************
 * Utility Routines *
@ -1572,7 +1620,7 @@ SI_LoadSignonData(PRBool fullLoad) {
  if (!strm.is_open()) {
    return -1;
  }
-  nsInputFileStream strmx(dirSpec + "signonx.tbl");
+  nsInputFileStream strmx(dirSpec + signonFileName);
  if (!strmx.is_open()) {
    return -1;
  }
@ -1762,7 +1810,7 @@ si_SaveSignonDataLocked(PRBool fullSave) {
  if (!strm.is_open()) {
    return 0;
  }
-  nsOutputFileStream strmx(dirSpec + "signonx.tbl");
+  nsOutputFileStream strmx(dirSpec + signonFileName);
  if (fullSave) {
    if (!strmx.is_open()) {
      return 0;
@ -2140,12 +2188,14 @@ si_RememberSignonDataFromBrowser(char* URLName, char* username, char* password)
  PR_Free(value_array[1]);
 }

+#ifdef xxx
 PUBLIC void
 SI_RememberSignonDataFromBrowser (char* URLName, char* username, char* password) {
  if (si_OkToSave(URLName, username)) {
    si_RememberSignonDataFromBrowser (URLName, username, password);
  }
 }
+#endif

 /*
 * Check for remembered data from a previous browser-generated password dialog
@ -2183,6 +2233,7 @@ si_RestoreOldSignonDataFromBrowser
  si_unlock_signon_list();
 }

+#ifdef xxx
 /* Browser-generated prompt for user-name and password */
 PUBLIC PRBool
 SINGSIGN_PromptUsernameAndPassword2
@ -2350,6 +2401,7 @@ SINGSIGN_Prompt2 (char *prompt, char* defaultUsername, char *URLName)
  PR_FREEIF(copyOfPrompt);
  return result;
 }
+#endif

 PUBLIC nsresult
 SINGSIGN_PromptUsernameAndPassword
--- a/extensions/wallet/src/wallet.cpp
+++ b/extensions/wallet/src/wallet.cpp
@ -539,8 +539,16 @@ SI_GetBoolPref(const char * prefname, PRBool defaultvalue);
 extern void
 SI_SetBoolPref(const char * prefname, PRBool prefvalue);

+extern void
+SI_SetCharPref(const char * prefname, const char * prefvalue);
+
+extern void
+SI_GetCharPref(const char * prefname, char** aPrefvalue);
+
 static const char *pref_captureForms = "wallet.captureForms";
 static const char *pref_WalletNotified = "wallet.Notified";
+static const char *pref_WalletKeyFileName = "wallet.KeyFileName";
+static const char *pref_WalletSchemaValueFileName = "wallet.SchemaValueFileName";

 PRIVATE PRBool wallet_captureForms = PR_FALSE;
 PRIVATE PRBool wallet_Notified = PR_FALSE;
@ -1127,8 +1135,11 @@ PRUint32 keyPosition = 0;
 PRBool keyCancel = PR_FALSE;
 PRBool keySet = PR_FALSE;
 time_t keyExpiresTime;
+
 // 30 minute duration (60*30=1800 seconds)
 #define keyDuration 1800
+char* keyFileName = nsnull;
+char* schemaValueFileName = nsnull;

 PUBLIC void
 Wallet_RestartKey() {
@ -1186,15 +1197,50 @@ PUBLIC nsresult Wallet_ResourceDirectory(nsFileSpec& dirSpec) {
  return res;
 }

+extern void SI_InitSignonFileName();
+
+PUBLIC char *
+Wallet_RandomName(char* suffix)
+{
+  /* pick the current time as the random number */
+  time_t curTime = time(NULL);
+
+  /* take 8 least-significant digits as the file name */
+  char name[9];
+  PR_snprintf(name, 13, "%lu.%s", (curTime%100000000), suffix);
+  return PL_strdup(name);
+}
+
+PRIVATE void
+wallet_InitKeyFileName() {
+  static PRBool namesInitialized = PR_FALSE;
+  if (!namesInitialized) {
+    SI_GetCharPref(pref_WalletKeyFileName, &keyFileName);
+    if (!keyFileName) {
+      keyFileName = Wallet_RandomName("key");
+      SI_SetCharPref(pref_WalletKeyFileName, keyFileName);
+    }
+    SI_GetCharPref(pref_WalletSchemaValueFileName, &schemaValueFileName);
+    if (!schemaValueFileName) {
+      schemaValueFileName = Wallet_RandomName("wlt");
+      SI_SetCharPref(pref_WalletSchemaValueFileName, schemaValueFileName);
+    }
+    SI_InitSignonFileName();
+    namesInitialized = PR_TRUE;
+  }
+}
+
 /* returns -1 if key does not exist, 0 if key is of length 0, 1 otherwise */
 PRIVATE PRInt32
 wallet_KeySize() {
+
+  wallet_InitKeyFileName();
  nsFileSpec dirSpec;
  nsresult rv = Wallet_ProfileDirectory(dirSpec);
  if (NS_FAILED(rv)) {
    return -1;
  }
-  nsInputFileStream strm(dirSpec + "key");
+  nsInputFileStream strm(dirSpec + keyFileName);
  if (!strm.is_open()) {
    return -1;
  } else {
@ -1265,7 +1311,7 @@ Wallet_SetKey(PRBool isNewkey) {
    if (NS_FAILED(rval)) {
      return PR_FALSE;
    }
-    nsOutputFileStream strm2(dirSpec + "key");
+    nsOutputFileStream strm2(dirSpec + keyFileName);
    if (!strm2.is_open()) {
      *key = '\0';
      return PR_FALSE;
@ -1313,7 +1359,7 @@ Wallet_SetKey(PRBool isNewkey) {
    if (NS_FAILED(rval)) {
      return PR_FALSE;
    }
-    nsInputFileStream strm(dirSpec + "key");
+    nsInputFileStream strm(dirSpec + keyFileName);
    Wallet_RestartKey();
    char* p = key+1;
    while (*p) {
@ -1941,7 +1987,7 @@ wallet_Initialize() {
      }
    }
    PR_FREEIF(message);
-    wallet_ReadFromFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE, PR_TRUE);
+    wallet_ReadFromFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE, PR_TRUE);
    wallet_keyInitialized = PR_TRUE;
  }

@ -1996,7 +2042,7 @@ void WLLT_ChangePassword() {
  Wallet_SetKey(PR_TRUE);

  /* write out user data using new key */
-  wallet_WriteToFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE);
+  wallet_WriteToFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE);
 #ifdef SingleSignon
  SI_SaveSignonData();
 #endif
@ -2306,7 +2352,7 @@ wallet_Capture(nsIDocument* doc, nsString field, nsString value, nsString vcard)
    nsAutoString * aSchema = new nsAutoString(schema);
    dummy = 0;
    wallet_WriteToList(*aSchema, *aValue, dummy, wallet_SchemaToValue_list);
-    wallet_WriteToFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE);
+    wallet_WriteToFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE);

  } else {

@ -2342,7 +2388,7 @@ wallet_Capture(nsIDocument* doc, nsString field, nsString value, nsString vcard)
    nsAutoString * aValue = new nsAutoString(value);
    dummy = 0;
    wallet_WriteToList(*aField, *aValue, dummy, wallet_SchemaToValue_list);
-    wallet_WriteToFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE);
+    wallet_WriteToFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE);
  }
 }

@ -2447,7 +2493,7 @@ WLLT_PostEdit(nsAutoString walletList) {
  *separator = BREAK;

  /* open SchemaValue file */
-  nsOutputFileStream strm(dirSpec + "SchemaValue.tbl");
+  nsOutputFileStream strm(dirSpec + schemaValueFileName);
  if (!strm.is_open()) {
    NS_ERROR("unable to open file");
    delete []walletListAsCString;
@ -2474,7 +2520,7 @@ WLLT_PostEdit(nsAutoString walletList) {
  /* close the file and read it back into the SchemaToValue list */
  strm.close();
  wallet_Clear(&wallet_SchemaToValue_list);
-  wallet_ReadFromFile("SchemaValue.tbl", wallet_SchemaToValue_list, PR_TRUE, PR_TRUE);
+  wallet_ReadFromFile(schemaValueFileName, wallet_SchemaToValue_list, PR_TRUE, PR_TRUE);
  delete []walletListAsCString;
 }