diff options
author | Brad Kittenbrink <brad@lindenlab.com> | 2022-01-14 22:24:52 -0800 |
---|---|---|
committer | Brad Kittenbrink <brad@lindenlab.com> | 2022-01-14 22:24:52 -0800 |
commit | 96a6d21086353639d48befa20d86c97d2fd2dddb (patch) | |
tree | 9196e1aef17549abbfd4060e90d6458df1cd4a89 /indra/newview | |
parent | 90dbc4eaf7d30346dc658a32e80f4e9ad5841c2b (diff) |
SL-16514 store mfa hash in protected data using LLSecAPIBasicHandler
Diffstat (limited to 'indra/newview')
-rw-r--r-- | indra/newview/app_settings/settings_per_account.xml | 2 | ||||
-rw-r--r-- | indra/newview/lllogininstance.cpp | 15 | ||||
-rw-r--r-- | indra/newview/llstartup.cpp | 5 | ||||
-rw-r--r-- | indra/newview/tests/lllogininstance_test.cpp | 9 |
4 files changed, 26 insertions, 5 deletions
diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml index d7d008689c..7d4af7db7f 100644 --- a/indra/newview/app_settings/settings_per_account.xml +++ b/indra/newview/app_settings/settings_per_account.xml @@ -441,7 +441,7 @@ <key>Comment</key> <string>MFA state hash for authentication</string> <key>Persist</key> - <integer>1</integer> + <integer>0</integer> <key>Type</key> <string>String</string> <key>Value</key> diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp index 902510c294..a4c001ad8b 100644 --- a/indra/newview/lllogininstance.cpp +++ b/indra/newview/lllogininstance.cpp @@ -228,11 +228,20 @@ void LLLoginInstance::constructAuthParams(LLPointer<LLCredential> user_credentia request_params["host_id"] = gSavedSettings.getString("HostID"); request_params["extended_errors"] = true; // request message_id and message_args request_params["token"] = ""; - request_params["slmfa_hash"] = gSavedPerAccountSettings.getString("SLMFAHash"); - // log request_params _before_ adding the credentials + // log request_params _before_ adding the credentials or sensitive MFA hash data LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer<LLSDNotationFormatter>(request_params) << LL_ENDL; + std::string slmfa_hash = gSavedPerAccountSettings.getString("SLMFAHash"); //non-persistent to enable testing + if(slmfa_hash.empty()) + { + LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER); + std::string grid(LLGridManager::getInstance()->getGridId()); + slmfa_hash = basic_secure_store->getProtectedData("slmfa_hash", grid).asString(); + } + + request_params["slmfa_hash"] = slmfa_hash; + // Copy the credentials into the request after logging the rest LLSD credentials(user_credential->getLoginParams()); for (LLSD::map_const_iterator it = credentials.beginMap(); @@ -417,7 +426,7 @@ void LLLoginInstance::handleLoginFailure(const LLSD& event) LLSD data(LLSD::emptyMap()); data["message"] = message_response; - data["reply_pump"] = MFA_REPLY_PUMP; + data["reply_pump"] = MFA_REPLY_PUMP if (gViewerWindow) { gViewerWindow->setShowProgress(FALSE); diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index 8e81843153..956ed2d212 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -133,6 +133,7 @@ #include "llproxy.h" #include "llproductinforequest.h" #include "llqueryflags.h" +#include "llsecapi.h" #include "llselectmgr.h" #include "llsky.h" #include "llstatview.h" @@ -3599,7 +3600,9 @@ bool process_login_success_response() if(response.has("slmfa_hash")) { - gSavedPerAccountSettings.setString("SLMFAHash", response["slmfa_hash"]); + LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER); + std::string grid(LLGridManager::getInstance()->getGridId()); + basic_secure_store->setProtectedData("slmfa_hash", grid, response["slmfa_hash"]); } bool success = false; diff --git a/indra/newview/tests/lllogininstance_test.cpp b/indra/newview/tests/lllogininstance_test.cpp index 43f0e89222..9253516411 100644 --- a/indra/newview/tests/lllogininstance_test.cpp +++ b/indra/newview/tests/lllogininstance_test.cpp @@ -186,6 +186,15 @@ std::string LLGridManager::getAppSLURLBase(const std::string& grid_name) { return "myappslurl"; } +std::string LLGridManager::getGridId(const std::string& grid) +{ + return std::string(); +} + +LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type) +{ + return nullptr; +} //----------------------------------------------------------------------------- #include "../llviewercontrol.h" |