summaryrefslogtreecommitdiff
path: root/indra
diff options
context:
space:
mode:
authorBrad Kittenbrink <brad@lindenlab.com>2022-01-14 22:24:52 -0800
committerBrad Kittenbrink <brad@lindenlab.com>2022-01-14 22:24:52 -0800
commit96a6d21086353639d48befa20d86c97d2fd2dddb (patch)
tree9196e1aef17549abbfd4060e90d6458df1cd4a89 /indra
parent90dbc4eaf7d30346dc658a32e80f4e9ad5841c2b (diff)
SL-16514 store mfa hash in protected data using LLSecAPIBasicHandler
Diffstat (limited to 'indra')
-rw-r--r--indra/newview/app_settings/settings_per_account.xml2
-rw-r--r--indra/newview/lllogininstance.cpp15
-rw-r--r--indra/newview/llstartup.cpp5
-rw-r--r--indra/newview/tests/lllogininstance_test.cpp9
4 files changed, 26 insertions, 5 deletions
diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml
index d7d008689c..7d4af7db7f 100644
--- a/indra/newview/app_settings/settings_per_account.xml
+++ b/indra/newview/app_settings/settings_per_account.xml
@@ -441,7 +441,7 @@
<key>Comment</key>
<string>MFA state hash for authentication</string>
<key>Persist</key>
- <integer>1</integer>
+ <integer>0</integer>
<key>Type</key>
<string>String</string>
<key>Value</key>
diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp
index 902510c294..a4c001ad8b 100644
--- a/indra/newview/lllogininstance.cpp
+++ b/indra/newview/lllogininstance.cpp
@@ -228,11 +228,20 @@ void LLLoginInstance::constructAuthParams(LLPointer<LLCredential> user_credentia
request_params["host_id"] = gSavedSettings.getString("HostID");
request_params["extended_errors"] = true; // request message_id and message_args
request_params["token"] = "";
- request_params["slmfa_hash"] = gSavedPerAccountSettings.getString("SLMFAHash");
- // log request_params _before_ adding the credentials
+ // log request_params _before_ adding the credentials or sensitive MFA hash data
LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer<LLSDNotationFormatter>(request_params) << LL_ENDL;
+ std::string slmfa_hash = gSavedPerAccountSettings.getString("SLMFAHash"); //non-persistent to enable testing
+ if(slmfa_hash.empty())
+ {
+ LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER);
+ std::string grid(LLGridManager::getInstance()->getGridId());
+ slmfa_hash = basic_secure_store->getProtectedData("slmfa_hash", grid).asString();
+ }
+
+ request_params["slmfa_hash"] = slmfa_hash;
+
// Copy the credentials into the request after logging the rest
LLSD credentials(user_credential->getLoginParams());
for (LLSD::map_const_iterator it = credentials.beginMap();
@@ -417,7 +426,7 @@ void LLLoginInstance::handleLoginFailure(const LLSD& event)
LLSD data(LLSD::emptyMap());
data["message"] = message_response;
- data["reply_pump"] = MFA_REPLY_PUMP;
+ data["reply_pump"] = MFA_REPLY_PUMP
if (gViewerWindow)
{
gViewerWindow->setShowProgress(FALSE);
diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp
index 8e81843153..956ed2d212 100644
--- a/indra/newview/llstartup.cpp
+++ b/indra/newview/llstartup.cpp
@@ -133,6 +133,7 @@
#include "llproxy.h"
#include "llproductinforequest.h"
#include "llqueryflags.h"
+#include "llsecapi.h"
#include "llselectmgr.h"
#include "llsky.h"
#include "llstatview.h"
@@ -3599,7 +3600,9 @@ bool process_login_success_response()
if(response.has("slmfa_hash"))
{
- gSavedPerAccountSettings.setString("SLMFAHash", response["slmfa_hash"]);
+ LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER);
+ std::string grid(LLGridManager::getInstance()->getGridId());
+ basic_secure_store->setProtectedData("slmfa_hash", grid, response["slmfa_hash"]);
}
bool success = false;
diff --git a/indra/newview/tests/lllogininstance_test.cpp b/indra/newview/tests/lllogininstance_test.cpp
index 43f0e89222..9253516411 100644
--- a/indra/newview/tests/lllogininstance_test.cpp
+++ b/indra/newview/tests/lllogininstance_test.cpp
@@ -186,6 +186,15 @@ std::string LLGridManager::getAppSLURLBase(const std::string& grid_name)
{
return "myappslurl";
}
+std::string LLGridManager::getGridId(const std::string& grid)
+{
+ return std::string();
+}
+
+LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type)
+{
+ return nullptr;
+}
//-----------------------------------------------------------------------------
#include "../llviewercontrol.h"