From 6d177898a9a5883ad7939be162e51d9a61d0e0b1 Mon Sep 17 00:00:00 2001 From: Brad Kittenbrink Date: Mon, 13 Dec 2021 14:58:38 -0800 Subject: SL-16501 SLMFAHash is now saved client side --- indra/newview/app_settings/settings_per_account.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'indra/newview/app_settings') diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml index 537744b44c..d7d008689c 100644 --- a/indra/newview/app_settings/settings_per_account.xml +++ b/indra/newview/app_settings/settings_per_account.xml @@ -436,5 +436,16 @@ Value 2 + SLMFAHash + + Comment + MFA state hash for authentication + Persist + 1 + Type + String + Value + + -- cgit v1.3 From 96a6d21086353639d48befa20d86c97d2fd2dddb Mon Sep 17 00:00:00 2001 From: Brad Kittenbrink Date: Fri, 14 Jan 2022 22:24:52 -0800 Subject: SL-16514 store mfa hash in protected data using LLSecAPIBasicHandler --- indra/newview/app_settings/settings_per_account.xml | 2 +- indra/newview/lllogininstance.cpp | 15 ++++++++++++--- indra/newview/llstartup.cpp | 5 ++++- indra/newview/tests/lllogininstance_test.cpp | 9 +++++++++ 4 files changed, 26 insertions(+), 5 deletions(-) (limited to 'indra/newview/app_settings') diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml index d7d008689c..7d4af7db7f 100644 --- a/indra/newview/app_settings/settings_per_account.xml +++ b/indra/newview/app_settings/settings_per_account.xml @@ -441,7 +441,7 @@ Comment MFA state hash for authentication Persist - 1 + 0 Type String Value diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp index 902510c294..a4c001ad8b 100644 --- a/indra/newview/lllogininstance.cpp +++ b/indra/newview/lllogininstance.cpp @@ -228,11 +228,20 @@ void LLLoginInstance::constructAuthParams(LLPointer user_credentia request_params["host_id"] = gSavedSettings.getString("HostID"); request_params["extended_errors"] = true; // request message_id and message_args request_params["token"] = ""; - request_params["slmfa_hash"] = gSavedPerAccountSettings.getString("SLMFAHash"); - // log request_params _before_ adding the credentials + // log request_params _before_ adding the credentials or sensitive MFA hash data LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer(request_params) << LL_ENDL; + std::string slmfa_hash = gSavedPerAccountSettings.getString("SLMFAHash"); //non-persistent to enable testing + if(slmfa_hash.empty()) + { + LLPointer basic_secure_store = getSecHandler(BASIC_SECHANDLER); + std::string grid(LLGridManager::getInstance()->getGridId()); + slmfa_hash = basic_secure_store->getProtectedData("slmfa_hash", grid).asString(); + } + + request_params["slmfa_hash"] = slmfa_hash; + // Copy the credentials into the request after logging the rest LLSD credentials(user_credential->getLoginParams()); for (LLSD::map_const_iterator it = credentials.beginMap(); @@ -417,7 +426,7 @@ void LLLoginInstance::handleLoginFailure(const LLSD& event) LLSD data(LLSD::emptyMap()); data["message"] = message_response; - data["reply_pump"] = MFA_REPLY_PUMP; + data["reply_pump"] = MFA_REPLY_PUMP if (gViewerWindow) { gViewerWindow->setShowProgress(FALSE); diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index 8e81843153..956ed2d212 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -133,6 +133,7 @@ #include "llproxy.h" #include "llproductinforequest.h" #include "llqueryflags.h" +#include "llsecapi.h" #include "llselectmgr.h" #include "llsky.h" #include "llstatview.h" @@ -3599,7 +3600,9 @@ bool process_login_success_response() if(response.has("slmfa_hash")) { - gSavedPerAccountSettings.setString("SLMFAHash", response["slmfa_hash"]); + LLPointer basic_secure_store = getSecHandler(BASIC_SECHANDLER); + std::string grid(LLGridManager::getInstance()->getGridId()); + basic_secure_store->setProtectedData("slmfa_hash", grid, response["slmfa_hash"]); } bool success = false; diff --git a/indra/newview/tests/lllogininstance_test.cpp b/indra/newview/tests/lllogininstance_test.cpp index 43f0e89222..9253516411 100644 --- a/indra/newview/tests/lllogininstance_test.cpp +++ b/indra/newview/tests/lllogininstance_test.cpp @@ -186,6 +186,15 @@ std::string LLGridManager::getAppSLURLBase(const std::string& grid_name) { return "myappslurl"; } +std::string LLGridManager::getGridId(const std::string& grid) +{ + return std::string(); +} + +LLPointer getSecHandler(const std::string& handler_type) +{ + return nullptr; +} //----------------------------------------------------------------------------- #include "../llviewercontrol.h" -- cgit v1.3 From 8422183958a54e49c230bf85743336e0dd4dff71 Mon Sep 17 00:00:00 2001 From: Brad Kittenbrink Date: Fri, 4 Feb 2022 14:03:05 -0800 Subject: Related to fix for SL-16792, standardize on naming the filed simply mfa_hash end-to-end to avoid confusion --- indra/newview/app_settings/settings_per_account.xml | 2 +- indra/newview/lllogininstance.cpp | 8 ++++---- indra/newview/llstartup.cpp | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'indra/newview/app_settings') diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml index 7d4af7db7f..c45e841b94 100644 --- a/indra/newview/app_settings/settings_per_account.xml +++ b/indra/newview/app_settings/settings_per_account.xml @@ -436,7 +436,7 @@ Value 2 - SLMFAHash + MFAHash Comment MFA state hash for authentication diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp index 2b1dbc869a..06dbf97e51 100644 --- a/indra/newview/lllogininstance.cpp +++ b/indra/newview/lllogininstance.cpp @@ -230,15 +230,15 @@ void LLLoginInstance::constructAuthParams(LLPointer user_credentia // log request_params _before_ adding the credentials or sensitive MFA hash data LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer(request_params) << LL_ENDL; - std::string slmfa_hash = gSavedPerAccountSettings.getString("SLMFAHash"); //non-persistent to enable testing - if(slmfa_hash.empty()) + std::string mfa_hash = gSavedPerAccountSettings.getString("MFAHash"); //non-persistent to enable testing + if(mfa_hash.empty()) { LLPointer basic_secure_store = getSecHandler(BASIC_SECHANDLER); std::string grid(LLGridManager::getInstance()->getGridId()); - slmfa_hash = basic_secure_store->getProtectedData("slmfa_hash", grid).asString(); + mfa_hash = basic_secure_store->getProtectedData("mfa_hash", grid).asString(); } - request_params["slmfa_hash"] = slmfa_hash; + request_params["mfa_hash"] = mfa_hash; // Copy the credentials into the request after logging the rest LLSD credentials(user_credential->getLoginParams()); diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index 956ed2d212..b85c01a1f0 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -3598,11 +3598,11 @@ bool process_login_success_response() LLViewerMedia::getInstance()->openIDSetup(openid_url, openid_token); } - if(response.has("slmfa_hash")) + if(response.has("mfa_hash")) { LLPointer basic_secure_store = getSecHandler(BASIC_SECHANDLER); std::string grid(LLGridManager::getInstance()->getGridId()); - basic_secure_store->setProtectedData("slmfa_hash", grid, response["slmfa_hash"]); + basic_secure_store->setProtectedData("mfa_hash", grid, response["mfa_hash"]); } bool success = false; -- cgit v1.3 From 6bdd744d78f2040767abe57afcb06f8a55a9dd83 Mon Sep 17 00:00:00 2001 From: Brad Kittenbrink Date: Wed, 9 Mar 2022 14:13:02 -0800 Subject: SL-17019 mfa_hash should get saved per-username --- indra/newview/app_settings/settings.xml | 11 ++++++ .../newview/app_settings/settings_per_account.xml | 11 ------ indra/newview/lllogininstance.cpp | 39 +++++++++++++--------- indra/newview/llstartup.cpp | 4 +-- indra/newview/tests/lllogininstance_test.cpp | 11 +++--- 5 files changed, 43 insertions(+), 33 deletions(-) (limited to 'indra/newview/app_settings') diff --git a/indra/newview/app_settings/settings.xml b/indra/newview/app_settings/settings.xml index 6c36fa6f09..7d39a54c1d 100644 --- a/indra/newview/app_settings/settings.xml +++ b/indra/newview/app_settings/settings.xml @@ -16815,5 +16815,16 @@ Value 1 + MFAHash + + Comment + Override MFA state hash for authentication + Persist + 0 + Type + String + Value + + diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml index c45e841b94..537744b44c 100644 --- a/indra/newview/app_settings/settings_per_account.xml +++ b/indra/newview/app_settings/settings_per_account.xml @@ -436,16 +436,5 @@ Value 2 - MFAHash - - Comment - MFA state hash for authentication - Persist - 0 - Type - String - Value - - diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp index fd186fcddc..2335674501 100644 --- a/indra/newview/lllogininstance.cpp +++ b/indra/newview/lllogininstance.cpp @@ -230,34 +230,43 @@ void LLLoginInstance::constructAuthParams(LLPointer user_credentia // log request_params _before_ adding the credentials or sensitive MFA hash data LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer(request_params) << LL_ENDL; - std::string mfa_hash = gSavedPerAccountSettings.getString("MFAHash"); //non-persistent to enable testing - LLPointer basic_secure_store = getSecHandler(BASIC_SECHANDLER); + // Copy the credentials into the request after logging the rest + LLSD credentials(user_credential->getLoginParams()); + for (LLSD::map_const_iterator it = credentials.beginMap(); + it != credentials.endMap(); + it++ + ) + { + request_params[it->first] = it->second; + } + + std::string mfa_hash = gSavedSettings.getString("MFAHash"); //non-persistent to enable testing std::string grid(LLGridManager::getInstance()->getGridId()); - if (basic_secure_store) + std::string user_id = user_credential->userID(); + if (gSecAPIHandler) { if (mfa_hash.empty()) { - mfa_hash = basic_secure_store->getProtectedData("mfa_hash", grid).asString(); + // normal execution, mfa_hash was not set from debug setting so load from protected store + LLSD data_map = gSecAPIHandler->getProtectedData("mfa_hash", grid); + if (data_map.isMap() && data_map.has(user_id)) + { + mfa_hash = data_map[user_id].asString(); + } } else { // SL-16888 the mfa_hash is being overridden for testing so save it for consistency for future login requests - basic_secure_store->setProtectedData("mfa_hash", grid, mfa_hash); + gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, mfa_hash); } } - - request_params["mfa_hash"] = mfa_hash; - - // Copy the credentials into the request after logging the rest - LLSD credentials(user_credential->getLoginParams()); - for (LLSD::map_const_iterator it = credentials.beginMap(); - it != credentials.endMap(); - it++ - ) + else { - request_params[it->first] = it->second; + LL_WARNS() << "unable to access protected store for mfa_hash" << LL_ENDL; } + request_params["mfa_hash"] = mfa_hash; + // Specify desired timeout/retry options LLSD http_params; F32 srv_timeout = llclamp(gSavedSettings.getF32("LoginSRVTimeout"), LOGIN_SRV_TIMEOUT_MIN, LOGIN_SRV_TIMEOUT_MAX); diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index 64e6042047..e7a1622332 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -3621,9 +3621,9 @@ bool process_login_success_response() // Only save mfa_hash for future logins if the user wants their info remembered. if(response.has("mfa_hash") && gSavedSettings.getBOOL("RememberUser") && gSavedSettings.getBOOL("RememberPassword")) { - LLPointer basic_secure_store = getSecHandler(BASIC_SECHANDLER); std::string grid(LLGridManager::getInstance()->getGridId()); - basic_secure_store->setProtectedData("mfa_hash", grid, response["mfa_hash"]); + std::string user_id(gUserCredential->userID()); + gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, response["mfa_hash"]); } bool success = false; diff --git a/indra/newview/tests/lllogininstance_test.cpp b/indra/newview/tests/lllogininstance_test.cpp index 9253516411..a8f57f975a 100644 --- a/indra/newview/tests/lllogininstance_test.cpp +++ b/indra/newview/tests/lllogininstance_test.cpp @@ -191,15 +191,14 @@ std::string LLGridManager::getGridId(const std::string& grid) return std::string(); } -LLPointer getSecHandler(const std::string& handler_type) -{ - return nullptr; -} +//LLPointer getSecHandler(const std::string& handler_type) +//{ +// return nullptr; +//} //----------------------------------------------------------------------------- #include "../llviewercontrol.h" LLControlGroup gSavedSettings("Global"); -LLControlGroup gSavedPerAccountSettings("PerAccount"); LLControlGroup::LLControlGroup(const std::string& name) : LLInstanceTracker(name){} @@ -236,6 +235,8 @@ LLAppViewer * LLAppViewer::sInstance = 0; static std::string gTOSType; static LLEventPump * gTOSReplyPump = NULL; +LLPointer gSecAPIHandler; + //static LLFloater* LLFloaterReg::showInstance(const std::string& name, const LLSD& key, BOOL focus) { -- cgit v1.3