From 1a9d19d95527d717b89d4ebf45af81824fcbdf44 Mon Sep 17 00:00:00 2001 From: Roxanne Skelly Date: Fri, 3 Jul 2009 01:05:27 +0000 Subject: Initial secapi merge svn merge -c112450 svn+ssh://svn.lindenlab.com/svn/linden/branches/giab-viewer/giab-viewer-1 giab-viewer-1-23 svn merge -c112913 svn+ssh://svn.lindenlab.com/svn/linden/branches/giab-viewer/giab-viewer-1 giab-viewer-1-23 --- indra/newview/llsecapi.cpp | 69 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 indra/newview/llsecapi.cpp (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp new file mode 100644 index 0000000000..c2cfde0dc7 --- /dev/null +++ b/indra/newview/llsecapi.cpp @@ -0,0 +1,69 @@ +/** + * @file llsecapi.cpp + * @brief Security API for services such as certificate handling + * secure local storage, etc. + * + * $LicenseInfo:firstyear=2009&license=viewergpl$ + * + * Copyright (c) 2009, Linden Research, Inc. + * + * Second Life Viewer Source Code + * The source code in this file ("Source Code") is provided by Linden Lab + * to you under the terms of the GNU General Public License, version 2.0 + * ("GPL"), unless you have obtained a separate licensing agreement + * ("Other License"), formally executed by you and Linden Lab. Terms of + * the GPL can be found in doc/GPL-license.txt in this distribution, or + * online at http://secondlife.com/developers/opensource/gplv2 + * + * There are special exceptions to the terms and conditions of the GPL as + * it is applied to this Source Code. View the full text of the exception + * in the file doc/FLOSS-exception.txt in this software distribution, or + * online at http://secondlife.com/developers/opensource/flossexception + * + * By copying, modifying or distributing this software, you acknowledge + * that you have read and understood your obligations described above, + * and agree to abide by those obligations. + * + * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO + * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, + * COMPLETENESS OR PERFORMANCE. + * $/LicenseInfo$ + */ + + +#include "llviewerprecompiledheaders.h" +#include "llsecapi.h" +#include "llsechandler_basic.h" +#include + + +std::map > gHandlerMap; + + +void initializeSecHandler() +{ + gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); +} +// start using a given security api handler. If the string is empty +// the default is used +LLPointer getSecHandler(const std::string& handler_type) +{ + if (gHandlerMap.find(handler_type) != gHandlerMap.end()) + { + return gHandlerMap[handler_type]; + } + else + { + return LLPointer(NULL); + } +} +// register a handler +void registerSecHandler(const std::string& handler_type, + LLPointer& handler) +{ + gHandlerMap[handler_type] = handler; +} + + + + -- cgit v1.2.3 From fe71dd340ab396b93bde45df438041af5d85fd47 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Mon, 1 Feb 2010 15:10:19 -0800 Subject: Merge giab-viewer-trunk 2497, general merge of more secapi stuff as well as certificate handling stuff. Grid manager as well --- indra/newview/llsecapi.cpp | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index c2cfde0dc7..cdf4a3fe01 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -38,11 +38,17 @@ std::map > gHandlerMap; - +LLPointer gSecAPIHandler; void initializeSecHandler() { gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); + + // Currently, we only have the Basic handler, so we can point the main sechandler + // pointer to the basic handler. Later, we'll create a wrapper handler that + // selects the appropriate sechandler as needed, for instance choosing the + // mac keyring handler, with fallback to the basic sechandler + gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER]; } // start using a given security api handler. If the string is empty // the default is used @@ -64,6 +70,28 @@ void registerSecHandler(const std::string& handler_type, gHandlerMap[handler_type] = handler; } +std::ostream& operator <<(std::ostream& s, const LLCredential& cred) +{ + return s << (std::string)cred; +} - +LLSD LLCredential::getLoginParams() +{ + LLSD result = LLSD::emptyMap(); + if (mIdentifier["type"].asString() == "agent") + { + // legacy credential + result["passwd"] = "$1$" + mAuthenticator["secret"].asString(); + result["first"] = mIdentifier["first_name"]; + result["last"] = mIdentifier["last_name"]; + + } + else if (mIdentifier["type"].asString() == "account") + { + result["username"] = mIdentifier["username"]; + result["passwd"] = mAuthenticator["secret"]; + + } + return result; +} -- cgit v1.2.3 From 9e89819d55a3b6ee7fc56f3efb36f273e4e05c83 Mon Sep 17 00:00:00 2001 From: Roxanne Skelly Date: Wed, 8 Jul 2009 00:45:17 +0000 Subject: DEV-34822 - merge with 1.23 certificate notification code -r 118191 ignore-dead-branch --- indra/newview/llsecapi.cpp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index cdf4a3fe01..70c247c2de 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -34,6 +34,7 @@ #include "llviewerprecompiledheaders.h" #include "llsecapi.h" #include "llsechandler_basic.h" +#include #include @@ -42,6 +43,9 @@ LLPointer gSecAPIHandler; void initializeSecHandler() { + OpenSSL_add_all_algorithms(); + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); // Currently, we only have the Basic handler, so we can point the main sechandler @@ -76,6 +80,7 @@ std::ostream& operator <<(std::ostream& s, const LLCredential& cred) } + LLSD LLCredential::getLoginParams() { LLSD result = LLSD::emptyMap(); -- cgit v1.2.3 From e65b6d96957fd92fdc8c5a42b1ad4b1a153552b3 Mon Sep 17 00:00:00 2001 From: Roxanne Skelly Date: Thu, 9 Jul 2009 21:45:04 +0000 Subject: DEV-34822 svn merge -c120157 svn+ssh://svn.lindenlab.com/svn/linden/branches/giab-viewer/giab-viewer-2 --- indra/newview/llsecapi.cpp | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index 70c247c2de..26bdfd19da 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -36,6 +36,8 @@ #include "llsechandler_basic.h" #include #include +#include "llhttpclient.h" + std::map > gHandlerMap; @@ -79,7 +81,42 @@ std::ostream& operator <<(std::ostream& s, const LLCredential& cred) return s << (std::string)cred; } + +// secapiSSLCertVerifyCallback +// basic callback called when a cert verification is requested. +// calls SECAPI to validate the context +// not initialized in the above initialization function, due to unit tests +// see llappviewer +int secapiSSLCertVerifyCallback(X509_STORE_CTX *ctx, void *param) +{ + LLURLRequest *req = (LLURLRequest *)param; + LLPointer store = gSecAPIHandler->getCertificateStore(""); + LLPointer chain = gSecAPIHandler->getCertificateChain(ctx); + LLSD validation_params = LLSD::emptyMap(); + LLURI uri(req->getURL()); + validation_params[CERT_HOSTNAME] = uri.hostName(); + try + { + chain->validate(VALIDATION_POLICY_SSL, store, validation_params); + } + catch (LLCertValidationTrustException& cert_exception) + { + LL_WARNS("AppInit") << "Cert not trusted: " << cert_exception.getMessage() << LL_ENDL; + return 0; + } + catch (LLCertException& cert_exception) + { + LL_WARNS("AppInit") << "cert error " << cert_exception.getMessage() << LL_ENDL; + return 0; + } + catch (...) + { + LL_WARNS("AppInit") << "cert error " << LL_ENDL; + return 0; + } + return 1; +} LLSD LLCredential::getLoginParams() { -- cgit v1.2.3 From 7ab41a8a815968e274ebbfc459328be40cf5479a Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Fri, 5 Feb 2010 15:59:14 -0800 Subject: transplant with 2517, also fix single username login issue --- indra/newview/llsecapi.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index 26bdfd19da..a928b4580e 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -131,7 +131,7 @@ LLSD LLCredential::getLoginParams() } else if (mIdentifier["type"].asString() == "account") { - result["username"] = mIdentifier["username"]; + result["username"] = mIdentifier["account_name"]; result["passwd"] = mAuthenticator["secret"]; } -- cgit v1.2.3 From 73e86b0bed548b2aaba8d92837e562d6d753808a Mon Sep 17 00:00:00 2001 From: Karen Lahey Date: Thu, 15 Oct 2009 16:52:03 -0700 Subject: MAC Address Change no longer causes viewer to die cr:Roxie --- indra/newview/llsecapi.cpp | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index a928b4580e..ba343f5387 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -50,11 +50,33 @@ void initializeSecHandler() OpenSSL_add_all_digests(); gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); + // Currently, we only have the Basic handler, so we can point the main sechandler // pointer to the basic handler. Later, we'll create a wrapper handler that // selects the appropriate sechandler as needed, for instance choosing the // mac keyring handler, with fallback to the basic sechandler gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER]; + + // initialize all SecAPIHandlers + LLProtectedDataException ex = LLProtectedDataException(""); + std::map >::const_iterator itr; + for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr) + { + LLPointer handler = (*itr).second; + try + { + handler->init(); + } + catch (LLProtectedDataException e) + { + ex = e; + } + } + if (ex.getMessage().length() > 0 ) // an exception was thrown. + { + throw ex; + } + } // start using a given security api handler. If the string is empty // the default is used -- cgit v1.2.3