From 73e86b0bed548b2aaba8d92837e562d6d753808a Mon Sep 17 00:00:00 2001 From: Karen Lahey Date: Thu, 15 Oct 2009 16:52:03 -0700 Subject: MAC Address Change no longer causes viewer to die cr:Roxie --- indra/newview/llappviewer.cpp | 14 ++++++++-- indra/newview/llsecapi.cpp | 22 ++++++++++++++++ indra/newview/llsecapi.h | 12 ++++++--- indra/newview/llsechandler_basic.cpp | 30 ++++++++++++++-------- indra/newview/llsechandler_basic.h | 2 ++ .../newview/skins/default/xui/en/notifications.xml | 12 +++++++++ indra/newview/tests/llsechandler_basic_test.cpp | 5 ++++ 7 files changed, 82 insertions(+), 15 deletions(-) (limited to 'indra/newview') diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp index 187038ab15..c2f8487aa9 100644 --- a/indra/newview/llappviewer.cpp +++ b/indra/newview/llappviewer.cpp @@ -620,8 +620,6 @@ bool LLAppViewer::init() LLCurl::initClass(); initThreads(); - initializeSecHandler(); - LLHTTPClient::setCertVerifyCallback(secapiSSLCertVerifyCallback); writeSystemInfo(); // Build a string representing the current version number. @@ -862,6 +860,7 @@ bool LLAppViewer::init() } } + // save the graphics card gDebugInfo["GraphicsCard"] = LLFeatureManager::getInstance()->getGPUString(); @@ -872,6 +871,17 @@ bool LLAppViewer::init() gSimFrames = (F32)gFrameCount; LLViewerJoystick::getInstance()->init(false); + + try { + initializeSecHandler(); + } + catch (LLProtectedDataException ex) + { + LLNotificationsUtil::add("CorruptedProtectedDataStore"); + } + LLHTTPClient::setCertVerifyCallback(secapiSSLCertVerifyCallback); + + gGLActive = FALSE; if (gSavedSettings.getBOOL("QAMode") && gSavedSettings.getS32("QAModeEventHostPort") > 0) { diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index a928b4580e..ba343f5387 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -50,11 +50,33 @@ void initializeSecHandler() OpenSSL_add_all_digests(); gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); + // Currently, we only have the Basic handler, so we can point the main sechandler // pointer to the basic handler. Later, we'll create a wrapper handler that // selects the appropriate sechandler as needed, for instance choosing the // mac keyring handler, with fallback to the basic sechandler gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER]; + + // initialize all SecAPIHandlers + LLProtectedDataException ex = LLProtectedDataException(""); + std::map >::const_iterator itr; + for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr) + { + LLPointer handler = (*itr).second; + try + { + handler->init(); + } + catch (LLProtectedDataException e) + { + ex = e; + } + } + if (ex.getMessage().length() > 0 ) // an exception was thrown. + { + throw ex; + } + } // start using a given security api handler. If the string is empty // the default is used diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index d3fb3c4c07..b11563ef62 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -47,7 +47,7 @@ #define CERT_ISSUER_NAME "issuer_name" #define CERT_NAME_CN "commonName" -#define CERT_SUBJECT_NAME_STRING "subject_name_string" +#define CERT_SUBJECT_NAME_STRING "subject_name_string" #define CERT_ISSUER_NAME_STRING "issuer_name_string" #define CERT_SERIAL_NUMBER "serial_number" @@ -118,9 +118,10 @@ class LLProtectedDataException public: LLProtectedDataException(const char *msg) { - llerrs << "Certificate Error: " << msg << llendl; - mMsg = std::string(msg); + LL_WARNS("SECAPI") << "Protected Data Error: " << (std::string)msg << LL_ENDL; + mMsg = (std::string)msg; } + std::string getMessage() { return mMsg; } protected: std::string mMsg; }; @@ -421,13 +422,18 @@ class LLSecAPIHandler : public LLRefCount { public: + LLSecAPIHandler() {} virtual ~LLSecAPIHandler() {} + // initialize the SecAPIHandler + virtual void init() {}; + // instantiate a certificate from a pem string virtual LLPointer getCertificate(const std::string& pem_cert)=0; + // instiate a certificate from an openssl X509 structure virtual LLPointer getCertificate(X509* openssl_cert)=0; diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 097cc395d7..1453506b0d 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -1028,20 +1028,29 @@ LLSecAPIBasicHandler::LLSecAPIBasicHandler(const std::string& protected_data_fil mProtectedDataFilename = protected_data_file; mProtectedDataMap = LLSD::emptyMap(); mLegacyPasswordPath = legacy_password_path; - _readProtectedData(); + } LLSecAPIBasicHandler::LLSecAPIBasicHandler() { - mProtectedDataFilename = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, - "bin_conf.dat"); - mLegacyPasswordPath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "password.dat"); +} + +void LLSecAPIBasicHandler::init() +{ + if (mProtectedDataFilename.length() == 0) + { + mProtectedDataFilename = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, + "bin_conf.dat"); + } + if (mLegacyPasswordPath.length() == 0) + { + mLegacyPasswordPath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "password.dat"); + } mProtectedDataMap = LLSD::emptyMap(); mProtectedDataFilename = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "bin_conf.dat"); - _readProtectedData(); std::string store_file = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "CA.pem"); @@ -1051,8 +1060,6 @@ LLSecAPIBasicHandler::LLSecAPIBasicHandler() // will reduce that risk. // by using a user file, modifications will be limited to one user if // we read-only the main file - - if (!LLFile::isfile(store_file)) { @@ -1071,8 +1078,9 @@ LLSecAPIBasicHandler::LLSecAPIBasicHandler() } LL_INFOS("SECAPI") << "Loading certificate store from " << store_file << LL_ENDL; mStore = new LLBasicCertificateStore(store_file); + _readProtectedData(); // initialize mProtectedDataMap + // may throw LLProtectedDataException if saved datamap is not decryptable } - LLSecAPIBasicHandler::~LLSecAPIBasicHandler() { _writeProtectedData(); @@ -1084,6 +1092,7 @@ void LLSecAPIBasicHandler::_readProtectedData() LLPointer parser = new LLSDXMLParser(); llifstream protected_data_stream(mProtectedDataFilename.c_str(), llifstream::binary); + if (!protected_data_stream.fail()) { int offset; U8 salt[STORE_SALT_SIZE]; @@ -1099,7 +1108,7 @@ void LLSecAPIBasicHandler::_readProtectedData() offset = 0; if (protected_data_stream.gcount() < STORE_SALT_SIZE) { - throw LLProtectedDataException("Corrupt Protected Data Store1"); + throw LLProtectedDataException("Config file too short."); } cipher.decrypt(salt, STORE_SALT_SIZE); @@ -1139,7 +1148,7 @@ void LLSecAPIBasicHandler::_readProtectedData() if (parser->parse(parse_stream, mProtectedDataMap, LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE) { - throw LLProtectedDataException("Corrupt Protected Data Store"); + throw LLProtectedDataException("Config file cannot be decrypted."); } } } @@ -1254,6 +1263,7 @@ LLPointer LLSecAPIBasicHandler::getCertificateStore(const st LLSD LLSecAPIBasicHandler::getProtectedData(const std::string& data_type, const std::string& data_id) { + if (mProtectedDataMap.has(data_type) && mProtectedDataMap[data_type].isMap() && mProtectedDataMap[data_type].has(data_id)) diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index e041322260..4bbb73f062 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -221,6 +221,8 @@ public: const std::string& legacy_password_path); LLSecAPIBasicHandler(); + void init(); + virtual ~LLSecAPIBasicHandler(); // instantiate a certificate from a pem string diff --git a/indra/newview/skins/default/xui/en/notifications.xml b/indra/newview/skins/default/xui/en/notifications.xml index d177cfce7d..333f5d3d2a 100644 --- a/indra/newview/skins/default/xui/en/notifications.xml +++ b/indra/newview/skins/default/xui/en/notifications.xml @@ -1356,6 +1356,18 @@ Unknown Vorbis encode failure on: [FILE] Unable to encode file: [FILE] + + We are unable to read your protected data so it is being reset. + This may happen when you change network setup. + + + + handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); + handler.init(); // data retrieval for existing data LLSD data = handler->getProtectedData("test_data_type", "test_data_id"); @@ -397,6 +398,7 @@ namespace tut // cause a 'write' by using 'LLPointer' to delete then instantiate a handler handler = NULL; handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); + handler.init(); data = handler->getProtectedData("test_data_type1", "test_data_id"); ensure_equals("verify datatype stored data3a", (std::string)data["store_data3"], "test_store_data3"); @@ -411,6 +413,7 @@ namespace tut // cause a 'write' handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); + handler.init(); data = handler->getProtectedData("test_data_type1", "test_data_id"); ensure("not found", data.isUndefined()); @@ -419,6 +422,7 @@ namespace tut LLFile::remove("sechandler_settings.tmp"); handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); + handler.init(); data = handler->getProtectedData("test_data_type1", "test_data_id"); ensure("not found", data.isUndefined()); handler = NULL; @@ -431,6 +435,7 @@ namespace tut void sechandler_basic_test_object::test<3>() { LLPointer handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); + handler.init(); LLSD my_id = LLSD::emptyMap(); LLSD my_authenticator = LLSD::emptyMap(); -- cgit v1.2.3