download.lst | 4
external/curl/ExternalPackage_curl.mk | 2
external/curl/ExternalProject_curl.mk | 2
external/curl/curl-7.26.0_win-proxy.patch | 12
external/curl/curl-nss.patch.1 | 6
external/curl/zlib.patch.0 | 16 -
include/sfx2/strings.hrc | 2
include/sfx2/viewfrm.hxx | 1
officecfg/registry/schema/org/openoffice/Office/Common.xcs | 16 +
sfx2/source/view/viewfrm.cxx | 40 ++
svl/source/passwordcontainer/passwordcontainer.cxx | 198 +++++++++----
svl/source/passwordcontainer/passwordcontainer.hxx | 69 +++-
uui/source/iahndl-authentication.cxx | 5
13 files changed, 284 insertions(+), 89 deletions(-)
New commits:
commit 812d5a5ec241b092d48b5a5ffe27e2e6fb5acdf8
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu May 12 11:43:59 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sun May 22 22:16:25 2022 +0200
curl: upgrade to release 7.83.1
Fixes CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781
plus 6 more CVEs that shouldn't affect LO.
Remove obsolete configure-eval-fix.patch.0.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134225
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 58a3bf5199818e30ef4207213f29692d81b519c6)
upgrade to curl-7.81.0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128783
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 40a84af1bdd7b3c414a8a78ca32b0951c03f9976)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134246
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit f668663d63d5b0f37d4727b54585c3b67ab92162)
Change-Id: I0a34239bfb16bf19e25bf374c7f36c4cdf1776c1
fbd7ff5acf390df1d95d6b8be0dc7751e4753bbe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134393
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 97a027eaf1de..cee8f8d98763 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
0606f74b1182ab732a17c11613cbbaf7084f2e6cca432642d0e3ad7c224c3689
-export CURL_TARBALL := curl-7.79.1.tar.xz
+export CURL_SHA256SUM :=
2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4
+export CURL_TARBALL := curl-7.83.1.tar.xz
export EBOOK_SHA256SUM :=
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM :=
002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
diff --git a/external/curl/ExternalPackage_curl.mk
b/external/curl/ExternalPackage_curl.mk
index 1fb360c85ca9..3308074b363c 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -20,7 +20,7 @@ $(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dyli
else ifeq ($(OS),AIX)
$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
else
-$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0))
+$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.8.0))
endif
endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk
b/external/curl/ExternalProject_curl.mk
index 81886b36fbc5..2bf98e2b2e3e 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -42,7 +42,7 @@ $(call gb_ExternalProject_get_state_target,curl,build):
./configure \
$(if $(filter IOS MACOSX,$(OS)),\
--with-secure-transport,\
- $(if $(ENABLE_NSS),--with-nss$(if
$(SYSTEM_NSS),,="$(call
gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
+ $(if $(ENABLE_NSS),--with-nss$(if
$(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out")
--with-nss-deprecated,--without-nss)) \
--without-ssl --without-gnutls --without-polarssl
--without-cyassl --without-axtls --without-mbedtls \
--enable-ftp --enable-http --enable-ipv6 \
--without-libidn2 --without-libpsl --without-librtmp \
diff --git a/external/curl/curl-7.26.0_win-proxy.patch
b/external/curl/curl-7.26.0_win-proxy.patch
index 5bb98fa04741..c5498c3fdebb 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -31,7 +31,7 @@
+{
+ int bufSize;
+ char *out = NULL;
-+ if(wStr != NULL) {
++ if(wStr) {
+ bufSize = WideCharToMultiByte(
+ CP_ACP, 0, wStr, -1, NULL, 0, NULL, NULL);
+ out = (char *)malloc(bufSize * sizeof(char));
@@ -63,10 +63,10 @@
+ ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass);
+
+ /* Convert the ieNoProxy into a proper no_proxy value */
-+ if(NULL != ieNoProxy) {
++ if(ieNoProxy) {
+ no_proxy = strdup(ieNoProxy);
+ pos = strpbrk(no_proxy, "; ");
-+ while(NULL != pos) {
++ while(pos) {
+ no_proxy[pos-no_proxy] = ',';
+ pos = strpbrk(no_proxy, "; ");
+ }
@@ -77,9 +77,9 @@
+ char *tok;
+ char *saveptr;
+
-+ if(NULL != ieProxy) {
++ if(ieProxy) {
+ tok = strtok_s(ieProxy, ";", &saveptr);
-+ if(strchr(tok, '=') == NULL) {
++ if(!strchr(tok, '=')) {
+ proxy = strdup(ieProxy);
+ }
+ else {
@@ -90,7 +90,7 @@
+ }
+ tok = strtok_s(NULL, ";", &saveptr);
+ }
-+ while(NULL != tok);
++ while(tok);
+ }
+ }
+ }
commit f22beaf5805b2a1aaccdb9a6f830ff7ba500a657
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Oct 20 10:41:42 2021 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sun May 22 22:16:14 2022 +0200
upgrade curl to 7.79.1
includes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
Change-Id: I0047bdaa7e6e3aed1317eb014d2051a4d5ac5964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123883
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit a08d1dc4ee904428ef6f78208cc2508d3fc3717b)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134392
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 9f2b42f205a7..97a027eaf1de 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5
-export CURL_TARBALL := curl-7.78.0.tar.xz
+export CURL_SHA256SUM :=
0606f74b1182ab732a17c11613cbbaf7084f2e6cca432642d0e3ad7c224c3689
+export CURL_TARBALL := curl-7.79.1.tar.xz
export EBOOK_SHA256SUM :=
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM :=
002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1
index 69fde5f7f236..d4dad7eba77e 100644
--- a/external/curl/curl-nss.patch.1
+++ b/external/curl/curl-nss.patch.1
@@ -1,9 +1,9 @@
diff -ur curl.org/configure curl/configure
--- curl.org/configure 2016-03-13 15:14:07.177000076 +0100
+++ curl/configure 2016-03-13 15:16:44.132000076 +0100
-@@ -24009,7 +24009,7 @@
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired
libraries and compilation flags for NSS." >&5
- $as_echo "$as_me: WARNING: Using hard-wired libraries and compilation flags
for NSS." >&2;}
+@@ -28216,7 +28216,7 @@
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired
libraries and compilation flags for NSS." >&5
+ printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation
flags for NSS." >&2;}
addld="-L$OPT_NSS/lib"
- addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
+ addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3"
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index f4a0ad4b152f..e0f579f8675a 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -1,22 +1,22 @@
--- configure
+++ configure
-@@ -20709,7 +20709,6 @@
+@@ -22699,7 +22699,6 @@
clean_CPPFLAGS=$CPPFLAGS
clean_LDFLAGS=$LDFLAGS
clean_LIBS=$LIBS
-ZLIB_LIBS=""
# Check whether --with-zlib was given.
- if test "${with_zlib+set}" = set; then :
-@@ -20718,6 +20719,7 @@
+ if test ${with_zlib+y}
+@@ -22709,6 +22708,7 @@
if test "$OPT_ZLIB" = "no" ; then
+ ZLIB_LIBS=""
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5
- $as_echo "$as_me: WARNING: zlib disabled" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5
+ printf "%s\n" "$as_me: WARNING: zlib disabled" >&2;}
else
-@@ -20725,6 +20725,21 @@
+@@ -22716,6 +22716,21 @@
OPT_ZLIB=""
fi
@@ -38,8 +38,8 @@
if test -z "$OPT_ZLIB" ; then
if test -n "$PKG_CONFIG"; then
-@@ -21005,6 +21020,7 @@
- $as_echo "$as_me: found both libz and libz.h header" >&6;}
+@@ -23011,6 +23026,7 @@
+ printf "%s\n" "$as_me: found both libz and libz.h header" >&6;}
curl_zlib_msg="enabled"
fi
+ fi
commit 844cd33a4bdde15aeb1dee080203827861ad76c8
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Mar 22 17:22:22 2022 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sun May 22 22:15:21 2022 +0200
add Initialization Vectors to password storage
old ones default to the current all zero case and continue to work
as before
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)
Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133907
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index d4008778f37e..88f06de0bf63 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -27,6 +27,11 @@
<info>
<desc>Contains a container for passwords.</desc>
</info>
+ <prop oor:name="InitializationVector" oor:type="xs:string">
+ <info>
+ <desc>Contains an initialization vector for the password
encryption.</desc>
+ </info>
+ </prop>
<prop oor:name="Password" oor:type="xs:string" oor:localized="false">
<info>
<desc>Contains a password encoded with the master password.</desc>
@@ -915,6 +920,11 @@
</info>
<value>false</value>
</prop>
+ <prop oor:name="MasterInitializationVector" oor:type="xs:string">
+ <info>
+ <desc>Contains an initialization vector for the master password
encryption.</desc>
+ </info>
+ </prop>
<prop oor:name="Master" oor:type="xs:string" oor:nillable="false">
<info>
<desc>Contains the master password encrypted by itself.</desc>
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx
b/svl/source/passwordcontainer/passwordcontainer.cxx
index c023b74c5307..9b4b3088e5cf 100644
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
@@ -185,15 +185,18 @@ PassMap StorageItem::getInfo()
Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" );
sal_Int32 aNodeCount = aNodeNames.getLength();
- Sequence< OUString > aPropNames( aNodeCount );
+ Sequence< OUString > aPropNames( aNodeCount * 2);
std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(),
[](const OUString& rName) -> OUString {
return "Store/Passwordstorage['" + rName + "']/Password"; });
+ std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.getArray()
+ aNodeCount,
+ [](const OUString& rName) -> OUString {
+ return "Store/Passwordstorage['" + rName +
"']/InitializationVector"; });
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames );
- if( aPropertyValues.getLength() != aNodeCount )
+ if( aPropertyValues.getLength() != aNodeCount * 2)
{
OSL_FAIL( "Problems during reading" );
return aResult;
@@ -209,14 +212,16 @@ PassMap StorageItem::getInfo()
OUString aName = aUrlUsr[1];
OUString aEPasswd;
+ OUString aIV;
aPropertyValues[aNodeInd] >>= aEPasswd;
+ aPropertyValues[aNodeInd + aNodeCount] >>= aIV;
PassMap::iterator aIter = aResult.find( aUrl );
if( aIter != aResult.end() )
- aIter->second.emplace_back( aName, aEPasswd );
+ aIter->second.emplace_back( aName, aEPasswd, aIV );
else
{
- NamePassRecord aNewRecord( aName, aEPasswd );
+ NamePassRecord aNewRecord( aName, aEPasswd, aIV );
std::vector< NamePassRecord > listToAdd( 1, aNewRecord );
aResult.insert( PairUrlRecord( aUrl, listToAdd ) );
@@ -280,17 +285,19 @@ sal_Int32 StorageItem::getStorageVersion()
return nResult;
}
-bool StorageItem::getEncodedMP( OUString& aResult )
+bool StorageItem::getEncodedMP( OUString& aResult, OUString& aResultIV )
{
if( hasEncoded )
{
aResult = mEncoded;
+ aResultIV = mEncodedIV;
return true;
}
- Sequence< OUString > aNodeNames( 2 );
+ Sequence< OUString > aNodeNames( 3 );
aNodeNames[0] = "HasMaster";
aNodeNames[1] = "Master";
+ aNodeNames[2] = "MasterInitializationVector";
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
@@ -302,32 +309,37 @@ bool StorageItem::getEncodedMP( OUString& aResult )
aPropertyValues[0] >>= hasEncoded;
aPropertyValues[1] >>= mEncoded;
+ aPropertyValues[2] >>= mEncodedIV;
aResult = mEncoded;
+ aResultIV = mEncodedIV;
return hasEncoded;
}
-void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
+void StorageItem::setEncodedMP( const OUString& aEncoded, const OUString&
aEncodedIV, bool bAcceptEmpty )
{
- Sequence< OUString > sendNames(3);
- Sequence< uno::Any > sendVals(3);
+ Sequence< OUString > sendNames(4);
+ Sequence< uno::Any > sendVals(4);
sendNames[0] = "HasMaster";
sendNames[1] = "Master";
- sendNames[2] = "StorageVersion";
+ sendNames[2] = "MasterInitializationVector";
+ sendNames[3] = "StorageVersion";
bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
sendVals[0] <<= bHasMaster;
sendVals[1] <<= aEncoded;
- sendVals[2] <<= nCurrentStorageVersion;
+ sendVals[2] <<= aEncodedIV;
+ sendVals[3] <<= nCurrentStorageVersion;
ConfigItem::SetModified();
ConfigItem::PutProperties( sendNames, sendVals );
hasEncoded = bHasMaster;
mEncoded = aEncoded;
+ mEncodedIV = aEncodedIV;
}
@@ -363,11 +375,13 @@ void StorageItem::update( const OUString& aURL, const
NamePassRecord& aRecord )
forIndex.push_back( aURL );
forIndex.push_back( aRecord.GetUserName() );
- Sequence< beans::PropertyValue > sendSeq(1);
+ Sequence< beans::PropertyValue > sendSeq(2);
- sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( forIndex ) +
"']/Password";
+ sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( { aURL,
aRecord.GetUserName() } ) + "']/InitializationVector";
+ sendSeq[0].Value <<= aRecord.GetPersistentIV();
- sendSeq[0].Value <<= aRecord.GetPersPasswords();
+ sendSeq[1].Name = "Store/Passwordstorage['" + createIndex( forIndex ) +
"']/Password";
+ sendSeq[1].Value <<= aRecord.GetPersPasswords();
ConfigItem::SetModified();
ConfigItem::SetSetProperties( "Store", sendSeq );
@@ -428,7 +442,7 @@ void SAL_CALL PasswordContainer::disposing( const
EventObject& )
}
}
-std::vector< OUString > PasswordContainer::DecodePasswords( const OUString&
aLine, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
+std::vector< OUString > PasswordContainer::DecodePasswords( const OUString&
aLine, const OUString& aIV, const OUString& aMasterPasswd,
css::task::PasswordRequestMode mode )
{
if( !aMasterPasswd.isEmpty() )
{
@@ -443,9 +457,16 @@ std::vector< OUString >
PasswordContainer::DecodePasswords( const OUString& aLin
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2
).toUInt32(16));
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
+ if (!aIV.isEmpty())
+ {
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2
).toUInt32(16));
+ }
+
rtlCipherError result = rtl_cipher_init (
aDecoder, rtl_Cipher_DirectionDecode,
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
if( result == rtl_Cipher_E_None )
{
@@ -478,7 +499,7 @@ std::vector< OUString > PasswordContainer::DecodePasswords(
const OUString& aLin
"Can't decode!", css::uno::Reference<css::uno::XInterface>(), mode);
}
-OUString PasswordContainer::EncodePasswords(const std::vector< OUString >&
lines, const OUString& aMasterPasswd )
+OUString PasswordContainer::EncodePasswords(const std::vector< OUString >&
lines, const OUString& aIV, const OUString& aMasterPasswd)
{
if( !aMasterPasswd.isEmpty() )
{
@@ -495,9 +516,16 @@ OUString PasswordContainer::EncodePasswords(const
std::vector< OUString >& lines
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2
).toUInt32(16));
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
+ if (!aIV.isEmpty())
+ {
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2
).toUInt32(16));
+ }
+
rtlCipherError result = rtl_cipher_init (
aEncoder, rtl_Cipher_DirectionEncode,
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
if( result == rtl_Cipher_E_None )
{
@@ -565,7 +593,7 @@ void PasswordContainer::UpdateVector( const OUString& aURL,
std::vector< NamePas
if( aRecord.HasPasswords( PERSISTENT_RECORD ) )
{
- aNPIter.SetPersPasswords( aRecord.GetPersPasswords() );
+ aNPIter.SetPersPasswords( aRecord.GetPersPasswords(),
aRecord.GetPersistentIV() );
if( writeFile )
{
@@ -598,7 +626,8 @@ UserRecord PasswordContainer::CopyToUserRecord( const
NamePassRecord& aRecord, b
{
try
{
- ::std::vector< OUString > aDecodedPasswords = DecodePasswords(
aRecord.GetPersPasswords(), GetMasterPassword( aHandler ),
css::task::PasswordRequestMode_PASSWORD_ENTER );
+ ::std::vector< OUString > aDecodedPasswords = DecodePasswords(
aRecord.GetPersPasswords(), aRecord.GetPersistentIV(),
+
GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
aPasswords.insert( aPasswords.end(), aDecodedPasswords.begin(),
aDecodedPasswords.end() );
}
catch( NoMasterException& )
@@ -643,6 +672,19 @@ void SAL_CALL PasswordContainer::addPersistent( const
OUString& Url, const OUStr
PrivateAdd( Url, UserName, Passwords, PERSISTENT_RECORD, aHandler );
}
+OUString PasswordContainer::createIV()
+{
+ rtlRandomPool randomPool = mRandomPool.get();
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5];
+ rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5);
+ OUStringBuffer aBuffer;
+ for (sal_uInt8 i : iv)
+ {
+ aBuffer.append(OUString::number(i >> 4, 16));
+ aBuffer.append(OUString::number(i & 15, 16));
+ }
+ return aBuffer.makeStringAndClear();
+}
void PasswordContainer::PrivateAdd( const OUString& Url, const OUString&
UserName, const Sequence< OUString >& Passwords, char Mode, const Reference<
XInteractionHandler >& aHandler )
{
@@ -650,7 +692,11 @@ void PasswordContainer::PrivateAdd( const OUString& Url,
const OUString& UserNam
::std::vector< OUString > aStorePass = comphelper::sequenceToContainer<
std::vector<OUString> >( Passwords );
if( Mode == PERSISTENT_RECORD )
- aRecord.SetPersPasswords( EncodePasswords( aStorePass,
GetMasterPassword( aHandler ) ) );
+ {
+ OUString sIV = createIV();
+ OUString sEncodedPasswords = EncodePasswords( aStorePass, sIV,
GetMasterPassword( aHandler ) );
+ aRecord.SetPersPasswords( sEncodedPasswords, sIV );
+ }
else if( Mode == MEMORY_RECORD )
aRecord.SetMemPasswords( aStorePass );
else
@@ -843,10 +889,10 @@ OUString const & PasswordContainer::GetMasterPassword(
const Reference< XInterac
if( m_aMasterPasswd.isEmpty() && aHandler.is() )
{
- OUString aEncodedMP;
+ OUString aEncodedMP, aEncodedMPIV;
bool bDefaultPassword = false;
- if( !m_pStorageFile->getEncodedMP( aEncodedMP ) )
+ if( !m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
aRMode = PasswordRequestMode_PASSWORD_CREATE;
else if ( aEncodedMP.isEmpty() )
{
@@ -868,14 +914,15 @@ OUString const & PasswordContainer::GetMasterPassword(
const Reference< XInterac
m_aMasterPasswd = aPass;
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
- m_pStorageFile->setEncodedMP( EncodePasswords(
aMaster, m_aMasterPasswd ) );
+ OUString sIV = createIV();
+ m_pStorageFile->setEncodedMP( EncodePasswords(
aMaster, sIV, m_aMasterPasswd ), sIV );
}
else
{
if (m_pStorageFile->getStorageVersion() == 0)
aPass = ReencodeAsOldHash(aPass);
- std::vector< OUString > aRM( DecodePasswords(
aEncodedMP, aPass, aRMode ) );
+ std::vector< OUString > aRM( DecodePasswords(
aEncodedMP, aEncodedMPIV, aPass, aRMode ) );
if( aRM.empty() || aPass != aRM[0] )
{
bAskAgain = true;
@@ -1032,7 +1079,8 @@ Sequence< UrlRecord > SAL_CALL
PasswordContainer::getAllPersistent( const Refere
{
sal_Int32 oldLen = aUsers.getLength();
aUsers.realloc( oldLen + 1 );
- aUsers[ oldLen ] = UserRecord( aNP.GetUserName(),
comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(),
GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER )
) );
+ aUsers[ oldLen ] = UserRecord( aNP.GetUserName(),
comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(),
aNP.GetPersistentIV(),
+
GetMasterPassword( xHandler ),
css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
}
if( aUsers.getLength() )
@@ -1049,12 +1097,12 @@ Sequence< UrlRecord > SAL_CALL
PasswordContainer::getAllPersistent( const Refere
sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const
uno::Reference< task::XInteractionHandler >& xHandler )
{
bool bResult = false;
- OUString aEncodedMP;
+ OUString aEncodedMP, aEncodedMPIV;
uno::Reference< task::XInteractionHandler > xTmpHandler = xHandler;
::osl::MutexGuard aGuard( mMutex );
// the method should fail if there is no master password
- if( m_pStorageFile && m_pStorageFile->useStorage() &&
m_pStorageFile->getEncodedMP( aEncodedMP ) )
+ if( m_pStorageFile && m_pStorageFile->useStorage() &&
m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
{
if ( aEncodedMP.isEmpty() )
{
@@ -1123,8 +1171,8 @@ sal_Bool SAL_CALL
PasswordContainer::changeMasterPassword( const uno::Reference<
bool bCanChangePassword = true;
// if there is already a stored master password it should be entered
by the user before the change happen
- OUString aEncodedMP;
- if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP(
aEncodedMP ) )
+ OUString aEncodedMP, aEncodedMPIV;
+ if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP(
aEncodedMP, aEncodedMPIV ) )
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
if ( bCanChangePassword )
@@ -1143,7 +1191,8 @@ sal_Bool SAL_CALL
PasswordContainer::changeMasterPassword( const uno::Reference<
// store the new master password
m_aMasterPasswd = aPass;
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
- m_pStorageFile->setEncodedMP( EncodePasswords( aMaster,
m_aMasterPasswd ) );
+ OUString aIV = createIV();
+ m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, aIV,
m_aMasterPasswd ), aIV );
// store all the entries with the new password
for ( const auto& rURL : aPersistent )
@@ -1168,7 +1217,7 @@ void SAL_CALL PasswordContainer::removeMasterPassword()
if ( m_pStorageFile )
{
m_aMasterPasswd.clear();
- m_pStorageFile->setEncodedMP( OUString() ); // let the master password
be removed from configuration
+ m_pStorageFile->setEncodedMP( OUString(), OUString() ); // let the
master password be removed from configuration
}
}
@@ -1179,8 +1228,8 @@ sal_Bool SAL_CALL PasswordContainer::hasMasterPassword( )
if ( !m_pStorageFile )
throw uno::RuntimeException();
- OUString aEncodedMP;
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP ) );
+ OUString aEncodedMP, aEncodedMPIV;
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP, aEncodedMPIV ) );
}
sal_Bool SAL_CALL PasswordContainer::allowPersistentStoring( sal_Bool bAllow )
@@ -1227,8 +1276,8 @@ sal_Bool SAL_CALL
PasswordContainer::useDefaultMasterPassword( const uno::Refere
bool bCanChangePassword = true;
// if there is already a stored nondefault master password it should
be entered by the user before the change happen
- OUString aEncodedMP;
- if( m_pStorageFile->getEncodedMP( aEncodedMP ) &&
!aEncodedMP.isEmpty() )
+ OUString aEncodedMP, aEncodedMPIV;
+ if( m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) &&
!aEncodedMP.isEmpty() )
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
if ( bCanChangePassword )
@@ -1245,7 +1294,7 @@ sal_Bool SAL_CALL
PasswordContainer::useDefaultMasterPassword( const uno::Refere
// store the empty string to flag the default master password
m_aMasterPasswd = aPass;
- m_pStorageFile->setEncodedMP( OUString(), true );
+ m_pStorageFile->setEncodedMP( OUString(), OUString(), true );
// store all the entries with the new password
for ( const auto& rURL : aPersistent )
@@ -1269,8 +1318,8 @@ sal_Bool SAL_CALL
PasswordContainer::isDefaultMasterPasswordUsed()
if ( !m_pStorageFile )
throw uno::RuntimeException();
- OUString aEncodedMP;
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP ) && aEncodedMP.isEmpty() );
+ OUString aEncodedMP, aEncodedMPIV;
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP, aEncodedMPIV ) && aEncodedMP.isEmpty() );
}
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx
b/svl/source/passwordcontainer/passwordcontainer.hxx
index 6ad1eee3d0d5..94ca40dcf90b 100644
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
@@ -36,6 +36,7 @@
#include <unotools/configitem.hxx>
#include <ucbhelper/interactionrequest.hxx>
+#include <rtl/random.h>
#include <rtl/ref.hxx>
#include <osl/mutex.hxx>
@@ -54,11 +55,12 @@ class NamePassRecord
::std::vector< OUString > m_aMemPass;
// persistent passwords are encrypted in one string
- bool m_bHasPersPass;
+ bool m_bHasPersPass;
OUString m_aPersPass;
+ OUString m_aPersistentIV;
void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >&
aMemoryList,
- bool bHasPersistentList, const OUString& aPersistentList )
+ bool bHasPersistentList, const OUString& aPersistentList,
const OUString& aPersistentIV )
{
m_bHasMemPass = bHasMemoryList;
if ( bHasMemoryList )
@@ -66,7 +68,10 @@ class NamePassRecord
m_bHasPersPass = bHasPersistentList;
if ( bHasPersistentList )
+ {
m_aPersPass = aPersistentList;
+ m_aPersistentIV = aPersistentIV;
+ }
}
public:
@@ -78,11 +83,12 @@ public:
{
}
- NamePassRecord( const OUString& aName, const OUString& aPersistentList )
+ NamePassRecord( const OUString& aName, const OUString& aPersistentList,
const OUString& aPersistentIV )
: m_aName( aName )
, m_bHasMemPass( false )
, m_bHasPersPass( true )
, m_aPersPass( aPersistentList )
+ , m_aPersistentIV( aPersistentIV )
{
}
@@ -91,7 +97,8 @@ public:
, m_bHasMemPass( false )
, m_bHasPersPass( false )
{
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass,
aRecord.m_aPersistentIV );
}
NamePassRecord& operator=( const NamePassRecord& aRecord )
@@ -102,7 +109,9 @@ public:
m_aMemPass.clear();
m_aPersPass.clear();
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+ m_aPersistentIV.clear();
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass,
aRecord.m_aPersistentIV );
}
return *this;
}
@@ -138,15 +147,24 @@ public:
return OUString();
}
+ OUString GetPersistentIV() const
+ {
+ if ( m_bHasPersPass )
+ return m_aPersistentIV;
+
+ return OUString();
+ }
+
void SetMemPasswords( const ::std::vector< OUString >& aMemList )
{
m_aMemPass = aMemList;
m_bHasMemPass = true;
}
- void SetPersPasswords( const OUString& aPersList )
+ void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV )
{
m_aPersPass = aPersList;
+ m_aPersistentIV = aPersIV;
m_bHasPersPass = true;
}
@@ -161,6 +179,7 @@ public:
{
m_bHasPersPass = false;
m_aPersPass.clear();
+ m_aPersistentIV.clear();
}
}
@@ -184,6 +203,7 @@ private:
PasswordContainer* mainCont;
bool hasEncoded;
OUString mEncoded;
+ OUString mEncodedIV;
virtual void ImplCommit() override;
@@ -204,8 +224,8 @@ public:
sal_Int32 getStorageVersion();
- bool getEncodedMP( OUString& aResult );
- void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
+ bool getEncodedMP( OUString& aResult, OUString& aResultIV );
+ void setEncodedMP( const OUString& aResult, const OUString& aResultIV,
bool bAcceptEmpty = false );
void setUseStorage( bool bUse );
bool useStorage();
@@ -226,6 +246,29 @@ private:
css::uno::Reference< css::lang::XComponent > mComponent;
SysCredentialsConfig mUrlContainer;
+ class RandomPool
+ {
+ private:
+ rtlRandomPool m_aRandomPool;
+ public:
+ RandomPool() : m_aRandomPool(rtl_random_createPool())
+ {
+ }
+ rtlRandomPool get()
+ {
+ return m_aRandomPool;
+ }
+ ~RandomPool()
+ {
+ // Clean up random pool memory
+ rtl_random_destroyPool(m_aRandomPool);
+ }
+ };
+
+ RandomPool mRandomPool;
+
+ OUString createIV();
+
/// @throws css::uno::RuntimeException
css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence(
const ::std::vector< NamePassRecord >&
original,
@@ -276,10 +319,10 @@ css::task::UrlRecord find(
const css::uno::Reference<
css::task::XInteractionHandler >& Handler );
/// @throws css::uno::RuntimeException
- static ::std::vector< OUString > DecodePasswords( const OUString& aLine,
const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
+ static ::std::vector< OUString > DecodePasswords( const OUString& aLine,
const OUString& aIV, const OUString& aMasterPassword,
css::task::PasswordRequestMode mode );
/// @throws css::uno::RuntimeException
- static OUString EncodePasswords(const std::vector< OUString >& lines,
const OUString& aMasterPassword );
+ static OUString EncodePasswords(const std::vector< OUString >& lines,
const OUString& aIV, const OUString& aMasterPassword );
public:
PasswordContainer( const css::uno::Reference<
css::lang::XMultiServiceFactory >& );
commit cd297a268ceab8ccd9db26c24732a220ed2b8fe5
Author: Arkadiy Illarionov <qar...@gmail.com>
AuthorDate: Sat Jul 13 21:29:10 2019 +0300
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sun May 22 22:15:11 2022 +0200
Simplify Sequence iterations in svl [only passwordcontainer.cxx]
Use range-based loops, STL and comphelper functions
Reviewed-on: https://gerrit.libreoffice.org/75563
Tested-by: Jenkins
Reviewed-by: Arkadiy Illarionov <qar...@gmail.com>
(cherry picked from commit c9cce0d931b41ede0eca14b2ed2b84453f048362)
Change-Id: I1c3dbf194600bec60c0881d2d19ff07b89d8333b
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx
b/svl/source/passwordcontainer/passwordcontainer.cxx
index 1fc2f3aa8659..c023b74c5307 100644
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
@@ -186,22 +186,20 @@ PassMap StorageItem::getInfo()
Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" );
sal_Int32 aNodeCount = aNodeNames.getLength();
Sequence< OUString > aPropNames( aNodeCount );
- sal_Int32 aNodeInd;
- for( aNodeInd = 0; aNodeInd < aNodeCount; ++aNodeInd )
- {
- aPropNames[aNodeInd] = "Store/Passwordstorage['" +
aNodeNames[aNodeInd] + "']/Password";
- }
+ std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(),
+ [](const OUString& rName) -> OUString {
+ return "Store/Passwordstorage['" + rName + "']/Password"; });
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames );
- if( aPropertyValues.getLength() != aNodeNames.getLength() )
+ if( aPropertyValues.getLength() != aNodeCount )
{
- OSL_ENSURE( aPropertyValues.getLength() == aNodeNames.getLength(),
"Problems during reading" );
+ OSL_FAIL( "Problems during reading" );
return aResult;
}
- for( aNodeInd = 0; aNodeInd < aNodeCount; ++aNodeInd )
+ for( sal_Int32 aNodeInd = 0; aNodeInd < aNodeCount; ++aNodeInd )
{
std::vector< OUString > aUrlUsr = getInfoFromInd( aNodeNames[aNodeInd]
);
@@ -254,7 +252,7 @@ bool StorageItem::useStorage()
if( aPropertyValues.getLength() != aNodeNames.getLength() )
{
- OSL_ENSURE( aPropertyValues.getLength() == aNodeNames.getLength(),
"Problems during reading" );
+ OSL_FAIL( "Problems during reading" );
return false;
}
@@ -298,7 +296,7 @@ bool StorageItem::getEncodedMP( OUString& aResult )
if( aPropertyValues.getLength() != aNodeNames.getLength() )
{
- OSL_ENSURE( aPropertyValues.getLength() == aNodeNames.getLength(),
"Problems during reading" );
+ OSL_FAIL( "Problems during reading" );
return false;
}
@@ -1148,11 +1146,9 @@ sal_Bool SAL_CALL
PasswordContainer::changeMasterPassword( const uno::Reference<
m_pStorageFile->setEncodedMP( EncodePasswords( aMaster,
m_aMasterPasswd ) );
// store all the entries with the new password
- for ( int nURLInd = 0; nURLInd < aPersistent.getLength();
nURLInd++ )
- for ( int nNameInd = 0; nNameInd<
aPersistent[nURLInd].UserList.getLength(); nNameInd++ )
- addPersistent( aPersistent[nURLInd].Url,
-
aPersistent[nURLInd].UserList[nNameInd].UserName,
-
aPersistent[nURLInd].UserList[nNameInd].Passwords,
+ for ( const auto& rURL : aPersistent )
+ for ( const auto& rUser : rURL.UserList )
+ addPersistent( rURL.Url, rUser.UserName,
rUser.Passwords,
uno::Reference<
task::XInteractionHandler >() );
bResult = true;
@@ -1252,11 +1248,9 @@ sal_Bool SAL_CALL
PasswordContainer::useDefaultMasterPassword( const uno::Refere
m_pStorageFile->setEncodedMP( OUString(), true );
// store all the entries with the new password
- for ( int nURLInd = 0; nURLInd < aPersistent.getLength();
nURLInd++ )
- for ( int nNameInd = 0; nNameInd<
aPersistent[nURLInd].UserList.getLength(); nNameInd++ )
- addPersistent( aPersistent[nURLInd].Url,
-
aPersistent[nURLInd].UserList[nNameInd].UserName,
-
aPersistent[nURLInd].UserList[nNameInd].Passwords,
+ for ( const auto& rURL : aPersistent )
+ for ( const auto& rUser : rURL.UserList )
+ addPersistent( rURL.Url, rUser.UserName,
rUser.Passwords,
uno::Reference<
task::XInteractionHandler >() );
bResult = true;
commit 601dd82a42a7a842bc67aae06f2930a9b00067ff
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Mar 23 13:03:30 2022 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sun May 22 22:02:17 2022 +0200
add infobar to prompt to refresh to replace old format
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <so...@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)
Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133906
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 3e7b9599aea0..fdf5527f9766 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -266,6 +266,8 @@
#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK
NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be
validated and the document is only partially signed.")
#define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This
document is digitally signed and the signature is valid.")
#define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW",
"Show Signatures")
+#define STR_REFRESH_MASTER_PASSWORD
NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an
outdated format, you should refresh it")
+#define STR_REFRESH_PASSWORD NC_("STR_REFRESH_PASSWORD",
"Refresh Password")
#define STR_CLOSE_PANE NC_("STR_CLOSE_PANE", "Close
Pane")
#define STR_SFX_DOCK NC_("STR_SFX_DOCK", "Dock")
diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx
index 6d9ef75b8ffe..b78a0c92cd3a 100644
--- a/include/sfx2/viewfrm.hxx
+++ b/include/sfx2/viewfrm.hxx
@@ -80,6 +80,7 @@ protected:
DECL_LINK(GetDonateHandler, Button*, void);
DECL_LINK(SwitchReadOnlyHandler, Button*, void);
DECL_LINK(SignDocumentHandler, Button*, void);
+ DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, Button*, void);
SAL_DLLPRIVATE void KillDispatcher_Impl();
virtual ~SfxViewFrame() override;
diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx
index b14a16bfa335..74a59c9a89f7 100644
--- a/sfx2/source/view/viewfrm.cxx
+++ b/sfx2/source/view/viewfrm.cxx
@@ -30,6 +30,7 @@
#include <com/sun/star/frame/XLoadable.hpp>
#include <com/sun/star/frame/XLayoutManager.hpp>
#include <com/sun/star/frame/XComponentLoader.hpp>
+#include <com/sun/star/task/PasswordContainer.hpp>
#include <officecfg/Office/Common.hxx>
#include <officecfg/Setup.hxx>
#include <toolkit/helper/vclunohelper.hxx>
@@ -1280,6 +1281,24 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/,
const SfxHint& rHint )
batch->commit();
}
+ if (officecfg::Office::Common::Passwords::HasMaster::get() &&
+
officecfg::Office::Common::Passwords::StorageVersion::get() == 0)
+ {
+ // master password stored in deprecated format
+ VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar =
+ AppendInfoBar("oldmasterpassword", "",
+ SfxResId(STR_REFRESH_MASTER_PASSWORD),
InfobarType::DANGER, false);
+ if (pOldMasterPasswordInfoBar)
+ {
+ VclPtrInstance<PushButton> const xBtn(&GetWindow());
+ xBtn->SetText(SfxResId(STR_REFRESH_PASSWORD));
+ xBtn->SetSizePixel(xBtn->GetOptimalSize());
+ xBtn->SetClickHdl(LINK(this,
+ SfxViewFrame, RefreshMasterPasswordHdl));
+ pOldMasterPasswordInfoBar->addButton(xBtn);
+ }
+ }
+
// read-only infobar if necessary
const SfxViewShell *pVSh;
const SfxShell *pFSh;
@@ -1436,6 +1455,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler,
Button*, void)
GetDispatcher()->Execute(SID_SIGNATURE);
}
+IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, Button*, void)
+{
+ bool bChanged = false;
+ try
+ {
+ Reference< task::XPasswordContainer2 > xMasterPasswd(
+
task::PasswordContainer::create(comphelper::getProcessComponentContext()));
+
+ css::uno::Reference<css::frame::XFrame> xFrame =
GetFrame().GetFrameInterface();
+ css::uno::Reference<css::awt::XWindow> xContainerWindow =
xFrame->getContainerWindow();
+
+ uno::Reference<task::XInteractionHandler>
xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(),
+
xContainerWindow));
+ bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler);
+ }
+ catch (const Exception&)
+ {}
+ if (bChanged)
+ RemoveInfoBar(u"oldmasterpassword");
+}
+
void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh )
{
m_pImpl->bResizeInToOut = true;
commit e61549f0ad3fadf3a0e3ac9acc5c7327a5a15ea0
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Mar 21 20:58:34 2022 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sun May 22 22:02:05 2022 +0200
make hash encoding match decoding
Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.
Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)
svl: fix crash if user cancels/closes master password dialog
(regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f)
Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133905
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index 3cb8ace6ab8c..d4008778f37e 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -903,6 +903,12 @@
</info>
<value>false</value>
</prop>
+ <prop oor:name="StorageVersion" oor:type="xs:int" oor:nillable="false">
+ <info>
+ <desc>Specifies what version of encoding scheme the password
container uses.</desc>
+ </info>
+ <value>0</value>
+ </prop>
<prop oor:name="HasMaster" oor:type="xs:boolean" oor:nillable="false">
<info>
<desc>Specifies if there is a valid master password.</desc>
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx
b/svl/source/passwordcontainer/passwordcontainer.cxx
index eb52bc98e520..1fc2f3aa8659 100644
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <sal/config.h>
+#include <sal/log.hxx>
#include "passwordcontainer.hxx"
@@ -262,6 +264,23 @@ bool StorageItem::useStorage()
return aResult;
}
+sal_Int32 StorageItem::getStorageVersion()
+{
+ Sequence<OUString> aNodeNames { "StorageVersion" };
+
+ Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
+
+ if( aPropertyValues.getLength() != aNodeNames.getLength() )
+ {
+ OSL_FAIL( "Problems during reading" );
+ return 0;
+ }
+
+ sal_Int32 nResult = 0;
+ aPropertyValues[0] >>= nResult;
+
+ return nResult;
+}
bool StorageItem::getEncodedMP( OUString& aResult )
{
@@ -294,15 +313,17 @@ bool StorageItem::getEncodedMP( OUString& aResult )
void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
{
- Sequence< OUString > sendNames(2);
- Sequence< uno::Any > sendVals(2);
+ Sequence< OUString > sendNames(3);
+ Sequence< uno::Any > sendVals(3);
sendNames[0] = "HasMaster";
sendNames[1] = "Master";
+ sendNames[2] = "StorageVersion";
bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
sendVals[0] <<= bHasMaster;
sendVals[1] <<= aEncoded;
+ sendVals[2] <<= nCurrentStorageVersion;
ConfigItem::SetModified();
ConfigItem::PutProperties( sendNames, sendVals );
@@ -803,6 +824,18 @@ OUString PasswordContainer::RequestPasswordFromUser(
PasswordRequestMode aRMode,
return aResult;
}
+// Mangle the key to match an old bug
+static OUString ReencodeAsOldHash(const OUString& rPass)
+{
+ OUStringBuffer aBuffer;
+ for (int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ++ind)
+ {
+ unsigned char i = static_cast<char>(rPass.copy(ind * 2,
2).toUInt32(16));
+ aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));
+ aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));
+ }
+ return aBuffer.makeStringAndClear();
+}
OUString const & PasswordContainer::GetMasterPassword( const Reference<
XInteractionHandler >& aHandler )
{
@@ -841,6 +874,9 @@ OUString const & PasswordContainer::GetMasterPassword(
const Reference< XInterac
}
else
{
+ if (m_pStorageFile->getStorageVersion() == 0)
+ aPass = ReencodeAsOldHash(aPass);
+
std::vector< OUString > aRM( DecodePasswords(
aEncodedMP, aPass, aRMode ) );
if( aRM.empty() || aPass != aRM[0] )
{
@@ -1045,6 +1081,13 @@ sal_Bool SAL_CALL
PasswordContainer::authorizateWithMasterPassword( const uno::R
do {
aPass = RequestPasswordFromUser( aRMode, xTmpHandler );
+
+
+ if (!aPass.isEmpty() &&
m_pStorageFile->getStorageVersion() == 0)
+ {
+ aPass = ReencodeAsOldHash(aPass);
+ }
+
bResult = ( !aPass.isEmpty() && aPass == m_aMasterPasswd );
aRMode = PasswordRequestMode_PASSWORD_REENTER; // further
questions with error notification
} while( !bResult && !aPass.isEmpty() );
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx
b/svl/source/passwordcontainer/passwordcontainer.hxx
index ad62ac0c91bd..6ad1eee3d0d5 100644
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
@@ -170,6 +170,10 @@ public:
typedef ::std::pair< const OUString, ::std::vector< NamePassRecord > >
PairUrlRecord;
typedef ::std::map< OUString, ::std::vector< NamePassRecord > > PassMap;
+// org.openoffice.Office.Common/Passwords/StorageVersion bump if details of
+// how password details are saved changes. Enables migration from previous
+// schemes.
+constexpr sal_Int32 nCurrentStorageVersion = 1;
class PasswordContainer;
@@ -198,6 +202,8 @@ public:
void remove( const OUString& url, const OUString& rec );
void clear();
+ sal_Int32 getStorageVersion();
+
bool getEncodedMP( OUString& aResult );
void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
void setUseStorage( bool bUse );
diff --git a/uui/source/iahndl-authentication.cxx
b/uui/source/iahndl-authentication.cxx
index d151a36138e7..ecb06a182daf 100644
--- a/uui/source/iahndl-authentication.cxx
+++ b/uui/source/iahndl-authentication.cxx
@@ -437,8 +437,9 @@ executeMasterPasswordDialog(
OUStringBuffer aBuffer;
for (sal_uInt8 i : aKey)
{
- aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));
- aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));
+ // match PasswordContainer::DecodePasswords aMasterPasswd.copy(index *
2, 2).toUInt32(16));
+ aBuffer.append(OUString::number(i >> 4, 16));
+ aBuffer.append(OUString::number(i & 15, 16));
}
rInfo.SetPassword(aBuffer.makeStringAndClear());
}
