download.lst | 4 external/curl/ExternalPackage_curl.mk | 2 external/curl/ExternalProject_curl.mk | 2 external/curl/curl-7.26.0_win-proxy.patch | 12 external/curl/curl-nss.patch.1 | 6 external/curl/zlib.patch.0 | 16 - include/sfx2/strings.hrc | 2 include/sfx2/viewfrm.hxx | 1 officecfg/registry/schema/org/openoffice/Office/Common.xcs | 16 + sfx2/source/view/viewfrm.cxx | 40 ++ svl/source/passwordcontainer/passwordcontainer.cxx | 198 +++++++++---- svl/source/passwordcontainer/passwordcontainer.hxx | 69 +++- uui/source/iahndl-authentication.cxx | 5 13 files changed, 284 insertions(+), 89 deletions(-)
New commits: commit 812d5a5ec241b092d48b5a5ffe27e2e6fb5acdf8 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Thu May 12 11:43:59 2022 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Sun May 22 22:16:25 2022 +0200 curl: upgrade to release 7.83.1 Fixes CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 plus 6 more CVEs that shouldn't affect LO. Remove obsolete configure-eval-fix.patch.0. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134225 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 58a3bf5199818e30ef4207213f29692d81b519c6) upgrade to curl-7.81.0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128783 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 40a84af1bdd7b3c414a8a78ca32b0951c03f9976) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134246 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit f668663d63d5b0f37d4727b54585c3b67ab92162) Change-Id: I0a34239bfb16bf19e25bf374c7f36c4cdf1776c1 fbd7ff5acf390df1d95d6b8be0dc7751e4753bbe Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134393 Tested-by: Michael Stahl <michael.st...@allotropia.de> Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/download.lst b/download.lst index 97a027eaf1de..cee8f8d98763 100644 --- a/download.lst +++ b/download.lst @@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := 0606f74b1182ab732a17c11613cbbaf7084f2e6cca432642d0e3ad7c224c3689 -export CURL_TARBALL := curl-7.79.1.tar.xz +export CURL_SHA256SUM := 2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4 +export CURL_TARBALL := curl-7.83.1.tar.xz export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz export EPOXY_SHA256SUM := 002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk index 1fb360c85ca9..3308074b363c 100644 --- a/external/curl/ExternalPackage_curl.mk +++ b/external/curl/ExternalPackage_curl.mk @@ -20,7 +20,7 @@ $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dyli else ifeq ($(OS),AIX) $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4)) else -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0)) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.8.0)) endif endif # $(DISABLE_DYNLOADING) diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 81886b36fbc5..2bf98e2b2e3e 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -42,7 +42,7 @@ $(call gb_ExternalProject_get_state_target,curl,build): ./configure \ $(if $(filter IOS MACOSX,$(OS)),\ --with-secure-transport,\ - $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \ + $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out") --with-nss-deprecated,--without-nss)) \ --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ --enable-ftp --enable-http --enable-ipv6 \ --without-libidn2 --without-libpsl --without-librtmp \ diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 5bb98fa04741..c5498c3fdebb 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -31,7 +31,7 @@ +{ + int bufSize; + char *out = NULL; -+ if(wStr != NULL) { ++ if(wStr) { + bufSize = WideCharToMultiByte( + CP_ACP, 0, wStr, -1, NULL, 0, NULL, NULL); + out = (char *)malloc(bufSize * sizeof(char)); @@ -63,10 +63,10 @@ + ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass); + + /* Convert the ieNoProxy into a proper no_proxy value */ -+ if(NULL != ieNoProxy) { ++ if(ieNoProxy) { + no_proxy = strdup(ieNoProxy); + pos = strpbrk(no_proxy, "; "); -+ while(NULL != pos) { ++ while(pos) { + no_proxy[pos-no_proxy] = ','; + pos = strpbrk(no_proxy, "; "); + } @@ -77,9 +77,9 @@ + char *tok; + char *saveptr; + -+ if(NULL != ieProxy) { ++ if(ieProxy) { + tok = strtok_s(ieProxy, ";", &saveptr); -+ if(strchr(tok, '=') == NULL) { ++ if(!strchr(tok, '=')) { + proxy = strdup(ieProxy); + } + else { @@ -90,7 +90,7 @@ + } + tok = strtok_s(NULL, ";", &saveptr); + } -+ while(NULL != tok); ++ while(tok); + } + } + } commit f22beaf5805b2a1aaccdb9a6f830ff7ba500a657 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Wed Oct 20 10:41:42 2021 +0100 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Sun May 22 22:16:14 2022 +0200 upgrade curl to 7.79.1 includes: CVE-2021-22945: clear the leftovers pointer when sending succeeds CVE-2021-22946: do not ignore --ssl-reqd CVE-2021-22947: reject STARTTLS server response pipelining Change-Id: I0047bdaa7e6e3aed1317eb014d2051a4d5ac5964 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123883 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit a08d1dc4ee904428ef6f78208cc2508d3fc3717b) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134392 Tested-by: Michael Stahl <michael.st...@allotropia.de> Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/download.lst b/download.lst index 9f2b42f205a7..97a027eaf1de 100644 --- a/download.lst +++ b/download.lst @@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5 -export CURL_TARBALL := curl-7.78.0.tar.xz +export CURL_SHA256SUM := 0606f74b1182ab732a17c11613cbbaf7084f2e6cca432642d0e3ad7c224c3689 +export CURL_TARBALL := curl-7.79.1.tar.xz export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz export EPOXY_SHA256SUM := 002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 69fde5f7f236..d4dad7eba77e 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,9 +1,9 @@ diff -ur curl.org/configure curl/configure --- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 +++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -24009,7 +24009,7 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 - $as_echo "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} +@@ -28216,7 +28216,7 @@ + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 + printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" - addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3" diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 index f4a0ad4b152f..e0f579f8675a 100644 --- a/external/curl/zlib.patch.0 +++ b/external/curl/zlib.patch.0 @@ -1,22 +1,22 @@ --- configure +++ configure -@@ -20709,7 +20709,6 @@ +@@ -22699,7 +22699,6 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS clean_LIBS=$LIBS -ZLIB_LIBS="" # Check whether --with-zlib was given. - if test "${with_zlib+set}" = set; then : -@@ -20718,6 +20719,7 @@ + if test ${with_zlib+y} +@@ -22709,6 +22708,7 @@ if test "$OPT_ZLIB" = "no" ; then + ZLIB_LIBS="" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5 - $as_echo "$as_me: WARNING: zlib disabled" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5 + printf "%s\n" "$as_me: WARNING: zlib disabled" >&2;} else -@@ -20725,6 +20725,21 @@ +@@ -22716,6 +22716,21 @@ OPT_ZLIB="" fi @@ -38,8 +38,8 @@ if test -z "$OPT_ZLIB" ; then if test -n "$PKG_CONFIG"; then -@@ -21005,6 +21020,7 @@ - $as_echo "$as_me: found both libz and libz.h header" >&6;} +@@ -23011,6 +23026,7 @@ + printf "%s\n" "$as_me: found both libz and libz.h header" >&6;} curl_zlib_msg="enabled" fi + fi commit 844cd33a4bdde15aeb1dee080203827861ad76c8 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Tue Mar 22 17:22:22 2022 +0000 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Sun May 22 22:15:21 2022 +0200 add Initialization Vectors to password storage old ones default to the current all zero case and continue to work as before Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306 Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> (cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad) Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133907 Tested-by: Michael Stahl <michael.st...@allotropia.de> Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index d4008778f37e..88f06de0bf63 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -27,6 +27,11 @@ <info> <desc>Contains a container for passwords.</desc> </info> + <prop oor:name="InitializationVector" oor:type="xs:string"> + <info> + <desc>Contains an initialization vector for the password encryption.</desc> + </info> + </prop> <prop oor:name="Password" oor:type="xs:string" oor:localized="false"> <info> <desc>Contains a password encoded with the master password.</desc> @@ -915,6 +920,11 @@ </info> <value>false</value> </prop> + <prop oor:name="MasterInitializationVector" oor:type="xs:string"> + <info> + <desc>Contains an initialization vector for the master password encryption.</desc> + </info> + </prop> <prop oor:name="Master" oor:type="xs:string" oor:nillable="false"> <info> <desc>Contains the master password encrypted by itself.</desc> diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx index c023b74c5307..9b4b3088e5cf 100644 --- a/svl/source/passwordcontainer/passwordcontainer.cxx +++ b/svl/source/passwordcontainer/passwordcontainer.cxx @@ -185,15 +185,18 @@ PassMap StorageItem::getInfo() Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" ); sal_Int32 aNodeCount = aNodeNames.getLength(); - Sequence< OUString > aPropNames( aNodeCount ); + Sequence< OUString > aPropNames( aNodeCount * 2); std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(), [](const OUString& rName) -> OUString { return "Store/Passwordstorage['" + rName + "']/Password"; }); + std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.getArray() + aNodeCount, + [](const OUString& rName) -> OUString { + return "Store/Passwordstorage['" + rName + "']/InitializationVector"; }); Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames ); - if( aPropertyValues.getLength() != aNodeCount ) + if( aPropertyValues.getLength() != aNodeCount * 2) { OSL_FAIL( "Problems during reading" ); return aResult; @@ -209,14 +212,16 @@ PassMap StorageItem::getInfo() OUString aName = aUrlUsr[1]; OUString aEPasswd; + OUString aIV; aPropertyValues[aNodeInd] >>= aEPasswd; + aPropertyValues[aNodeInd + aNodeCount] >>= aIV; PassMap::iterator aIter = aResult.find( aUrl ); if( aIter != aResult.end() ) - aIter->second.emplace_back( aName, aEPasswd ); + aIter->second.emplace_back( aName, aEPasswd, aIV ); else { - NamePassRecord aNewRecord( aName, aEPasswd ); + NamePassRecord aNewRecord( aName, aEPasswd, aIV ); std::vector< NamePassRecord > listToAdd( 1, aNewRecord ); aResult.insert( PairUrlRecord( aUrl, listToAdd ) ); @@ -280,17 +285,19 @@ sal_Int32 StorageItem::getStorageVersion() return nResult; } -bool StorageItem::getEncodedMP( OUString& aResult ) +bool StorageItem::getEncodedMP( OUString& aResult, OUString& aResultIV ) { if( hasEncoded ) { aResult = mEncoded; + aResultIV = mEncodedIV; return true; } - Sequence< OUString > aNodeNames( 2 ); + Sequence< OUString > aNodeNames( 3 ); aNodeNames[0] = "HasMaster"; aNodeNames[1] = "Master"; + aNodeNames[2] = "MasterInitializationVector"; Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames ); @@ -302,32 +309,37 @@ bool StorageItem::getEncodedMP( OUString& aResult ) aPropertyValues[0] >>= hasEncoded; aPropertyValues[1] >>= mEncoded; + aPropertyValues[2] >>= mEncodedIV; aResult = mEncoded; + aResultIV = mEncodedIV; return hasEncoded; } -void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty ) +void StorageItem::setEncodedMP( const OUString& aEncoded, const OUString& aEncodedIV, bool bAcceptEmpty ) { - Sequence< OUString > sendNames(3); - Sequence< uno::Any > sendVals(3); + Sequence< OUString > sendNames(4); + Sequence< uno::Any > sendVals(4); sendNames[0] = "HasMaster"; sendNames[1] = "Master"; - sendNames[2] = "StorageVersion"; + sendNames[2] = "MasterInitializationVector"; + sendNames[3] = "StorageVersion"; bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty ); sendVals[0] <<= bHasMaster; sendVals[1] <<= aEncoded; - sendVals[2] <<= nCurrentStorageVersion; + sendVals[2] <<= aEncodedIV; + sendVals[3] <<= nCurrentStorageVersion; ConfigItem::SetModified(); ConfigItem::PutProperties( sendNames, sendVals ); hasEncoded = bHasMaster; mEncoded = aEncoded; + mEncodedIV = aEncodedIV; } @@ -363,11 +375,13 @@ void StorageItem::update( const OUString& aURL, const NamePassRecord& aRecord ) forIndex.push_back( aURL ); forIndex.push_back( aRecord.GetUserName() ); - Sequence< beans::PropertyValue > sendSeq(1); + Sequence< beans::PropertyValue > sendSeq(2); - sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password"; + sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( { aURL, aRecord.GetUserName() } ) + "']/InitializationVector"; + sendSeq[0].Value <<= aRecord.GetPersistentIV(); - sendSeq[0].Value <<= aRecord.GetPersPasswords(); + sendSeq[1].Name = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password"; + sendSeq[1].Value <<= aRecord.GetPersPasswords(); ConfigItem::SetModified(); ConfigItem::SetSetProperties( "Store", sendSeq ); @@ -428,7 +442,7 @@ void SAL_CALL PasswordContainer::disposing( const EventObject& ) } } -std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode ) +std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode ) { if( !aMasterPasswd.isEmpty() ) { @@ -443,9 +457,16 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16)); + unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0}; + if (!aIV.isEmpty()) + { + for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) + iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16)); + } + rtlCipherError result = rtl_cipher_init ( aDecoder, rtl_Cipher_DirectionDecode, - code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 ); + code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 ); if( result == rtl_Cipher_E_None ) { @@ -478,7 +499,7 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin "Can't decode!", css::uno::Reference<css::uno::XInterface>(), mode); } -OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPasswd ) +OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPasswd) { if( !aMasterPasswd.isEmpty() ) { @@ -495,9 +516,16 @@ OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16)); + unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0}; + if (!aIV.isEmpty()) + { + for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) + iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16)); + } + rtlCipherError result = rtl_cipher_init ( aEncoder, rtl_Cipher_DirectionEncode, - code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 ); + code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 ); if( result == rtl_Cipher_E_None ) { @@ -565,7 +593,7 @@ void PasswordContainer::UpdateVector( const OUString& aURL, std::vector< NamePas if( aRecord.HasPasswords( PERSISTENT_RECORD ) ) { - aNPIter.SetPersPasswords( aRecord.GetPersPasswords() ); + aNPIter.SetPersPasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV() ); if( writeFile ) { @@ -598,7 +626,8 @@ UserRecord PasswordContainer::CopyToUserRecord( const NamePassRecord& aRecord, b { try { - ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ); + ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV(), + GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ); aPasswords.insert( aPasswords.end(), aDecodedPasswords.begin(), aDecodedPasswords.end() ); } catch( NoMasterException& ) @@ -643,6 +672,19 @@ void SAL_CALL PasswordContainer::addPersistent( const OUString& Url, const OUStr PrivateAdd( Url, UserName, Passwords, PERSISTENT_RECORD, aHandler ); } +OUString PasswordContainer::createIV() +{ + rtlRandomPool randomPool = mRandomPool.get(); + unsigned char iv[RTL_DIGEST_LENGTH_MD5]; + rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5); + OUStringBuffer aBuffer; + for (sal_uInt8 i : iv) + { + aBuffer.append(OUString::number(i >> 4, 16)); + aBuffer.append(OUString::number(i & 15, 16)); + } + return aBuffer.makeStringAndClear(); +} void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserName, const Sequence< OUString >& Passwords, char Mode, const Reference< XInteractionHandler >& aHandler ) { @@ -650,7 +692,11 @@ void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserNam ::std::vector< OUString > aStorePass = comphelper::sequenceToContainer< std::vector<OUString> >( Passwords ); if( Mode == PERSISTENT_RECORD ) - aRecord.SetPersPasswords( EncodePasswords( aStorePass, GetMasterPassword( aHandler ) ) ); + { + OUString sIV = createIV(); + OUString sEncodedPasswords = EncodePasswords( aStorePass, sIV, GetMasterPassword( aHandler ) ); + aRecord.SetPersPasswords( sEncodedPasswords, sIV ); + } else if( Mode == MEMORY_RECORD ) aRecord.SetMemPasswords( aStorePass ); else @@ -843,10 +889,10 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac if( m_aMasterPasswd.isEmpty() && aHandler.is() ) { - OUString aEncodedMP; + OUString aEncodedMP, aEncodedMPIV; bool bDefaultPassword = false; - if( !m_pStorageFile->getEncodedMP( aEncodedMP ) ) + if( !m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ) aRMode = PasswordRequestMode_PASSWORD_CREATE; else if ( aEncodedMP.isEmpty() ) { @@ -868,14 +914,15 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac m_aMasterPasswd = aPass; std::vector< OUString > aMaster( 1, m_aMasterPasswd ); - m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) ); + OUString sIV = createIV(); + m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, sIV, m_aMasterPasswd ), sIV ); } else { if (m_pStorageFile->getStorageVersion() == 0) aPass = ReencodeAsOldHash(aPass); - std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) ); + std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aEncodedMPIV, aPass, aRMode ) ); if( aRM.empty() || aPass != aRM[0] ) { bAskAgain = true; @@ -1032,7 +1079,8 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere { sal_Int32 oldLen = aUsers.getLength(); aUsers.realloc( oldLen + 1 ); - aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) ); + aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), aNP.GetPersistentIV(), + GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) ); } if( aUsers.getLength() ) @@ -1049,12 +1097,12 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::Reference< task::XInteractionHandler >& xHandler ) { bool bResult = false; - OUString aEncodedMP; + OUString aEncodedMP, aEncodedMPIV; uno::Reference< task::XInteractionHandler > xTmpHandler = xHandler; ::osl::MutexGuard aGuard( mMutex ); // the method should fail if there is no master password - if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) ) + if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ) { if ( aEncodedMP.isEmpty() ) { @@ -1123,8 +1171,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference< bool bCanChangePassword = true; // if there is already a stored master password it should be entered by the user before the change happen - OUString aEncodedMP; - if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP ) ) + OUString aEncodedMP, aEncodedMPIV; + if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ) bCanChangePassword = authorizateWithMasterPassword( xTmpHandler ); if ( bCanChangePassword ) @@ -1143,7 +1191,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference< // store the new master password m_aMasterPasswd = aPass; std::vector< OUString > aMaster( 1, m_aMasterPasswd ); - m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) ); + OUString aIV = createIV(); + m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, aIV, m_aMasterPasswd ), aIV ); // store all the entries with the new password for ( const auto& rURL : aPersistent ) @@ -1168,7 +1217,7 @@ void SAL_CALL PasswordContainer::removeMasterPassword() if ( m_pStorageFile ) { m_aMasterPasswd.clear(); - m_pStorageFile->setEncodedMP( OUString() ); // let the master password be removed from configuration + m_pStorageFile->setEncodedMP( OUString(), OUString() ); // let the master password be removed from configuration } } @@ -1179,8 +1228,8 @@ sal_Bool SAL_CALL PasswordContainer::hasMasterPassword( ) if ( !m_pStorageFile ) throw uno::RuntimeException(); - OUString aEncodedMP; - return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) ); + OUString aEncodedMP, aEncodedMPIV; + return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ); } sal_Bool SAL_CALL PasswordContainer::allowPersistentStoring( sal_Bool bAllow ) @@ -1227,8 +1276,8 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere bool bCanChangePassword = true; // if there is already a stored nondefault master password it should be entered by the user before the change happen - OUString aEncodedMP; - if( m_pStorageFile->getEncodedMP( aEncodedMP ) && !aEncodedMP.isEmpty() ) + OUString aEncodedMP, aEncodedMPIV; + if( m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && !aEncodedMP.isEmpty() ) bCanChangePassword = authorizateWithMasterPassword( xTmpHandler ); if ( bCanChangePassword ) @@ -1245,7 +1294,7 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere // store the empty string to flag the default master password m_aMasterPasswd = aPass; - m_pStorageFile->setEncodedMP( OUString(), true ); + m_pStorageFile->setEncodedMP( OUString(), OUString(), true ); // store all the entries with the new password for ( const auto& rURL : aPersistent ) @@ -1269,8 +1318,8 @@ sal_Bool SAL_CALL PasswordContainer::isDefaultMasterPasswordUsed() if ( !m_pStorageFile ) throw uno::RuntimeException(); - OUString aEncodedMP; - return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) && aEncodedMP.isEmpty() ); + OUString aEncodedMP, aEncodedMPIV; + return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && aEncodedMP.isEmpty() ); } diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx index 6ad1eee3d0d5..94ca40dcf90b 100644 --- a/svl/source/passwordcontainer/passwordcontainer.hxx +++ b/svl/source/passwordcontainer/passwordcontainer.hxx @@ -36,6 +36,7 @@ #include <unotools/configitem.hxx> #include <ucbhelper/interactionrequest.hxx> +#include <rtl/random.h> #include <rtl/ref.hxx> #include <osl/mutex.hxx> @@ -54,11 +55,12 @@ class NamePassRecord ::std::vector< OUString > m_aMemPass; // persistent passwords are encrypted in one string - bool m_bHasPersPass; + bool m_bHasPersPass; OUString m_aPersPass; + OUString m_aPersistentIV; void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >& aMemoryList, - bool bHasPersistentList, const OUString& aPersistentList ) + bool bHasPersistentList, const OUString& aPersistentList, const OUString& aPersistentIV ) { m_bHasMemPass = bHasMemoryList; if ( bHasMemoryList ) @@ -66,7 +68,10 @@ class NamePassRecord m_bHasPersPass = bHasPersistentList; if ( bHasPersistentList ) + { m_aPersPass = aPersistentList; + m_aPersistentIV = aPersistentIV; + } } public: @@ -78,11 +83,12 @@ public: { } - NamePassRecord( const OUString& aName, const OUString& aPersistentList ) + NamePassRecord( const OUString& aName, const OUString& aPersistentList, const OUString& aPersistentIV ) : m_aName( aName ) , m_bHasMemPass( false ) , m_bHasPersPass( true ) , m_aPersPass( aPersistentList ) + , m_aPersistentIV( aPersistentIV ) { } @@ -91,7 +97,8 @@ public: , m_bHasMemPass( false ) , m_bHasPersPass( false ) { - InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass ); + InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, + aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV ); } NamePassRecord& operator=( const NamePassRecord& aRecord ) @@ -102,7 +109,9 @@ public: m_aMemPass.clear(); m_aPersPass.clear(); - InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass ); + m_aPersistentIV.clear(); + InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, + aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV ); } return *this; } @@ -138,15 +147,24 @@ public: return OUString(); } + OUString GetPersistentIV() const + { + if ( m_bHasPersPass ) + return m_aPersistentIV; + + return OUString(); + } + void SetMemPasswords( const ::std::vector< OUString >& aMemList ) { m_aMemPass = aMemList; m_bHasMemPass = true; } - void SetPersPasswords( const OUString& aPersList ) + void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV ) { m_aPersPass = aPersList; + m_aPersistentIV = aPersIV; m_bHasPersPass = true; } @@ -161,6 +179,7 @@ public: { m_bHasPersPass = false; m_aPersPass.clear(); + m_aPersistentIV.clear(); } } @@ -184,6 +203,7 @@ private: PasswordContainer* mainCont; bool hasEncoded; OUString mEncoded; + OUString mEncodedIV; virtual void ImplCommit() override; @@ -204,8 +224,8 @@ public: sal_Int32 getStorageVersion(); - bool getEncodedMP( OUString& aResult ); - void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false ); + bool getEncodedMP( OUString& aResult, OUString& aResultIV ); + void setEncodedMP( const OUString& aResult, const OUString& aResultIV, bool bAcceptEmpty = false ); void setUseStorage( bool bUse ); bool useStorage(); @@ -226,6 +246,29 @@ private: css::uno::Reference< css::lang::XComponent > mComponent; SysCredentialsConfig mUrlContainer; + class RandomPool + { + private: + rtlRandomPool m_aRandomPool; + public: + RandomPool() : m_aRandomPool(rtl_random_createPool()) + { + } + rtlRandomPool get() + { + return m_aRandomPool; + } + ~RandomPool() + { + // Clean up random pool memory + rtl_random_destroyPool(m_aRandomPool); + } + }; + + RandomPool mRandomPool; + + OUString createIV(); + /// @throws css::uno::RuntimeException css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence( const ::std::vector< NamePassRecord >& original, @@ -276,10 +319,10 @@ css::task::UrlRecord find( const css::uno::Reference< css::task::XInteractionHandler >& Handler ); /// @throws css::uno::RuntimeException - static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aMasterPassword, css::task::PasswordRequestMode mode ); + static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPassword, css::task::PasswordRequestMode mode ); /// @throws css::uno::RuntimeException - static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPassword ); + static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPassword ); public: PasswordContainer( const css::uno::Reference< css::lang::XMultiServiceFactory >& ); commit cd297a268ceab8ccd9db26c24732a220ed2b8fe5 Author: Arkadiy Illarionov <qar...@gmail.com> AuthorDate: Sat Jul 13 21:29:10 2019 +0300 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Sun May 22 22:15:11 2022 +0200 Simplify Sequence iterations in svl [only passwordcontainer.cxx] Use range-based loops, STL and comphelper functions Reviewed-on: https://gerrit.libreoffice.org/75563 Tested-by: Jenkins Reviewed-by: Arkadiy Illarionov <qar...@gmail.com> (cherry picked from commit c9cce0d931b41ede0eca14b2ed2b84453f048362) Change-Id: I1c3dbf194600bec60c0881d2d19ff07b89d8333b diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx index 1fc2f3aa8659..c023b74c5307 100644 --- a/svl/source/passwordcontainer/passwordcontainer.cxx +++ b/svl/source/passwordcontainer/passwordcontainer.cxx @@ -186,22 +186,20 @@ PassMap StorageItem::getInfo() Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" ); sal_Int32 aNodeCount = aNodeNames.getLength(); Sequence< OUString > aPropNames( aNodeCount ); - sal_Int32 aNodeInd; - for( aNodeInd = 0; aNodeInd < aNodeCount; ++aNodeInd ) - { - aPropNames[aNodeInd] = "Store/Passwordstorage['" + aNodeNames[aNodeInd] + "']/Password"; - } + std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(), + [](const OUString& rName) -> OUString { + return "Store/Passwordstorage['" + rName + "']/Password"; }); Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames ); - if( aPropertyValues.getLength() != aNodeNames.getLength() ) + if( aPropertyValues.getLength() != aNodeCount ) { - OSL_ENSURE( aPropertyValues.getLength() == aNodeNames.getLength(), "Problems during reading" ); + OSL_FAIL( "Problems during reading" ); return aResult; } - for( aNodeInd = 0; aNodeInd < aNodeCount; ++aNodeInd ) + for( sal_Int32 aNodeInd = 0; aNodeInd < aNodeCount; ++aNodeInd ) { std::vector< OUString > aUrlUsr = getInfoFromInd( aNodeNames[aNodeInd] ); @@ -254,7 +252,7 @@ bool StorageItem::useStorage() if( aPropertyValues.getLength() != aNodeNames.getLength() ) { - OSL_ENSURE( aPropertyValues.getLength() == aNodeNames.getLength(), "Problems during reading" ); + OSL_FAIL( "Problems during reading" ); return false; } @@ -298,7 +296,7 @@ bool StorageItem::getEncodedMP( OUString& aResult ) if( aPropertyValues.getLength() != aNodeNames.getLength() ) { - OSL_ENSURE( aPropertyValues.getLength() == aNodeNames.getLength(), "Problems during reading" ); + OSL_FAIL( "Problems during reading" ); return false; } @@ -1148,11 +1146,9 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference< m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) ); // store all the entries with the new password - for ( int nURLInd = 0; nURLInd < aPersistent.getLength(); nURLInd++ ) - for ( int nNameInd = 0; nNameInd< aPersistent[nURLInd].UserList.getLength(); nNameInd++ ) - addPersistent( aPersistent[nURLInd].Url, - aPersistent[nURLInd].UserList[nNameInd].UserName, - aPersistent[nURLInd].UserList[nNameInd].Passwords, + for ( const auto& rURL : aPersistent ) + for ( const auto& rUser : rURL.UserList ) + addPersistent( rURL.Url, rUser.UserName, rUser.Passwords, uno::Reference< task::XInteractionHandler >() ); bResult = true; @@ -1252,11 +1248,9 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere m_pStorageFile->setEncodedMP( OUString(), true ); // store all the entries with the new password - for ( int nURLInd = 0; nURLInd < aPersistent.getLength(); nURLInd++ ) - for ( int nNameInd = 0; nNameInd< aPersistent[nURLInd].UserList.getLength(); nNameInd++ ) - addPersistent( aPersistent[nURLInd].Url, - aPersistent[nURLInd].UserList[nNameInd].UserName, - aPersistent[nURLInd].UserList[nNameInd].Passwords, + for ( const auto& rURL : aPersistent ) + for ( const auto& rUser : rURL.UserList ) + addPersistent( rURL.Url, rUser.UserName, rUser.Passwords, uno::Reference< task::XInteractionHandler >() ); bResult = true; commit 601dd82a42a7a842bc67aae06f2930a9b00067ff Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Wed Mar 23 13:03:30 2022 +0000 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Sun May 22 22:02:17 2022 +0200 add infobar to prompt to refresh to replace old format Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307 Reviewed-by: Sophie Gautier <so...@libreoffice.org> Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com> (cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5) Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133906 Tested-by: Michael Stahl <michael.st...@allotropia.de> Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc index 3e7b9599aea0..fdf5527f9766 100644 --- a/include/sfx2/strings.hrc +++ b/include/sfx2/strings.hrc @@ -266,6 +266,8 @@ #define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.") #define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.") #define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW", "Show Signatures") +#define STR_REFRESH_MASTER_PASSWORD NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an outdated format, you should refresh it") +#define STR_REFRESH_PASSWORD NC_("STR_REFRESH_PASSWORD", "Refresh Password") #define STR_CLOSE_PANE NC_("STR_CLOSE_PANE", "Close Pane") #define STR_SFX_DOCK NC_("STR_SFX_DOCK", "Dock") diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx index 6d9ef75b8ffe..b78a0c92cd3a 100644 --- a/include/sfx2/viewfrm.hxx +++ b/include/sfx2/viewfrm.hxx @@ -80,6 +80,7 @@ protected: DECL_LINK(GetDonateHandler, Button*, void); DECL_LINK(SwitchReadOnlyHandler, Button*, void); DECL_LINK(SignDocumentHandler, Button*, void); + DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, Button*, void); SAL_DLLPRIVATE void KillDispatcher_Impl(); virtual ~SfxViewFrame() override; diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx index b14a16bfa335..74a59c9a89f7 100644 --- a/sfx2/source/view/viewfrm.cxx +++ b/sfx2/source/view/viewfrm.cxx @@ -30,6 +30,7 @@ #include <com/sun/star/frame/XLoadable.hpp> #include <com/sun/star/frame/XLayoutManager.hpp> #include <com/sun/star/frame/XComponentLoader.hpp> +#include <com/sun/star/task/PasswordContainer.hpp> #include <officecfg/Office/Common.hxx> #include <officecfg/Setup.hxx> #include <toolkit/helper/vclunohelper.hxx> @@ -1280,6 +1281,24 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/, const SfxHint& rHint ) batch->commit(); } + if (officecfg::Office::Common::Passwords::HasMaster::get() && + officecfg::Office::Common::Passwords::StorageVersion::get() == 0) + { + // master password stored in deprecated format + VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar = + AppendInfoBar("oldmasterpassword", "", + SfxResId(STR_REFRESH_MASTER_PASSWORD), InfobarType::DANGER, false); + if (pOldMasterPasswordInfoBar) + { + VclPtrInstance<PushButton> const xBtn(&GetWindow()); + xBtn->SetText(SfxResId(STR_REFRESH_PASSWORD)); + xBtn->SetSizePixel(xBtn->GetOptimalSize()); + xBtn->SetClickHdl(LINK(this, + SfxViewFrame, RefreshMasterPasswordHdl)); + pOldMasterPasswordInfoBar->addButton(xBtn); + } + } + // read-only infobar if necessary const SfxViewShell *pVSh; const SfxShell *pFSh; @@ -1436,6 +1455,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler, Button*, void) GetDispatcher()->Execute(SID_SIGNATURE); } +IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, Button*, void) +{ + bool bChanged = false; + try + { + Reference< task::XPasswordContainer2 > xMasterPasswd( + task::PasswordContainer::create(comphelper::getProcessComponentContext())); + + css::uno::Reference<css::frame::XFrame> xFrame = GetFrame().GetFrameInterface(); + css::uno::Reference<css::awt::XWindow> xContainerWindow = xFrame->getContainerWindow(); + + uno::Reference<task::XInteractionHandler> xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(), + xContainerWindow)); + bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler); + } + catch (const Exception&) + {} + if (bChanged) + RemoveInfoBar(u"oldmasterpassword"); +} + void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh ) { m_pImpl->bResizeInToOut = true; commit e61549f0ad3fadf3a0e3ac9acc5c7327a5a15ea0 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Mon Mar 21 20:58:34 2022 +0000 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Sun May 22 22:02:05 2022 +0200 make hash encoding match decoding Seeing as old versions of the hash may be in the users config, add a StorageVersion field to the office config Passwords section which defaults to 0 to indicate the old hash is in use. Try the old varient when StorageVersion is 0. When a new encoded master password it set write StorageVersion of 1 to indicate a new hash is in use and use the new style when StorageVersion is 1. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6) svl: fix crash if user cancels/closes master password dialog (regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f) Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133905 Tested-by: Michael Stahl <michael.st...@allotropia.de> Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index 3cb8ace6ab8c..d4008778f37e 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -903,6 +903,12 @@ </info> <value>false</value> </prop> + <prop oor:name="StorageVersion" oor:type="xs:int" oor:nillable="false"> + <info> + <desc>Specifies what version of encoding scheme the password container uses.</desc> + </info> + <value>0</value> + </prop> <prop oor:name="HasMaster" oor:type="xs:boolean" oor:nillable="false"> <info> <desc>Specifies if there is a valid master password.</desc> diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx index eb52bc98e520..1fc2f3aa8659 100644 --- a/svl/source/passwordcontainer/passwordcontainer.cxx +++ b/svl/source/passwordcontainer/passwordcontainer.cxx @@ -17,6 +17,8 @@ * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ +#include <sal/config.h> +#include <sal/log.hxx> #include "passwordcontainer.hxx" @@ -262,6 +264,23 @@ bool StorageItem::useStorage() return aResult; } +sal_Int32 StorageItem::getStorageVersion() +{ + Sequence<OUString> aNodeNames { "StorageVersion" }; + + Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames ); + + if( aPropertyValues.getLength() != aNodeNames.getLength() ) + { + OSL_FAIL( "Problems during reading" ); + return 0; + } + + sal_Int32 nResult = 0; + aPropertyValues[0] >>= nResult; + + return nResult; +} bool StorageItem::getEncodedMP( OUString& aResult ) { @@ -294,15 +313,17 @@ bool StorageItem::getEncodedMP( OUString& aResult ) void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty ) { - Sequence< OUString > sendNames(2); - Sequence< uno::Any > sendVals(2); + Sequence< OUString > sendNames(3); + Sequence< uno::Any > sendVals(3); sendNames[0] = "HasMaster"; sendNames[1] = "Master"; + sendNames[2] = "StorageVersion"; bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty ); sendVals[0] <<= bHasMaster; sendVals[1] <<= aEncoded; + sendVals[2] <<= nCurrentStorageVersion; ConfigItem::SetModified(); ConfigItem::PutProperties( sendNames, sendVals ); @@ -803,6 +824,18 @@ OUString PasswordContainer::RequestPasswordFromUser( PasswordRequestMode aRMode, return aResult; } +// Mangle the key to match an old bug +static OUString ReencodeAsOldHash(const OUString& rPass) +{ + OUStringBuffer aBuffer; + for (int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ++ind) + { + unsigned char i = static_cast<char>(rPass.copy(ind * 2, 2).toUInt32(16)); + aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4))); + aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15))); + } + return aBuffer.makeStringAndClear(); +} OUString const & PasswordContainer::GetMasterPassword( const Reference< XInteractionHandler >& aHandler ) { @@ -841,6 +874,9 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac } else { + if (m_pStorageFile->getStorageVersion() == 0) + aPass = ReencodeAsOldHash(aPass); + std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) ); if( aRM.empty() || aPass != aRM[0] ) { @@ -1045,6 +1081,13 @@ sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::R do { aPass = RequestPasswordFromUser( aRMode, xTmpHandler ); + + + if (!aPass.isEmpty() && m_pStorageFile->getStorageVersion() == 0) + { + aPass = ReencodeAsOldHash(aPass); + } + bResult = ( !aPass.isEmpty() && aPass == m_aMasterPasswd ); aRMode = PasswordRequestMode_PASSWORD_REENTER; // further questions with error notification } while( !bResult && !aPass.isEmpty() ); diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx index ad62ac0c91bd..6ad1eee3d0d5 100644 --- a/svl/source/passwordcontainer/passwordcontainer.hxx +++ b/svl/source/passwordcontainer/passwordcontainer.hxx @@ -170,6 +170,10 @@ public: typedef ::std::pair< const OUString, ::std::vector< NamePassRecord > > PairUrlRecord; typedef ::std::map< OUString, ::std::vector< NamePassRecord > > PassMap; +// org.openoffice.Office.Common/Passwords/StorageVersion bump if details of +// how password details are saved changes. Enables migration from previous +// schemes. +constexpr sal_Int32 nCurrentStorageVersion = 1; class PasswordContainer; @@ -198,6 +202,8 @@ public: void remove( const OUString& url, const OUString& rec ); void clear(); + sal_Int32 getStorageVersion(); + bool getEncodedMP( OUString& aResult ); void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false ); void setUseStorage( bool bUse ); diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx index d151a36138e7..ecb06a182daf 100644 --- a/uui/source/iahndl-authentication.cxx +++ b/uui/source/iahndl-authentication.cxx @@ -437,8 +437,9 @@ executeMasterPasswordDialog( OUStringBuffer aBuffer; for (sal_uInt8 i : aKey) { - aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4))); - aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15))); + // match PasswordContainer::DecodePasswords aMasterPasswd.copy(index * 2, 2).toUInt32(16)); + aBuffer.append(OUString::number(i >> 4, 16)); + aBuffer.append(OUString::number(i & 15, 16)); } rInfo.SetPassword(aBuffer.makeStringAndClear()); }