From dabf80458db00092e0e12a9165a8d6d0bccafa17 Mon Sep 17 00:00:00 2001 From: konrad Date: Tue, 15 Mar 2011 15:18:01 +0000 Subject: [PATCH] corrected host key handling in acl tabs git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@744 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- src/crypto/keygen.cpp | 4 +- src/crypto/keygen.h | 2 +- src/mwin/acltabs.cpp | 65 +++++++++++++++++++++++++++++++++++++++++------- src/mwin/acltabs.h | 2 + www/admin.php | 11 ++++++-- 5 files changed, 68 insertions(+), 16 deletions(-) diff --git a/src/crypto/keygen.cpp b/src/crypto/keygen.cpp index 695ae70..408974b 100644 --- a/src/crypto/keygen.cpp +++ b/src/crypto/keygen.cpp @@ -110,10 +110,10 @@ void MKeyGen::updateProps() } } -QString MKeyGen::getKey() +QString MKeyGen::getKey(int len) { if(efilter->entropy()getRandom(40).toHex(); + return efilter->getRandom(len).toHex(); } diff --git a/src/crypto/keygen.h b/src/crypto/keygen.h index fd01495..b822974 100644 --- a/src/crypto/keygen.h +++ b/src/crypto/keygen.h @@ -26,7 +26,7 @@ class MKeyGen:public QDialog MKeyGen(QWidget*parent=0); ~MKeyGen(); - QString getKey(); + QString getKey(int len=40); private: QLabel*randlab; diff --git a/src/mwin/acltabs.cpp b/src/mwin/acltabs.cpp index f8205cb..d2124f5 100644 --- a/src/mwin/acltabs.cpp +++ b/src/mwin/acltabs.cpp @@ -18,6 +18,8 @@ #include "acltabs.h" #include +#include +#include #include #include #include @@ -416,6 +418,26 @@ void MHostTab::changeHostKey() return; key=mkg.getKey(); } + //save as mshk file + QStringList fn; + QFileDialog fdlg(this,tr("Export Key to File"),QString(),"Magic Smoke Host Key (*.mshk)"); + fdlg.setDefaultSuffix("mshk"); + fdlg.setAcceptMode(QFileDialog::AcceptSave); + fdlg.setFileMode(QFileDialog::AnyFile); + if(!fdlg.exec())return; + fn=fdlg.selectedFiles(); + if(fn.size()!=1)return; + QFile fd(fn[0]); + if(!fd.open(QIODevice::WriteOnly|QIODevice::Truncate)){ + QMessageBox::warning(this,tr("Warning"),tr("Unable to open file %1 for writing: %2").arg(fn[0]).arg(fd.errorString())); + return; + } + QString chk=QCryptographicHash::hash(key.toAscii(),QCryptographicHash::Md5).toHex(); + QString out="MagicSmokeHostKey\n"+name+"\n"+key+"\n"+chk; + fd.write(out.toAscii()); + fd.close(); + //convert key to hash + key=key2hash(key); //set it MTSetHost sh=MTSetHost::query(name,key); if(sh.hasError()){ @@ -429,7 +451,7 @@ void MHostTab::changeHostKey() void MHostTab::importHost() { QStringList fn; - QFileDialog fdlg(this,tr("Import Key from File"),QString(),"Magic Smoke Host Key (*.mshk)"); + QFileDialog fdlg(this,tr("Import Key from File"),QString(),"Magic Smoke Host Key (*.mshk);;Magic Smoke Host Hash (*.mshh);;All Files (*)"); fdlg.setDefaultSuffix("mshk"); fdlg.setAcceptMode(QFileDialog::AcceptOpen); fdlg.setFileMode(QFileDialog::ExistingFile); @@ -449,8 +471,9 @@ void MHostTab::importHost() QMessageBox::warning(this,tr("Warning"),tr("This is not a host key file.")); return; } - if(fc[0].trimmed()!="MagicSmokeHostKey"){ - QMessageBox::warning(this,tr("Warning"),tr("This is not a host key file.")); + bool ishash = fc[0].trimmed()=="MagicSmokeHostHash"; + if(!ishash && fc[0].trimmed()!="MagicSmokeHostKey"){ + QMessageBox::warning(this,tr("Warning"),tr("This is not a host key/hash file.")); return; } QString hname=fc[1].trimmed(); @@ -459,15 +482,24 @@ void MHostTab::importHost() return; } QString key=fc[2].trimmed(); - if(!QRegExp("[0-9a-fA-F]+").exactMatch(key) || key.size()<40){ - QMessageBox::warning(this,tr("Warning"),tr("This host key file does not contain a valid key.")); - return; - } QString chk=QCryptographicHash::hash(key.toAscii(),QCryptographicHash::Md5).toHex(); if(chk!=fc[3].trimmed()){ QMessageBox::warning(this,tr("Warning"),tr("The key check sum did not match. Please get a clean copy of the host key file.")); return; } + //convert to hash + if(ishash){ + if(!QRegExp("[0-9a-fA-F]+ [0-9a-fA-F]{32,40}").exactMatch(key)){ + QMessageBox::warning(this,tr("Warning"),tr("This host hash file does not contain a valid key hash.")); + return; + } + }else{ + if(!QRegExp("[0-9a-fA-F]+").exactMatch(key) || key.size()<40){ + QMessageBox::warning(this,tr("Warning"),tr("This host key file does not contain a valid key.")); + return; + } + key=key2hash(key); + } //save MTSetHost sh=MTSetHost::query(hname,key); if(sh.hasError()){ @@ -477,6 +509,19 @@ void MHostTab::importHost() updateHosts(); } +QString MHostTab::key2hash(QString key) +{ + QString salt; + MKeyGen mkg; + salt=mkg.getKey(8); + if(salt=="") + if(mkg.exec()!=QDialog::Accepted) + return key; + salt=mkg.getKey(8); + return salt+" "+ QCryptographicHash::hash((salt+key).toAscii(),QCryptographicHash::Sha1).toHex(); +} + + void MHostTab::exportHost() { //get selection @@ -491,8 +536,8 @@ void MHostTab::exportHost() } //save QStringList fn; - QFileDialog fdlg(this,tr("Export Key to File"),QString(),"Magic Smoke Host Key (*.mshk)"); - fdlg.setDefaultSuffix("mshk"); + QFileDialog fdlg(this,tr("Export Key to File"),QString(),"Magic Smoke Host Hash (*.mshh)"); + fdlg.setDefaultSuffix("mshh"); fdlg.setAcceptMode(QFileDialog::AcceptSave); fdlg.setFileMode(QFileDialog::AnyFile); if(!fdlg.exec())return; @@ -504,7 +549,7 @@ void MHostTab::exportHost() return; } QString chk=QCryptographicHash::hash(key.toAscii(),QCryptographicHash::Md5).toHex(); - QString out="MagicSmokeHostKey\n"+name+"\n"+key+"\n"+chk; + QString out="MagicSmokeHostHash\n"+name+"\n"+key+"\n"+chk; fd.write(out.toAscii()); fd.close(); } diff --git a/src/mwin/acltabs.h b/src/mwin/acltabs.h index 9cf115d..5af0657 100644 --- a/src/mwin/acltabs.h +++ b/src/mwin/acltabs.h @@ -92,6 +92,8 @@ class MHostTab:public QWidget //widgets QTableView*hosttable; QStandardItemModel*hostmodel; + + QString key2hash(QString); }; /**role admin tab*/ diff --git a/www/admin.php b/www/admin.php index e819d16..7b04564 100644 --- a/www/admin.php +++ b/www/admin.php @@ -183,10 +183,15 @@ if(isset($_POST["updatehost"])){ // print_r($host); if(count($host)<3) die("Trying to work on non-host file (<3 lines). Abort."); - if(trim($host[0])!="MagicSmokeHostKey") + $ishash=trim($host[0])=="MagicSmokeHostHash"; + if(!$ishash && trim($host[0])!="MagicSmokeHostKey") die("Trying to work on non-host file (header mismatch). Abort."); - $salt=getSalt(); - $key=$salt." ".sha1($salt.trim($host[2])); + if($ishash) + $key=trim($host[2]); + else{ + $salt=getSalt(); + $key=$salt." ".sha1($salt.trim($host[2])); + } $hname=$db->escapeString(trim($host[1])); // print_r($key); $data=array("hostname" => trim($host[1]), "hostkey" => $key); -- 1.7.2.5