Allow unauthenticated marshal reading to reset master key.
This commit is contained in:
parent
a19df80a03
commit
1b90b3deea
@ -718,7 +718,9 @@ void cli_mpw(Arguments *args, Operation *operation) {
|
||||
operation->user->fullName, operation->purposeResult, operation->site->siteName, operation->identicon );
|
||||
|
||||
// Determine master key.
|
||||
MPMasterKey masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName );
|
||||
MPMasterKey masterKey = NULL;
|
||||
if (operation->user->masterKeyProvider)
|
||||
masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName );
|
||||
if (!masterKey) {
|
||||
ftl( "Couldn't derive master key." );
|
||||
cli_free( args, operation );
|
||||
|
@ -31,7 +31,7 @@ MPMarshalledUser *mpw_marshal_user(
|
||||
const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion) {
|
||||
|
||||
MPMarshalledUser *user;
|
||||
if (!fullName || !masterKeyProvider || !(user = malloc( sizeof( MPMarshalledUser ) )))
|
||||
if (!fullName || !(user = malloc( sizeof( MPMarshalledUser ) )))
|
||||
return NULL;
|
||||
|
||||
*user = (MPMarshalledUser){
|
||||
@ -144,7 +144,9 @@ static const char *mpw_marshal_write_flat(
|
||||
*error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." };
|
||||
return NULL;
|
||||
}
|
||||
MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
|
||||
MPMasterKey masterKey = NULL;
|
||||
if (user->masterKeyProvider)
|
||||
masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
|
||||
if (!masterKey) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
return NULL;
|
||||
@ -188,7 +190,7 @@ static const char *mpw_marshal_write_flat(
|
||||
if (!user->redacted) {
|
||||
// Clear Text
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
mpw_free_string( &out );
|
||||
return NULL;
|
||||
@ -229,7 +231,9 @@ static const char *mpw_marshal_write_json(
|
||||
*error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." };
|
||||
return NULL;
|
||||
}
|
||||
MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
|
||||
MPMasterKey masterKey = NULL;
|
||||
if (user->masterKeyProvider)
|
||||
masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
|
||||
if (!masterKey) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
return NULL;
|
||||
@ -273,7 +277,7 @@ static const char *mpw_marshal_write_json(
|
||||
if (!user->redacted) {
|
||||
// Clear Text
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
json_object_put( json_file );
|
||||
return NULL;
|
||||
@ -467,14 +471,14 @@ static MPMarshalledUser *mpw_marshal_read_flat(
|
||||
// ## ends header
|
||||
headerEnded = true;
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
if (!(masterKey = masterKeyProvider( algorithm, fullName ))) {
|
||||
if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
mpw_free_strings( &fullName, &keyID, NULL );
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
mpw_marshal_free( &user );
|
||||
return NULL;
|
||||
}
|
||||
if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
|
||||
if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." };
|
||||
mpw_free_strings( &fullName, &keyID, NULL );
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
@ -666,7 +670,7 @@ static MPMarshalledUser *mpw_marshal_read_flat(
|
||||
if (!user->redacted) {
|
||||
// Clear Text
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
mpw_free_strings( &str_lastUsed, &str_uses, &str_type, &str_algorithm, &str_counter, NULL );
|
||||
mpw_free_strings( &siteLoginState, &siteName, &siteResultState, NULL );
|
||||
@ -815,14 +819,14 @@ static MPMarshalledUser *mpw_marshal_read_json(
|
||||
json_object_put( json_file );
|
||||
return NULL;
|
||||
}
|
||||
if (!(masterKey = masterKeyProvider( algorithm, fullName ))) {
|
||||
if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
mpw_marshal_free( &user );
|
||||
json_object_put( json_file );
|
||||
return NULL;
|
||||
}
|
||||
if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
|
||||
if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." };
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
mpw_marshal_free( &user );
|
||||
@ -913,7 +917,7 @@ static MPMarshalledUser *mpw_marshal_read_json(
|
||||
if (!user->redacted) {
|
||||
// Clear Text
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
|
||||
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
|
||||
mpw_free( &masterKey, MPMasterKeySize );
|
||||
mpw_marshal_free( &user );
|
||||
|
@ -139,11 +139,11 @@ MPMarshalledUser *mpw_marshal_read(
|
||||
//// Utilities.
|
||||
|
||||
/** Create a new user object ready for marshalling.
|
||||
* @return A user object (allocated), or NULL if the fullName or masterKeyProvider is missing, or the marshalled user couldn't be allocated. */
|
||||
* @return A user object (allocated), or NULL if the fullName is missing or the marshalled user couldn't be allocated. */
|
||||
MPMarshalledUser *mpw_marshal_user(
|
||||
const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion);
|
||||
/** Create a new site attached to the given user object, ready for marshalling.
|
||||
* @return A site object (allocated), or NULL if the siteName is missing, or the marshalled site couldn't be allocated. */
|
||||
* @return A site object (allocated), or NULL if the siteName is missing or the marshalled site couldn't be allocated. */
|
||||
MPMarshalledSite *mpw_marshal_site(
|
||||
MPMarshalledUser *user,
|
||||
const char *siteName, const MPResultType resultType, const MPCounterValue siteCounter, const MPAlgorithmVersion algorithmVersion);
|
||||
|
Loading…
Reference in New Issue
Block a user