2
0

Allow unauthenticated marshal reading to reset master key.

This commit is contained in:
Maarten Billemont 2020-01-23 16:04:53 -05:00
parent a19df80a03
commit 1b90b3deea
3 changed files with 20 additions and 14 deletions

View File

@ -718,7 +718,9 @@ void cli_mpw(Arguments *args, Operation *operation) {
operation->user->fullName, operation->purposeResult, operation->site->siteName, operation->identicon );
// Determine master key.
MPMasterKey masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName );
MPMasterKey masterKey = NULL;
if (operation->user->masterKeyProvider)
masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName );
if (!masterKey) {
ftl( "Couldn't derive master key." );
cli_free( args, operation );

View File

@ -31,7 +31,7 @@ MPMarshalledUser *mpw_marshal_user(
const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion) {
MPMarshalledUser *user;
if (!fullName || !masterKeyProvider || !(user = malloc( sizeof( MPMarshalledUser ) )))
if (!fullName || !(user = malloc( sizeof( MPMarshalledUser ) )))
return NULL;
*user = (MPMarshalledUser){
@ -144,7 +144,9 @@ static const char *mpw_marshal_write_flat(
*error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." };
return NULL;
}
MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
MPMasterKey masterKey = NULL;
if (user->masterKeyProvider)
masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
if (!masterKey) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
return NULL;
@ -188,7 +190,7 @@ static const char *mpw_marshal_write_flat(
if (!user->redacted) {
// Clear Text
mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free_string( &out );
return NULL;
@ -229,7 +231,9 @@ static const char *mpw_marshal_write_json(
*error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." };
return NULL;
}
MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
MPMasterKey masterKey = NULL;
if (user->masterKeyProvider)
masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
if (!masterKey) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
return NULL;
@ -273,7 +277,7 @@ static const char *mpw_marshal_write_json(
if (!user->redacted) {
// Clear Text
mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
json_object_put( json_file );
return NULL;
@ -467,14 +471,14 @@ static MPMarshalledUser *mpw_marshal_read_flat(
// ## ends header
headerEnded = true;
mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = masterKeyProvider( algorithm, fullName ))) {
if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free_strings( &fullName, &keyID, NULL );
mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user );
return NULL;
}
if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
*error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." };
mpw_free_strings( &fullName, &keyID, NULL );
mpw_free( &masterKey, MPMasterKeySize );
@ -666,7 +670,7 @@ static MPMarshalledUser *mpw_marshal_read_flat(
if (!user->redacted) {
// Clear Text
mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free_strings( &str_lastUsed, &str_uses, &str_type, &str_algorithm, &str_counter, NULL );
mpw_free_strings( &siteLoginState, &siteName, &siteResultState, NULL );
@ -815,14 +819,14 @@ static MPMarshalledUser *mpw_marshal_read_json(
json_object_put( json_file );
return NULL;
}
if (!(masterKey = masterKeyProvider( algorithm, fullName ))) {
if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user );
json_object_put( json_file );
return NULL;
}
if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
*error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." };
mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user );
@ -913,7 +917,7 @@ static MPMarshalledUser *mpw_marshal_read_json(
if (!user->redacted) {
// Clear Text
mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user );

View File

@ -139,11 +139,11 @@ MPMarshalledUser *mpw_marshal_read(
//// Utilities.
/** Create a new user object ready for marshalling.
* @return A user object (allocated), or NULL if the fullName or masterKeyProvider is missing, or the marshalled user couldn't be allocated. */
* @return A user object (allocated), or NULL if the fullName is missing or the marshalled user couldn't be allocated. */
MPMarshalledUser *mpw_marshal_user(
const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion);
/** Create a new site attached to the given user object, ready for marshalling.
* @return A site object (allocated), or NULL if the siteName is missing, or the marshalled site couldn't be allocated. */
* @return A site object (allocated), or NULL if the siteName is missing or the marshalled site couldn't be allocated. */
MPMarshalledSite *mpw_marshal_site(
MPMarshalledUser *user,
const char *siteName, const MPResultType resultType, const MPCounterValue siteCounter, const MPAlgorithmVersion algorithmVersion);