1
0
mirror of https://foundry.openuru.org/gitblit/r/CWE-ou-minkata.git synced 2025-07-18 19:29:09 +00:00

Merge pull request #448 from Deledrius/passwords

Store plClient password using platform-specific credential storage.
This commit is contained in:
2015-01-02 22:26:35 -05:00
12 changed files with 661 additions and 120 deletions

View File

@ -18,6 +18,7 @@ add_subdirectory(pfJournalBook)
add_subdirectory(pfLocalizationMgr)
add_subdirectory(pfMessage)
add_subdirectory(pfMoviePlayer)
add_subdirectory(pfPasswordStore)
add_subdirectory(pfPatcher)
add_subdirectory(pfPython)
add_subdirectory(pfSurface)

View File

@ -0,0 +1,43 @@
include_directories("../../CoreLib")
include_directories("../../NucleusLib")
include_directories("../../NucleusLib/inc")
include_directories("../../PubUtilLib")
set(pfPasswordStore_HEADERS
pfPasswordStore.h
pfPasswordStore_impl.h
)
set(pfPasswordStore_SOURCES
pfPasswordStore.cpp
)
if(WIN32 AND NOT CYGWIN)
set(pfPasswordStore_SOURCES ${pfPasswordStore_SOURCES}
pfPasswordStore_Win.cpp
)
endif(WIN32 AND NOT CYGWIN)
if(UNIX)
set(pfPasswordStore_SOURCES ${pfPasswordStore_SOURCES}
pfPasswordStore_Unix.cpp
)
endif(UNIX)
if(APPLE)
set(pfPasswordStore_SOURCES ${pfPasswordStore_SOURCES}
pfPasswordStore_Mac.cpp
)
endif(APPLE)
add_library(pfPasswordStore STATIC ${pfPasswordStore_HEADERS} ${pfPasswordStore_SOURCES})
target_link_libraries(pfPasswordStore CoreLib plFile)
if(APPLE)
find_library(SECURITY_LIBRARY Security)
target_link_libraries(pfPasswordStore ${SECURITY_LIBRARY})
endif(APPLE)
source_group("Header Files" FILES ${pfPasswordStore_HEADERS})
source_group("Source Files" FILES ${pfPasswordStore_SOURCES})

View File

@ -0,0 +1,144 @@
/*==LICENSE==*
CyanWorlds.com Engine - MMOG client, server and tools
Copyright (C) 2011 Cyan Worlds, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional permissions under GNU GPL version 3 section 7
If you modify this Program, or any covered work, by linking or
combining it with any of RAD Game Tools Bink SDK, Autodesk 3ds Max SDK,
NVIDIA PhysX SDK, Microsoft DirectX SDK, OpenSSL library, Independent
JPEG Group JPEG library, Microsoft Windows Media SDK, or Apple QuickTime SDK
(or a modified version of those libraries),
containing parts covered by the terms of the Bink SDK EULA, 3ds Max EULA,
PhysX SDK EULA, DirectX SDK EULA, OpenSSL and SSLeay licenses, IJG
JPEG Library README, Windows Media SDK EULA, or QuickTime SDK EULA, the
licensors of this Program grant you additional
permission to convey the resulting work. Corresponding Source for a
non-source form of such a combination shall include the source code for
the parts of OpenSSL and IJG JPEG Library used as well as that of the covered
work.
You can contact Cyan Worlds, Inc. by email legal@cyan.com
or by snail mail at:
Cyan Worlds, Inc.
14617 N Newport Hwy
Mead, WA 99021
*==LICENSE==*/
#include "pfPasswordStore.h"
#include "pfPasswordStore_impl.h"
#include "plProduct.h"
#include "plFile/plEncryptedStream.h"
/* Get the pfPasswordStore instance */
pfPasswordStore* pfPasswordStore::Instance()
{
static pfPasswordStore* store = nullptr;
if (store == nullptr) {
#ifdef HS_BUILD_FOR_WIN32
store = new pfWin32PasswordStore();
#else
#ifdef HS_BUILD_FOR_OSX
store = new pfMacPasswordStore();
#else
store = new pfFilePasswordStore();
#endif
#endif
}
return store;
}
/*****************************************************************************
** pfFilePasswordStore **
*****************************************************************************/
pfFilePasswordStore::pfFilePasswordStore()
{
// TODO: Cross-platform CryptKey initialization
uint32_t* product = (uint32_t*)plProduct::UUID();
for (int i = 0; i < 4; i++) {
fCryptKey[i] = product[i];
}
}
const plString pfFilePasswordStore::GetPassword(const plString& username)
{
plFileName loginDat = plFileName::Join(plFileSystem::GetInitPath(), "login.dat");
plString password = plString::Null;
#ifndef PLASMA_EXTERNAL_RELEASE
// internal builds can use the local init directory
plFileName local("init\\login.dat");
if (plFileInfo(local).Exists())
loginDat = local;
#endif
hsStream* stream = plEncryptedStream::OpenEncryptedFile(loginDat, fCryptKey);
if (stream && !stream->AtEnd())
{
uint32_t savedKey[4];
stream->Read(sizeof(savedKey), savedKey);
if (memcmp(fCryptKey, savedKey, sizeof(savedKey)) == 0 && !stream->AtEnd())
{
plString uname = stream->ReadSafeString();
if (username.CompareI(uname) == 0) {
password = stream->ReadSafeString();
}
}
stream->Close();
delete stream;
}
return password;
}
bool pfFilePasswordStore::SetPassword(const plString& username, const plString& password)
{
plFileName loginDat = plFileName::Join(plFileSystem::GetInitPath(), "login.dat");
#ifndef PLASMA_EXTERNAL_RELEASE
// internal builds can use the local init directory
plFileName local("init\\login.dat");
if (plFileInfo(local).Exists())
loginDat = local;
#endif
hsStream* stream = plEncryptedStream::OpenEncryptedFileWrite(loginDat, fCryptKey);
if (stream)
{
stream->Write(sizeof(fCryptKey), fCryptKey);
stream->WriteSafeString(username);
stream->WriteSafeString(password);
stream->Close();
delete stream;
return true;
}
return false;
}

View File

@ -0,0 +1,59 @@
/*==LICENSE==*
CyanWorlds.com Engine - MMOG client, server and tools
Copyright (C) 2011 Cyan Worlds, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional permissions under GNU GPL version 3 section 7
If you modify this Program, or any covered work, by linking or
combining it with any of RAD Game Tools Bink SDK, Autodesk 3ds Max SDK,
NVIDIA PhysX SDK, Microsoft DirectX SDK, OpenSSL library, Independent
JPEG Group JPEG library, Microsoft Windows Media SDK, or Apple QuickTime SDK
(or a modified version of those libraries),
containing parts covered by the terms of the Bink SDK EULA, 3ds Max EULA,
PhysX SDK EULA, DirectX SDK EULA, OpenSSL and SSLeay licenses, IJG
JPEG Library README, Windows Media SDK EULA, or QuickTime SDK EULA, the
licensors of this Program grant you additional
permission to convey the resulting work. Corresponding Source for a
non-source form of such a combination shall include the source code for
the parts of OpenSSL and IJG JPEG Library used as well as that of the covered
work.
You can contact Cyan Worlds, Inc. by email legal@cyan.com
or by snail mail at:
Cyan Worlds, Inc.
14617 N Newport Hwy
Mead, WA 99021
*==LICENSE==*/
#ifndef pfPasswordStore_inc
#define pfPasswordStore_inc
#include "HeadSpin.h"
#include "plString.h"
class pfPasswordStore
{
public:
static pfPasswordStore* Instance();
virtual const plString GetPassword(const plString& username) = 0;
virtual bool SetPassword(const plString& username, const plString& password) = 0;
};
#endif //pfPasswordStore_inc

View File

@ -0,0 +1,91 @@
/*==LICENSE==*
CyanWorlds.com Engine - MMOG client, server and tools
Copyright (C) 2011 Cyan Worlds, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional permissions under GNU GPL version 3 section 7
If you modify this Program, or any covered work, by linking or
combining it with any of RAD Game Tools Bink SDK, Autodesk 3ds Max SDK,
NVIDIA PhysX SDK, Microsoft DirectX SDK, OpenSSL library, Independent
JPEG Group JPEG library, Microsoft Windows Media SDK, or Apple QuickTime SDK
(or a modified version of those libraries),
containing parts covered by the terms of the Bink SDK EULA, 3ds Max EULA,
PhysX SDK EULA, DirectX SDK EULA, OpenSSL and SSLeay licenses, IJG
JPEG Library README, Windows Media SDK EULA, or QuickTime SDK EULA, the
licensors of this Program grant you additional
permission to convey the resulting work. Corresponding Source for a
non-source form of such a combination shall include the source code for
the parts of OpenSSL and IJG JPEG Library used as well as that of the covered
work.
You can contact Cyan Worlds, Inc. by email legal@cyan.com
or by snail mail at:
Cyan Worlds, Inc.
14617 N Newport Hwy
Mead, WA 99021
*==LICENSE==*/
#include "pfPasswordStore.h"
#include "pfPasswordStore_impl.h"
#include "pnNetBase/pnNbSrvs.h"
#include <Security/Security.h>
/*****************************************************************************
** pfMacPasswordStore **
*****************************************************************************/
const plString pfMacPasswordStore::GetPassword(const plString& username)
{
plString service = GetServerDisplayName();
void* passwd = nullptr;
uint32_t passwd_len = 0;
if (SecKeychainFindGenericPassword(nullptr,
service.GetSize(),
service.c_str(),
username.GetSize(),
username.c_str(),
&passwd_len,
&passwd,
nullptr) != errSecSuccess)
{
return plString::Null;
}
plString ret(reinterpret_cast<const char*>(passwd), size_t(passwd_len));
SecKeychainItemFreeContent(nullptr, passwd);
return ret;
}
bool pfMacPasswordStore::SetPassword(const plString& username, const plString& password)
{
plString service = GetServerDisplayName();
return SecKeychainAddGenericPassword(nullptr,
service.GetSize(),
service.c_str(),
username.GetSize(),
username.c_str(),
password.GetSize(),
password.c_str(),
nullptr) == errSecSuccess;
}

View File

@ -0,0 +1,58 @@
/*==LICENSE==*
CyanWorlds.com Engine - MMOG client, server and tools
Copyright (C) 2011 Cyan Worlds, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional permissions under GNU GPL version 3 section 7
If you modify this Program, or any covered work, by linking or
combining it with any of RAD Game Tools Bink SDK, Autodesk 3ds Max SDK,
NVIDIA PhysX SDK, Microsoft DirectX SDK, OpenSSL library, Independent
JPEG Group JPEG library, Microsoft Windows Media SDK, or Apple QuickTime SDK
(or a modified version of those libraries),
containing parts covered by the terms of the Bink SDK EULA, 3ds Max EULA,
PhysX SDK EULA, DirectX SDK EULA, OpenSSL and SSLeay licenses, IJG
JPEG Library README, Windows Media SDK EULA, or QuickTime SDK EULA, the
licensors of this Program grant you additional
permission to convey the resulting work. Corresponding Source for a
non-source form of such a combination shall include the source code for
the parts of OpenSSL and IJG JPEG Library used as well as that of the covered
work.
You can contact Cyan Worlds, Inc. by email legal@cyan.com
or by snail mail at:
Cyan Worlds, Inc.
14617 N Newport Hwy
Mead, WA 99021
*==LICENSE==*/
#include "pfPasswordStore.h"
#include "pfPasswordStore_impl.h"
#include "plProduct.h"
/*****************************************************************************
** pfUnixPasswordStore **
*****************************************************************************/
const plString pfUnixPasswordStore::GetPassword(const plString& username)
{
}
bool pfUnixPasswordStore::SetPassword(const plString& username, const plString& password)
{
}

View File

@ -0,0 +1,103 @@
/*==LICENSE==*
CyanWorlds.com Engine - MMOG client, server and tools
Copyright (C) 2011 Cyan Worlds, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional permissions under GNU GPL version 3 section 7
If you modify this Program, or any covered work, by linking or
combining it with any of RAD Game Tools Bink SDK, Autodesk 3ds Max SDK,
NVIDIA PhysX SDK, Microsoft DirectX SDK, OpenSSL library, Independent
JPEG Group JPEG library, Microsoft Windows Media SDK, or Apple QuickTime SDK
(or a modified version of those libraries),
containing parts covered by the terms of the Bink SDK EULA, 3ds Max EULA,
PhysX SDK EULA, DirectX SDK EULA, OpenSSL and SSLeay licenses, IJG
JPEG Library README, Windows Media SDK EULA, or QuickTime SDK EULA, the
licensors of this Program grant you additional
permission to convey the resulting work. Corresponding Source for a
non-source form of such a combination shall include the source code for
the parts of OpenSSL and IJG JPEG Library used as well as that of the covered
work.
You can contact Cyan Worlds, Inc. by email legal@cyan.com
or by snail mail at:
Cyan Worlds, Inc.
14617 N Newport Hwy
Mead, WA 99021
*==LICENSE==*/
#include "pfPasswordStore.h"
#include "pfPasswordStore_impl.h"
#include "plFormat.h"
#include "pnNetBase/pnNbSrvs.h"
#include "hsWindows.h"
#include <wincred.h>
/*****************************************************************************
** pfWin32PasswordStore **
*****************************************************************************/
const plString pfWin32PasswordStore::GetPassword(const plString& username)
{
PCREDENTIALW credential;
plString target = plFormat("{}__{}", GetServerDisplayName(), username);
plString password = plString::Null;
if (!CredReadW(target.ToWchar().GetData(), CRED_TYPE_GENERIC, 0, &credential)) {
return password;
}
password = plString::FromUtf8(reinterpret_cast<const char *>(credential->CredentialBlob), credential->CredentialBlobSize);
memset(credential->CredentialBlob, 0, credential->CredentialBlobSize);
CredFree(credential);
return password;
}
bool pfWin32PasswordStore::SetPassword(const plString& username, const plString& password)
{
CREDENTIALW credential;
plString target = plFormat("{}__{}", GetServerDisplayName(), username);
if (password.IsNull()) {
if (CredDeleteW(target.ToWchar().GetData(), CRED_TYPE_GENERIC, 0)) {
return true;
}
return false;
}
plStringBuffer<wchar_t> tbuff = target.ToWchar();
plStringBuffer<char> pbuff = password.ToUtf8();
plStringBuffer<wchar_t> ubuff = username.ToWchar();
memset(&credential, 0, sizeof(CREDENTIALW));
credential.Type = CRED_TYPE_GENERIC;
credential.TargetName = (LPWSTR)tbuff.GetData();
credential.CredentialBlobSize = pbuff.GetSize();
credential.CredentialBlob = (LPBYTE)pbuff.GetData();
credential.Persist = CRED_PERSIST_LOCAL_MACHINE;
credential.UserName = (LPWSTR)ubuff.GetData();
if (!CredWriteW(&credential, 0)) {
return false;
}
return true;
}

View File

@ -0,0 +1,97 @@
/*==LICENSE==*
CyanWorlds.com Engine - MMOG client, server and tools
Copyright (C) 2011 Cyan Worlds, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional permissions under GNU GPL version 3 section 7
If you modify this Program, or any covered work, by linking or
combining it with any of RAD Game Tools Bink SDK, Autodesk 3ds Max SDK,
NVIDIA PhysX SDK, Microsoft DirectX SDK, OpenSSL library, Independent
JPEG Group JPEG library, Microsoft Windows Media SDK, or Apple QuickTime SDK
(or a modified version of those libraries),
containing parts covered by the terms of the Bink SDK EULA, 3ds Max EULA,
PhysX SDK EULA, DirectX SDK EULA, OpenSSL and SSLeay licenses, IJG
JPEG Library README, Windows Media SDK EULA, or QuickTime SDK EULA, the
licensors of this Program grant you additional
permission to convey the resulting work. Corresponding Source for a
non-source form of such a combination shall include the source code for
the parts of OpenSSL and IJG JPEG Library used as well as that of the covered
work.
You can contact Cyan Worlds, Inc. by email legal@cyan.com
or by snail mail at:
Cyan Worlds, Inc.
14617 N Newport Hwy
Mead, WA 99021
*==LICENSE==*/
#ifndef pfPasswordStore_impl_inc
#define pfPasswordStore_impl_inc
#include "pfPasswordStore.h"
/**
* An encrypted file-based password storage mechanism.
*/
class pfFilePasswordStore : public pfPasswordStore
{
private:
uint32_t fCryptKey[4];
public:
pfFilePasswordStore();
virtual const plString GetPassword(const plString& username);
virtual bool SetPassword(const plString& username, const plString& password);
};
#ifdef HS_BUILD_FOR_WIN32
/**
* A Windows Credential Vault password storage mechanism.
*/
class pfWin32PasswordStore : public pfPasswordStore
{
public:
pfWin32PasswordStore() { }
virtual const plString GetPassword(const plString& username);
virtual bool SetPassword(const plString& username, const plString& password);
};
#endif //HS_BUILD_FOR_WIN32
/**
* @todo A Linux libsecret-based storage mechanism.
*/
#ifdef HS_BUILD_FOR_OSX
/**
* An OSX Keychain password storage mechanism.
*/
class pfMacPasswordStore : public pfPasswordStore
{
public:
pfMacPasswordStore() { }
virtual const plString GetPassword(const plString& username);
virtual bool SetPassword(const plString& username, const plString& password);
};
#endif //HS_BUILD_FOR_OSX
#endif //pfPasswordStore_impl_inc