From 61f8673fb44150bd629d88f6626aff8d5b026449 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>

Date: Mon, 21 Mar 2022 20:58:34 +0000

Subject: [PATCH] make hash encoding match decoding

Seeing as old versions of the hash may be in the users config, add a

StorageVersion field to the office config Passwords section which

defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master

password it set write StorageVersion of 1 to indicate a new hash is in

use and use the new style when StorageVersion is 1.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080

Tested-by: Jenkins

Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)

svl: fix crash if user cancels/closes master password dialog

(regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43)

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932

Tested-by: Jenkins

Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

(cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f)

Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133905

Tested-by: Michael Stahl <michael.stahl@allotropia.de>

Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

---

 .../schema/org/openoffice/Office/Common.xcs   |  6 +++

 .../passwordcontainer/passwordcontainer.cxx   | 47 ++++++++++++++++++-

 .../passwordcontainer/passwordcontainer.hxx   |  6 +++

 uui/source/iahndl-authentication.cxx          |  5 +-

 4 files changed, 60 insertions(+), 4 deletions(-)

diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs

index b317f616deeb..b033b29b60d7 100644

--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs

+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs

@@ -911,6 +911,12 @@

         </info>

         <value>false</value>

       </prop>

+      <prop oor:name="StorageVersion" oor:type="xs:int" oor:nillable="false">

+        <info>

+          <desc>Specifies what version of encoding scheme the password container uses.</desc>

+        </info>

+        <value>0</value>

+      </prop>

       <prop oor:name="HasMaster" oor:type="xs:boolean" oor:nillable="false">

         <info>

           <desc>Specifies if there is a valid master password.</desc>

diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx

index 02947cd3892c..ff0b40df4016 100644

--- a/svl/source/passwordcontainer/passwordcontainer.cxx

+++ b/svl/source/passwordcontainer/passwordcontainer.cxx

@@ -17,6 +17,8 @@

  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .

  */

+#include <sal/config.h>

+#include <sal/log.hxx>

 #include "passwordcontainer.hxx"

@@ -259,6 +261,23 @@ bool StorageItem::useStorage()

     return aResult;

 }

+sal_Int32 StorageItem::getStorageVersion()

+{

+    Sequence<OUString> aNodeNames { "StorageVersion" };

+

+    Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );

+

+    if( aPropertyValues.getLength() != aNodeNames.getLength() )

+    {

+        OSL_FAIL( "Problems during reading" );

+        return 0;

+    }

+

+    sal_Int32 nResult = 0;

+    aPropertyValues[0] >>= nResult;

+

+    return nResult;

+}

 bool StorageItem::getEncodedMP( OUString& aResult )

 {

@@ -291,15 +310,17 @@ bool StorageItem::getEncodedMP( OUString& aResult )

 void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )

 {

-    Sequence< OUString > sendNames(2);

-    Sequence< uno::Any > sendVals(2);

+    Sequence< OUString > sendNames(3);

+    Sequence< uno::Any > sendVals(3);

     sendNames[0] = "HasMaster";

     sendNames[1] = "Master";

+    sendNames[2] = "StorageVersion";

     bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );

     sendVals[0] <<= bHasMaster;

     sendVals[1] <<= aEncoded;

+    sendVals[2] <<= nCurrentStorageVersion;

     ConfigItem::SetModified();

     ConfigItem::PutProperties( sendNames, sendVals );

@@ -800,6 +821,18 @@ OUString PasswordContainer::RequestPasswordFromUser( PasswordRequestMode aRMode,

     return aResult;

 }

+// Mangle the key to match an old bug

+static OUString ReencodeAsOldHash(const OUString& rPass)

+{

+    OUStringBuffer aBuffer;

+    for (int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ++ind)

+    {

+        unsigned char i = static_cast<char>(rPass.copy(ind * 2, 2).toUInt32(16));

+        aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));

+        aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));

+    }

+    return aBuffer.makeStringAndClear();

+}

 OUString const & PasswordContainer::GetMasterPassword( const Reference< XInteractionHandler >& aHandler )

 {

@@ -838,6 +871,9 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac

                     }

                     else

                     {

+                        if (m_pStorageFile->getStorageVersion() == 0)

+                            aPass = ReencodeAsOldHash(aPass);

+

                         std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) );

                         if( aRM.empty() || aPass != aRM[0] )

                         {

@@ -1042,6 +1078,13 @@ sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::R

                 do {

                     aPass = RequestPasswordFromUser( aRMode, xTmpHandler );

+

+

+                    if (!aPass.isEmpty() && m_pStorageFile->getStorageVersion() == 0)

+                    {

+                        aPass = ReencodeAsOldHash(aPass);

+                    }

+

                     bResult = ( !aPass.isEmpty() && aPass == m_aMasterPasswd );

                     aRMode = PasswordRequestMode_PASSWORD_REENTER; // further questions with error notification

                 } while( !bResult && !aPass.isEmpty() );

diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx

index 09fb7e03629d..cf5c717d0c9e 100644

--- a/svl/source/passwordcontainer/passwordcontainer.hxx

+++ b/svl/source/passwordcontainer/passwordcontainer.hxx

@@ -167,6 +167,10 @@ public:

 typedef ::std::pair< const OUString, ::std::vector< NamePassRecord > > PairUrlRecord;

 typedef ::std::map< OUString, ::std::vector< NamePassRecord > > PassMap;

+// org.openoffice.Office.Common/Passwords/StorageVersion bump if details of

+// how password details are saved changes. Enables migration from previous

+// schemes.

+constexpr sal_Int32 nCurrentStorageVersion = 1;

 class PasswordContainer;

@@ -195,6 +199,8 @@ public:

     void remove( const OUString& url, const OUString& rec );

     void clear();

+    sal_Int32 getStorageVersion();

+

     bool getEncodedMP( OUString& aResult );

     void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );

     void setUseStorage( bool bUse );

diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx

index 4835a485dd2a..5764e62cb1c6 100644

--- a/uui/source/iahndl-authentication.cxx

+++ b/uui/source/iahndl-authentication.cxx

@@ -436,8 +436,9 @@ executeMasterPasswordDialog(

     OUStringBuffer aBuffer;

     for (sal_uInt8 i : aKey)

     {

-        aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));

-        aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));

+        // match PasswordContainer::DecodePasswords aMasterPasswd.copy(index * 2, 2).toUInt32(16));

+        aBuffer.append(OUString::number(i >> 4, 16));

+        aBuffer.append(OUString::number(i & 15, 16));

     }

     rInfo.SetPassword(aBuffer.makeStringAndClear());

 }

-- 

2.37.1