Skip to content
Snippets Groups Projects
Commit 5bcd3483 authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Re-encrypt private key with new system password when it changes. 

Done.
parent d5dc867b
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
Pipeline #1253 failed
Stage: build
Show whitespace changes
Inline Side-by-side
src/sbbs3/scfg/GNUmakefile
+ 4
4
View file @ 5bcd3483
SRC_ROOT ?= ../.. SRC_ROOT ?= ../..
include ${SRC_ROOT}/build/Common.gmake include ${SRC_ROOT}/build/Common.gmake
CFLAGS += -DSCFG -I.. -I../../comio $(SMBLIB_CFLAGS) $(UIFC-MT_CFLAGS) $(CIOLIB-MT_CFLAGS) $(XPDEV-MT_CFLAGS) $(ENCODE_CFLAGS) $(HASH_CFLAGS) CFLAGS += -DSCFG -I.. -I../../comio $(CRYPT_CFLAGS) $(SMBLIB_CFLAGS) $(UIFC-MT_CFLAGS) $(CIOLIB-MT_CFLAGS) $(XPDEV-MT_CFLAGS) $(ENCODE_CFLAGS) $(HASH_CFLAGS)
LDFLAGS += $(SMBLIB_LDFLAGS) $(ENCODE_LDFLAGS) $(HASH_LDFLAGS) $(UIFC-MT_LDFLAGS) $(CIOLIB-MT_LDFLAGS) $(XPDEV-MT_LDFLAGS) LDFLAGS += $(SMBLIB_LDFLAGS) $(ENCODE_LDFLAGS) $(HASH_LDFLAGS) $(UIFC-MT_LDFLAGS) $(CIOLIB-MT_LDFLAGS) $(XPDEV-MT_LDFLAGS) $(CRYPT_LDFLAGS)
vpath %.c .. vpath %.c ..
$(SCFG): $(OBJS) $(SCFG): $(OBJS) $(CRYPT_DEPS)
@echo Linking $@ @echo Linking $@
${QUIET}$(CC) $(LDFLAGS) $(MT_LDFLAGS) -o$@ $(OBJS) $(SMBLIB_LIBS) $(ENCODE_LIBS) $(HASH_LIBS) $(UIFC-MT_LIBS) $(CIOLIB-MT_LIBS) $(XPDEV-MT_LIBS) ${QUIET}$(CC) $(LDFLAGS) $(MT_LDFLAGS) -o$@ $(OBJS) $(SMBLIB_LIBS) $(ENCODE_LIBS) $(HASH_LIBS) $(UIFC-MT_LIBS) $(CIOLIB-MT_LIBS) $(XPDEV-MT_LIBS) $(CRYPT_LIBS)
src/sbbs3/scfg/scfg.c
+ 3
0
View file @ 5bcd3483
...@@ -25,6 +25,7 @@ ...@@ -25,6 +25,7 @@
#include "ciolib.h" #include "ciolib.h"
#include "git_hash.h" #include "git_hash.h"
#include "git_branch.h" #include "git_branch.h"
#include "cryptlib.h"
/********************/ /********************/
/* Global Variables */ /* Global Variables */
...@@ -451,6 +452,8 @@ int main(int argc, char **argv) ...@@ -451,6 +452,8 @@ int main(int argc, char **argv)
strcpy(mopt[i++],"External Programs"); strcpy(mopt[i++],"External Programs");
strcpy(mopt[i++],"Text File Sections"); strcpy(mopt[i++],"Text File Sections");
mopt[i][0]=0; mopt[i][0]=0;
i = cryptInit();
(void)i;
while(1) { while(1) {
uifc.helpbuf= uifc.helpbuf=
"`Main Configuration Menu:`\n" "`Main Configuration Menu:`\n"
......
src/sbbs3/scfg/scfgsys.c
+ 22
22
View file @ 5bcd3483
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
****************************************************************************/ ****************************************************************************/
#include "scfg.h" #include "scfg.h"
#include "ssl.h"
static void configure_dst(void) static void configure_dst(void)
{ {
...@@ -65,18 +66,6 @@ void sys_cfg(void) ...@@ -65,18 +66,6 @@ void sys_cfg(void)
int i,j,k,dflt,bar; int i,j,k,dflt,bar;
char sys_pass[sizeof(cfg.sys_pass)]; char sys_pass[sizeof(cfg.sys_pass)];
SAFECOPY(sys_pass, cfg.sys_pass); SAFECOPY(sys_pass, cfg.sys_pass);
char* cryptlib_syspass_helpbuf =
"`Changing the System Password requires new Cryptlib key and certificate:`\n"
"\n"
"The Cryptlib private key (`cryptlib.key`) and TLS certificate (`ssl.cert`)\n"
"files, located in the Synchronet `ctrl` directory, are encrypted with the\n"
"current `System Password`.\n"
"\n"
"Changing the System Password will require that the Cryptlib Private Key\n"
"and Certificate files be regenerated. The Cryptlib key and certificate\n"
"regeneration should occur automatically after the files are deleted and\n"
"the Synchronet servers are recycled.";
while(1) { while(1) {
i=0; i=0;
sprintf(opt[i++],"%-33.33s%s","BBS Name",cfg.sys_name); sprintf(opt[i++],"%-33.33s%s","BBS Name",cfg.sys_name);
...@@ -129,13 +118,27 @@ void sys_cfg(void) ...@@ -129,13 +118,27 @@ void sys_cfg(void)
if(!i) { if(!i) {
cfg.new_install=new_install; cfg.new_install=new_install;
if(strcmp(sys_pass, cfg.sys_pass) != 0) { if(strcmp(sys_pass, cfg.sys_pass) != 0) {
uifc.helpbuf = cryptlib_syspass_helpbuf; if(fexist("ssl.cert") || fexist("cryptlib.key")) {
if((fexist("ssl.cert") || fexist("cryptlib.key")) CRYPT_KEYSET ssl_keyset;
&& uifc.confirm("System Password Changed. Delete Cryptlib Key and Certificate?")) { CRYPT_CONTEXT ssl_context = -1;
if(remove("ssl.cert") != 0) int status;
uifc.msgf("Error %d removing ssl.cert", errno); int ignoreme;
if(remove("cryptlib.key") != 0)
uifc.msgf("Error %d removing cryptlib.key", errno); if (cryptStatusOK(status = cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, "ssl.cert", CRYPT_KEYOPT_NONE)))
if (cryptStatusOK(status = cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", sys_pass)))
if (cryptStatusOK(status = cryptDeleteKey(ssl_keyset, CRYPT_KEYID_NAME, "ssl_cert"))) {
ignoreme = cryptAddPrivateKey(ssl_keyset, ssl_context, cfg.sys_pass);
cryptKeysetClose(ssl_keyset);
}
if (cryptStatusOK(status = cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, "cryptlib.key", CRYPT_KEYOPT_NONE)))
if (cryptStatusOK(status = cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssh_server", sys_pass)))
if (cryptStatusOK(status = cryptDeleteKey(ssl_keyset, CRYPT_KEYID_NAME, "ssh_server"))) {
ignoreme = cryptAddPrivateKey(ssl_keyset, ssl_context, cfg.sys_pass);
cryptKeysetClose(ssl_keyset);
}
(void)ignoreme;
} }
} }
save_main_cfg(&cfg,backup_level); save_main_cfg(&cfg,backup_level);
...@@ -386,9 +389,6 @@ void sys_cfg(void) ...@@ -386,9 +389,6 @@ void sys_cfg(void)
uifc.input(WIN_MID,0,0,"System Operator",cfg.sys_op,sizeof(cfg.sys_op)-1,K_EDIT); uifc.input(WIN_MID,0,0,"System Operator",cfg.sys_op,sizeof(cfg.sys_op)-1,K_EDIT);
break; break;
case 4: case 4:
uifc.helpbuf=cryptlib_syspass_helpbuf;
if(uifc.deny("Changing SysPass requires new Cryptlib key/cert. Continue?"))
break;
uifc.helpbuf= uifc.helpbuf=
"`System Password:`\n" "`System Password:`\n"
"\n" "\n"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment