From 20ef6517a3e4c69081ef54cea6cf3637d03966aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E8=B5=AB=E7=84=B6?= Date: Wed, 22 May 2024 16:46:34 +0800 Subject: [PATCH] Don't set magic when pwd_hash is set --- common/commit-mgr.c | 6 +-- common/password-hash.c | 4 +- common/password-hash.h | 2 +- common/rpc-service.c | 11 +---- common/seafile-crypt.c | 6 +-- common/seafile-crypt.h | 4 +- fileserver/repomgr/repomgr.go | 16 +++---- include/seafile-rpc.h | 2 - python/seafile/rpcclient.py | 4 +- python/seaserv/api.py | 4 +- server/repo-mgr.c | 80 +++++++++++++++++------------------ server/seaf-server.c | 2 +- 12 files changed, 65 insertions(+), 76 deletions(-) diff --git a/common/commit-mgr.c b/common/commit-mgr.c index 5c631a62..6901e6e4 100644 --- a/common/commit-mgr.c +++ b/common/commit-mgr.c @@ -636,7 +636,7 @@ commit_to_json_object (SeafCommit *commit) if (commit->encrypted) { json_object_set_int_member (object, "enc_version", commit->enc_version); - // If pwd_hash is setted, the magic field is no longer included in the commit of the newly created repo. + // If pwd_hash is set, the magic field is no longer included in the commit of the newly created repo. if (commit->enc_version >= 1 && !commit->pwd_hash) json_object_set_string_member (object, "magic", commit->magic); if (commit->enc_version >= 2) @@ -754,7 +754,7 @@ commit_from_json_object (const char *commit_id, json_t *object) (second_parent_id && !is_object_id_valid(second_parent_id))) return commit; - // If pwd_hash is setted, the magic field is no longer included in the commit of the newly created repo. + // If pwd_hash is set, the magic field is no longer included in the commit of the newly created repo. if (!magic) magic = pwd_hash; @@ -813,7 +813,7 @@ commit_from_json_object (const char *commit_id, json_t *object) if (commit->encrypted) { commit->enc_version = enc_version; - if (enc_version >= 1) + if (enc_version >= 1 && !pwd_hash) commit->magic = g_strdup(magic); if (enc_version >= 2) commit->random_key = g_strdup (random_key); diff --git a/common/password-hash.c b/common/password-hash.c index aa85b771..b0cd13e1 100644 --- a/common/password-hash.c +++ b/common/password-hash.c @@ -121,9 +121,9 @@ argon2id_derive_key (const char *data_in, int in_len, return 0; } -// pwd_hash_init is used to init default pwd hash algorithms. +// parse_pwd_hash_params is used to parse default pwd hash algorithms. void -pwd_hash_init (const char *algo, const char *params_str, PwdHashParams *params) +parse_pwd_hash_params (const char *algo, const char *params_str, PwdHashParams *params) { if (g_strcmp0 (algo, PWD_HASH_PDKDF2) == 0) { params->algo = g_strdup (PWD_HASH_PDKDF2); diff --git a/common/password-hash.h b/common/password-hash.h index b9359585..8fc5d81a 100644 --- a/common/password-hash.h +++ b/common/password-hash.h @@ -12,7 +12,7 @@ typedef struct _PwdHashParams { } PwdHashParams; void -pwd_hash_init (const char *algo, const char *params_str, PwdHashParams *params); + parse_pwd_hash_params (const char *algo, const char *params_str, PwdHashParams *params); int pwd_hash_derive_key (const char *data_in, int in_len, diff --git a/common/rpc-service.c b/common/rpc-service.c index 3a9dc2d6..b9abb55d 100644 --- a/common/rpc-service.c +++ b/common/rpc-service.c @@ -698,8 +698,6 @@ GObject * seafile_generate_magic_and_random_key(int enc_version, const char* repo_id, const char *passwd, - const char *pwd_hash_algo, - const char *pwd_hash_params, GError **error) { if (!repo_id || !passwd) { @@ -718,13 +716,8 @@ seafile_generate_magic_and_random_key(int enc_version, const char *algo = NULL; const char *params = NULL; - if (pwd_hash_algo) { - algo = pwd_hash_algo; - params = pwd_hash_params; - } else { - algo = seafile_crypt_get_pwd_hash_algo (); - params = seafile_crypt_get_pwd_hash_params (); - } + algo = seafile_crypt_get_default_pwd_hash_algo (); + params = seafile_crypt_get_default_pwd_hash_params (); if (algo != NULL) { seafile_generate_pwd_hash (repo_id, passwd, salt, algo, params, pwd_hash); diff --git a/common/seafile-crypt.c b/common/seafile-crypt.c index 26407979..a6a40917 100644 --- a/common/seafile-crypt.c +++ b/common/seafile-crypt.c @@ -28,7 +28,7 @@ static PwdHashParams default_params; void seafile_crypt_init (const char *algo, const char *params) { - pwd_hash_init (algo, params, &default_params); + parse_pwd_hash_params (algo, params, &default_params); } SeafileCrypt * @@ -45,13 +45,13 @@ seafile_crypt_new (int version, unsigned char *key, unsigned char *iv) } const char * -seafile_crypt_get_pwd_hash_algo () +seafile_crypt_get_default_pwd_hash_algo () { return default_params.algo; } const char * -seafile_crypt_get_pwd_hash_params () +seafile_crypt_get_default_pwd_hash_params () { return default_params.params_str; } diff --git a/common/seafile-crypt.h b/common/seafile-crypt.h index caa02706..252bd966 100644 --- a/common/seafile-crypt.h +++ b/common/seafile-crypt.h @@ -34,10 +34,10 @@ SeafileCrypt * seafile_crypt_new (int version, unsigned char *key, unsigned char *iv); const char * -seafile_crypt_get_pwd_hash_algo (); +seafile_crypt_get_default_pwd_hash_algo (); const char * -seafile_crypt_get_pwd_hash_params (); +seafile_crypt_get_default_pwd_hash_params (); /* Derive key and iv used by AES encryption from @data_in. diff --git a/fileserver/repomgr/repomgr.go b/fileserver/repomgr/repomgr.go index 42976105..6bbdf83b 100644 --- a/fileserver/repomgr/repomgr.go +++ b/fileserver/repomgr/repomgr.go @@ -135,20 +135,20 @@ func Get(id string) *Repo { if commit.Encrypted == "true" { repo.IsEncrypted = true repo.EncVersion = commit.EncVersion - if repo.EncVersion == 1 { + if repo.EncVersion == 1 && commit.PwdHash == "" { repo.Magic = commit.Magic } else if repo.EncVersion == 2 { - repo.Magic = commit.Magic repo.RandomKey = commit.RandomKey } else if repo.EncVersion == 3 { - repo.Magic = commit.Magic repo.RandomKey = commit.RandomKey repo.Salt = commit.Salt } else if repo.EncVersion == 4 { - repo.Magic = commit.Magic repo.RandomKey = commit.RandomKey repo.Salt = commit.Salt } + if repo.EncVersion >= 2 && commit.PwdHash == "" { + repo.Magic = commit.Magic + } if commit.PwdHash != "" { repo.PwdHash = commit.PwdHash repo.PwdHashAlgo = commit.PwdHashAlgo @@ -166,20 +166,20 @@ func RepoToCommit(repo *Repo, commit *commitmgr.Commit) { if repo.IsEncrypted { commit.Encrypted = "true" commit.EncVersion = repo.EncVersion - if repo.EncVersion == 1 { + if repo.EncVersion == 1 && repo.PwdHash == "" { commit.Magic = repo.Magic } else if repo.EncVersion == 2 { - commit.Magic = repo.Magic commit.RandomKey = repo.RandomKey } else if repo.EncVersion == 3 { - commit.Magic = repo.Magic commit.RandomKey = repo.RandomKey commit.Salt = repo.Salt } else if repo.EncVersion == 4 { - commit.Magic = repo.Magic commit.RandomKey = repo.RandomKey commit.Salt = repo.Salt } + if repo.EncVersion >= 2 && repo.PwdHash == "" { + commit.Magic = repo.Magic + } if repo.PwdHash != "" { commit.PwdHash = repo.PwdHash commit.PwdHashAlgo = repo.PwdHashAlgo diff --git a/include/seafile-rpc.h b/include/seafile-rpc.h index b8a0c20b..81d2f812 100644 --- a/include/seafile-rpc.h +++ b/include/seafile-rpc.h @@ -1043,8 +1043,6 @@ GObject * seafile_generate_magic_and_random_key(int enc_version, const char* repo_id, const char *passwd, - const char *pwd_hash_algo, - const char *pwd_hash_params, GError **error); gint64 diff --git a/python/seafile/rpcclient.py b/python/seafile/rpcclient.py index 5e395302..54a0ad1b 100644 --- a/python/seafile/rpcclient.py +++ b/python/seafile/rpcclient.py @@ -665,8 +665,8 @@ def empty_repo_trash_by_owner(owner): def empty_repo_trash_by_owner(owner): pass - @searpc_func("object", ["int", "string", "string", "string", "string"]) - def generate_magic_and_random_key(enc_version, repo_id, password, pwd_hash_algo, pwd_hash_params): + @searpc_func("object", ["int", "string", "string"]) + def generate_magic_and_random_key(enc_version, repo_id, password): pass @searpc_func("int64", []) diff --git a/python/seaserv/api.py b/python/seaserv/api.py index c0befbc2..b4ba80b6 100644 --- a/python/seaserv/api.py +++ b/python/seaserv/api.py @@ -81,8 +81,8 @@ def set_passwd(self, repo_id, user, passwd): def unset_passwd(self, repo_id, user): return seafserv_threaded_rpc.unset_passwd(repo_id, user) - def generate_magic_and_random_key(self, enc_version, repo_id, password, pwd_hash_algo=None, pwd_hash_params=None): - return seafserv_threaded_rpc.generate_magic_and_random_key(enc_version, repo_id, password, pwd_hash_algo, pwd_hash_params) + def generate_magic_and_random_key(self, enc_version, repo_id, password): + return seafserv_threaded_rpc.generate_magic_and_random_key(enc_version, repo_id, password) # repo manipulation diff --git a/server/repo-mgr.c b/server/repo-mgr.c index 8c2753a8..831441cf 100644 --- a/server/repo-mgr.c +++ b/server/repo-mgr.c @@ -140,21 +140,20 @@ seaf_repo_from_commit (SeafRepo *repo, SeafCommit *commit) memcpy (repo->root_id, commit->root_id, 40); if (repo->encrypted) { repo->enc_version = commit->enc_version; - if (repo->enc_version == 1) + if (repo->enc_version == 1 && !commit->pwd_hash_algo) memcpy (repo->magic, commit->magic, 32); else if (repo->enc_version == 2) { - memcpy (repo->magic, commit->magic, 64); memcpy (repo->random_key, commit->random_key, 96); } else if (repo->enc_version == 3) { - memcpy (repo->magic, commit->magic, 64); memcpy (repo->random_key, commit->random_key, 96); memcpy (repo->salt, commit->salt, 64); } else if (repo->enc_version == 4) { - if (!commit->pwd_hash_algo) - memcpy (repo->magic, commit->magic, 64); memcpy (repo->random_key, commit->random_key, 96); memcpy (repo->salt, commit->salt, 64); } + if (repo->enc_version >= 2 && !commit->pwd_hash_algo) { + memcpy (repo->magic, commit->magic, 64); + } if (commit->pwd_hash_algo) { memcpy (repo->pwd_hash, commit->pwd_hash, 64); repo->pwd_hash_algo = g_strdup (commit->pwd_hash_algo); @@ -175,21 +174,20 @@ seaf_repo_to_commit (SeafRepo *repo, SeafCommit *commit) commit->repaired = repo->repaired; if (commit->encrypted) { commit->enc_version = repo->enc_version; - if (commit->enc_version == 1) + if (commit->enc_version == 1 && !repo->pwd_hash_algo) commit->magic = g_strdup (repo->magic); else if (commit->enc_version == 2) { - commit->magic = g_strdup (repo->magic); commit->random_key = g_strdup (repo->random_key); } else if (commit->enc_version == 3) { - commit->magic = g_strdup (repo->magic); commit->random_key = g_strdup (repo->random_key); commit->salt = g_strdup (repo->salt); } else if (commit->enc_version == 4) { - if (!repo->pwd_hash_algo) - commit->magic = g_strdup (repo->magic); commit->random_key = g_strdup (repo->random_key); commit->salt = g_strdup (repo->salt); } + if (commit->enc_version >= 2 && !repo->pwd_hash_algo) { + commit->magic = g_strdup (repo->magic); + } if (repo->pwd_hash_algo) { commit->pwd_hash = g_strdup (repo->pwd_hash); commit->pwd_hash_algo = g_strdup (repo->pwd_hash_algo); @@ -3744,20 +3742,20 @@ typedef struct _RepoCryptCompat { const char *pwd_hash; const char *pwd_hash_algo; const char *pwd_hash_params; -} RepoCryptCompat; +} RepoCryptInfo; static -RepoCryptCompat * -repo_crypt_compat_new (const char *magic, const char *pwd_hash, +RepoCryptInfo * +repo_crypt_info_new (const char *magic, const char *pwd_hash, const char *algo, const char *params) { - RepoCryptCompat *crypt_compat = g_new0 (RepoCryptCompat, 1); - crypt_compat->magic = magic; - crypt_compat->pwd_hash = pwd_hash; - crypt_compat->pwd_hash_algo = algo; - crypt_compat->pwd_hash_params = params; + RepoCryptInfo *crypt_info = g_new0 (RepoCryptInfo, 1); + crypt_info->magic = magic; + crypt_info->pwd_hash = pwd_hash; + crypt_info->pwd_hash_algo = algo; + crypt_info->pwd_hash_params = params; - return crypt_compat; + return crypt_info; } static int @@ -3769,7 +3767,7 @@ create_repo_common (SeafRepoManager *mgr, const char *random_key, const char *salt, int enc_version, - RepoCryptCompat *crypt_compat, + RepoCryptInfo *crypt_info, GError **error) { SeafRepo *repo = NULL; @@ -3784,17 +3782,17 @@ create_repo_common (SeafRepoManager *mgr, return -1; } - if (crypt_compat && crypt_compat->pwd_hash_algo) { - if (g_strcmp0 (crypt_compat->pwd_hash_algo, PWD_HASH_PDKDF2) != 0 && - g_strcmp0 (crypt_compat->pwd_hash_algo, PWD_HASH_ARGON2ID) !=0) + if (crypt_info && crypt_info->pwd_hash_algo) { + if (g_strcmp0 (crypt_info->pwd_hash_algo, PWD_HASH_PDKDF2) != 0 && + g_strcmp0 (crypt_info->pwd_hash_algo, PWD_HASH_ARGON2ID) !=0) { - seaf_warning ("Unsupported enc algothrims %s.\n", crypt_compat->pwd_hash_algo); + seaf_warning ("Unsupported enc algothrims %s.\n", crypt_info->pwd_hash_algo); g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, "Unsupported encryption algothrims"); return -1; } - if (!crypt_compat->pwd_hash || strlen(crypt_compat->pwd_hash) != 64) { + if (!crypt_info->pwd_hash || strlen(crypt_info->pwd_hash) != 64) { seaf_warning ("Bad pwd_hash.\n"); g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, "Bad pwd_hash"); @@ -3803,7 +3801,7 @@ create_repo_common (SeafRepoManager *mgr, } if (enc_version >= 2) { - if (!crypt_compat->pwd_hash_algo && (!crypt_compat->magic || strlen(crypt_compat->magic) != 64)) { + if (!crypt_info->pwd_hash_algo && (!crypt_info->magic || strlen(crypt_info->magic) != 64)) { seaf_warning ("Bad magic.\n"); g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, "Bad magic"); @@ -3832,18 +3830,18 @@ create_repo_common (SeafRepoManager *mgr, if (enc_version >= 2) { repo->encrypted = TRUE; repo->enc_version = enc_version; - if (!crypt_compat->pwd_hash_algo) - memcpy (repo->magic, crypt_compat->magic, 64); + if (!crypt_info->pwd_hash_algo) + memcpy (repo->magic, crypt_info->magic, 64); memcpy (repo->random_key, random_key, 96); } if (enc_version >= 3) memcpy (repo->salt, salt, 64); - if (crypt_compat && crypt_compat->pwd_hash_algo) { + if (crypt_info && crypt_info->pwd_hash_algo) { // set pwd_hash fields here. - memcpy (repo->pwd_hash, crypt_compat->pwd_hash, 64); - repo->pwd_hash_algo = g_strdup (crypt_compat->pwd_hash_algo); - repo->pwd_hash_params = g_strdup (crypt_compat->pwd_hash_params); + memcpy (repo->pwd_hash, crypt_info->pwd_hash, 64); + repo->pwd_hash_algo = g_strdup (crypt_info->pwd_hash_algo); + repo->pwd_hash_params = g_strdup (crypt_info->pwd_hash_params); } repo->version = CURRENT_REPO_VERSION; @@ -3911,8 +3909,8 @@ seaf_repo_manager_create_new_repo (SeafRepoManager *mgr, { char *repo_id = NULL; char salt[65], magic[65], pwd_hash[65], random_key[97]; - const char *algo = seafile_crypt_get_pwd_hash_algo (); - const char *params = seafile_crypt_get_pwd_hash_params (); + const char *algo = seafile_crypt_get_default_pwd_hash_algo (); + const char *params = seafile_crypt_get_default_pwd_hash_params (); repo_id = gen_uuid (); @@ -3932,10 +3930,10 @@ seaf_repo_manager_create_new_repo (SeafRepoManager *mgr, int rc; if (passwd) { - RepoCryptCompat *crypt_compat = repo_crypt_compat_new (magic, pwd_hash, algo, params); + RepoCryptInfo *crypt_info = repo_crypt_info_new (magic, pwd_hash, algo, params); rc = create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email, - random_key, salt, enc_version, crypt_compat, error); - g_free (crypt_compat); + random_key, salt, enc_version, crypt_info, error); + g_free (crypt_info); } else rc = create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email, @@ -3987,13 +3985,13 @@ seaf_repo_manager_create_enc_repo (SeafRepoManager *mgr, return NULL; } - RepoCryptCompat *crypt_compat = repo_crypt_compat_new (magic, pwd_hash, pwd_hash_algo, pwd_hash_params); + RepoCryptInfo *crypt_info = repo_crypt_info_new (magic, pwd_hash, pwd_hash_algo, pwd_hash_params); if (create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email, - random_key, salt, enc_version, crypt_compat, error) < 0) { - g_free (crypt_compat); + random_key, salt, enc_version, crypt_info, error) < 0) { + g_free (crypt_info); return NULL; } - g_free (crypt_compat); + g_free (crypt_info); if (seaf_repo_manager_set_repo_owner (mgr, repo_id, owner_email) < 0) { seaf_warning ("Failed to set repo owner.\n"); diff --git a/server/seaf-server.c b/server/seaf-server.c index b46bbb9e..4df76c85 100644 --- a/server/seaf-server.c +++ b/server/seaf-server.c @@ -745,7 +745,7 @@ static void start_rpc_service (const char *seafile_dir, searpc_server_register_function ("seafserv-threaded-rpcserver", seafile_generate_magic_and_random_key, "generate_magic_and_random_key", - searpc_signature_object__int_string_string_string_string()); + searpc_signature_object__int_string_string()); /* Config */ searpc_server_register_function ("seafserv-threaded-rpcserver",