diff --git a/indra/llcommon/lluuid.cpp b/indra/llcommon/lluuid.cpp
index bcbae06ec564e968c68a40718d00b6fcbe9eca7b..152223d524de99c5777e89049a0857457eb832bd 100644
--- a/indra/llcommon/lluuid.cpp
+++ b/indra/llcommon/lluuid.cpp
@@ -36,6 +36,8 @@
# undef WIN32_LEAN_AND_MEAN
# include <winsock2.h>
# include <windows.h>
+# pragma comment(lib, "IPHLPAPI.lib")
+# include <iphlpapi.h>
#endif
#include "lldefs.h"
@@ -452,67 +454,104 @@ static void get_random_bytes(void *buf, int nbytes)
return;
}
-#if LL_WINDOWS
-typedef struct _ASTAT_
-{
- ADAPTER_STATUS adapt;
- NAME_BUFFER NameBuff [30];
-}ASTAT, * PASTAT;
-
-// static
-S32 LLUUID::getNodeID(unsigned char * node_id)
-{
- ASTAT Adapter;
- NCB Ncb;
- UCHAR uRetCode;
- LANA_ENUM lenum;
- int i;
- int retval = 0;
-
- memset( &Ncb, 0, sizeof(Ncb) );
- Ncb.ncb_command = NCBENUM;
- Ncb.ncb_buffer = (UCHAR *)&lenum;
- Ncb.ncb_length = sizeof(lenum);
- uRetCode = Netbios( &Ncb );
- // printf( "The NCBENUM return code is: 0x%x \n", uRetCode );
-
- for(i=0; i < lenum.length ;i++)
- {
- memset( &Ncb, 0, sizeof(Ncb) );
- Ncb.ncb_command = NCBRESET;
- Ncb.ncb_lana_num = lenum.lana[i];
-
- uRetCode = Netbios( &Ncb );
- // printf( "The NCBRESET on LANA %d return code is: 0x%x \n",
- // lenum.lana[i], uRetCode );
-
- memset( &Ncb, 0, sizeof (Ncb) );
- Ncb.ncb_command = NCBASTAT;
- Ncb.ncb_lana_num = lenum.lana[i];
-
- strcpy( (char *)Ncb.ncb_callname, "* " ); /* Flawfinder: ignore */
- Ncb.ncb_buffer = (unsigned char *)&Adapter;
- Ncb.ncb_length = sizeof(Adapter);
-
- uRetCode = Netbios( &Ncb );
-// printf( "The NCBASTAT on LANA %d return code is: 0x%x \n",
-// lenum.lana[i], uRetCode );
- if ( uRetCode == 0 )
- {
-// printf( "The Ethernet Number on LANA %d is: %02x%02x%02x%02x%02x%02x\n",
-// lenum.lana[i],
-// Adapter.adapt.adapter_address[0],
-// Adapter.adapt.adapter_address[1],
-// Adapter.adapt.adapter_address[2],
-// Adapter.adapt.adapter_address[3],
-// Adapter.adapt.adapter_address[4],
-// Adapter.adapt.adapter_address[5] );
- memcpy(node_id,Adapter.adapt.adapter_address,6); /* Flawfinder: ignore */
- retval = 1;
-
- }
- }
- return retval;
+#if LL_WINDOWS
+// Code copied from http://msdn.microsoft.com/en-us/library/aa365939(VS.85).aspx
+// This code grabs the first hardware address, rather than the first interface.
+// Using a VPN can cause the first returned interface to be changed.
+
+#define MALLOC(x)HeapAlloc(GetProcessHeap(),0,(x))
+#define FREE(x) HeapFree(GetProcessHeap(),0,(x))
+const S32 MAC_ADDRESS_BYTES=6;
+
+
+// static
+S32 LLUUID::getNodeID(unsigned char *node_id)
+{
+
+ // Declare and initialize variables.
+ DWORD dwSize = 0;
+ DWORD dwRetVal = 0;
+ int i;
+
+/* variables used for GetIfTable and GetIfEntry */
+ MIB_IFTABLE *pIfTable;
+ MIB_IFROW *pIfRow;
+
+ // Allocate memory for our pointers.
+ pIfTable = (MIB_IFTABLE *) MALLOC(sizeof (MIB_IFTABLE));
+ if (pIfTable == NULL)
+ {
+ printf("Error allocating memory needed to call GetIfTable\n");
+ return 0;
+ }
+
+ // Before calling GetIfEntry, we call GetIfTable to make
+ // sure there are entries to get and retrieve the interface index.
+
+ // Make an initial call to GetIfTable to get the
+ // necessary size into dwSize
+ if (GetIfTable(pIfTable, &dwSize, 0) == ERROR_INSUFFICIENT_BUFFER) {
+ FREE(pIfTable);
+ pIfTable = (MIB_IFTABLE *) MALLOC(dwSize);
+ if (pIfTable == NULL)
+ {
+ printf("Error allocating memory\n");
+ return 0;
+ }
+ }
+ // Make a second call to GetIfTable to get the actual
+ // data we want.
+ if ((dwRetVal = GetIfTable(pIfTable, &dwSize, 0)) == NO_ERROR)
+ {
+ if (pIfTable->dwNumEntries > 0)
+ {
+ pIfRow = (MIB_IFROW *) MALLOC(sizeof (MIB_IFROW));
+ if (pIfRow == NULL)
+ {
+ printf("Error allocating memory\n");
+ if (pIfTable != NULL)
+ {
+ FREE(pIfTable);
+ pIfTable = NULL;
+ }
+ return 0;
+ }
+
+ int limit = MAC_ADDRESS_BYTES;
+ memcpy(node_id, "\0\0\0\0\0\0", limit); // zero out array of bytes
+ for (i = 0; i < (int) pIfTable->dwNumEntries; i++)
+ {
+ pIfRow->dwIndex = pIfTable->table[i].dwIndex;
+ if ((dwRetVal = GetIfEntry(pIfRow)) == NO_ERROR)
+ {
+ switch (pIfRow->dwType)
+ {
+ case IF_TYPE_ETHERNET_CSMACD:
+ case IF_TYPE_IEEE80211:
+ limit = min((int) pIfRow->dwPhysAddrLen, limit);
+ if (pIfRow->dwPhysAddrLen == 0)
+ break;
+ memcpy(node_id, (UCHAR *)&pIfRow->bPhysAddr[0], limit); // just incase the PhysAddr is not the expected MAC_Address size
+ FREE(pIfTable);
+ return 1; //return first hardware device found.
+ break;
+
+ case IF_TYPE_OTHER:
+ case IF_TYPE_PPP:
+ case IF_TYPE_SOFTWARE_LOOPBACK:
+ case IF_TYPE_ISO88025_TOKENRING:
+ case IF_TYPE_IEEE1394:
+ case IF_TYPE_ATM:
+ case IF_TYPE_TUNNEL:
+ default:
+ break;
+ }
+ }
+ }
+ }
+ }
+ FREE(pIfTable);
+ return 0;
}
#elif LL_DARWIN
diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp
index 187038ab15ec979c6b0ce3ccb984aec6cbdafb24..c2f8487aa93a37dd73452caede2501079551b6e9 100644
--- a/indra/newview/llappviewer.cpp
+++ b/indra/newview/llappviewer.cpp
@@ -620,8 +620,6 @@ bool LLAppViewer::init()
LLCurl::initClass();
initThreads();
- initializeSecHandler();
- LLHTTPClient::setCertVerifyCallback(secapiSSLCertVerifyCallback);
writeSystemInfo();
// Build a string representing the current version number.
@@ -862,6 +860,7 @@ bool LLAppViewer::init()
}
}
+
// save the graphics card
gDebugInfo["GraphicsCard"] = LLFeatureManager::getInstance()->getGPUString();
@@ -872,6 +871,17 @@ bool LLAppViewer::init()
gSimFrames = (F32)gFrameCount;
LLViewerJoystick::getInstance()->init(false);
+
+ try {
+ initializeSecHandler();
+ }
+ catch (LLProtectedDataException ex)
+ {
+ LLNotificationsUtil::add("CorruptedProtectedDataStore");
+ }
+ LLHTTPClient::setCertVerifyCallback(secapiSSLCertVerifyCallback);
+
+
gGLActive = FALSE;
if (gSavedSettings.getBOOL("QAMode") && gSavedSettings.getS32("QAModeEventHostPort") > 0)
{
diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp
index a928b4580e0abc257452fece54e22c8f28fd723b..ba343f538759a04b6e38bbd23c73136a92be170f 100644
--- a/indra/newview/llsecapi.cpp
+++ b/indra/newview/llsecapi.cpp
@@ -50,11 +50,33 @@ void initializeSecHandler()
OpenSSL_add_all_digests();
gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler();
+
// Currently, we only have the Basic handler, so we can point the main sechandler
// pointer to the basic handler. Later, we'll create a wrapper handler that
// selects the appropriate sechandler as needed, for instance choosing the
// mac keyring handler, with fallback to the basic sechandler
gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER];
+
+ // initialize all SecAPIHandlers
+ LLProtectedDataException ex = LLProtectedDataException("");
+ std::map<std::string, LLPointer<LLSecAPIHandler> >::const_iterator itr;
+ for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr)
+ {
+ LLPointer<LLSecAPIHandler> handler = (*itr).second;
+ try
+ {
+ handler->init();
+ }
+ catch (LLProtectedDataException e)
+ {
+ ex = e;
+ }
+ }
+ if (ex.getMessage().length() > 0 ) // an exception was thrown.
+ {
+ throw ex;
+ }
+
}
// start using a given security api handler. If the string is empty
// the default is used
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index d3fb3c4c076a68a1bf1080b0acc61261509eda8a..b11563ef628734f3d414f02490c61cab42f62453 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -47,7 +47,7 @@
#define CERT_ISSUER_NAME "issuer_name"
#define CERT_NAME_CN "commonName"
-#define CERT_SUBJECT_NAME_STRING "subject_name_string"
+#define CERT_SUBJECT_NAME_STRING "subject_name_string"
#define CERT_ISSUER_NAME_STRING "issuer_name_string"
#define CERT_SERIAL_NUMBER "serial_number"
@@ -118,9 +118,10 @@ class LLProtectedDataException
public:
LLProtectedDataException(const char *msg)
{
- llerrs << "Certificate Error: " << msg << llendl;
- mMsg = std::string(msg);
+ LL_WARNS("SECAPI") << "Protected Data Error: " << (std::string)msg << LL_ENDL;
+ mMsg = (std::string)msg;
}
+ std::string getMessage() { return mMsg; }
protected:
std::string mMsg;
};
@@ -421,13 +422,18 @@ class LLSecAPIHandler : public LLRefCount
{
public:
+
LLSecAPIHandler() {}
virtual ~LLSecAPIHandler() {}
+ // initialize the SecAPIHandler
+ virtual void init() {};
+
// instantiate a certificate from a pem string
virtual LLPointer<LLCertificate> getCertificate(const std::string& pem_cert)=0;
+
// instiate a certificate from an openssl X509 structure
virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0;
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 097cc395d716788e021e95041d530dfc576dd5fc..1453506b0dd270f943fba8d0b650a8bc68573032 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -1028,20 +1028,29 @@ LLSecAPIBasicHandler::LLSecAPIBasicHandler(const std::string& protected_data_fil
mProtectedDataFilename = protected_data_file;
mProtectedDataMap = LLSD::emptyMap();
mLegacyPasswordPath = legacy_password_path;
- _readProtectedData();
+
}
LLSecAPIBasicHandler::LLSecAPIBasicHandler()
{
- mProtectedDataFilename = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
- "bin_conf.dat");
- mLegacyPasswordPath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "password.dat");
+}
+
+void LLSecAPIBasicHandler::init()
+{
+ if (mProtectedDataFilename.length() == 0)
+ {
+ mProtectedDataFilename = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
+ "bin_conf.dat");
+ }
+ if (mLegacyPasswordPath.length() == 0)
+ {
+ mLegacyPasswordPath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "password.dat");
+ }
mProtectedDataMap = LLSD::emptyMap();
mProtectedDataFilename = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
"bin_conf.dat");
- _readProtectedData();
std::string store_file = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
"CA.pem");
@@ -1051,8 +1060,6 @@ LLSecAPIBasicHandler::LLSecAPIBasicHandler()
// will reduce that risk.
// by using a user file, modifications will be limited to one user if
// we read-only the main file
-
-
if (!LLFile::isfile(store_file))
{
@@ -1071,8 +1078,9 @@ LLSecAPIBasicHandler::LLSecAPIBasicHandler()
}
LL_INFOS("SECAPI") << "Loading certificate store from " << store_file << LL_ENDL;
mStore = new LLBasicCertificateStore(store_file);
+ _readProtectedData(); // initialize mProtectedDataMap
+ // may throw LLProtectedDataException if saved datamap is not decryptable
}
-
LLSecAPIBasicHandler::~LLSecAPIBasicHandler()
{
_writeProtectedData();
@@ -1084,6 +1092,7 @@ void LLSecAPIBasicHandler::_readProtectedData()
LLPointer<LLSDParser> parser = new LLSDXMLParser();
llifstream protected_data_stream(mProtectedDataFilename.c_str(),
llifstream::binary);
+
if (!protected_data_stream.fail()) {
int offset;
U8 salt[STORE_SALT_SIZE];
@@ -1099,7 +1108,7 @@ void LLSecAPIBasicHandler::_readProtectedData()
offset = 0;
if (protected_data_stream.gcount() < STORE_SALT_SIZE)
{
- throw LLProtectedDataException("Corrupt Protected Data Store1");
+ throw LLProtectedDataException("Config file too short.");
}
cipher.decrypt(salt, STORE_SALT_SIZE);
@@ -1139,7 +1148,7 @@ void LLSecAPIBasicHandler::_readProtectedData()
if (parser->parse(parse_stream, mProtectedDataMap,
LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE)
{
- throw LLProtectedDataException("Corrupt Protected Data Store");
+ throw LLProtectedDataException("Config file cannot be decrypted.");
}
}
}
@@ -1254,6 +1263,7 @@ LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const st
LLSD LLSecAPIBasicHandler::getProtectedData(const std::string& data_type,
const std::string& data_id)
{
+
if (mProtectedDataMap.has(data_type) &&
mProtectedDataMap[data_type].isMap() &&
mProtectedDataMap[data_type].has(data_id))
diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h
index e041322260c5d1bde6edcc56e11a6c64949331df..4bbb73f062a1c0f357f835a12aef056e5606cc49 100644
--- a/indra/newview/llsechandler_basic.h
+++ b/indra/newview/llsechandler_basic.h
@@ -221,6 +221,8 @@ class LLSecAPIBasicHandler : public LLSecAPIHandler
const std::string& legacy_password_path);
LLSecAPIBasicHandler();
+ void init();
+
virtual ~LLSecAPIBasicHandler();
// instantiate a certificate from a pem string
diff --git a/indra/newview/skins/default/xui/en/notifications.xml b/indra/newview/skins/default/xui/en/notifications.xml
index d177cfce7d1fb4df6022a7987aab335d59197bdc..333f5d3d2a6b8f4a3845ab9db23b7070b909069a 100644
--- a/indra/newview/skins/default/xui/en/notifications.xml
+++ b/indra/newview/skins/default/xui/en/notifications.xml
@@ -1356,6 +1356,18 @@ Unknown Vorbis encode failure on: [FILE]
Unable to encode file: [FILE]
</notification>
+ <notification
+ icon="alertmodal.tga"
+ name="CorruptedProtectedDataStore"
+ type="alertmodal">
+ We are unable to read your protected data so it is being reset.
+ This may happen when you change network setup.
+
+ <usetemplate
+ name="okbutton"
+ yestext="OK"/>
+ </notification>
+
<notification
icon="alertmodal.tga"
name="CorruptResourceFile"
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index f52ebc198d03e518fc6f8a6c432b39bfa50c2e4e..3e4e8c5b3e63c35352e56f05e7c0faf317f72049 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -340,6 +340,7 @@ namespace tut
LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp",
"test_password.dat");
+ handler.init();
// data retrieval for existing data
LLSD data = handler->getProtectedData("test_data_type", "test_data_id");
@@ -397,6 +398,7 @@ namespace tut
// cause a 'write' by using 'LLPointer' to delete then instantiate a handler
handler = NULL;
handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler.init();
data = handler->getProtectedData("test_data_type1", "test_data_id");
ensure_equals("verify datatype stored data3a", (std::string)data["store_data3"], "test_store_data3");
@@ -411,6 +413,7 @@ namespace tut
// cause a 'write'
handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler.init();
data = handler->getProtectedData("test_data_type1", "test_data_id");
ensure("not found", data.isUndefined());
@@ -419,6 +422,7 @@ namespace tut
LLFile::remove("sechandler_settings.tmp");
handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler.init();
data = handler->getProtectedData("test_data_type1", "test_data_id");
ensure("not found", data.isUndefined());
handler = NULL;
@@ -431,6 +435,7 @@ namespace tut
void sechandler_basic_test_object::test<3>()
{
LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler.init();
LLSD my_id = LLSD::emptyMap();
LLSD my_authenticator = LLSD::emptyMap();