attached patches from Bill MacAllister

1 files changed, 122 insertions, 0 deletions

diff --git a/debian/patches/0019-password-encrypt.patch b/debian/patches/0019-password-encrypt.patch
new file mode 100644
index 0000000..36d2366
--- /dev/null
+++ b/debian/patches/0019-password-encrypt.patch
@@ -0,0 +1,122 @@
+--- a/perl/lib/Wallet/Object/File.pm
++++ b/perl/lib/Wallet/Object/File.pm
+@@ -249,8 +249,9 @@ sub _file_crypt {
+     return $return_string;
+ }
+ 
+-sub file_decrypt {
+-    my ($self, $data, $user, $host, $time) = @_;
++# Given a string decrypt it.
++sub string_decrypt {
++    my ($self, $data) = @_;
+     my $key = $self->_get_crypt_key();
+     my $undata;
+     if (defined (&Wallet::Config::file_crypt)) {
+@@ -264,6 +265,15 @@ sub file_decrypt {
+         }
+         $undata = $self->_file_crypt('decrypt', $key, $data);
+     }
++    return $undata;
++}
++
++# Given a string decrypt it. If the string is not encrypted then the
++# input string string will match the decrypted string and the string
++# will be encrypted and stored to disk.
++sub file_decrypt {
++    my ($self, $data, $user, $host, $time) = @_;
++    my $undata = $self->string_decrypt($data);
+     if ($undata eq $data) {
+         $self->store($data, $user, $host, $time);
+     }
+--- a/perl/lib/Wallet/Object/Password.pm
++++ b/perl/lib/Wallet/Object/Password.pm
+@@ -84,6 +84,44 @@ sub _pwd_xkcd {
+     return $pass;
+ }
+ 
++# Read the password file to disk.
++sub _read_pw_file {
++    my ($self, $path) = @_;
++    my $id = $self->{type} . ':' . $self->{name};
++
++    unless (open (FILE, '<', $path)) {
++        $self->error ("cannot get $id: object has not been stored");
++        return;
++    }
++    local $/;
++    my $data = <FILE>;
++    unless (close FILE) {
++        $self->error ("cannot get $id: $!");
++        return;
++    }
++    return $data;
++}
++
++# Write the password file to disk.
++sub _write_pw_file {
++    my ($self, $path, $data) = @_;
++    my $id = $self->{type} . ':' . $self->{name};
++
++    unless (open (FILE, '>', $path)) {
++        $self->error ("cannot open $path $!\n");
++        return 1;
++    }
++    if ($Wallet::Config::LDAP_SECRET) {
++        $data = Wallet::Object::File->file_encrypt($data);
++    }
++    print FILE $data;
++    unless (close FILE) {
++        $self->error ("cannot store $id: $!");
++        return 1;
++    }
++    return 0;
++}
++
+ ##############################################################################
+ # Shared methods
+ ##############################################################################
+@@ -135,34 +173,25 @@ sub retrieve {
+             }
+             return;
+         }
+-        unless (open (FILE, '>', $path)) {
+-            $self->error ("cannot open $path $!\n");
++        if ($self->_write_pw_file($path, $pass)) {
+             return;
+         }
+-        if ($Wallet::Config::LDAP_SECRET) {
+-            $pass = Wallet::Object::File->file_encrypt($pass);
+-        }
+-        print FILE $pass;
+         $self->log_action ('store', $user, $host, $time);
+-        unless (close FILE) {
+-            $self->error ("cannot get $id: $!");
+-            return;
+-        }
+     }
+ 
+-    unless (open (FILE, '<', $path)) {
+-        $self->error ("cannot get $id: object has not been stored");
+-        return;
+-    }
+-    local $/;
+-    my $data = <FILE>;
+-    unless (close FILE) {
+-        $self->error ("cannot get $id: $!");
++    my $data = $self->_read_pw_file($path);
++    if (!$data) {
+         return;
+     }
+     $self->log_action ($operation, $user, $host, $time);
+     if ($Wallet::Config::LDAP_SECRET) {
+-        $data = Wallet::Object::File->file_decrypt($data);
++        my $undata = Wallet::Object::File->string_decrypt($data);
++        if ($undata eq $data) {
++            my $endata = Wallet::Object::File->file_encrypt($data);
++            $self->_write_pw_file($path, $endata);
++            $self->log_action ($operation, $user, $host, $time);
++        }
++        $data = $undata;
+     }
+     return $data;
+ }