1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
--- a/perl/lib/Wallet/Object/File.pm
+++ b/perl/lib/Wallet/Object/File.pm
@@ -249,8 +249,9 @@ sub _file_crypt {
return $return_string;
}
-sub file_decrypt {
- my ($self, $data, $user, $host, $time) = @_;
+# Given a string decrypt it.
+sub string_decrypt {
+ my ($self, $data) = @_;
my $key = $self->_get_crypt_key();
my $undata;
if (defined (&Wallet::Config::file_crypt)) {
@@ -264,6 +265,15 @@ sub file_decrypt {
}
$undata = $self->_file_crypt('decrypt', $key, $data);
}
+ return $undata;
+}
+
+# Given a string decrypt it. If the string is not encrypted then the
+# input string string will match the decrypted string and the string
+# will be encrypted and stored to disk.
+sub file_decrypt {
+ my ($self, $data, $user, $host, $time) = @_;
+ my $undata = $self->string_decrypt($data);
if ($undata eq $data) {
$self->store($data, $user, $host, $time);
}
--- a/perl/lib/Wallet/Object/Password.pm
+++ b/perl/lib/Wallet/Object/Password.pm
@@ -84,6 +84,44 @@ sub _pwd_xkcd {
return $pass;
}
+# Read the password file to disk.
+sub _read_pw_file {
+ my ($self, $path) = @_;
+ my $id = $self->{type} . ':' . $self->{name};
+
+ unless (open (FILE, '<', $path)) {
+ $self->error ("cannot get $id: object has not been stored");
+ return;
+ }
+ local $/;
+ my $data = <FILE>;
+ unless (close FILE) {
+ $self->error ("cannot get $id: $!");
+ return;
+ }
+ return $data;
+}
+
+# Write the password file to disk.
+sub _write_pw_file {
+ my ($self, $path, $data) = @_;
+ my $id = $self->{type} . ':' . $self->{name};
+
+ unless (open (FILE, '>', $path)) {
+ $self->error ("cannot open $path $!\n");
+ return 1;
+ }
+ if ($Wallet::Config::LDAP_SECRET) {
+ $data = Wallet::Object::File->file_encrypt($data);
+ }
+ print FILE $data;
+ unless (close FILE) {
+ $self->error ("cannot store $id: $!");
+ return 1;
+ }
+ return 0;
+}
+
##############################################################################
# Shared methods
##############################################################################
@@ -135,34 +173,25 @@ sub retrieve {
}
return;
}
- unless (open (FILE, '>', $path)) {
- $self->error ("cannot open $path $!\n");
+ if ($self->_write_pw_file($path, $pass)) {
return;
}
- if ($Wallet::Config::LDAP_SECRET) {
- $pass = Wallet::Object::File->file_encrypt($pass);
- }
- print FILE $pass;
$self->log_action ('store', $user, $host, $time);
- unless (close FILE) {
- $self->error ("cannot get $id: $!");
- return;
- }
}
- unless (open (FILE, '<', $path)) {
- $self->error ("cannot get $id: object has not been stored");
- return;
- }
- local $/;
- my $data = <FILE>;
- unless (close FILE) {
- $self->error ("cannot get $id: $!");
+ my $data = $self->_read_pw_file($path);
+ if (!$data) {
return;
}
$self->log_action ($operation, $user, $host, $time);
if ($Wallet::Config::LDAP_SECRET) {
- $data = Wallet::Object::File->file_decrypt($data);
+ my $undata = Wallet::Object::File->string_decrypt($data);
+ if ($undata eq $data) {
+ my $endata = Wallet::Object::File->file_encrypt($data);
+ $self->_write_pw_file($path, $endata);
+ $self->log_action ($operation, $user, $host, $time);
+ }
+ $data = $undata;
}
return $data;
}
|
