feat: [safety] string encrypt plugin.

1. daemon plugin provide public key and decryption; 2. dfm plugin do encrypt for user inputs; Log: as title. Bug: https://pms.uniontech.com/bug-view-259823.html Bug: https://pms.uniontech.com/bug-view-259825.html
linuxdeepin · Jun 24, 2024 · 33133ae · 33133ae
1 parent 1aad6bd
commit 33133ae
Show file tree

Hide file tree

Showing 24 changed files with 674 additions and 10 deletions.
diff --git a/.reuse/dep5 b/.reuse/dep5
@@ -84,7 +84,7 @@ Copyright: 2020 Christian Boxdörfer
 License: MIT
 
 # D-Bus interfaces and adaptors
-Files: src/*/*dbus_interface.* src/*/*dbus_adaptor.* src/*/dbus*/* src/plugins/daemon/daemonplugin-mountcontrol/private/mountcontrol_adapter.* src/plugins/desktop/ddplugin-background/appearance_interface.*
+Files: src/*/*dbus_interface.* src/*/*dbus_adaptor.* src/*/dbus*/* src/plugins/daemon/daemonplugin-mountcontrol/private/mountcontrol_adapter.* src/plugins/desktop/ddplugin-background/appearance_interface.* src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt_adapter.*
 Copyright: 2016 The Qt Company Ltd.
 License: CC0-1.0
 
diff --git a/src/plugins/common/dfmplugin-dirshare/utils/usersharehelper.cpp b/src/plugins/common/dfmplugin-dirshare/utils/usersharehelper.cpp
@@ -31,6 +31,7 @@
 #include <pwd.h>
 #include <unistd.h>
 
+Q_DECLARE_METATYPE(QString *)
 DFMBASE_USE_NAMESPACE
 namespace dfmplugin_dirshare {
 
@@ -141,7 +142,15 @@ bool UserShareHelper::share(const ShareInfo &info)
 
 void UserShareHelper::setSambaPasswd(const QString &userName, const QString &passwd)
 {
-    QDBusReply<bool> reply = userShareInter->call(DaemonServiceIFace::kFuncSetPasswd, userName, passwd);
+    QString encPass;
+    auto ret = dpfSlotChannel->push("dfmplugin_stringencrypt", "slot_OpenSSL_EncryptString",
+                                    passwd, &encPass);
+    if (ret != 0) {
+        fmWarning() << "cannot encrypt password!!!";
+        DialogManagerInstance->showErrorDialog(tr("Error"), tr("Cannot encrypt password"));
+        return;
+    }
+    QDBusReply<bool> reply = userShareInter->call(DaemonServiceIFace::kFuncSetPasswd, userName, encPass);
     bool result = reply.isValid() && reply.error().message().isEmpty();
     fmInfo() << "Samba password set result :" << result << ",error msg:" << reply.error().message();
 

diff --git a/src/plugins/daemon/CMakeLists.txt b/src/plugins/daemon/CMakeLists.txt
@@ -5,3 +5,4 @@ add_subdirectory(daemonplugin-accesscontrol)
 add_subdirectory(daemonplugin-sharecontrol)
 add_subdirectory(daemonplugin-anything)
 add_subdirectory(daemonplugin-mountcontrol)
+add_subdirectory(daemonplugin-stringdecrypt)
diff --git a/src/plugins/daemon/daemonplugin-accesscontrol/accesscontroldbus.cpp b/src/plugins/daemon/daemonplugin-accesscontrol/accesscontroldbus.cpp
@@ -7,6 +7,7 @@
 #include "polkit/policykithelper.h"
 
 #include <dfm-base/base/device/deviceutils.h>
+#include <dfm-framework/dpf.h>
 
 #include <QDebug>
 #include <QDBusConnection>
@@ -21,6 +22,7 @@
 #include <sys/mount.h>
 #include <sys/stat.h>
 
+Q_DECLARE_METATYPE(QString *)
 DFMBASE_USE_NAMESPACE
 DAEMONPAC_USE_NAMESPACE
 
@@ -212,8 +214,16 @@ void AccessControlDBus::ChangeDiskPassword(const QString &oldPwd, const QString
         return;
     }
 
-    const QByteArray &tmpOldPwd = oldPwd.toLocal8Bit();
-    const QByteArray &tmpNewPwd = newPwd.toLocal8Bit();
+    QString oldPwdDec, newPwdDec;
+    int r = dpfSlotChannel->push("daemonplugin_stringdecrypt", "slot_OpenSSL_DecryptString", oldPwd, &oldPwdDec).toInt();
+    r = dpfSlotChannel->push("daemonplugin_stringdecrypt", "slot_OpenSSL_DecryptString", newPwd, &newPwdDec).toInt();
+    if (r != 0) {
+        fmCritical() << "cannot decrypt password!!!";
+        return;
+    }
+
+    const QByteArray &tmpOldPwd = oldPwdDec.toLocal8Bit();
+    const QByteArray &tmpNewPwd = newPwdDec.toLocal8Bit();
 
     int ret = kNoError;
     QStringList successList;

diff --git a/src/plugins/daemon/daemonplugin-sharecontrol/sharecontroldbus.cpp b/src/plugins/daemon/daemonplugin-sharecontrol/sharecontroldbus.cpp
@@ -7,12 +7,16 @@
 #include "dbusadapter/sharecontrol_adapter.h"
 #include "daemonplugin_sharecontrol_global.h"
 
+#include <dfm-framework/dpf.h>
+
 #include <QDBusConnection>
 #include <QDBusConnectionInterface>
 #include <QDebug>
 #include <QProcess>
 #include <QFileInfo>
 
+Q_DECLARE_METATYPE(QString *)
+
 static constexpr char kUserShareObjPath[] { "/com/deepin/filemanager/daemon/UserShareManager" };
 static constexpr char kPolicyKitActionId[] { "com.deepin.filemanager.daemon.UserShareManager" };
 DAEMONPSHARECONTROL_USE_NAMESPACE
@@ -73,18 +77,26 @@ bool ShareControlDBus::SetUserSharePassword(const QString &name, const QString &
         return false;
     }
 
-    fmDebug() << name;   // << passward; // log password?
+    QString clearPasswd;
+    int ret = dpfSlotChannel->push("daemonplugin_stringdecrypt", "slot_OpenSSL_DecryptString",
+                                   passwd, &clearPasswd)
+                      .toInt();
+    if (ret != 0) {
+        fmWarning() << "cannot decrypt password!!!";
+        return false;
+    }
+
     QStringList args;
     args << "-a" << name << "-s";
     QProcess p;
     p.start("smbpasswd", args);
-    p.write(passwd.toStdString().c_str());
+    p.write(clearPasswd.toStdString().c_str());
     p.write("\n");
-    p.write(passwd.toStdString().c_str());
+    p.write(clearPasswd.toStdString().c_str());
     p.closeWriteChannel();
-    bool ret = p.waitForFinished();
+    bool r = p.waitForFinished();
     fmDebug() << p.readAll() << p.readAllStandardError() << p.readAllStandardOutput();
-    return ret;
+    return r;
 }
 
 bool ShareControlDBus::EnableSmbServices()

diff --git a/src/plugins/daemon/daemonplugin-stringdecrypt/CMakeLists.txt b/src/plugins/daemon/daemonplugin-stringdecrypt/CMakeLists.txt
@@ -0,0 +1,50 @@
+cmake_minimum_required(VERSION 3.10)
+
+project(daemonplugin-stringdecrypt)
+
+set(CMAKE_INCLUDE_CURRENT_DIR ON)
+
+FILE(GLOB FILEOPERATIONS_FILES
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.h"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.cpp"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*/*.h"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*/*.cpp"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.json"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.xml"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*/*.policy"
+    )
+
+find_package(PkgConfig REQUIRED)
+pkg_check_modules(OpenSSL REQUIRED openssl)
+
+add_library(${PROJECT_NAME}
+    SHARED
+    ${FILEOPERATIONS_FILES}
+)
+
+set_target_properties(${PROJECT_NAME} PROPERTIES LIBRARY_OUTPUT_DIRECTORY ../../)
+
+find_package(Qt5 COMPONENTS
+    DBus
+    REQUIRED
+)
+
+target_link_libraries(${PROJECT_NAME}
+    DFM::framework
+    DFM::base
+    Qt5::DBus
+    ${OpenSSL_LIBRARIES}
+)
+
+#install library file
+install(TARGETS
+    ${PROJECT_NAME}
+    LIBRARY
+    DESTINATION
+    ${DFM_PLUGIN_DAEMON_EDGE_DIR}
+)
+
+# execute_process(COMMAND qdbuscpp2xml stringdecryptdbus.h -o ./stringdecryptdbus.xml
+#    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+# execute_process(COMMAND qdbusxml2cpp -i stringdecryptdbus.h -c StringDecryptAdapter -l StringDecryptDBus -a stringdecrypt_adapter stringdecryptdbus.xml
+#    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
diff --git a/src/plugins/daemon/daemonplugin-stringdecrypt/opensslhandler.cpp b/src/plugins/daemon/daemonplugin-stringdecrypt/opensslhandler.cpp
@@ -0,0 +1,80 @@
+// SPDX-FileCopyrightText: 2024 UnionTech Software Technology Co., Ltd.
+//
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+#include "opensslhandler.h"
+
+#include <openssl/pem.h>
+
+using namespace daemonplugin_stringdecrypt;
+
+OpenSSLHandler *OpenSSLHandler::instance()
+{
+    static OpenSSLHandler ins;
+    return &ins;
+}
+
+void OpenSSLHandler::initKeyPairs()
+{
+    if (rsa)
+        return;
+    rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr);
+
+    BIO *bioPrivKey = BIO_new(BIO_s_mem());
+    PEM_write_bio_RSAPrivateKey(bioPrivKey, rsa, nullptr, nullptr, 0, nullptr, nullptr);
+    char *privKeyBuf;
+    long privKeyLen = BIO_get_mem_data(bioPrivKey, &privKeyBuf);
+    auto privKey = QByteArray(privKeyBuf, privKeyLen);
+    BIO_free(bioPrivKey);
+
+    BIO *bioPubKey = BIO_new(BIO_s_mem());
+    PEM_write_bio_RSA_PUBKEY(bioPubKey, rsa);
+    char *pubKeyBuf;
+    long pubKeyLen = BIO_get_mem_data(bioPubKey, &pubKeyBuf);
+    auto pubKey = QByteArray(pubKeyBuf, pubKeyLen);
+    BIO_free(bioPubKey);
+
+    keys = { pubKey, privKey };
+}
+
+QString OpenSSLHandler::pubKey() const
+{
+    return keys.first;
+}
+
+int OpenSSLHandler::decrypt(const QString &in, QString *out)
+{
+    Q_ASSERT(rsa);
+    Q_ASSERT(out);
+
+    QByteArray cipher = QByteArray::fromBase64(in.toLocal8Bit());
+
+    int rsaSize = RSA_size(rsa);
+    unsigned char *decrypted = new unsigned char[rsaSize];
+    int decryptedLen = RSA_private_decrypt(cipher.length(),
+                                           reinterpret_cast<const unsigned char *>(cipher.data()),
+                                           decrypted,
+                                           rsa,
+                                           RSA_PKCS1_PADDING);
+
+    if (decryptedLen == -1) {
+        delete[] decrypted;
+        return -1;
+    }
+
+    QByteArray source(reinterpret_cast<char *>(decrypted), decryptedLen);
+    *out = QString(source);
+    delete[] decrypted;
+    return 0;
+}
+
+OpenSSLHandler::OpenSSLHandler(QObject *parent)
+{
+}
+
+OpenSSLHandler::~OpenSSLHandler()
+{
+    if (rsa)
+        RSA_free(rsa);
+    rsa = nullptr;
+}
diff --git a/src/plugins/daemon/daemonplugin-stringdecrypt/opensslhandler.h b/src/plugins/daemon/daemonplugin-stringdecrypt/opensslhandler.h
@@ -0,0 +1,34 @@
+// SPDX-FileCopyrightText: 2024 UnionTech Software Technology Co., Ltd.
+//
+// SPDX-License-Identifier: GPL-3.0-or-later
+#ifndef OPENSSLHANDLER_H
+#define OPENSSLHANDLER_H
+
+#include <QObject>
+
+#include <openssl/rsa.h>
+
+namespace daemonplugin_stringdecrypt {
+
+class OpenSSLHandler : public QObject
+{
+    Q_OBJECT
+
+public:
+    static OpenSSLHandler *instance();
+
+    void initKeyPairs();
+
+    QString pubKey() const;
+    int decrypt(const QString &in, QString *out);
+
+private:
+    explicit OpenSSLHandler(QObject *parent = nullptr);
+    ~OpenSSLHandler();
+
+    RSA *rsa { nullptr };
+    QPair<QString, QString> keys;
+};
+}
+
+#endif   // OPENSSLHANDLER_H
diff --git a/src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt.json b/src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt.json
@@ -0,0 +1,14 @@
+{
+    "Name" : "daemonplugin-stringdecrypt",
+    "Version" : "1.0.0",
+    "CompatVersion" : "1.0.0",
+    "Vendor" : "The Uniontech Software Technology Co., Ltd.",
+    "Copyright" : "Copyright (C) 2024 Uniontech Software Technology Co., Ltd.",
+    "License" : [
+    ],
+    "Category" : "",
+    "Description" : "The string decrypt plugin for the dde-file-manager-daemon.",
+    "UrlLink" : "https://www.uniontech.com",
+    "Depends" : [
+    ]
+}
diff --git a/src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt_adapter.cpp b/src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt_adapter.cpp
@@ -0,0 +1,41 @@
+/*
+ * This file was generated by qdbusxml2cpp version 0.8
+ * Command line was: qdbusxml2cpp -i stringdecryptdbus.h -c StringDecryptAdapter -l StringDecryptDBus -a stringdecrypt_adapter stringdecryptdbus.xml
+ *
+ * qdbusxml2cpp is Copyright (C) 2017 The Qt Company Ltd.
+ *
+ * This is an auto-generated file.
+ * Do not edit! All changes made to it will be lost.
+ */
+
+#include "stringdecrypt_adapter.h"
+#include <QtCore/QMetaObject>
+#include <QtCore/QByteArray>
+#include <QtCore/QList>
+#include <QtCore/QMap>
+#include <QtCore/QString>
+#include <QtCore/QStringList>
+#include <QtCore/QVariant>
+
+/*
+ * Implementation of adaptor class StringDecryptAdapter
+ */
+
+StringDecryptAdapter::StringDecryptAdapter(StringDecryptDBus *parent)
+    : QDBusAbstractAdaptor(parent)
+{
+    // constructor
+    setAutoRelaySignals(true);
+}
+
+StringDecryptAdapter::~StringDecryptAdapter()
+{
+    // destructor
+}
+
+QString StringDecryptAdapter::PublicKey()
+{
+    // handle method call com.deepin.filemanager.daemon.EncryptKeyHelper.PublicKey
+    return parent()->PublicKey();
+}
+