Remember name and password based on grid. This is far from optimal, but will work for the time being.

* UI needs to be made clear on what's going on with user's passwords * 'Remember password' checkbox now works on login (but is unclear) * Stored passwords are MD5s in grid_info.xml * Fixed vivox license appearing on other grids rather than specifically on second life login when voice is enabled * Small fix for username entry after logout * Sadly, storing password in the mac keychain needs to be reimplemented now
author: McCabe Maxsted 2011-04-19 14:49:18 -0700
committer: McCabe Maxsted 2011-04-19 14:49:18 -0700
commit: a0902a050cc713f742990a09d2a610d4c135b7c7 (patch)
tree: c4a2c89cd48d6e50908959deed5318c6cd4fbaf5 /linden/indra
parent: Fixed usernames default setting to '.' when logging into second life for the ... (diff)
download: meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.zip
meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.tar.gz
meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.tar.bz2
meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.tar.xz
16 files changed, 254 insertions, 350 deletions
diff --git a/linden/indra/llcommon/llstring.cpp b/linden/indra/llcommon/llstring.cpp
index 0f72d5e..cd5a9f2 100644
--- a/linden/indra/llcommon/llstring.cpp
+++ b/linden/indra/llcommon/llstring.cpp
@@ -596,6 +596,40 @@ std::string utf8str_removeCRLF(const std::string& utf8str)
        return out;
 }
+bool is_hex_string(U8* str, S32 len)
+{
+        bool rv = true;
+        U8* c = str;
+        while(rv && len--)
+        {
+                switch(*c)
+                {
+                case '0':
+                case '1':
+                case '2':
+                case '3':
+                case '4':
+                case '5':
+                case '6':
+                case '7':
+                case '8':
+                case '9':
+                case 'a':
+                case 'b':
+                case 'c':
+                case 'd':
+                case 'e':
+                case 'f':
+                        ++c;
+                        break;
+                default:
+                        rv = false;
+                        break;
+                }
+        }
+        return rv;
+}
 #if LL_WINDOWS
 // documentation moved to header. Phoenix 2007-11-27
 namespace snprintf_hack
diff --git a/linden/indra/llcommon/llstring.h b/linden/indra/llcommon/llstring.h
index 61767ac..a592e2c 100644
--- a/linden/indra/llcommon/llstring.h
+++ b/linden/indra/llcommon/llstring.h
@@ -456,6 +456,8 @@ LL_COMMON_API std::string mbcsstring_makeASCII(const std::string& str);
 LL_COMMON_API std::string utf8str_removeCRLF(const std::string& utf8str);
+LL_COMMON_API bool is_hex_string(U8* str, S32 len);
 #if LL_WINDOWS
 /* @name Windows string helpers
diff --git a/linden/indra/newview/app_settings/settings.xml b/linden/indra/newview/app_settings/settings.xml
index c8ad381..79519fa 100644
--- a/linden/indra/newview/app_settings/settings.xml
+++ b/linden/indra/newview/app_settings/settings.xml
@@ -5865,17 +5865,6 @@
    <key>Value</key>
    <integer>1</integer>
  </map>
-  <key>FirstName</key>
-  <map>
-    <key>Comment</key>
-    <string>Login first name</string>
-    <key>Persist</key>
-    <integer>1</integer>
-    <key>Type</key>
-    <string>String</string>
-    <key>Value</key>
-    <string />
-  </map>
  <key>FirstPersonAvatarVisible</key>
  <map>
    <key>Comment</key>
@@ -7776,17 +7765,6 @@
      <key>Value</key>
      <string>find_all_panel</string>
    </map>
-    <key>LastName</key>
-    <map>
-      <key>Comment</key>
-      <string>Login last name</string>
-      <key>Persist</key>
-      <integer>1</integer>
-      <key>Type</key>
-      <string>String</string>
-      <key>Value</key>
-      <string />
-    </map>
    <key>LastPrefTab</key>
    <map>
      <key>Comment</key>
@@ -8161,17 +8139,6 @@
      <key>Value</key>
      <integer>1</integer>
    </map>
-    <key>Marker</key>
-    <map>
-      <key>Comment</key>
-      <string>[NOT USED]</string>
-      <key>Persist</key>
-      <integer>1</integer>
-      <key>Type</key>
-      <string>String</string>
-      <key>Value</key>
-      <string />
-    </map>
    <key>MaxDragDistance</key>
    <map>
      <key>Comment</key>
diff --git a/linden/indra/newview/floatergridmanager.cpp b/linden/indra/newview/floatergridmanager.cpp
index ad6ea05..257c210 100644
--- a/linden/indra/newview/floatergridmanager.cpp
+++ b/linden/indra/newview/floatergridmanager.cpp
@@ -47,13 +47,11 @@
 #include "llpanellogin.h"
 const std::string PASSWORD_FILLER = "123456789!123456";
-//bool FloaterGridManager::sIsInitialLogin;
 FloaterGridManager::FloaterGridManager(const LLSD& key)
        :       
        mState(GRID_STATE_NORMAL),
-        mCurGrid(""),
+        mCurGrid("")
-        mMungedPassword("")
 {
        llinfos << "Opening grid manager" << llendl;
@@ -250,7 +248,15 @@ void FloaterGridManager::refreshGrids()
                FloaterGridManager::getInstance()->getChild<LLLineEditor>("first_name")->setText(gridInfo->getFirstName());
                FloaterGridManager::getInstance()->getChild<LLLineEditor>("last_name")->setText(gridInfo->getLastName());
                FloaterGridManager::getInstance()->getChild<LLLineEditor>("username")->setText(gridInfo->getUsername());
-                FloaterGridManager::getInstance()->getChild<LLLineEditor>("avatar_password")->setText(gridInfo->getAvatarPassword());
+                if (gridInfo->getPassword().empty())
+                {
+                        FloaterGridManager::getInstance()->getChild<LLLineEditor>("avatar_password")->setText(LLStringExplicit(""));
+                }
+                else
+                {
+                        FloaterGridManager::getInstance()->getChild<LLLineEditor>("avatar_password")->setText(PASSWORD_FILLER);
+                }
                
                FloaterGridManager::getInstance()->getChild<LLLineEditor>("first_name")->setVisible(!gridInfo->isUsernameCompat());
                FloaterGridManager::getInstance()->getChild<LLTextBox>("first_name_text")->setVisible(!gridInfo->isUsernameCompat());
@@ -353,15 +359,13 @@ void FloaterGridManager::applyChanges()
        // don't allow users to set their password as PASSWORD_FILLER
        // would be nice to get grid-specific rules on password formatting, too
-        // passwords are remembered by default
+        // passwords are remembered by default when entered in the grid manager (good default?)
        std::string password_new = childGetValue("avatar_password").asString();
-        std::string password_old = grid->getAvatarPassword(); // initialized to ""
+        std::string password_old = grid->getPassword(); // initialized to ""
-        if (!password_new.empty() && password_new != PASSWORD_FILLER && password_new != password_old)
+        if (password_new != PASSWORD_FILLER && password_new != password_old)
        {
                // store account authentication data
-                std::string hashed_password;
+                grid->setPassword(password_new);
-                hashPassword(password_new, hashed_password);
-                grid->setAvatarPassword(hashed_password);
        }
        FloaterGridManager::getInstance()->getChild<LLScrollListCtrl>("grid_selector")->setEnabled(true);
@@ -380,11 +384,11 @@ void FloaterGridManager::applyChanges()
        // should this be settable?
        if (grid->isUsernameCompat())
        {
-                LLPanelLogin::setFields(grid->getUsername(), grid->getAvatarPassword());
+                LLPanelLogin::setFields(grid->getUsername(), grid->getPassword());
        }
        else
        {
-                LLPanelLogin::setFields(grid->getFirstName(), grid->getLastName(), grid->getAvatarPassword());
+                LLPanelLogin::setFields(grid->getFirstName(), grid->getLastName(), grid->getPassword());
        }
        if (FloaterGridDefault::instanceVisible())
@@ -540,6 +544,8 @@ void FloaterGridManager::apply()
        gHippoGridManager->saveFile();
        LLPanelLogin::addServer(LLViewerLogin::getInstance()->getGridLabel());
+        LLPanelLogin::loadLoginForm();
+        LLPanelLogin::loadLoginPage();
 }
 // static
@@ -697,36 +703,3 @@ BOOL FloaterGridManager::isGridComboDirty()
 //      LLComboBox* combo = FloaterGridManager::getInstance()->getChild<LLComboBox>("start_location_combo");
 //      location = combo->getValue().asString();
 //}
-std::string& FloaterGridManager::getPassword()
-{
-        return mMungedPassword;
-}
-void FloaterGridManager::setPassword(std::string &password)
-{
-        mMungedPassword = password;
-}
-bool FloaterGridManager::isSamePassword(std::string &password)
-{
-        return mMungedPassword == password;
-}
-void FloaterGridManager::hashPassword(const std::string& password, std::string& hashedPassword)
-{
-        // Max "actual" password length is 16 characters.
-        // Hex digests are always 32 characters.
-        if (password.length() == 32)
-        {
-                hashedPassword = password;
-        }
-        else
-        {
-                // this is a normal text password
-                LLMD5 pass((unsigned char *)password.c_str());
-                char munged_password[MD5HEX_STR_SIZE];
-                pass.hex_digest(munged_password);
-                hashedPassword = munged_password;
-        }
-}
diff --git a/linden/indra/newview/floatergridmanager.h b/linden/indra/newview/floatergridmanager.h
index b93a430..985a905 100644
--- a/linden/indra/newview/floatergridmanager.h
+++ b/linden/indra/newview/floatergridmanager.h
@@ -50,19 +50,12 @@ public:
        void refresh();
-        // new-style login methods
-        virtual std::string& getPassword();
-        virtual void setPassword(std::string &password);
-        virtual bool isSamePassword(std::string &password);
        // clears either the loginuri fetched info or all the info in the grid manager
        void clearGridInfo(bool clear_all);
        
        //static void getLocation(std::string &location);
        //void refreshLocation(bool force_visible)
        static BOOL isGridComboDirty();
-        //static void addServer(const std::string& server, S32 domain_name);
-        static void hashPassword(const std::string& password, std::string& hashedPassword);
 private:
@@ -75,7 +68,6 @@ private:
        void setGridState(EGridState state) { mState = state; }
        EGridState getGridState() { return mState; }
-        std::string mMungedPassword;
        EGridState mState;
        std::string mCurGrid;
diff --git a/linden/indra/newview/hippogridmanager.cpp b/linden/indra/newview/hippogridmanager.cpp
index 8277361..78539f8 100644
--- a/linden/indra/newview/hippogridmanager.cpp
+++ b/linden/indra/newview/hippogridmanager.cpp
@@ -41,10 +41,14 @@
 #include <llerror.h>
 #include <llfile.h>
 #include <llhttpclient.h>
+#include "llmd5.h"
 #include <llsdserialize.h>
 #include "lltrans.h"
 #include "llviewercontrol.h"
+#include "llviewernetwork.h" // gMacAddress
 #include "llweb.h"
+#include "llxorcipher.h"        // saved password, MAC address
 #include "hipporestrequest.h"
@@ -82,7 +86,7 @@ HippoGridInfo::HippoGridInfo(const std::string& gridNick) :
        mSearchURL(LLStringUtil::null),
        mFirstName(LLStringUtil::null),
        mLastName(LLStringUtil::null),
-        mAvatarPassword(LLStringUtil::null),
+        mPasswordAvatar(LLStringUtil::null),
        mXmlState(XML_VOID),
        mVoiceConnector("SLVoice"),
        mRenderCompat(true),
@@ -401,6 +405,92 @@ void HippoGridInfo::formatFee(std::string &fee, S32 cost, bool showFree) const
 }
+void HippoGridInfo::setPassword(const std::string& unhashed_password)
+{
+        if (unhashed_password.empty())
+        {
+                mPasswordAvatar = "";
+                return;
+        }
+        if (unhashed_password == mPasswordAvatar)
+        {
+                return;
+        }
+        std::string hashed_password("");
+        // Max "actual" password length is 16 characters.
+        // Hex digests are always 32 characters.
+        if (unhashed_password.length() == 32)
+        {
+                hashed_password = unhashed_password;
+        }
+        else
+        {
+                // this is a user-entered plaintext password
+                LLMD5 pass((unsigned char *)unhashed_password.c_str());
+                char munged_password[MD5HEX_STR_SIZE];
+                pass.hex_digest(munged_password);
+                hashed_password = munged_password;
+        }
+        // need to fix the bug in this
+        /*
+        // Encipher with MAC address
+        const S32 HASHED_LENGTH = 32;
+        U8 buffer[HASHED_LENGTH+1];
+        LLStringUtil::copy((char*)buffer, hashed_password.c_str(), HASHED_LENGTH+1);
+        LLXORCipher cipher(gMACAddress, 6);
+        cipher.encrypt(buffer, HASHED_LENGTH);
+        mPasswordAvatar.assign((char*)buffer);
+        */
+        mPasswordAvatar.assign(hashed_password);
+}
+std::string HippoGridInfo::getPassword() const
+{
+        // need to fix the bug in this
+        /*
+        if (mPasswordAvatar.empty() || mPasswordAvatar.length() == 32)
+        {
+                return mPasswordAvatar;
+        }
+        std::string hashed_password("");
+        // UUID is 16 bytes, written into ASCII is 32 characters
+        // without trailing \0
+        const S32 HASHED_LENGTH = 32;
+        U8 buffer[HASHED_LENGTH+1];
+        LLStringUtil::copy((char*)buffer, mPasswordAvatar.c_str(), HASHED_LENGTH+1);
+        
+        // Decipher with MAC address
+        LLXORCipher cipher(gMACAddress, 6);
+        cipher.decrypt(buffer, HASHED_LENGTH);
+        buffer[HASHED_LENGTH] = '\0';
+        // Check to see if the mac address generated a bad hashed
+        // password. It should be a hex-string or else the mac adress has
+        // changed. This is a security feature to make sure that if you
+        // get someone's grid_info.xml file, you cannot hack their account.
+        if (is_hex_string(buffer, HASHED_LENGTH))
+        {
+                hashed_password.assign((char*)buffer);
+        }
+        return hashed_password;
+        */
+        return mPasswordAvatar;
+}
 // ********************************************************************
 // Static Helpers
@@ -800,7 +890,7 @@ void HippoGridManager::parseData(LLSD &gridInfo, bool mergeIfNewer)
                        if (gridMap.has("render_compat")) grid->setRenderCompat(gridMap["render_compat"]);
                        if (gridMap.has("firstname")) grid->setFirstName(gridMap["firstname"]);
                        if (gridMap.has("lastname")) grid->setLastName(gridMap["lastname"]);
-                        if (gridMap.has("avatarpassword")) grid->setAvatarPassword(gridMap["avatarpassword"]);
+                        if (gridMap.has("avatarpassword")) grid->setPassword(gridMap["avatarpassword"]);
                        if (gridMap.has("username")) grid->setUsername(gridMap["username"]);
                        if (gridMap.has("username_compat")) grid->setUsernameCompat(gridMap["username_compat"]);
                        if (newGrid) addGrid(grid);
@@ -836,7 +926,7 @@ void HippoGridManager::saveFile()
                gridInfo[i]["password"] = grid->getPasswordURL();
                gridInfo[i]["firstname"] = grid->getFirstName();
                gridInfo[i]["lastname"] = grid->getLastName();
-                gridInfo[i]["avatarpassword"] = grid->getAvatarPassword();
+                gridInfo[i]["avatarpassword"] = grid->getPassword();
                
                gridInfo[i]["search"] = grid->getSearchURL();
                gridInfo[i]["render_compat"] = grid->isRenderCompat();
diff --git a/linden/indra/newview/hippogridmanager.h b/linden/indra/newview/hippogridmanager.h
index f1b0a8e..c983c9d 100644
--- a/linden/indra/newview/hippogridmanager.h
+++ b/linden/indra/newview/hippogridmanager.h
@@ -88,7 +88,7 @@ public:
        const std::string& getFirstName()                       const { return mFirstName; }
        const std::string& getLastName()                        const { return mLastName; }
        const std::string& getUsername()                        const { return mUsername; }
-        const std::string& getAvatarPassword()          const { return mAvatarPassword; }
+        std::string getPassword()                               const;
        const std::string& getVoiceConnector()          const { return mVoiceConnector; }
        S32 getMaxAgentGroups()                                         const { return mMaxAgentGroups; }
        const std::string& getCurrencySymbol()          const { return mCurrencySymbol; }
@@ -114,7 +114,7 @@ public:
        void setMaxAgentGroups(S32 max)                                                         { mMaxAgentGroups = max;   }
        void setFirstName(const std::string& firstName)                         { mFirstName = firstName; }
        void setLastName(const std::string& lastName)                           { mLastName = lastName; }
-        void setAvatarPassword(const std::string& avatarPassword)       { mAvatarPassword = avatarPassword; }
+        void setPassword(const std::string& unhashed_password);
        void setVoiceConnector(const std::string& vc)                           { mVoiceConnector = vc; }
        void setCurrencySymbol(const std::string& sym)                          { mCurrencySymbol = sym.substr(0, 3); }
        void setRealCurrencySymbol(const std::string& sym)                      { mRealCurrencySymbol = sym.substr(0, 3); }
@@ -145,7 +145,7 @@ private:
        std::string mVoiceConnector;
        std::string mFirstName;
        std::string mLastName;
-        std::string mAvatarPassword;
+        std::string mPasswordAvatar;
        bool            mRenderCompat;
        S32                     mMaxAgentGroups;
diff --git a/linden/indra/newview/llagent.cpp b/linden/indra/newview/llagent.cpp
index 88ec2ca..44a71da 100644
--- a/linden/indra/newview/llagent.cpp
+++ b/linden/indra/newview/llagent.cpp
@@ -56,6 +56,7 @@
 #include "llsdutil.h"
 //#include "vmath.h"
+#include "hippogridmanager.h"
 #include "imageids.h"
 #include "llbox.h"
 #include "llbutton.h"
@@ -5590,7 +5591,7 @@ void LLAgent::getName(std::string& name)
        }
        else
        {
-                name = gSavedSettings.getString("FirstName") + " " + gSavedSettings.getString("LastName");
+                name = gHippoGridManager->getCurrentGrid()->getFirstName() + " " + gHippoGridManager->getCurrentGrid()->getLastName();
        }
 }
diff --git a/linden/indra/newview/llappviewer.cpp b/linden/indra/newview/llappviewer.cpp
index cbec717..0bb5759 100644
--- a/linden/indra/newview/llappviewer.cpp
+++ b/linden/indra/newview/llappviewer.cpp
@@ -1267,6 +1267,19 @@ bool LLAppViewer::cleanup()
        LLCalc::cleanUp();
+        // Quitting with "Remember Password" turned off should always stomp your
+        // saved password, whether or not you successfully logged in.  JC
+        if (!gSavedSettings.getBOOL("RememberPassword"))
+        {
+                gHippoGridManager->getConnectedGrid()->setPassword("");
+                // kill old password.dat file if it exists. We do this to keep setting compatibility with older versions -- MC
+                std::string filepath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "password.dat");
+                LLFile::remove(filepath);
+        }
+        gHippoGridManager->saveFile();
        delete gHippoGridManager;
        gHippoGridManager = NULL;
@@ -1418,13 +1431,6 @@ bool LLAppViewer::cleanup()
        //
        LLVFile::cleanupClass();
        llinfos << "VFS cleaned up" << llendflush;
-        // Quitting with "Remember Password" turned off should always stomp your
-        // saved password, whether or not you successfully logged in.  JC
-        if (!gSavedSettings.getBOOL("RememberPassword"))
-        {
-                LLStartUp::deletePasswordFromDisk();
-        }
        
        // Store the time of our current logoff
        gSavedPerAccountSettings.setU32("LastLogoff", time_corrected());
diff --git a/linden/indra/newview/llfloaterchat.cpp b/linden/indra/newview/llfloaterchat.cpp
index 79dddaa..f3d71d7 100644
--- a/linden/indra/newview/llfloaterchat.cpp
+++ b/linden/indra/newview/llfloaterchat.cpp
@@ -49,6 +49,7 @@
 #include "message.h"
 // project include
+#include "hippogridmanager.h"
 #include "llagent.h"
 #include "llbutton.h"
 #include "llcheckboxctrl.h"
@@ -475,7 +476,7 @@ BOOL checkStringInText(const std::string &text_line, std::string textToMatch)
 BOOL LLFloaterChat::isOwnNameInText(const std::string &text_line)
 {
-        if (checkStringInText(text_line, gSavedSettings.getString("FirstName")))
+        if (checkStringInText(text_line, gHippoGridManager->getConnectedGrid()->getFirstName()))
                return TRUE;
        for (int i=1; i<=3; i++)
diff --git a/linden/indra/newview/llloginhandler.cpp b/linden/indra/newview/llloginhandler.cpp
index c35ba04..988ef2f 100644
--- a/linden/indra/newview/llloginhandler.cpp
+++ b/linden/indra/newview/llloginhandler.cpp
@@ -131,23 +131,29 @@ bool LLLoginHandler::handle(const LLSD& tokens,
                if (password.substr(0,3) != "$1$")
                {
-                        LLMD5 pass((unsigned char*)password.c_str());
+                        // grids we try in order: loginhandler "grid", LastConnectedGrid, grid manager
-                        char md5pass[33];               /* Flawfinder: ignore */
+                        // icky that we do this here and in LLStartUp
-                        pass.hex_digest(md5pass);
+                        std::string grid_nick = query_map["grid"].asString();
-                        std::string hashed_password = ll_safe_string(md5pass, 32);
+                        if (grid_nick.empty()) grid_nick = gSavedSettings.getString("LastConnectedGrid");
-                        LLStartUp::savePasswordToDisk(hashed_password);
+                        if (grid_nick.empty()) grid_nick = gHippoGridManager->getCurrentGridNick();
+                        HippoGridInfo* grid = gHippoGridManager->getGrid(grid_nick);
+                        if (grid) grid->setPassword(password);
                }
        }
                        
        if (LLStartUp::getStartupState() < STATE_LOGIN_CLEANUP)  //on splash page
        {
-                // if we ever support saving names based on grid, we'll have to support saving usernames too -- MC
                LLPanelLogin::loadLoginForm();
                if (!mFirstName.empty() || !mLastName.empty())
                {
-                        // Fill in the name, and maybe the password
+                        // Fill in the name, and the password if we can
+                        if (password.empty())
+                        {
+                                password = gHippoGridManager->getCurrentGrid()->getPassword();
+                        }
                        if (gHippoGridManager && gHippoGridManager->getCurrentGrid()->isUsernameCompat())
                        {
                                if (mLastName == "resident" || mLastName == "Resident")
diff --git a/linden/indra/newview/llpanellogin.cpp b/linden/indra/newview/llpanellogin.cpp
index 7b05794..fd9d077 100644
--- a/linden/indra/newview/llpanellogin.cpp
+++ b/linden/indra/newview/llpanellogin.cpp
@@ -91,6 +91,7 @@
 const S32 BLACK_BORDER_HEIGHT = 160;
 const S32 MAX_PASSWORD = 16;
+const std::string PASSWORD_FILLER = "123456789!123456";
 LLPanelLogin *LLPanelLogin::sInstance = NULL;
 BOOL LLPanelLogin::sCapslockDidNotification = FALSE;
@@ -174,7 +175,8 @@ LLPanelLogin::LLPanelLogin(const LLRect &rect,
        mLogoImage(),
        mCallback(callback),
        mCallbackData(cb_data),
-        mHtmlAvailable( TRUE )
+        mHtmlAvailable( TRUE ),
+        mActualPassword("")
 {
        setFocusRoot(TRUE);
@@ -212,7 +214,7 @@ LLPanelLogin::LLPanelLogin(const LLRect &rect,
        childSetPrevalidate("last_name_edit", LLLineEditor::prevalidatePrintableNoSpace);
        childSetPrevalidate("username_edit", LLLineEditor::prevalidatePrintableSpace);
-        childSetCommitCallback("password_edit", mungePassword);
+        childSetCommitCallback("password_edit", onPasswordChanged, this);
        childSetKeystrokeCallback("password_edit", onPassKey, this);
        childSetUserData("password_edit", this);
@@ -355,22 +357,6 @@ void LLPanelLogin::setSiteIsAlive( bool alive )
        }
 }
-void LLPanelLogin::mungePassword(LLUICtrl* caller, void* user_data)
-{
-        LLPanelLogin* self = (LLPanelLogin*)user_data;
-        LLLineEditor* editor = (LLLineEditor*)caller;
-        std::string password = editor->getText();
-        // Re-md5 if we've changed at all
-        if (password != self->mIncomingPassword)
-        {
-                LLMD5 pass((unsigned char *)password.c_str());
-                char munged_password[MD5HEX_STR_SIZE];
-                pass.hex_digest(munged_password);
-                self->mMungedPassword = munged_password;
-        }
-}
 LLPanelLogin::~LLPanelLogin()
 {
        LLPanelLogin::sInstance = NULL;
@@ -596,6 +582,8 @@ void LLPanelLogin::setFields(const std::string& firstname,
 // static
 void LLPanelLogin::setPassword(const std::string& password)
 {
+        // we check for sInstance before getting here
        // Max "actual" password length is 16 characters.
        // Hex digests are always 32 characters.
        if (password.length() == 32)
@@ -604,21 +592,16 @@ void LLPanelLogin::setPassword(const std::string& password)
                // We don't actually use the password input field, 
                // fill it with MAX_PASSWORD characters so we get a 
                // nice row of asterixes.
-                const std::string filler("123456789!123456");
+                sInstance->childSetText("password_edit", PASSWORD_FILLER);
-                sInstance->childSetText("password_edit", filler);
-                sInstance->mIncomingPassword = filler;
-                sInstance->mMungedPassword = password;
        }
        else
        {
                // this is a normal text password
                sInstance->childSetText("password_edit", password);
-                sInstance->mIncomingPassword = password;
-                LLMD5 pass((unsigned char *)password.c_str());
-                char munged_password[MD5HEX_STR_SIZE];
-                pass.hex_digest(munged_password);
-                sInstance->mMungedPassword = munged_password;
        }
+        // munging happens in the grid manager now
+        sInstance->mActualPassword = password;
 }
@@ -714,7 +697,8 @@ void LLPanelLogin::getFields(std::string *firstname,
                LLStringUtil::trim(*lastname);
        }
-        *password = sInstance->mMungedPassword;
+        // sent to us from LLStartUp. Saved only on an actual connect
+        *password = sInstance->mActualPassword;
 }
 // static
@@ -893,7 +877,7 @@ void LLPanelLogin::loadLoginForm()
                lastname_l->setText(lastname_s);
        }
-        setPassword(gHippoGridManager->getCurrentGrid()->getAvatarPassword());
+        setPassword(gHippoGridManager->getCurrentGrid()->getPassword());
 }
@@ -1224,6 +1208,20 @@ void LLPanelLogin::onClickNewAccount(void*)
        }
 }
+// static
+void LLPanelLogin::onPasswordChanged(LLUICtrl* caller, void* user_data)
+{
+        LLPanelLogin* self = (LLPanelLogin*)user_data;
+        LLLineEditor* editor = (LLLineEditor*)caller;
+        std::string password = editor->getText();
+        // update if we've changed at all
+        // is there a good way to let users know we can't let them use PASSWORD_FILLER?
+        if (password != self->mActualPassword && password != PASSWORD_FILLER)
+        {
+                self->mActualPassword = password;
+        }
+}
 // *NOTE: This function is dead as of 2008 August.  I left it here in case
 // we suddenly decide to put the Quit button back. JC
diff --git a/linden/indra/newview/llpanellogin.h b/linden/indra/newview/llpanellogin.h
index 947aea6..645999c 100644
--- a/linden/indra/newview/llpanellogin.h
+++ b/linden/indra/newview/llpanellogin.h
@@ -83,7 +83,6 @@ public:
        static void refreshLoginPage();
        static void giveFocus();
        static void setAlwaysRefresh(bool refresh); 
-        static void mungePassword(LLUICtrl* caller, void* user_data);
        
        // inherited from LLViewerMediaObserver
        /*virtual*/ void handleMediaEvent(LLPluginClassMedia* self, EMediaEvent event);
@@ -98,6 +97,7 @@ private:
        static bool newAccountAlertCallback(const LLSD& notification, const LLSD& response);
        static void onClickQuit(void*);
        static void onClickVersion(void*);
+        static void onPasswordChanged(LLUICtrl* caller, void* user_data);
        static void onClickForgotPassword(void*);
        static void onPassKey(LLLineEditor* caller, void* user_data);
        static void onSelectServer(LLUICtrl*, void*);
@@ -120,8 +120,7 @@ private:
        void                    (*mCallback)(S32 option, void *userdata);
        void*                   mCallbackData;
-        std::string mIncomingPassword;
+        std::string mActualPassword;
-        std::string mMungedPassword;
        static LLPanelLogin* sInstance;
        static BOOL             sCapslockDidNotification;
diff --git a/linden/indra/newview/llprefsim.cpp b/linden/indra/newview/llprefsim.cpp
index 5ac2bb2..33d9701 100644
--- a/linden/indra/newview/llprefsim.cpp
+++ b/linden/indra/newview/llprefsim.cpp
@@ -179,12 +179,12 @@ void LLPrefsIMImpl::apply()
                if (gSavedSettings.getBOOL("UseLegacyChatLogsFolder"))
                {
                        gDirUtilp->setPerAccountChatLogsDir(LLStringUtil::null, 
-                                gSavedSettings.getString("FirstName"), gSavedSettings.getString("LastName") );
+                                gHippoGridManager->getCurrentGrid()->getFirstName(), gHippoGridManager->getCurrentGrid()->getLastName() );
                }
                else
                {
                        gDirUtilp->setPerAccountChatLogsDir(gHippoGridManager->getCurrentGridNick(), 
-                                gSavedSettings.getString("FirstName"), gSavedSettings.getString("LastName") );
+                                gHippoGridManager->getCurrentGrid()->getFirstName(), gHippoGridManager->getCurrentGrid()->getLastName() );
                }
                LLFile::mkdir(gDirUtilp->getPerAccountChatLogsDir());
        }
diff --git a/linden/indra/newview/llstartup.cpp b/linden/indra/newview/llstartup.cpp
index 4028cad..e29dc5a 100644
--- a/linden/indra/newview/llstartup.cpp
+++ b/linden/indra/newview/llstartup.cpp
@@ -76,7 +76,6 @@
 #include "llstring.h"
 #include "lluserrelations.h"
 #include "llvfs.h"
-#include "llxorcipher.h"        // saved password, MAC address
 #include "message.h"
 #include "v3math.h"
@@ -262,7 +261,6 @@ bool LLStartUp::sLoginFailed = false;
 void login_show();
 void login_callback(S32 option, void* userdata);
-bool is_hex_string(U8* str, S32 len);
 void show_first_run_dialog();
 bool first_run_dialog_callback(const LLSD& notification, const LLSD& response);
 void set_startup_status(const F32 frac, const std::string& string, const std::string& msg);
@@ -750,12 +748,13 @@ bool idle_startup()
 #endif
                        gSavedSettings.setBOOL("AutoLogin", TRUE);
                }
-                else if (gSavedSettings.getBOOL("AutoLogin"))
+                else if (gSavedSettings.getBOOL("AutoLogin") && gHippoGridManager)
                {
-                        firstname = gSavedSettings.getString("FirstName");
+                        // at this point, getCurrentGrid is the last logged in grid. Should we create a new entry for this? -- MC
-                        lastname = gSavedSettings.getString("LastName");
+                        firstname = gHippoGridManager->getCurrentGrid()->getFirstName();
-                        password = LLStartUp::loadPasswordFromDisk();
+                        lastname = gHippoGridManager->getCurrentGrid()->getLastName();
-                        gSavedSettings.setBOOL("RememberPassword", TRUE);
+                        password = gHippoGridManager->getCurrentGrid()->getPassword();
+                        gSavedSettings.setBOOL("RememberPassword", TRUE); // why do we do this, anyway? -- MC
                        
 #ifdef USE_VIEWER_AUTH
                        show_connect_box = true;
@@ -766,9 +765,7 @@ bool idle_startup()
                else
                {
                        // if not automatically logging in, display login dialog
-                        firstname = gSavedSettings.getString("FirstName");
+                        // name and password are now handled in STATE_LOGIN_SHOW when the login screen's shown -- MC
-                        lastname = gSavedSettings.getString("LastName");
-                        password = LLStartUp::loadPasswordFromDisk();
                        show_connect_box = true;
                }
@@ -826,17 +823,19 @@ bool idle_startup()
                        // connect dialog is already shown, so fill in the names associated with the grid
                        // note how we always remember avatar names, but don't necessarily have to
-                        // icky how usernames get bolted on here as a kind of hack -- MC
+                        // icky how all this gets bolted on here as a kind of hack -- MC
                        if (gHippoGridManager)
                        {
                                firstname = gHippoGridManager->getCurrentGrid()->getFirstName();
                                lastname = gHippoGridManager->getCurrentGrid()->getLastName();
                                // RememberPassword toggles this being saved
-                                password = gHippoGridManager->getCurrentGrid()->getAvatarPassword();
+                                password = gHippoGridManager->getCurrentGrid()->getPassword();
                                
+                                // empty in case we used logout
                                if (gHippoGridManager->getCurrentGrid()->isUsernameCompat())
                                {
-                                        if (lastname == "resident" || lastname == "Resident")
+                                        if ((lastname == "resident" || lastname == "Resident") ||
+                                                (firstname.empty() && lastname.empty()))
                                        {
                                                LLPanelLogin::setFields(firstname, password);
                                        }
@@ -998,8 +997,8 @@ bool idle_startup()
                if (!firstname.empty() && !lastname.empty())
                {
-                        gSavedSettings.setString("FirstName", firstname);
+                        gHippoGridManager->getCurrentGrid()->setFirstName(firstname);
-                        gSavedSettings.setString("LastName", lastname);
+                        gHippoGridManager->getCurrentGrid()->setLastName(lastname);
                        //LL_INFOS("AppInit") << "Attempting login as: " << firstname << " " << lastname << " " << password << LL_ENDL;
                        gDebugInfo["LoginName"] = firstname + " " + lastname;
@@ -1162,7 +1161,9 @@ bool idle_startup()
                // color init must be after saved settings loaded
                init_colors();
-                if (gSavedSettings.getBOOL("VivoxLicenseAccepted") || gHippoGridManager->getConnectedGrid()->isSecondLife())
+                if (!gSavedSettings.getBOOL("EnableVoiceChat") ||
+                        (gSavedSettings.getBOOL("EnableVoiceChat") && gSavedSettings.getBOOL("VivoxLicenseAccepted")) || 
+                        !gHippoGridManager->getConnectedGrid()->isSecondLife())
                {
                        // skipping over STATE_LOGIN_VOICE_LICENSE since we don't need it
                        // skipping over STATE_UPDATE_CHECK because that just waits for input
@@ -1306,6 +1307,21 @@ bool idle_startup()
                        }
                }
+                // We hash a temporary password for login auth. The actual stored password
+                // is in the grid manager, and is XORed with the mac address -- MC
+                std::string hashed_password("");
+                if (password.length() == 32)
+                {
+                        hashed_password = password;
+                }
+                else if (!password.empty())
+                {
+                        LLMD5 pass((unsigned char *)password.c_str());
+                        char munged_password[MD5HEX_STR_SIZE];
+                        pass.hex_digest(munged_password);
+                        hashed_password = munged_password;
+                }
                // TODO if statement here to use web_login_key
                if(web_login_key.isNull()){
                sAuthUriNum = llclamp(sAuthUriNum, 0, (S32)sAuthUris.size()-1);
@@ -1314,7 +1330,7 @@ bool idle_startup()
                        auth_method,
                        firstname,
                        lastname,                       
-                        password, 
+                        hashed_password, 
                        //web_login_key,
                        start.str(),
                        gSkipOptionalUpdate,
@@ -1573,10 +1589,8 @@ bool idle_startup()
                if(successful_login)
                {
-                        {
+                        std::string current_grid = gHippoGridManager->getConnectedGrid()->getGridNick();
-                                std::string current_grid = gHippoGridManager->getConnectedGrid()->getGridNick();
+                        gSavedSettings.setString("LastConnectedGrid", current_grid);
-                                gSavedSettings.setString("LastConnectedGrid", current_grid);
-                        }
                        std::string text;
                        text = LLUserAuth::getInstance()->getResponse("udp_blacklist");
@@ -1608,19 +1622,23 @@ bool idle_startup()
                        }
                        text = LLUserAuth::getInstance()->getResponse("last_name");
                        if(!text.empty()) lastname.assign(text);
-                        gSavedSettings.setString("FirstName", firstname);
-                        gSavedSettings.setString("LastName", lastname);
+                        gHippoGridManager->getConnectedGrid()->setFirstName(firstname);
+                        gHippoGridManager->getConnectedGrid()->setLastName(lastname);
                        if (gSavedSettings.getBOOL("RememberPassword"))
                        {
                                // Successful login means the password is valid, so save it.
-                                LLStartUp::savePasswordToDisk(password);
+                                // formerly LLStartUp::savePasswordToDisk(password); 
+                                // this needs to happen after gMACAddress is set -- MC
+                                gHippoGridManager->getConnectedGrid()->setPassword(password);
                        }
                        else
                        {
                                // Don't leave password from previous session sitting around
                                // during this login session.
-                                LLStartUp::deletePasswordFromDisk();
+                                // formerly LLStartUp::deletePasswordFromDisk(); -- MC
+                                gHippoGridManager->getConnectedGrid()->setPassword("");
                        }
                        // this is their actual ability to access content
@@ -3084,180 +3102,6 @@ void login_callback(S32 option, void *userdata)
 }
-// static
-std::string LLStartUp::loadPasswordFromDisk()
-{
-        // Only load password if we also intend to save it (otherwise the user
-        // wonders what we're doing behind his back).  JC
-        BOOL remember_password = gSavedSettings.getBOOL("RememberPassword");
-        if (!remember_password)
-        {
-                return std::string("");
-        }
-        std::string hashed_password("");
-        // Look for legacy "marker" password from settings.ini
-        hashed_password = gSavedSettings.getString("Marker");
-        if (!hashed_password.empty())
-        {
-                // Stomp the Marker entry.
-                gSavedSettings.setString("Marker", "");
-                // Return that password.
-                return hashed_password;
-        }
-        // UUID is 16 bytes, written into ASCII is 32 characters
-        // without trailing \0
-        const S32 HASHED_LENGTH = 32;
-        std::string filepath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
-                                                                                                           "password.dat");
-        LLFILE* fp = LLFile::fopen(filepath, "rb");             /* Flawfinder: ignore */
-        if (!fp)
-        {
-#if LL_DARWIN
-                UInt32 passwordLength;
-                char *passwordData;
-                OSStatus stat = SecKeychainFindGenericPassword(NULL, 10, "Imprudence", 0, NULL, &passwordLength, (void**)&passwordData, NULL);
-                if (stat == noErr)
-                {
-                        if (passwordLength == HASHED_LENGTH)
-                                hashed_password.assign(passwordData, HASHED_LENGTH);
-                        SecKeychainItemFreeContent(NULL, passwordData);
-                }
-#endif
-                return hashed_password;
-        }
-        U8 buffer[HASHED_LENGTH+1];
-        if (1 != fread(buffer, HASHED_LENGTH, 1, fp))
-        {
-                return hashed_password;
-        }
-        fclose(fp);
-        // Decipher with MAC address
-        LLXORCipher cipher(gMACAddress, 6);
-        cipher.decrypt(buffer, HASHED_LENGTH);
-        buffer[HASHED_LENGTH] = '\0';
-        // Check to see if the mac address generated a bad hashed
-        // password. It should be a hex-string or else the mac adress has
-        // changed. This is a security feature to make sure that if you
-        // get someone's password.dat file, you cannot hack their account.
-        if(is_hex_string(buffer, HASHED_LENGTH))
-        {
-                hashed_password.assign((char*)buffer);
-        }
-#if LL_DARWIN
-        // we're migrating to the keychain
-        LLFile::remove(filepath);
-#endif
-        return hashed_password;
-}
-// static
-void LLStartUp::savePasswordToDisk(const std::string& hashed_password)
-{
-#if LL_DARWIN
-        SecKeychainItemRef keychainItem;
-        OSStatus status = SecKeychainFindGenericPassword(NULL, 10, "Imprudence", 0, NULL, NULL, NULL, &keychainItem);
-        if (status == noErr)
-        {
-                SecKeychainItemModifyAttributesAndData(keychainItem, NULL, hashed_password.length(), hashed_password.c_str());
-                CFRelease(keychainItem);
-        }
-        else
-        {
-                SecKeychainAddGenericPassword(NULL, 10, "Imprudence", 0, NULL, hashed_password.length(), hashed_password.c_str(), NULL);
-        }
-#else
-        std::string filepath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
-                                                                                                           "password.dat");
-        LLFILE* fp = LLFile::fopen(filepath, "wb");             /* Flawfinder: ignore */
-        if (!fp)
-        {
-                return;
-        }
-        // Encipher with MAC address
-        const S32 HASHED_LENGTH = 32;
-        U8 buffer[HASHED_LENGTH+1];
-        LLStringUtil::copy((char*)buffer, hashed_password.c_str(), HASHED_LENGTH+1);
-        LLXORCipher cipher(gMACAddress, 6);
-        cipher.encrypt(buffer, HASHED_LENGTH);
-        if (fwrite(buffer, HASHED_LENGTH, 1, fp) != 1)
-        {
-                LL_WARNS("AppInit") << "Short write" << LL_ENDL;
-        }
-        fclose(fp);
-#endif
-}
-// static
-void LLStartUp::deletePasswordFromDisk()
-{
-#if LL_DARWIN
-        SecKeychainItemRef keychainItem;
-        OSStatus status = SecKeychainFindGenericPassword(NULL, 10, "Imprudence", 0, NULL, NULL, NULL, &keychainItem);
-        if (status == noErr)
-        {
-                SecKeychainItemDelete(keychainItem);
-                CFRelease(keychainItem);
-        }
-#endif
-        std::string filepath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
-                                                                                                                  "password.dat");
-        LLFile::remove(filepath);
-}
-bool is_hex_string(U8* str, S32 len)
-{
-        bool rv = true;
-        U8* c = str;
-        while(rv && len--)
-        {
-                switch(*c)
-                {
-                case '0':
-                case '1':
-                case '2':
-                case '3':
-                case '4':
-                case '5':
-                case '6':
-                case '7':
-                case '8':
-                case '9':
-                case 'a':
-                case 'b':
-                case 'c':
-                case 'd':
-                case 'e':
-                case 'f':
-                        ++c;
-                        break;
-                default:
-                        rv = false;
-                        break;
-                }
-        }
-        return rv;
-}
 void show_first_run_dialog()
 {
        LLNotifications::instance().add("FirstRun", LLSD(), LLSD(), first_run_dialog_callback);
diff --git a/linden/indra/newview/llstartup.h b/linden/indra/newview/llstartup.h
index 6dc3946..5960817 100644
--- a/linden/indra/newview/llstartup.h
+++ b/linden/indra/newview/llstartup.h
@@ -106,15 +106,6 @@ public:
        // gender_name is either "male" or "female"
        static void loadInitialOutfit( const std::string& outfit_folder_name,
                                                                   const std::string& gender_name );
-        // Load MD5 of user's password from local disk file.
-        static std::string loadPasswordFromDisk();
-        
-        // Record MD5 of user's password for subsequent login.
-        static void savePasswordToDisk(const std::string& hashed_password);
-        
-        // Delete the saved password local disk file.
-        static void deletePasswordFromDisk();
        
        static bool dispatchURL();
                // if we have a SLURL or sim string ("Ahern/123/45") that started
author	McCabe Maxsted	2011-04-19 14:49:18 -0700
committer	McCabe Maxsted	2011-04-19 14:49:18 -0700
commit	a0902a050cc713f742990a09d2a610d4c135b7c7 (patch)
tree	c4a2c89cd48d6e50908959deed5318c6cd4fbaf5 /linden/indra
parent	Fixed usernames default setting to '.' when logging into second life for the ... (diff)
download	meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.zip meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.tar.gz meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.tar.bz2 meta-impy-a0902a050cc713f742990a09d2a610d4c135b7c7.tar.xz