bool agent_get_decryption_key(unsigned char key[KDF_HASH_LEN]) { char *disable_str; if (config_exists("plaintext_key")) { _cleanup_free_ char *key_buffer = NULL; if (config_read_buffer("plaintext_key", &key_buffer) == KDF_HASH_LEN) { _cleanup_free_ char *verify = config_read_encrypted_string("verify", (unsigned char *)key_buffer); if (!verify || strcmp(verify, AGENT_VERIFICATION_STRING)) goto badkey; memcpy(key, key_buffer, KDF_HASH_LEN); secure_clear(key_buffer, KDF_HASH_LEN); mlock(key, KDF_HASH_LEN); return true; } badkey: config_unlink("plaintext_key"); } if (!agent_ask(key)) { if (!agent_load_key(key)) return false; disable_str = getenv("LPASS_AGENT_DISABLE"); if (!disable_str || strcmp(disable_str, "1")) { agent_start(key); } } mlock(key, KDF_HASH_LEN); return true; }
void session_kill() { if (!config_unlink("verify") || !config_unlink("username") || !config_unlink("session_sessionid") || !config_unlink("iterations")) die_errno("could not log out."); config_unlink("blob"); config_unlink("session_token"); config_unlink("session_uid"); config_unlink("session_privatekey"); config_unlink("session_server"); config_unlink("plaintext_key"); agent_kill(); upload_queue_kill(); }
int cmd_logout(int argc, char **argv) { static struct option long_options[] = { {"force", no_argument, NULL, 'f'}, {0, 0, 0, 0} }; int option; int option_index; bool force = false; struct session *session = NULL; unsigned char key[KDF_HASH_LEN]; while ((option = getopt_long(argc, argv, "f", long_options, &option_index)) != -1) { switch (option) { case 'f': force = true; break; case '?': default: die_usage(cmd_logout_usage); } } if (optind < argc) die_usage(cmd_logout_usage); if (!config_exists("verify")) die("Not currently logged in."); if (!force && !ask_yes_no(true, "Are you sure you would like to log out?")) { terminal_printf(TERMINAL_FG_YELLOW TERMINAL_BOLD "Log out" TERMINAL_RESET ": aborted.\n"); return 1; } init_all(0, key, &session, NULL); if (!config_unlink("verify") || !config_unlink("username") || !config_unlink("session_sessionid") || !config_unlink("iterations")) die_errno("could not log out."); config_unlink("blob"); config_unlink("session_token"); config_unlink("session_uid"); config_unlink("session_privatekey"); config_unlink("plaintext_key"); agent_kill(); upload_queue_kill(); lastpass_logout(session); terminal_printf(TERMINAL_FG_YELLOW TERMINAL_BOLD "Log out" TERMINAL_RESET ": complete.\n"); return 0; }
int cmd_login(int argc, char **argv) { static struct option long_options[] = { {"trust", no_argument, NULL, 't'}, {"plaintext-key", no_argument, NULL, 'P'}, {"force", no_argument, NULL, 'f'}, {"color", required_argument, NULL, 'C'}, {0, 0, 0, 0} }; int option; int option_index; bool trust = false; bool plaintext_key = false; bool force = false; char *username; _cleanup_free_ char *error = NULL; _cleanup_free_ char *password = NULL; int iterations; struct session *session; unsigned char key[KDF_HASH_LEN]; char hex[KDF_HEX_LEN]; while ((option = getopt_long(argc, argv, "f", long_options, &option_index)) != -1) { switch (option) { case 't': trust = true; break; case 'P': plaintext_key = true; break; case 'f': force = true; break; case 'C': terminal_set_color_mode( parse_color_mode_string(optarg)); break; case '?': default: die_usage(cmd_login_usage); } } if (argc - optind != 1) die_usage(cmd_login_usage); if (!force && plaintext_key && !ask_yes_no(false, "You have used the --plaintext-key option. This option will greatly reduce the security of your passwords. You are advised, instead, to use the agent, whose timeout can be disabled by settting LPASS_AGENT_TIMEOUT=0. Are you sure you would like to do this?")) die("Login aborted. Try again without --plaintext-key."); username = argv[optind]; iterations = lastpass_iterations(username); if (!iterations) die("Unable to fetch iteration count. Check your internet connection and be sure your username is valid."); do { free(password); password = password_prompt("Master Password", error, "Please enter the LastPass master password for <%s>.", username); if (!password) die("Failed to enter correct password."); kdf_login_key(username, password, iterations, hex); kdf_decryption_key(username, password, iterations, key); free(error); error = NULL; session = lastpass_login(username, hex, key, iterations, &error, trust); } while (!session_is_valid(session)); config_unlink("plaintext_key"); if (plaintext_key) config_write_buffer("plaintext_key", (char *)key, KDF_HASH_LEN); agent_save(username, iterations, key); session_save(session, key); session_free(session); session = NULL; terminal_printf(TERMINAL_FG_GREEN TERMINAL_BOLD "Success" TERMINAL_RESET ": Logged in as " TERMINAL_UNDERLINE "%s" TERMINAL_RESET ".\n", username); return 0; }
static void upload_queue_upload_all(const struct session *session, unsigned const char key[KDF_HASH_LEN]) { char *entry, *next_entry, *result; int size; char **argv = NULL; char **argv_ptr; char *name, *lock, *p; bool do_break; bool should_fetch_new_blob_after = false; int curl_ret; long http_code; bool http_failed_all; int backoff; while ((entry = upload_queue_next_entry(key, &name, &lock))) { size = 0; for (p = entry; *p; ++p) { if (*p == '\n') ++size; } if (p > entry && p[-1] != '\n') ++size; if (size < 1) { config_unlink(name); config_unlink(lock); goto end; } argv_ptr = argv = xcalloc(size + 1, sizeof(char **)); for (do_break = false, p = entry, next_entry = entry; ; ++p) { if (!*p) do_break = true; if (*p == '\n' || !*p) { *p = '\0'; *(argv_ptr++) = pinentry_unescape(next_entry); next_entry = p + 1; if (do_break) break; } } argv[size] = NULL; http_failed_all = true; backoff = 1; for (int i = 0; i < 5; ++i) { if (i) { sleep(backoff); backoff *= 8; } result = http_post_lastpass_v_noexit(argv[0], session->sessionid, NULL, &argv[1], &curl_ret, &http_code); http_failed_all &= (curl_ret == HTTP_ERROR_CODE || curl_ret == HTTP_ERROR_CONNECT); if (result && strlen(result)) should_fetch_new_blob_after = true; free(result); if (result) break; } if (!result) { /* server failed response 5 times, remove it */ if (http_failed_all) upload_queue_drop(name); config_unlink(lock); } else { config_unlink(name); config_unlink(lock); } for (argv_ptr = argv; *argv_ptr; ++argv_ptr) free(*argv_ptr); free(argv); end: free(name); free(lock); free(entry); } if (should_fetch_new_blob_after) blob_free(lastpass_get_blob(session, key)); }
static void upload_queue_cleanup(int signal) { UNUSED(signal); config_unlink("uploader.pid"); _exit(EXIT_SUCCESS); }
static char *upload_queue_next_entry(unsigned const char key[KDF_HASH_LEN], char **name, char **lock) { unsigned long long smallest = ULLONG_MAX, current; _cleanup_free_ char *smallest_name = NULL; _cleanup_free_ char *base_path = config_path("upload-queue"); _cleanup_free_ char *pidstr = NULL; pid_t pid; char *result, *p; DIR *dir = opendir(base_path); struct dirent *entry; if (!dir) return NULL; while ((entry = readdir(dir))) { if (entry->d_type != DT_REG) continue; for (p = entry->d_name; *p; ++p) { if (!isdigit(*p)) break; } if (*p) continue; current = strtoull(entry->d_name, NULL, 10); if (!current) continue; if (current < smallest) { smallest = current; free(smallest_name); smallest_name = xstrdup(entry->d_name); } } closedir(dir); if (smallest == ULLONG_MAX) return NULL; xasprintf(name, "upload-queue/%s", smallest_name); xasprintf(lock, "%s.lock", *name); while (config_exists(*lock)) { free(pidstr); pidstr = config_read_encrypted_string(*lock, key); if (!pidstr) { config_unlink(*lock); break; } pid = strtoul(pidstr, NULL, 10); if (!pid) { config_unlink(*lock); break; } if (process_is_same_executable(pid)) sleep(1); else { config_unlink(*lock); break; } } free(pidstr); pidstr = xultostr(getpid()); config_write_encrypted_string(*lock, pidstr, key); result = config_read_encrypted_string(*name, key); if (!result) { /* could not decrypt: drop this file */ upload_queue_drop(*name); config_unlink(*lock); return NULL; } return result; }