removed user read permissions on uds key creation

2014-09-30 04:21:17 +02:00 · 2014-09-30 04:21:17 +02:00 · 722021820b
commit 722021820b
parent 21177736f3
4 changed files with 71 additions and 18 deletions
--- a/windowsActor/UDSActorConfig.py
+++ b/windowsActor/UDSActorConfig.py
@ -4,14 +4,20 @@ import sys
 from PyQt4 import QtCore, QtGui

 from store import checkPermissions
+from store import readConfig
+from store import writeConfig

 from setup_dialog_ui import Ui_UdsActorSetupDialog

 class MyForm(QtGui.QDialog):
-    def __init__(self, parent=None):
+    def __init__(self, data, parent=None):
        QtGui.QWidget.__init__(self, parent)
        self.ui = Ui_UdsActorSetupDialog()
        self.ui.setupUi(self)
+        if data is not None:
+            self.ui.host.setText(data['host'])
+            self.ui.masterKey.setText(data['masterKey'])
+            self.ui.useSSl.setCurrentIndex(0 if data['ssl'] is True else 1)

    def textChanged(self):
        enableButtons = self.ui.host.text() != '' and self.ui.masterKey.text() != ''
@ -26,7 +32,9 @@ class MyForm(QtGui.QDialog):
        pass

    def acceptAndSave(self):
-        pass
+        data = { 'host': self.ui.host.text(), 'masterKey': self.ui.masterKey.text(), 'ssl': self.ui.useSSl.currentIndex() == 0 }
+        writeConfig(data)
+        self.close()

 if __name__ == "__main__":

@ -36,6 +44,9 @@ if __name__ == "__main__":
        QtGui.QMessageBox.question(None, 'Notice', 'This Program must be executed as administrator', QtGui.QMessageBox.Ok)
        sys.exit(1)

-    myapp = MyForm()
+    # Read configuration
+    data = readConfig()
+
+    myapp = MyForm(data)
    myapp.show()
    sys.exit(app.exec_())
--- a/windowsActor/setup-dialog.ui
+++ b/windowsActor/setup-dialog.ui
@ -170,7 +170,7 @@
     </widget>
    </item>
    <item row="2" column="1">
-     <widget class="QComboBox" name="comboBox">
+     <widget class="QComboBox" name="useSSl">
      <property name="toolTip">
       <string>Select communication security with broker</string>
      </property>
--- a/windowsActor/setup_dialog_ui.py
+++ b/windowsActor/setup_dialog_ui.py
@ -2,7 +2,7 @@

 # Form implementation generated from reading ui file 'setup-dialog.ui'
 #
-# Created: Mon Sep 29 18:18:44 2014
+# Created: Tue Sep 30 02:15:54 2014
 #      by: PyQt4 UI code generator 4.11.2
 #
 # WARNING! All changes made in this file will be lost!
@ -74,11 +74,11 @@ class Ui_UdsActorSetupDialog(object):
        self.label_4 = QtGui.QLabel(self.layoutWidget)
        self.label_4.setObjectName(_fromUtf8("label_4"))
        self.formLayout.setWidget(2, QtGui.QFormLayout.LabelRole, self.label_4)
-        self.comboBox = QtGui.QComboBox(self.layoutWidget)
-        self.comboBox.setObjectName(_fromUtf8("comboBox"))
-        self.comboBox.addItem(_fromUtf8(""))
-        self.comboBox.addItem(_fromUtf8(""))
-        self.formLayout.setWidget(2, QtGui.QFormLayout.FieldRole, self.comboBox)
+        self.useSSl = QtGui.QComboBox(self.layoutWidget)
+        self.useSSl.setObjectName(_fromUtf8("useSSl"))
+        self.useSSl.addItem(_fromUtf8(""))
+        self.useSSl.addItem(_fromUtf8(""))
+        self.formLayout.setWidget(2, QtGui.QFormLayout.FieldRole, self.useSSl)

        self.retranslateUi(UdsActorSetupDialog)
        QtCore.QObject.connect(self.host, QtCore.SIGNAL(_fromUtf8("textChanged(QString)")), UdsActorSetupDialog.textChanged)
@ -106,8 +106,8 @@ class Ui_UdsActorSetupDialog(object):
        self.masterKey.setToolTip(_translate("UdsActorSetupDialog", "Master key to communicate with UDS Broker", None))
        self.masterKey.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Enter the Master Key (found on<span style=\" font-weight:600;\"> UDS Configuration</span> section) of the UDS Broker to allow communication of the Actor with Broker</p></body></html>", None))
        self.label_4.setText(_translate("UdsActorSetupDialog", "Security", None))
-        self.comboBox.setToolTip(_translate("UdsActorSetupDialog", "Select communication security with broker", None))
-        self.comboBox.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Select the security for communications with UDS Broker.</p><p>The recommended method of communication is <span style=\" font-weight:600;\">Use SSL</span>, but selection needs to be acording to your broker configuration.</p></body></html>", None))
-        self.comboBox.setItemText(0, _translate("UdsActorSetupDialog", "Do not use SSL", None))
-        self.comboBox.setItemText(1, _translate("UdsActorSetupDialog", "Use SSL", None))
+        self.useSSl.setToolTip(_translate("UdsActorSetupDialog", "Select communication security with broker", None))
+        self.useSSl.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Select the security for communications with UDS Broker.</p><p>The recommended method of communication is <span style=\" font-weight:600;\">Use SSL</span>, but selection needs to be acording to your broker configuration.</p></body></html>", None))
+        self.useSSl.setItemText(0, _translate("UdsActorSetupDialog", "Do not use SSL", None))
+        self.useSSl.setItemText(1, _translate("UdsActorSetupDialog", "Use SSL", None))

--- a/windowsActor/store/windows.py
+++ b/windowsActor/store/windows.py
@ -4,17 +4,59 @@ from __future__ import unicode_literals


 from win32com.shell import shell
-import _winreg
+import _winreg as wreg
+import win32security
+import cPickle

+try:
+    from udsactor_encoder import encoder, decoder
+except:
+    def encoder(data):
+        return data.encode('bz2')
+
+    def decoder(data):
+        return data.decode('bz2')
+
+DEBUG = True

 path = 'Software\\UDS Enterprise'
+baseKey = wreg.HKEY_CURRENT_USER if DEBUG is True else wreg.HKEY_LOCAL_MACHINE

 def checkPermissions():
-    return shell.IsUserAnAdmin()
+    return True if DEBUG else shell.IsUserAnAdmin()
+
+def fixRegistryPermissions(handle):
+    # Fix permissions so users can't read this key
+    v = win32security.GetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION)
+    dacl = v.GetSecurityDescriptorDacl()
+    n = 0
+    # Remove all normal users access permissions to the handle
+    while n < dacl.GetAceCount():
+        if unicode(dacl.GetAce(n)[2]) == u'PySID:S-1-5-32-545':  # Whell known Users SID
+            dacl.DeleteAce(n)
+        else:
+            n += 1
+    win32security.SetSecurityInfo(handle, win32security.SE_REGISTRY_KEY,
+                                  win32security.DACL_SECURITY_INFORMATION | win32security.PROTECTED_DACL_SECURITY_INFORMATION,
+                                  None, None, dacl, None)

 def readConfig():
    try:
-        key = wreg.OpenKey(_wreg.HKEY_LOCAL_MACHINE, path, 0, _wreg.KEY_ALL_ACCESS)
+        key = wreg.OpenKey(baseKey, path, 0, wreg.KEY_QUERY_VALUE)
+        data, dataType = wreg.QueryValueEx(key, '')
+        wreg.CloseKey(key)
+        return cPickle.loads(decoder(data))
+    except Exception as e:
+        return None

+def writeConfig(data):
+    try:
+        key = wreg.OpenKey(base, path, 0, wreg.KEY_ALL_ACCESS)
    except:
-        pass
+        key = wreg.CreateKeyEx(baseKey, path, 0, wreg.KEY_ALL_ACCESS)
+
+        if DEBUG is False:
+            fixRegistryPermissions(key.handle)
+
+    wreg.SetValueEx(key, "", 0, wreg.REG_BINARY, encoder(cPickle.dumps(data)))
+    wreg.CloseKey(key)