Example #1
0
        public void Object_PolicyObjectListSigned_Test()
        {
            PolicyObjectListSigned pol = new PolicyObjectListSigned();

            pol.Items          = new List <PolicyObjectSigned>();
            pol.Signature      = new byte[] { 0, 1, 2, 3, 4 };
            pol.TimeStampCheck = new DateTime(2016, 1, 1, 0, 0, 0, 0);
            string JSON = JsonConvert.SerializeObject(pol);

            Assert.AreEqual("{\"TimeStampCheck\":\"2016-01-01T00:00:00\",\"Signature\":\"AAECAwQ=\",\"Items\":[]}", JSON);
        }
Example #2
0
        public static bool DoSyncPolicy()
        {
            RequestCertPolicyID        = 0;
            RequestCertPolicyMessageID = 0;
            RequestCertPolicyCERData   = null;

            List <Int64> ProcessedPolicies = new List <long>();

            Network net;

            net = Utilities.ConnectNetwork(9);
            if (net == null)
            {
                return(false);
            }

            Status.UpdateMessage(9, "Downloading client settings");
            FoxEventLog.VerboseWriteEventLog("Downloading client settings", System.Diagnostics.EventLogEntryType.Information);
            ClientSettings settings = net.GetClientSettings();

            if (settings != null)
            {
                RegistryData.AdministratorName = settings.AdministratorName;
                RegistryData.MessageDisclaimer = settings.MessageDisclaimer;
            }

            Status.UpdateMessage(9, "Downloading policies");
            FoxEventLog.VerboseWriteEventLog("Downloading policies", System.Diagnostics.EventLogEntryType.Information);
            PolicyObjectListSigned    policieslistsigned = net.GetPoliciesForComputer();
            List <PolicyObjectSigned> policies           = policieslistsigned == null ? null : policieslistsigned.Items;

            if (policies == null)
            {
                FoxEventLog.VerboseWriteEventLog("Downloading policies - nix", System.Diagnostics.EventLogEntryType.Information);
                Status.UpdateMessage(9);
                net.CloseConnection();
                return(true);
            }

            if (FilesystemData.LoadedCertificates.Count > 0)
            {
                bool SignatureOK = false;
                foreach (FilesystemCertificateData cer in FilesystemData.LoadedCertificates)
                {
                    if (Certificates.Verify(policieslistsigned, cer.Certificate) == true)
                    {
                        SignatureOK = true;
                        break;
                    }
                }
                if (SignatureOK == false)
                {
                    FoxEventLog.WriteEventLog("Invalid signature for PolicyList - no policies will be processed.", System.Diagnostics.EventLogEntryType.Error);
                    net.CloseConnection();
                    return(true);
                }
            }
            if (RegistryData.Verbose == 1)
            {
                string data = "Got policy:\r\n";
                foreach (PolicyObjectSigned obj in policies)
                {
                    data += obj.Policy.Name + " [ID: " + obj.Policy.ID + " VER: " + obj.Policy.Version + "]\r\n";
                }
                FoxEventLog.VerboseWriteEventLog("Downloading policies " + data, System.Diagnostics.EventLogEntryType.Information);
            }

            if (FilesystemData.LoadedCertificates.Count > 0)
            {
                foreach (PolicyObjectSigned obj in policies)
                {
                    if (ApplicationCertificate.Verify(obj) == false)
                    {
                        FoxEventLog.WriteEventLog("One or more policies were tampered - no policies will be processed.", System.Diagnostics.EventLogEntryType.Error);
                        net.CloseConnection();
                        return(true);
                    }
                }
            }

            #region Certificate Checks

            foreach (PolicyObjectSigned obj in policies)
            {
                if (obj.Policy.Type == PolicyIDs.SignCertificate)
                {
                    if (FilesystemData.ContainsPolicy(obj.Policy, false, false) == true)
                    {
                        continue;
                    }
                    PolicyObjectSigned objj = net.GetPolicyObjectSigned(obj.Policy.ID);
                    //do not verify signing here - that won't work! - Fox
                    PolicySigningCertificates Cert = JsonConvert.DeserializeObject <PolicySigningCertificates>(objj.Policy.Data);
                    if (FilesystemData.ContainsLoadedCert(Convert.FromBase64String(Cert.UUCerFile)) == true)
                    {
                        continue;
                    }
                    bool sig = Certificates.Verify(Convert.FromBase64String(Cert.UUCerFile), Convert.FromBase64String(Cert.UUSignFile), InternalCertificate.Main);
                    if (sig == false)
                    {
                        RequestCertPolicyID      = objj.Policy.ID;
                        RequestCertPolicyCERData = Convert.FromBase64String(Cert.UUCerFile);
                        string CN = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
                        if (CN == null)
                        {
                            FoxEventLog.WriteEventLog("Invalid certificate from server (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
                            continue;
                        }
                        Status.RequestCertificateConfirm("The certificate with " + CN + " is not signed by Vulpes. This may that someone tampered the connection, or a false certificate is installed on the server.\nDo you want to continue, and trust this certificate?", RequestCertPolicyID);
                        RequestCertPolicyMessageID = Status.MessageID;
                        FoxEventLog.WriteEventLog("Got unsinged certificate (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + " " + CN + ")", System.Diagnostics.EventLogEntryType.Warning);
                    }
                    else
                    {
                        string CN = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
                        if (CN == null)
                        {
                            FoxEventLog.WriteEventLog("Invalid (Vulpes signed) certificate from server (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
                            continue;
                        }
                        FilesystemData.InstallCertificate(Convert.FromBase64String(Cert.UUCerFile));
                    }
                }
            }

            #endregion

            if (FilesystemData.LoadedCertificates.Count > 0)
            {
                foreach (PolicyObjectSigned obj in policies)
                {
                    if (FilesystemData.ContainsPolicy(obj.Policy, false, false) == true)
                    {
                        if (ProcessedPolicies.Contains(obj.Policy.ID) == false)
                        {
                            ProcessedPolicies.Add(obj.Policy.ID);
                        }
                        FilesystemData.UpdatePolicyOrder(obj.Policy, obj.Policy.Order);
                        continue;
                    }

                    PolicyObjectSigned objj = net.GetPolicyObjectSigned(obj.Policy.ID);
                    if (objj == null)
                    {
                        FoxEventLog.WriteEventLog("No data for policy - not applying (Policy ID=" + obj.Policy.ID.ToString() + " Name=" + obj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
                        continue;
                    }
                    if (ApplicationCertificate.Verify(objj) == false)
                    {
                        FoxEventLog.WriteEventLog("Policy was tampered - not applying (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
                        continue;
                    }

                    if (FilesystemData.InstallPolicy(objj.Policy, obj.Policy.Order) == false)
                    {
                        continue;
                    }
                    if (ProcessedPolicies.Contains(obj.Policy.ID) == false)
                    {
                        ProcessedPolicies.Add(obj.Policy.ID);
                    }
                }

                List <LoadedPolicyObject> RemovePol = new List <LoadedPolicyObject>();

                foreach (LoadedPolicyObject lobj in FilesystemData.LoadedPolicyObjects)
                {
                    if (ProcessedPolicies.Contains(lobj.PolicyObject.ID) == false)
                    {
                        RemovePol.Add(lobj);
                    }
                }

                foreach (LoadedPolicyObject lobj in RemovePol)
                {
                    FilesystemData.DeletePolicy(lobj);
                }
            }

            net.CloseConnection();

            if (RequestCertPolicyID == 0)
            {
                Status.UpdateMessage(9);
            }

            FoxEventLog.VerboseWriteEventLog("Downloading policies - DONE", System.Diagnostics.EventLogEntryType.Information);
            return(true);
        }
Example #3
0
        public RESTStatus GetPolicyForComputer(SQLLib sql, object dummy, NetworkConnectionInfo ni)
        {
            if (ni.HasAcl(ACLFlags.ComputerLogin) == false)
            {
                ni.Error   = "Access denied";
                ni.ErrorID = ErrorFlags.AccessDenied;
                return(RESTStatus.Denied);
            }

            PolicyListSigned       = new PolicyObjectListSigned();
            PolicyListSigned.Items = new List <PolicyObjectSigned>();

            string MachineID = ni.Username;

            lock (ni.sqllock)
            {
                SqlDataReader dr = sql.ExecSQLReader("SELECT * FROM Policies WHERE MachineID=@m AND Enabled=1 AND Type not in (" + PolicyIDs.HiddenPoliciesSQLINClause + ")",
                                                     new SQLParam("@m", MachineID));
                while (dr.Read())
                {
                    PolicyObject       obj  = LoadPolicyDB(dr, false, true);
                    PolicyObjectSigned objs = new PolicyObjectSigned();
                    objs.Policy = obj;
                    if (Certificates.Sign(objs, SettingsManager.Settings.UseCertificate) == false)
                    {
                        FoxEventLog.WriteEventLog("Cannot sign policy with Certificate " + SettingsManager.Settings.UseCertificate, System.Diagnostics.EventLogEntryType.Warning);
                        ni.Error   = "Cannot sign policy with Certificate " + SettingsManager.Settings.UseCertificate;
                        ni.ErrorID = ErrorFlags.CannotSign;
                        dr.Close();
                        return(RESTStatus.ServerError);
                    }
                    PolicyListSigned.Items.Add(objs);
                }
                dr.Close();
            }

            Int64? GroupID = null;
            object sqlo    = sql.ExecSQLScalar("select Grouping from ComputerAccounts where MachineID=@m", new SQLParam("@m", MachineID));

            if (sqlo is DBNull || sqlo == null)
            {
                GroupID = null;
            }
            else
            {
                GroupID = Convert.ToInt64(sqlo);
            }

            do
            {
                lock (ni.sqllock)
                {
                    SqlDataReader dr = sql.ExecSQLReader("SELECT * FROM Policies WHERE " + (GroupID == null ? "Grouping is NULL" : "Grouping=@g") + " AND Enabled=1 AND Type NOT IN (" + PolicyIDs.HiddenPoliciesSQLINClause + ") AND MachineID is NULL",
                                                         new SQLParam("@g", GroupID));
                    while (dr.Read())
                    {
                        PolicyObject       obj  = LoadPolicyDB(dr, false, true);
                        PolicyObjectSigned objs = new PolicyObjectSigned();
                        objs.Policy = obj;
                        PolicyListSigned.Items.Add(objs);
                    }
                    dr.Close();
                }

                if (GroupID != null)
                {
                    lock (ni.sqllock)
                    {
                        sqlo = sql.ExecSQLScalar("select ParentID FROM Grouping WHERE ID=@g", new SQLParam("@g", GroupID));
                    }

                    if (sqlo is DBNull || sqlo == null)
                    {
                        GroupID = null;
                    }
                    else
                    {
                        GroupID = Convert.ToInt64(sqlo);
                    }
                }
                else
                {
                    break;
                }
            } while (true);

            PolicyListSigned.Items.Reverse();
            Int64 Count = 1;

            foreach (PolicyObjectSigned p in PolicyListSigned.Items)
            {
                p.Policy.Order = Count;
                Count++;
                if (Certificates.Sign(p, SettingsManager.Settings.UseCertificate) == false)
                {
                    FoxEventLog.WriteEventLog("Cannot sign policy with Certificate " + SettingsManager.Settings.UseCertificate, System.Diagnostics.EventLogEntryType.Warning);
                    ni.Error   = "Cannot sign policy with Certificate " + SettingsManager.Settings.UseCertificate;
                    ni.ErrorID = ErrorFlags.CannotSign;
                    return(RESTStatus.ServerError);
                }
            }

            List <PolicyObjectSigned> RemoveFromList = new List <PolicyObjectSigned>();

            #region Resolve Linked Policies for client

            for (int i = 0; i < PolicyListSigned.Items.Count; i++)
            {
                PolicyObjectSigned pol = PolicyListSigned.Items[i];
                if (pol.Policy.Type == PolicyIDs.LinkedPolicy)
                {
                    List <Int64> RunningIDs = new List <Int64>();

                    PolicyObject po = pol.Policy;

                    while (true)
                    {
                        if (RunningIDs.Contains(po.ID) == true)
                        {
                            FoxEventLog.WriteEventLog("Policy ID " + pol.Policy.ID.ToString() + " (" + pol.Policy.Name + ") creates a loop!", System.Diagnostics.EventLogEntryType.Warning);
                            break;
                        }

                        RunningIDs.Add(po.ID);

                        lock (ni.sqllock)
                        {
                            po.Data = Convert.ToString(sql.ExecSQLScalar("SELECT DataBlob FROM Policies WHERE ID=@id",
                                                                         new SQLParam("@id", po.ID)));
                        }

                        Int64 PolID;
                        if (Int64.TryParse(po.Data, out PolID) == false)
                        {
                            FoxEventLog.WriteEventLog("Cannot read data of policy ID " + po.ID.ToString() + " (" + po.Name + ") for linking.", System.Diagnostics.EventLogEntryType.Warning);
                            break;
                        }

                        lock (ni.sqllock)
                        {
                            if (Policies.PolicyExsits(sql, PolID) == false)
                            {
                                FoxEventLog.WriteEventLog("Policy ID " + PolID.ToString() + " referencing from " + po.ID.ToString() + " (" + po.Name + ") does not exist.", System.Diagnostics.EventLogEntryType.Warning);
                                break;
                            }
                        }

                        lock (ni.sqllock)
                        {
                            if (Convert.ToInt32(sql.ExecSQLScalar("SELECT Enabled FROM Policies WHERE ID=@id", new SQLParam("@id", PolID))) != 1)
                            {
                                break;
                            }
                        }

                        lock (ni.sqllock)
                        {
                            SqlDataReader dr = sql.ExecSQLReader("SELECT * FROM Policies WHERE ID=@id",
                                                                 new SQLParam("@id", PolID));
                            dr.Read();
                            po = LoadPolicyDB(dr, false, true);
                            dr.Close();
                        }

                        if (po == null)
                        {
                            FoxEventLog.WriteEventLog("Cannot read policy ID for linking " + PolID.ToString(), System.Diagnostics.EventLogEntryType.Warning);
                            break;
                        }

                        if (po.Type != PolicyIDs.LinkedPolicy)
                        {
                            if (PolicyIDs.HiddenPolicies.Contains(po.Type) == true)
                            {
                                pol.Policy    = null;
                                pol.Signature = null;
                                break;
                            }
                            else
                            {
                                pol.Policy    = po;
                                pol.Signature = null;
                                break;
                            }
                        }
                    }

                    if (pol.Policy != null)
                    {
                        if (Certificates.Sign(pol, SettingsManager.Settings.UseCertificate) == false)
                        {
                            FoxEventLog.WriteEventLog("Cannot sign policy with Certificate " + SettingsManager.Settings.UseCertificate, System.Diagnostics.EventLogEntryType.Warning);
                            ni.Error   = "Cannot sign policy with Certificate " + SettingsManager.Settings.UseCertificate;
                            ni.ErrorID = ErrorFlags.CannotSign;
                            return(RESTStatus.ServerError);
                        }
                    }
                    else
                    {
                        RemoveFromList.Add(pol);
                    }
                }
            }

            foreach (PolicyObjectSigned pos in RemoveFromList)
            {
                PolicyListSigned.Items.Remove(pos);
            }

            #endregion

            if (Certificates.Sign(PolicyListSigned, SettingsManager.Settings.UseCertificate) == false)
            {
                FoxEventLog.WriteEventLog("Cannot sign policy list with Certificate " + SettingsManager.Settings.UseCertificate, System.Diagnostics.EventLogEntryType.Warning);
                ni.Error   = "Cannot sign policy list with Certificate " + SettingsManager.Settings.UseCertificate;
                ni.ErrorID = ErrorFlags.CannotSign;
                return(RESTStatus.ServerError);
            }

            return(RESTStatus.Success);
        }