SEBWIN-510: Implemented configuration tool changes.
This commit is contained in:
parent
20ff39493d
commit
4d0f9797c6
4 changed files with 1149 additions and 1061 deletions
|
@ -36,7 +36,7 @@
|
||||||
<DebugType>full</DebugType>
|
<DebugType>full</DebugType>
|
||||||
<Optimize>false</Optimize>
|
<Optimize>false</Optimize>
|
||||||
<OutputPath>bin\x86\Debug\</OutputPath>
|
<OutputPath>bin\x86\Debug\</OutputPath>
|
||||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
<DefineConstants>TRACE;DEBUG;X86</DefineConstants>
|
||||||
<ErrorReport>prompt</ErrorReport>
|
<ErrorReport>prompt</ErrorReport>
|
||||||
<WarningLevel>0</WarningLevel>
|
<WarningLevel>0</WarningLevel>
|
||||||
<Prefer32Bit>false</Prefer32Bit>
|
<Prefer32Bit>false</Prefer32Bit>
|
||||||
|
@ -46,7 +46,7 @@
|
||||||
<DebugType>pdbonly</DebugType>
|
<DebugType>pdbonly</DebugType>
|
||||||
<Optimize>true</Optimize>
|
<Optimize>true</Optimize>
|
||||||
<OutputPath>bin\x86\Release\</OutputPath>
|
<OutputPath>bin\x86\Release\</OutputPath>
|
||||||
<DefineConstants>TRACE</DefineConstants>
|
<DefineConstants>TRACE;X86</DefineConstants>
|
||||||
<ErrorReport>prompt</ErrorReport>
|
<ErrorReport>prompt</ErrorReport>
|
||||||
<WarningLevel>4</WarningLevel>
|
<WarningLevel>4</WarningLevel>
|
||||||
<Prefer32Bit>false</Prefer32Bit>
|
<Prefer32Bit>false</Prefer32Bit>
|
||||||
|
@ -198,8 +198,17 @@
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<PostBuildEvent>
|
<PostBuildEvent>IF EXIST "C:\SEB\seb_$(PlatformName).dll" (
|
||||||
</PostBuildEvent>
|
robocopy "C:\SEB" "$(TargetDir)\" "seb_$(PlatformName).dll" /np
|
||||||
|
|
||||||
|
IF %2525ERRORLEVEL%2525 GEQ 8 (
|
||||||
|
EXIT 1
|
||||||
|
)
|
||||||
|
) ELSE (
|
||||||
|
ECHO WARNING: Integrity module not included!
|
||||||
|
)
|
||||||
|
|
||||||
|
EXIT 0</PostBuildEvent>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
|
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
|
||||||
Other similar extension points exist, see Microsoft.Common.targets.
|
Other similar extension points exist, see Microsoft.Common.targets.
|
||||||
|
|
|
@ -4,6 +4,7 @@ using System.Diagnostics;
|
||||||
using System.Drawing;
|
using System.Drawing;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
using System.Reflection;
|
||||||
using System.Security.Cryptography;
|
using System.Security.Cryptography;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
using System.Security.Cryptography.X509Certificates;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
@ -125,10 +126,25 @@ namespace SebWindowsConfig
|
||||||
textBoxBrowserExamKey.Text = lastBrowserExamKey;
|
textBoxBrowserExamKey.Text = lastBrowserExamKey;
|
||||||
textBoxConfigurationKey.Text = SEBProtectionController.ComputeConfigurationKey();
|
textBoxConfigurationKey.Text = SEBProtectionController.ComputeConfigurationKey();
|
||||||
|
|
||||||
|
LoadVersionInfo();
|
||||||
|
|
||||||
} // end of contructor SebWindowsConfigForm()
|
} // end of contructor SebWindowsConfigForm()
|
||||||
|
|
||||||
|
private void LoadVersionInfo()
|
||||||
|
{
|
||||||
|
var executable = Assembly.GetEntryAssembly();
|
||||||
|
var programBuild = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
|
||||||
|
var programVersion = executable.GetCustomAttribute<AssemblyInformationalVersionAttribute>().InformationalVersion;
|
||||||
|
var statusStrip = new StatusStrip();
|
||||||
|
|
||||||
|
statusStrip.Dock = DockStyle.Bottom;
|
||||||
|
statusStrip.SizingGrip = false;
|
||||||
|
statusStrip.Items.Add($"SEB Information: Version {programVersion}, Build {programBuild}");
|
||||||
|
|
||||||
|
Controls.Add(statusStrip);
|
||||||
|
|
||||||
|
Height += statusStrip.Height;
|
||||||
|
}
|
||||||
|
|
||||||
// *************************************************
|
// *************************************************
|
||||||
// Open the configuration file and read the settings
|
// Open the configuration file and read the settings
|
||||||
|
@ -158,7 +174,8 @@ namespace SebWindowsConfig
|
||||||
}
|
}
|
||||||
SEBClientInfo.LoadingSettingsFileName = "";
|
SEBClientInfo.LoadingSettingsFileName = "";
|
||||||
|
|
||||||
if (!String.IsNullOrEmpty(filePassword)) {
|
if (!String.IsNullOrEmpty(filePassword))
|
||||||
|
{
|
||||||
// If we got the settings password because the user entered it when opening the .seb file,
|
// If we got the settings password because the user entered it when opening the .seb file,
|
||||||
// we store it in a local variable
|
// we store it in a local variable
|
||||||
settingsPassword = filePassword;
|
settingsPassword = filePassword;
|
||||||
|
@ -202,26 +219,26 @@ namespace SebWindowsConfig
|
||||||
|
|
||||||
private void CheckAndOptionallyRemoveDefaultProhibitedProcesses()
|
private void CheckAndOptionallyRemoveDefaultProhibitedProcesses()
|
||||||
{
|
{
|
||||||
if ((bool)SEBSettings.settingsCurrent[SEBSettings.KeyCreateNewDesktop])
|
//if ((bool) SEBSettings.settingsCurrent[SEBSettings.KeyCreateNewDesktop])
|
||||||
{
|
//{
|
||||||
if (SEBSettings.CheckForDefaultProhibitedProcesses(false))
|
// if (SEBSettings.CheckForDefaultProhibitedProcesses(false))
|
||||||
{
|
// {
|
||||||
var messageBoxResult = MessageBox.Show(
|
// var messageBoxResult = MessageBox.Show(
|
||||||
this,
|
// this,
|
||||||
"Settings contain at least one of the default prohibited processes (mostly web browsers), " +
|
// "Settings contain at least one of the default prohibited processes (mostly web browsers), " +
|
||||||
"which should not run when SEB is used with the Disable Explorer Shell kiosk mode. " +
|
// "which should not run when SEB is used with the Disable Explorer Shell kiosk mode. " +
|
||||||
"As your settings are not using Disable Explorer Shell, " +
|
// "As your settings are not using Disable Explorer Shell, " +
|
||||||
"do you want to remove those default prohibited processes from the configuration?",
|
// "do you want to remove those default prohibited processes from the configuration?",
|
||||||
"Default Prohibited Processes Found",
|
// "Default Prohibited Processes Found",
|
||||||
MessageBoxButtons.YesNo,
|
// MessageBoxButtons.YesNo,
|
||||||
MessageBoxIcon.Question);
|
// MessageBoxIcon.Question);
|
||||||
|
|
||||||
if (messageBoxResult == DialogResult.Yes)
|
// if (messageBoxResult == DialogResult.Yes)
|
||||||
{
|
// {
|
||||||
SEBSettings.CheckForDefaultProhibitedProcesses(true);
|
// SEBSettings.CheckForDefaultProhibitedProcesses(true);
|
||||||
}
|
// }
|
||||||
}
|
// }
|
||||||
}
|
//}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -690,7 +707,8 @@ namespace SebWindowsConfig
|
||||||
// For downwards compatibility of embedded SSL certs, if there is no data in the new data key certificateDataBase64
|
// For downwards compatibility of embedded SSL certs, if there is no data in the new data key certificateDataBase64
|
||||||
// we read data from the old data key certificateDataWin and save it to the new key.
|
// we read data from the old data key certificateDataWin and save it to the new key.
|
||||||
// Please note: The Browser Exam Key of these settings is changed by this
|
// Please note: The Browser Exam Key of these settings is changed by this
|
||||||
if (type == IntSSLClientCertificate && String.IsNullOrEmpty((String)SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64])) {
|
if (type == IntSSLClientCertificate && String.IsNullOrEmpty((String) SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64]))
|
||||||
|
{
|
||||||
String base64Data = (String) SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataWin];
|
String base64Data = (String) SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataWin];
|
||||||
SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64] = base64Data;
|
SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64] = base64Data;
|
||||||
}
|
}
|
||||||
|
@ -1383,7 +1401,8 @@ namespace SebWindowsConfig
|
||||||
// Save the new salt
|
// Save the new salt
|
||||||
SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt] = newExamKeySalt;
|
SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt] = newExamKeySalt;
|
||||||
}
|
}
|
||||||
if (fileDialogResult.Equals(DialogResult.OK)) {
|
if (fileDialogResult.Equals(DialogResult.OK))
|
||||||
|
{
|
||||||
if (!SaveConfigurationFileFromEditor(fileName))
|
if (!SaveConfigurationFileFromEditor(fileName))
|
||||||
{
|
{
|
||||||
MessageBox.Show(SEBUIStrings.savingSettingsFailedMessage, SEBUIStrings.savingSettingsFailed, MessageBoxButtons.OK, MessageBoxIcon.Error);
|
MessageBox.Show(SEBUIStrings.savingSettingsFailedMessage, SEBUIStrings.savingSettingsFailed, MessageBoxButtons.OK, MessageBoxIcon.Error);
|
||||||
|
|
|
@ -182,39 +182,39 @@ namespace SebWindowsConfig
|
||||||
// Strings for encryption identities (KeyChain, Certificate Store)
|
// Strings for encryption identities (KeyChain, Certificate Store)
|
||||||
//static ArrayList chooseIdentityStringArrayList = new ArrayList();
|
//static ArrayList chooseIdentityStringArrayList = new ArrayList();
|
||||||
//static String[] chooseIdentityStringArray = new String[1];
|
//static String[] chooseIdentityStringArray = new String[1];
|
||||||
static List<String> StringCryptoIdentity = new List<String>();
|
static readonly List<String> StringCryptoIdentity = new List<String>();
|
||||||
static ArrayList certificateReferences = new ArrayList();
|
static ArrayList certificateReferences = new ArrayList();
|
||||||
static ArrayList certificateSSLReferences = new ArrayList();
|
static ArrayList certificateSSLReferences = new ArrayList();
|
||||||
|
|
||||||
// Entries of ListBoxes
|
// Entries of ListBoxes
|
||||||
//static Byte[] ByteArrayExamKeySalt = new Byte[] {};
|
//static Byte[] ByteArrayExamKeySalt = new Byte[] {};
|
||||||
static String[] StringCryptoIdentityArray;
|
static String[] StringCryptoIdentityArray;
|
||||||
static String[] StringSebPurpose = new String[2];
|
static readonly String[] StringSebPurpose = new String[2];
|
||||||
static String[] StringSebMode = new String[2];
|
static readonly String[] StringSebMode = new String[2];
|
||||||
static String[] StringBrowserViewMode = new String[2];
|
static readonly String[] StringBrowserViewMode = new String[2];
|
||||||
static String[] StringWindowWidth = new String[5];
|
static readonly String[] StringWindowWidth = new String[5];
|
||||||
static String[] StringWindowHeight = new String[5];
|
static readonly String[] StringWindowHeight = new String[5];
|
||||||
static String[] StringWindowPositioning = new String[3];
|
static readonly String[] StringWindowPositioning = new String[3];
|
||||||
static String[] StringTaskBarHeight = new String[3];
|
static readonly String[] StringTaskBarHeight = new String[3];
|
||||||
static String[] StringPolicyLinkOpening = new String[3];
|
static readonly String[] StringPolicyLinkOpening = new String[3];
|
||||||
static String[] StringPolicyFileUpload = new String[3];
|
static readonly String[] StringPolicyFileUpload = new String[3];
|
||||||
static String[] StringPolicyProxySettings = new String[2];
|
static readonly String[] StringPolicyProxySettings = new String[2];
|
||||||
static String[] StringPolicySebService = new String[3];
|
static readonly String[] StringPolicySebService = new String[3];
|
||||||
static String[] StringFunctionKey = new String[12];
|
static readonly String[] StringFunctionKey = new String[12];
|
||||||
static String[] StringActive = new String[2];
|
static readonly String[] StringActive = new String[2];
|
||||||
static String[] StringOS = new String[2];
|
static readonly String[] StringOS = new String[2];
|
||||||
static String[] StringAction = new String[5];
|
static readonly String[] StringAction = new String[5];
|
||||||
static String[] StringCertificateType = new String[4];
|
static readonly String[] StringCertificateType = new String[4];
|
||||||
static String[] StringProxyProtocolTableCaption = new String[7];
|
static readonly String[] StringProxyProtocolTableCaption = new String[7];
|
||||||
static String[] StringProxyProtocolServerLabel = new String[7];
|
static readonly String[] StringProxyProtocolServerLabel = new String[7];
|
||||||
static Boolean[] BooleanProxyProtocolEnabled = new Boolean[7];
|
static readonly Boolean[] BooleanProxyProtocolEnabled = new Boolean[7];
|
||||||
|
|
||||||
static String[] KeyProxyProtocolType = new String[7];
|
static readonly String[] KeyProxyProtocolType = new String[7];
|
||||||
static String[] KeyProxyProtocolAttribute = new String[7];
|
static readonly String[] KeyProxyProtocolAttribute = new String[7];
|
||||||
static String[] KeyProxyProtocolEnable = new String[7];
|
static readonly String[] KeyProxyProtocolEnable = new String[7];
|
||||||
|
|
||||||
static String[] StringMinMacOSVersion = new String[11];
|
static readonly String[] StringMinMacOSVersion = new String[11];
|
||||||
static String[] StringAllowedDisplaysMaxNumber = new String[3];
|
static readonly String[] StringAllowedDisplaysMaxNumber = new String[3];
|
||||||
|
|
||||||
// ***********************
|
// ***********************
|
||||||
// Methods for GUI widgets
|
// Methods for GUI widgets
|
||||||
|
@ -397,6 +397,8 @@ namespace SebWindowsConfig
|
||||||
// *******************************************************
|
// *******************************************************
|
||||||
private void InitialiseGUIWidgets()
|
private void InitialiseGUIWidgets()
|
||||||
{
|
{
|
||||||
|
tabControlSebWindowsConfig.Dock = DockStyle.Fill;
|
||||||
|
|
||||||
// At program start, the local client settings configuration file is loaded
|
// At program start, the local client settings configuration file is loaded
|
||||||
currentDireSebConfigFile = SEBClientInfo.SebClientSettingsAppDataDirectory;
|
currentDireSebConfigFile = SEBClientInfo.SebClientSettingsAppDataDirectory;
|
||||||
currentFileSebConfigFile = SEBClientInfo.SEB_CLIENT_CONFIG;
|
currentFileSebConfigFile = SEBClientInfo.SEB_CLIENT_CONFIG;
|
||||||
|
|
|
@ -6,6 +6,7 @@ using System.Globalization;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Reflection;
|
using System.Reflection;
|
||||||
|
using System.Runtime.InteropServices;
|
||||||
using System.Security.Cryptography;
|
using System.Security.Cryptography;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
using System.Security.Cryptography.X509Certificates;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
@ -51,6 +52,13 @@ namespace SebWindowsConfig.Utilities
|
||||||
{
|
{
|
||||||
public class SEBProtectionController
|
public class SEBProtectionController
|
||||||
{
|
{
|
||||||
|
const string DLL_NAME =
|
||||||
|
#if X86
|
||||||
|
"seb_x86.dll";
|
||||||
|
#else
|
||||||
|
"seb_x64.dll";
|
||||||
|
#endif
|
||||||
|
|
||||||
// Prefix
|
// Prefix
|
||||||
private const int PREFIX_LENGTH = 4;
|
private const int PREFIX_LENGTH = 4;
|
||||||
private const string PUBLIC_KEY_HASH_MODE = "pkhs";
|
private const string PUBLIC_KEY_HASH_MODE = "pkhs";
|
||||||
|
@ -64,7 +72,7 @@ namespace SebWindowsConfig.Utilities
|
||||||
// RNCryptor non-secret payload (header)
|
// RNCryptor non-secret payload (header)
|
||||||
// First byte: Data format version. Currently 2.
|
// First byte: Data format version. Currently 2.
|
||||||
// Second byte: Options, bit 0 - uses password (so currently 1).
|
// Second byte: Options, bit 0 - uses password (so currently 1).
|
||||||
private static byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 };
|
private static readonly byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 };
|
||||||
|
|
||||||
enum EncryptionT
|
enum EncryptionT
|
||||||
{
|
{
|
||||||
|
@ -572,22 +580,72 @@ namespace SebWindowsConfig.Utilities
|
||||||
/// ----------------------------------------------------------------------------------------
|
/// ----------------------------------------------------------------------------------------
|
||||||
public static string ComputeBrowserExamKey()
|
public static string ComputeBrowserExamKey()
|
||||||
{
|
{
|
||||||
|
var browserExamKey = default(string);
|
||||||
|
var configurationKey = ComputeConfigurationKey();
|
||||||
var executable = Assembly.GetExecutingAssembly();
|
var executable = Assembly.GetExecutingAssembly();
|
||||||
var certificate = executable.Modules.First().GetSignerCertificate();
|
var certificate = executable.Modules.First().GetSignerCertificate();
|
||||||
var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
|
var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
|
||||||
var signature = certificate?.GetCertHashString();
|
var signature = certificate?.GetCertHashString();
|
||||||
var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
|
var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
|
||||||
var configurationKey = ComputeConfigurationKey();
|
|
||||||
|
Logger.AddInformation("Initializing browser exam key...");
|
||||||
|
|
||||||
|
if (configurationKey == default)
|
||||||
|
{
|
||||||
|
configurationKey = "";
|
||||||
|
Logger.AddWarning("The current configuration does not contain a value for the configuration key!");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (salt == default || salt.Length == 0)
|
||||||
|
{
|
||||||
|
salt = new byte[0];
|
||||||
|
Logger.AddWarning("The current configuration does not contain a salt value for the browser exam key!");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (TryCalculateBrowserExamKey(configurationKey, BitConverter.ToString(salt).ToLower().Replace("-", string.Empty), out browserExamKey))
|
||||||
|
{
|
||||||
|
Logger.AddInformation("Successfully calculated BEK using integrity module.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Logger.AddWarning("Failed to calculate BEK using integrity module! Falling back to simplified calculation...");
|
||||||
|
|
||||||
using (var algorithm = new HMACSHA256(salt))
|
using (var algorithm = new HMACSHA256(salt))
|
||||||
{
|
{
|
||||||
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
|
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
|
||||||
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
|
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
|
||||||
|
|
||||||
return key;
|
browserExamKey = key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return browserExamKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static bool TryCalculateBrowserExamKey(string configurationKey, string salt, out string browserExamKey)
|
||||||
|
{
|
||||||
|
browserExamKey = default;
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
browserExamKey = CalculateBrowserExamKey(configurationKey, salt);
|
||||||
|
}
|
||||||
|
catch (DllNotFoundException)
|
||||||
|
{
|
||||||
|
Logger.AddWarning("Integrity module is not available!");
|
||||||
|
}
|
||||||
|
catch (Exception e)
|
||||||
|
{
|
||||||
|
Logger.AddError("Unexpected error while attempting to calculate browser exam key!", default, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
return browserExamKey != default;
|
||||||
|
}
|
||||||
|
|
||||||
|
[DllImport(DLL_NAME, CallingConvention = CallingConvention.Cdecl)]
|
||||||
|
[return: MarshalAs(UnmanagedType.BStr)]
|
||||||
|
private static extern string CalculateBrowserExamKey(string configurationKey, string salt);
|
||||||
|
|
||||||
/// ----------------------------------------------------------------------------------------
|
/// ----------------------------------------------------------------------------------------
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Compute a Configuration Key SHA256 hash base16 string.
|
/// Compute a Configuration Key SHA256 hash base16 string.
|
||||||
|
|
Loading…
Add table
Reference in a new issue