Browse Source

Deprecate the lock command

There are two points here: first that bcrypt is not particularly secure and second the deleting of plaintext files was not particularly secure either. A better way needs to be found for securing the database.
Bob Mottram 4 years ago
parent
commit
8221125723
8 changed files with 8 additions and 192 deletions
  1. 4 29
      README.md
  2. BIN
      man/fin.1.gz
  3. 4 42
      src/database.c
  4. 0 74
      src/lock.c
  5. 0 27
      src/lock.h
  6. 0 13
      src/main.c
  7. 0 6
      src/parse.c
  8. 0 1
      src/parse.h

+ 4 - 29
README.md

@@ -13,7 +13,7 @@ You can compile from source as follows:
 on Debian, Ubuntu or Linux Mint:
 
     sudo apt-get install build-essential
-    sudo apt-get install libsqlite3-dev bcrypt gnuplot
+    sudo apt-get install libsqlite3-dev gnuplot
     make
     sudo make install
 
@@ -26,7 +26,7 @@ or on Arch/Parabola:
 or on Fedora:
 
     sudo yum groupinstall "Development Tools"
-    sudo yum install rpmdevtools sqlite-devel bcrypt gnuplot
+    sudo yum install rpmdevtools sqlite-devel gnuplot
     make
     sudo make install
 
@@ -37,17 +37,7 @@ or on OpenSUSE:
     make
     sudo make install
 
-You will need to have the sqlite3 development package installed to be able to compile, and to get the full functionality you'll also need to have gnuplot and bcrypt installed.
-
-If bcrypt is unavailable as an installable package on your system:
-
-    mkdir ~/develop
-    cd ~/develop
-    wget http://bcrypt.sourceforge.net/bcrypt-1.1.tar.gz
-    tar xvzf bcrypt-1.1.tar.gz
-    cd bcrypt-1.1
-    make
-    sudo make install
+You will need to have the sqlite3 development package installed to be able to compile, and to get the full functionality you'll also need to have gnuplot installed.
 
 
 Language
@@ -571,17 +561,6 @@ This information can subsequently be exported as part of a search:
     fin find "*" year 2011 kml <filename>
 
 
-Security
-========
-
-Ordinarily the "data at rest" within the ~/.fin directory is not encrypted.  Since financial data may often be confidential there is an easy way to encrypt the data when you're not using it.
-
-    fin lock
-
-
-You will be prompted to enter a password, then the files will be encrypted.  The next time you run fin you will then be prompted for the password.
-
-
 Backup and Restore
 ==================
 
@@ -589,11 +568,7 @@ If you wish to make a backup of your data.
 
     fin backup <filename>
 
-This will compress the contents of the ~/.fin directory into a file with the given name.  An important point here is that the backup file which is created is not encrypted, and so the data could potentially be read by anyone.  If you need more security for the "data at rest" then append the lock command:
-
-    fin backup <filename> lock
-
-The lock command will cause the system to ask for a password and then encrypt the backup file.
+This will compress the contents of the ~/.fin directory into a file with the given name.
 
 To subsequently restore from a backup:
 

BIN
man/fin.1.gz


+ 4 - 42
src/database.c

@@ -117,52 +117,14 @@ int database_restore(char * backup_filename)
 {
     char directory[STRING_BLOCK];
     char command[STRING_BLOCK];
-    int len = strlen(backup_filename);
-    int unlocked = 0;
-    char temp_filename[STRING_BLOCK];
 
-    if (file_exists(backup_filename)==0) {
-        /* file was not found */
+    if (file_exists(backup_filename) == 0)
         return -1;
-    }
-
-    if (len > 4) {
-        if ((backup_filename[len-1]=='e') &&
-            (backup_filename[len-2]=='f') &&
-            (backup_filename[len-3]=='b') &&
-            (backup_filename[len-4]=='.')) {
-
-            /* copy the backup file to a temporary file */
-            sprintf(temp_filename, "%s",
-                    "temp_fin_backup.bfe");
-            sprintf(command, "cp %s %s",
-                    backup_filename, temp_filename);
-            len = system(command);
-
-            /* unlock */
-            sprintf(command, "bcrypt %s", temp_filename);
-            len = system(command);
-            temp_filename[strlen(temp_filename)-4] = 0;
-            unlocked = 1;
-        }
-    }
 
     database_directory(directory);
-    if (unlocked == 0) {
-        sprintf(command, "tar -C %s -zxpf %s",
-                directory, backup_filename);
-        len = system(command);
-    }
-    else {
-        sprintf(command, "tar -C %s -zxpf %s",
-                directory, temp_filename);
-        len = system(command);
-
-        /* delete the unencrypted file */
-        sprintf(command, "shred -u %s",
-                temp_filename);
-        len = system(command);
-    }
+    sprintf(command, "tar -C %s -zxpf %s",
+            directory, backup_filename);
+    system(command);
     return 1;
 }
 

+ 0 - 74
src/lock.c

@@ -1,74 +0,0 @@
-/*
-  Fin - a simple personal accounts manager
-  Copyright (C) 2012-2015  Bob Mottram <bob@robotics.uk.to>
-
-  This program is free software: you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as published by
-  the Free Software Foundation, either version 3 of the License, or
-  (at your option) any later version.
-
-  This program is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU General Public License for more details.
-
-  You should have received a copy of the GNU General Public License
-  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "lock.h"
-
-int is_locked(char * directory)
-{
-    FILE * fp;
-    char filename[STRING_BLOCK];
-    int locked = 0;
-
-    sprintf((char*)filename,"%s/settings.txt.bfe",directory);
-    fp = fopen(filename,"r");
-    if (fp!=0) {
-        locked = 1;
-        fclose(fp);
-    }
-
-    if (locked==0) {
-        sprintf((char*)filename,"%s/current.sqlite3.bfe",directory);
-        fp = fopen(filename,"r");
-        if (fp!=0) {
-            locked = 1;
-            fclose(fp);
-        }
-    }
-
-    return locked;
-}
-
-int lock()
-{
-    char directory[STRING_BLOCK];
-    char command[STRING_BLOCK];
-    int retval=0;
-
-    database_directory(directory);
-
-    if (is_locked(directory)==0) {
-        sprintf((char*)command,"bcrypt %s/*", directory);
-        retval = system(command);
-    }
-    return retval;
-}
-
-int unlock()
-{
-    char directory[STRING_BLOCK];
-    char command[STRING_BLOCK];
-
-    database_directory(directory);
-    if (is_locked(directory)!=0) {
-        sprintf((char*)command,"bcrypt %s/*.bfe", directory);
-        if (system(command)!=0) {
-            printf("Command failed\n");
-        }
-    }
-    return is_locked(directory);
-}

+ 0 - 27
src/lock.h

@@ -1,27 +0,0 @@
-/*
-    Fin - a simple personal accounts manager
-    Copyright (C) 2012-2015  Bob Mottram <bob@robotics.uk.to>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef LOCK_H
-#define LOCK_H
-
-#include "database.h"
-
-int lock();
-int unlock();
-
-#endif

+ 0 - 13
src/main.c

@@ -35,7 +35,6 @@
 #include "search.h"
 #include "transfer.h"
 #include "edit.h"
-#include "lock.h"
 #include "piechart.h"
 #include "narrator.h"
 #include "accounts.h"
@@ -144,10 +143,6 @@ int main(int argc, char* argv[])
     struct tm *d;
     int distribution[DISTRIBUTION_SIZE];
 
-    if (unlock()!=0) {
-        return 0;
-    }
-
     timestr[0]=0;
 
     set_language(ENGLISH_UK);
@@ -498,14 +493,6 @@ int main(int argc, char* argv[])
             printf("Failed to undo %s\n", result);
     }
 
-    /* lock */
-    result = get_lock(no_of_fields, (char*)fieldname, (char*)value);
-    if ((result!=0) && (command_run==0) && (backup_filename == 0)) {
-        command_run=1;
-        lock();
-        return 1;
-    }
-
     /* backup */
     if (backup_filename != 0) {
         if (strlen(backup_filename) > 0) {

+ 0 - 6
src/parse.c

@@ -554,12 +554,6 @@ char * get_to(int no_of_fields, char* fieldname, char* value)
     return result;
 }
 
-char * get_lock(int no_of_fields, char* fieldname, char* value)
-{
-    char * result = get_field(LOCK, no_of_fields, fieldname, value);
-    return result;
-}
-
 char * get_backup(int no_of_fields, char* fieldname, char* value)
 {
     char * result = get_field(BACKUP, no_of_fields, fieldname, value);

+ 0 - 1
src/parse.h

@@ -90,7 +90,6 @@ char * get_language(int no_of_fields, char* fieldname, char* value);
 char * get_kml(int no_of_fields, char* fieldname, char* value);
 char * get_help(int no_of_fields, char* fieldname, char* value);
 char * get_version(int no_of_fields, char* fieldname, char* value);
-char * get_lock(int no_of_fields, char* fieldname, char* value);
 char * get_title(int no_of_fields, char* fieldname, char* value);
 char * get_username(int no_of_fields, char* fieldname, char* value);
 char * get_piechart(int no_of_fields, char* fieldname, char* value);