summaryrefslogtreecommitdiff
path: root/plugins/Dbx_sqlite/src
diff options
context:
space:
mode:
authorGeorge Hazan <ghazan@miranda.im>2021-04-02 12:51:58 +0300
committerGeorge Hazan <ghazan@miranda.im>2021-04-02 12:51:58 +0300
commitddb0257fa84d916858009633ff91daf8d2578fd9 (patch)
tree9d0aaae82cd966264e4d32954e73873c095362fe /plugins/Dbx_sqlite/src
parent386ac322e5b1047842a7cbd4b4ff1b5602e8d796 (diff)
fixes #2826 (Dbx_sqlite: strings are not encrypted in full mode)
Diffstat (limited to 'plugins/Dbx_sqlite/src')
-rw-r--r--plugins/Dbx_sqlite/src/dbcrypt.cpp51
1 files changed, 46 insertions, 5 deletions
diff --git a/plugins/Dbx_sqlite/src/dbcrypt.cpp b/plugins/Dbx_sqlite/src/dbcrypt.cpp
index 47a8449381..e10b0d1be3 100644
--- a/plugins/Dbx_sqlite/src/dbcrypt.cpp
+++ b/plugins/Dbx_sqlite/src/dbcrypt.cpp
@@ -9,6 +9,7 @@ enum
SQL_CRYPT_GET_KEY,
SQL_CRYPT_SET_KEY,
SQL_CRYPT_ENCRYPT,
+ SQL_CRYPT_ENCRYPT2,
};
static CQuery crypto_stmts[] =
@@ -20,6 +21,7 @@ static CQuery crypto_stmts[] =
{ "SELECT data FROM crypto WHERE id=3;" }, // SQL_CRYPT_GET_KEY
{ "REPLACE INTO crypto VALUES(3, ?);" }, // SQL_CRYPT_SET_KEY
{ "UPDATE events SET flags=?, data=? WHERE id=?;"}, // SQL_CRYPT_ENCRYPT
+ { "UPDATE settings SET type=?, value=? WHERE contact_id=? AND module=? AND setting=?;"}, // SQL_CRYPT_ENCRYPT2
};
static char szCreateQuery[] =
@@ -128,18 +130,20 @@ STDMETHODIMP_(BOOL) CDbxSQLite::StoreProvider(CRYPTO_PROVIDER *pProvider)
/////////////////////////////////////////////////////////////////////////////////////////
// Toggles full/partial encryption mode
-STDMETHODIMP_(BOOL) CDbxSQLite::EnableEncryption(BOOL bEncrypted)
+STDMETHODIMP_(BOOL) CDbxSQLite::EnableEncryption(BOOL bEncrypt)
{
- if (m_bEncrypted == (bEncrypted != 0))
+ if (m_bEncrypted == (bEncrypt != 0))
return TRUE;
mir_cslock lock(m_csDbAccess);
+
+ // encrypt all histories
sqlite3_stmt *stmt = nullptr;
int rc = sqlite3_prepare_v2(m_db, "SELECT id, flags, data FROM events;", -1, &stmt, 0);
logError(rc, __FILE__, __LINE__);
while (sqlite3_step(stmt) == SQLITE_ROW) {
int dwFlags = sqlite3_column_int(stmt, 1);
- if (((dwFlags & DBEF_ENCRYPTED) != 0) == bEncrypted)
+ if (((dwFlags & DBEF_ENCRYPTED) != 0) == bEncrypt)
continue;
int id = sqlite3_column_int(stmt, 0);
@@ -167,14 +171,51 @@ STDMETHODIMP_(BOOL) CDbxSQLite::EnableEncryption(BOOL bEncrypted)
sqlite3_reset(upd);
}
sqlite3_finalize(stmt);
+ DBFlush(true);
+
+ // if database is encrypted, decrypt all settings with type = DBVT_ENCRYPTED
+ CMStringA query(FORMAT, "SELECT contact_id, module, setting, value FROM settings WHERE type=%d", (bEncrypt) ? DBVT_UTF8 : DBVT_ENCRYPTED);
+ rc = sqlite3_prepare_v2(m_db, query, -1, &stmt, 0);
+ logError(rc, __FILE__, __LINE__);
+ while (sqlite3_step(stmt) == SQLITE_ROW) {
+ int hContact = sqlite3_column_int(stmt, 0);
+ auto *pszModule = (char *)sqlite3_column_text(stmt, 1);
+ auto *pszSetting = (char *)sqlite3_column_text(stmt, 2);
+
+ // all passwords etc should remain encrypted
+ if (!bEncrypt && IsSettingEncrypted(pszModule, pszSetting))
+ continue;
+
+ sqlite3_stmt *upd = crypto_stmts[SQL_CRYPT_ENCRYPT2].pQuery;
+ sqlite3_bind_int(upd, 1, (bEncrypt) ? DBVT_ENCRYPTED : DBVT_UTF8);
+
+ size_t resultLen;
+ mir_ptr<BYTE> pBuf;
+ if (bEncrypt) {
+ pBuf = m_crypto->encodeString((char*)sqlite3_column_text(stmt, 3), &resultLen);
+ sqlite3_bind_blob(upd, 2, pBuf, (int)resultLen, 0);
+ }
+ else {
+ pBuf = (BYTE *)m_crypto->decodeString(sqlite3_column_text(stmt, 3), sqlite3_column_bytes(stmt, 3), &resultLen);
+ sqlite3_bind_text(upd, 2, (char*)pBuf.get(), (int)resultLen, 0);
+ }
+
+ sqlite3_bind_int(upd, 3, hContact);
+ sqlite3_bind_text(upd, 4, pszModule, (int)strlen(pszModule), 0);
+ sqlite3_bind_text(upd, 5, pszSetting, (int)strlen(pszSetting), 0);
+ rc = sqlite3_step(upd);
+ logError(rc, __FILE__, __LINE__);
+ sqlite3_reset(upd);
+ }
// Finally update flag
stmt = crypto_stmts[SQL_CRYPT_SET_MODE].pQuery;
- sqlite3_bind_int(stmt, 1, bEncrypted);
+ sqlite3_bind_int(stmt, 1, bEncrypt);
rc = sqlite3_step(stmt);
logError(rc, __FILE__, __LINE__);
sqlite3_reset(stmt);
+ DBFlush(true);
- m_bEncrypted = bEncrypted;
+ m_bEncrypted = bEncrypt;
return TRUE;
}