[Freeipa-devel] [PATCH] jderose 013 Add secure session storage

Jason Gerard DeRose jderose at redhat.com
Tue Jul 28 20:06:27 UTC 2009


This patch adds code to securely store the ccache in an encrypted
session on the server (as previously discussed).  There are two things
we still need to decide:

  1. Where we store the Sqlite session table.  This can't be a random
temporary file because all the Apache processes must use the same file,
must know in advance.  There's no reason to write anything to a physical
disk, so I recommend we use something like /dev/shm/ipa-session.sqlite.
Whatever the default value, we'll make it configurable.

  2. Where we write the temporary clear-text ccache when resuming the
session.  We need to write the ccache to a temporary file just long
enough to bind to LDAP, after which we'll delete it.  This needs to be a
securely created, randomly named temporary file.  Using /tmp/ is fine,
but as with the session table, there's no reason to write anything to a
physical disk, so for performance it's far better if we write the ccache
to a memory-based file system like /dev/shm/.  I think creating a
directory like /dev/shm/ipa-tmp/ would be good, then we can write all
the ccache temp files in there.

There are a few features I left out of the Session class for now to make
it easier to review the basic implementation (and because these features
are trivial to add).  But on this list are:

  1. We should probably store the IP address that a session is started
from and only allow the session to be resumed from the same IP address.
My implementation certainly doesn't require this to be secure, but it
provides a bit of extra assurance that some may want (to the extend that
the IP address can be trusted, for which the prudent assumption is "not
at all").

  2. We should probably store the principal (extracted from the ccache)
in the session table.  My main reason for this is debugging, just so
it's easy to see what sessions exist and who has them.

I'm currently using python-crypto to do the encryption, but this might
change in the future.  Does anyone have an opinion as to whether NSS is
appropriate for doing purely symmetric crypto?  John mentioned that he
can add symmetric crypto to the python-nss bindings.

I'm also using SQLAlchemy to interact with Sqlite.  SQLAlchemy provides
solid protection against SQL injection (and is just a cool library), but
if people have a problem with this additional dependency, I can rework
it to run raw statements against the sqlite3 DB-API interface.

If anyone is missing these packages, just yum install python-crypto
python-sqlalchemy.  You may also need the python-sqlite package if
running under Pyhon2.4.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jderose-013-add-secure-session-storage.patch
Type: text/x-patch
Size: 19270 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090728/4162f9b1/attachment.bin>


More information about the Freeipa-devel mailing list