[epiphany/wip/security-origins: 7/8] form-auth: Store passwords for security origins, not hosts



commit 74edaf269ad87bf5482a13764bc4b941d8167e1b
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Thu Dec 29 19:33:48 2016 -0600

    form-auth: Store passwords for security origins, not hosts
    
    This prevents an active MITM attacker from enumerating all your saved
    passwords. The attacker will now only be able to access passwords saved
    on http:// sites. That's by design, though; users are now warned when
    focusing insecure password forms and should think twice before saving
    such passwords.
    
    Unfortunately this does introduce a migration issue, in that no
    previously-saved passwords will be available on https:// websites
    anymore, and all previously-saved passwords will still be enumerable by
    attackers. I'm not sure how to handle migration. We might be able to
    handle it nicely by using the history service to guess whether a
    password should be migrated from http:// to https://, but that is not a
    simple project.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=752738

 lib/ephy-form-auth-data.c |   34 +++++++++++++++-------------------
 src/passwords-dialog.c    |   24 ++++++++++++++----------
 2 files changed, 29 insertions(+), 29 deletions(-)
---
diff --git a/lib/ephy-form-auth-data.c b/lib/ephy-form-auth-data.c
index 6896016..c0c245d 100644
--- a/lib/ephy-form-auth-data.c
+++ b/lib/ephy-form-auth-data.c
@@ -21,7 +21,7 @@
 #include "config.h"
 #include "ephy-form-auth-data.h"
 
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
 
 #include <glib/gi18n.h>
 #include <libsoup/soup.h>
@@ -48,12 +48,6 @@ normalize_and_prepare_uri (SoupURI *uri,
 {
   g_assert (uri != NULL);
 
-  /* We normalize https? schemes here so that we use passwords
-   * we stored in https sites in their http counterparts, and
-   * vice-versa. */
-  if (uri->scheme == SOUP_URI_SCHEME_HTTPS)
-    soup_uri_set_scheme (uri, SOUP_URI_SCHEME_HTTP);
-
   soup_uri_set_query (uri, NULL);
   if (remove_path)
     soup_uri_set_path (uri, "/");
@@ -132,14 +126,14 @@ ephy_form_auth_data_store (const char         *uri,
                                                                 form_password, username);
   if (username != NULL) {
     /* Translators: The first %s is the username and the second one is the
-     * hostname where this is happening. Example: gnome gmail com and
-     * mail.google.com.
+     * security origin where this is happening. Example: gnome gmail com and
+     * https://mail.google.com.
      */
     label = g_strdup_printf (_("Password for %s in a form in %s"),
                              username, fake_uri_str);
   } else {
-    /* Translators: The first %s is the hostname where this is happening.
-     * Example: mail.google.com.
+    /* Translators: The first %s is the security origin where this is happening.
+     * Example: https://mail.google.com.
      */
     label = g_strdup_printf (_("Password in a form in %s"), fake_uri_str);
   }
@@ -316,16 +310,18 @@ screcet_service_search_finished (SecretService         *service,
   for (p = results; p; p = p->next) {
     SecretItem *item = (SecretItem *)p->data;
     GHashTable *attributes;
-    char *host;
+    char *origin;
 
     attributes = secret_item_get_attributes (item);
-    host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
-    ephy_form_auth_data_cache_add (cache, host,
-                                   g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
-                                   g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
-                                   g_hash_table_lookup (attributes, USERNAME_KEY));
-
-    g_free (host);
+    origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+    if (origin != NULL) {
+      ephy_form_auth_data_cache_add (cache, origin,
+                                     g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
+                                     g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
+                                     g_hash_table_lookup (attributes, USERNAME_KEY));
+
+      g_free (origin);
+    }
     g_hash_table_unref (attributes);
   }
 
diff --git a/src/passwords-dialog.c b/src/passwords-dialog.c
index 755f515..76dd725 100644
--- a/src/passwords-dialog.c
+++ b/src/passwords-dialog.c
@@ -28,11 +28,11 @@
 #include <libsecret/secret.h>
 
 #include "ephy-form-auth-data.h"
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
 #include "passwords-dialog.h"
 
 typedef enum {
-  COL_PASSWORDS_HOST,
+  COL_PASSWORDS_ORIGIN,
   COL_PASSWORDS_USER,
   COL_PASSWORDS_PASSWORD,
   COL_PASSWORDS_INVISIBLE,
@@ -404,26 +404,30 @@ secrets_search_ready_cb (GObject             *source_object,
     GHashTable *attributes = NULL;
     const char *username = NULL;
     const char *password = NULL;
-    char *host = NULL;
+    char *origin = NULL;
     GtkTreeIter iter;
 
     attributes = secret_item_get_attributes (item);
     username = g_hash_table_lookup (attributes, USERNAME_KEY);
-    host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
     value = secret_item_get_secret (item);
     password = secret_value_get (value, NULL);
+    origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+    if (origin == NULL) {
+      g_hash_table_unref (attributes);
+      continue;
+    }
 
     gtk_list_store_insert_with_values (GTK_LIST_STORE (dialog->liststore),
                                        &iter,
                                        -1,
-                                       COL_PASSWORDS_HOST, host,
+                                       COL_PASSWORDS_ORIGIN, origin,
                                        COL_PASSWORDS_USER, username,
                                        COL_PASSWORDS_PASSWORD, password,
                                        COL_PASSWORDS_INVISIBLE, "●●●●●●●●",
                                        COL_PASSWORDS_DATA, item,
                                        -1);
 
-    g_free (host);
+    g_free (origin);
     g_hash_table_unref (attributes);
   }
 
@@ -465,23 +469,23 @@ row_visible_func (GtkTreeModel        *model,
                   EphyPasswordsDialog *dialog)
 {
   char *username;
-  char *host;
+  char *origin;
   gboolean visible = FALSE;
 
   if (dialog->search_text == NULL)
     return TRUE;
 
   gtk_tree_model_get (model, iter,
-                      COL_PASSWORDS_HOST, &host,
+                      COL_PASSWORDS_ORIGIN, &origin,
                       COL_PASSWORDS_USER, &username,
                       -1);
 
-  if (host != NULL && g_strrstr (host, dialog->search_text) != NULL)
+  if (origin != NULL && g_strrstr (origin, dialog->search_text) != NULL)
     visible = TRUE;
   else if (username != NULL && g_strrstr (username, dialog->search_text) != NULL)
     visible = TRUE;
 
-  g_free (host);
+  g_free (origin);
   g_free (username);
 
   return visible;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]