[epiphany/gnome-3-22] form-auth: Store passwords for security origins, not hosts
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/gnome-3-22] form-auth: Store passwords for security origins, not hosts
- Date: Wed, 1 Feb 2017 21:28:52 +0000 (UTC)
commit ca63e0a9935d49c23039f9737908e5ffad3343b5
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Dec 29 19:33:48 2016 -0600
form-auth: Store passwords for security origins, not hosts
This prevents an active MITM attacker from enumerating all your saved
passwords. The attacker will now only be able to access passwords saved
on http:// sites. That's by design, though; users are now warned when
focusing insecure password forms and should think twice before saving
such passwords.
Unfortunately this does introduce a migration issue, in that no
previously-saved passwords will be available on https:// websites
anymore, and all previously-saved passwords will still be enumerable by
attackers. I'm not sure how to handle migration. We might be able to
handle it nicely by using the history service to guess whether a
password should be migrated from http:// to https://, but that is not a
simple project.
https://bugzilla.gnome.org/show_bug.cgi?id=752738
lib/ephy-form-auth-data.c | 34 +++++++++++++++-------------------
src/passwords-dialog.c | 24 ++++++++++++++----------
2 files changed, 29 insertions(+), 29 deletions(-)
---
diff --git a/lib/ephy-form-auth-data.c b/lib/ephy-form-auth-data.c
index 7985e31..1b8e90d 100644
--- a/lib/ephy-form-auth-data.c
+++ b/lib/ephy-form-auth-data.c
@@ -20,7 +20,7 @@
#include "config.h"
#include "ephy-form-auth-data.h"
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
#include <glib/gi18n.h>
#include <libsoup/soup.h>
@@ -47,12 +47,6 @@ normalize_and_prepare_uri (SoupURI *uri,
{
g_assert (uri != NULL);
- /* We normalize https? schemes here so that we use passwords
- * we stored in https sites in their http counterparts, and
- * vice-versa. */
- if (uri->scheme == SOUP_URI_SCHEME_HTTPS)
- soup_uri_set_scheme (uri, SOUP_URI_SCHEME_HTTP);
-
soup_uri_set_query (uri, NULL);
if (remove_path)
soup_uri_set_path (uri, "/");
@@ -132,14 +126,14 @@ ephy_form_auth_data_store (const char *uri,
form_password, username);
if (username != NULL) {
/* Translators: The first %s is the username and the second one is the
- * hostname where this is happening. Example: gnome gmail com and
- * mail.google.com.
+ * security origin where this is happening. Example: gnome gmail com and
+ * https://mail.google.com.
*/
label = g_strdup_printf (_("Password for %s in a form in %s"),
username, fake_uri_str);
} else {
- /* Translators: The first %s is the hostname where this is happening.
- * Example: mail.google.com.
+ /* Translators: The first %s is the security origin where this is happening.
+ * Example: https://mail.google.com.
*/
label = g_strdup_printf (_("Password in a form in %s"), fake_uri_str);
}
@@ -317,16 +311,18 @@ screcet_service_search_finished (SecretService *service,
for (p = results; p; p = p->next) {
SecretItem *item = (SecretItem *)p->data;
GHashTable *attributes;
- char *host;
+ char *origin;
attributes = secret_item_get_attributes (item);
- host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
- ephy_form_auth_data_cache_add (cache, host,
- g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
- g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
- g_hash_table_lookup (attributes, USERNAME_KEY));
-
- g_free (host);
+ origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+ if (origin != NULL) {
+ ephy_form_auth_data_cache_add (cache, origin,
+ g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
+ g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
+ g_hash_table_lookup (attributes, USERNAME_KEY));
+
+ g_free (origin);
+ }
g_hash_table_unref (attributes);
}
diff --git a/src/passwords-dialog.c b/src/passwords-dialog.c
index 649f043..ec71767 100644
--- a/src/passwords-dialog.c
+++ b/src/passwords-dialog.c
@@ -26,11 +26,11 @@
#include <libsecret/secret.h>
#include "ephy-form-auth-data.h"
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
#include "passwords-dialog.h"
typedef enum {
- COL_PASSWORDS_HOST,
+ COL_PASSWORDS_ORIGIN,
COL_PASSWORDS_USER,
COL_PASSWORDS_PASSWORD,
COL_PASSWORDS_INVISIBLE,
@@ -402,26 +402,30 @@ secrets_search_ready_cb (GObject *source_object,
GHashTable *attributes = NULL;
const char *username = NULL;
const char *password = NULL;
- char *host = NULL;
+ char *origin = NULL;
GtkTreeIter iter;
attributes = secret_item_get_attributes (item);
username = g_hash_table_lookup (attributes, USERNAME_KEY);
- host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
value = secret_item_get_secret (item);
password = secret_value_get (value, NULL);
+ origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+ if (origin == NULL) {
+ g_hash_table_unref (attributes);
+ continue;
+ }
gtk_list_store_insert_with_values (GTK_LIST_STORE (dialog->liststore),
&iter,
-1,
- COL_PASSWORDS_HOST, host,
+ COL_PASSWORDS_ORIGIN, origin,
COL_PASSWORDS_USER, username,
COL_PASSWORDS_PASSWORD, password,
COL_PASSWORDS_INVISIBLE, "●●●●●●●●",
COL_PASSWORDS_DATA, item,
-1);
- g_free (host);
+ g_free (origin);
g_hash_table_unref (attributes);
}
@@ -463,23 +467,23 @@ row_visible_func (GtkTreeModel *model,
EphyPasswordsDialog *dialog)
{
char *username;
- char *host;
+ char *origin;
gboolean visible = FALSE;
if (dialog->search_text == NULL)
return TRUE;
gtk_tree_model_get (model, iter,
- COL_PASSWORDS_HOST, &host,
+ COL_PASSWORDS_ORIGIN, &origin,
COL_PASSWORDS_USER, &username,
-1);
- if (host != NULL && g_strrstr (host, dialog->search_text) != NULL)
+ if (origin != NULL && g_strrstr (origin, dialog->search_text) != NULL)
visible = TRUE;
else if (username != NULL && g_strrstr (username, dialog->search_text) != NULL)
visible = TRUE;
- g_free (host);
+ g_free (origin);
g_free (username);
return visible;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
