[epiphany/gnome-3-18] form-auth: Store passwords for security origins, not hosts
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/gnome-3-18] form-auth: Store passwords for security origins, not hosts
- Date: Wed, 1 Feb 2017 21:45:02 +0000 (UTC)
commit 2961d01934176463520e539e68f63863ad2686cd
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Dec 29 19:33:48 2016 -0600
form-auth: Store passwords for security origins, not hosts
This prevents an active MITM attacker from enumerating all your saved
passwords. The attacker will now only be able to access passwords saved
on http:// sites. That's by design, though; users are now warned when
focusing insecure password forms and should think twice before saving
such passwords.
Unfortunately this does introduce a migration issue, in that no
previously-saved passwords will be available on https:// websites
anymore, and all previously-saved passwords will still be enumerable by
attackers. I'm not sure how to handle migration. We might be able to
handle it nicely by using the history service to guess whether a
password should be migrated from http:// to https://, but that is not a
simple project.
https://bugzilla.gnome.org/show_bug.cgi?id=752738
lib/ephy-form-auth-data.c | 34 +++++++++++++++-------------------
src/passwords-dialog.c | 24 ++++++++++++++----------
2 files changed, 29 insertions(+), 29 deletions(-)
---
diff --git a/lib/ephy-form-auth-data.c b/lib/ephy-form-auth-data.c
index 44d670e..51a1cb8 100644
--- a/lib/ephy-form-auth-data.c
+++ b/lib/ephy-form-auth-data.c
@@ -22,7 +22,7 @@
#include "config.h"
#include "ephy-form-auth-data.h"
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
#include <glib/gi18n.h>
#include <libsoup/soup.h>
@@ -49,12 +49,6 @@ normalize_and_prepare_uri (SoupURI *uri,
{
g_assert (uri != NULL);
- /* We normalize https? schemes here so that we use passwords
- * we stored in https sites in their http counterparts, and
- * vice-versa. */
- if (uri->scheme == SOUP_URI_SCHEME_HTTPS)
- soup_uri_set_scheme (uri, SOUP_URI_SCHEME_HTTP);
-
soup_uri_set_query (uri, NULL);
if (remove_path)
soup_uri_set_path (uri, "/");
@@ -134,14 +128,14 @@ ephy_form_auth_data_store (const char *uri,
form_password, username);
if (username != NULL) {
/* Translators: The first %s is the username and the second one is the
- * hostname where this is happening. Example: gnome gmail com and
- * mail.google.com.
+ * security origin where this is happening. Example: gnome gmail com and
+ * https://mail.google.com.
*/
label = g_strdup_printf (_("Password for %s in a form in %s"),
username, fake_uri_str);
} else {
- /* Translators: The first %s is the hostname where this is happening.
- * Example: mail.google.com.
+ /* Translators: The first %s is the security origin where this is happening.
+ * Example: https://mail.google.com.
*/
label = g_strdup_printf (_("Password in a form in %s"), fake_uri_str);
}
@@ -320,16 +314,18 @@ screcet_service_search_finished (SecretService *service,
for (p = results; p; p = p->next) {
SecretItem *item = (SecretItem *)p->data;
GHashTable *attributes;
- char *host;
+ char *origin;
attributes = secret_item_get_attributes (item);
- host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
- ephy_form_auth_data_cache_add (cache, host,
- g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
- g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
- g_hash_table_lookup (attributes, USERNAME_KEY));
-
- g_free (host);
+ origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+ if (origin != NULL) {
+ ephy_form_auth_data_cache_add (cache, origin,
+ g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
+ g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
+ g_hash_table_lookup (attributes, USERNAME_KEY));
+
+ g_free (origin);
+ }
g_hash_table_unref (attributes);
}
diff --git a/src/passwords-dialog.c b/src/passwords-dialog.c
index 5b6eee1..0ebd5b9 100644
--- a/src/passwords-dialog.c
+++ b/src/passwords-dialog.c
@@ -28,12 +28,12 @@
#include <libsecret/secret.h>
#include "ephy-form-auth-data.h"
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
#include "passwords-dialog.h"
typedef enum
{
- COL_PASSWORDS_HOST,
+ COL_PASSWORDS_ORIGIN,
COL_PASSWORDS_USER,
COL_PASSWORDS_PASSWORD,
COL_PASSWORDS_INVISIBLE,
@@ -435,26 +435,30 @@ secrets_search_ready_cb (GObject *source_object,
GHashTable *attributes = NULL;
const char *username = NULL;
const char *password = NULL;
- char *host = NULL;
+ char *origin = NULL;
GtkTreeIter iter;
attributes = secret_item_get_attributes (item);
username = g_hash_table_lookup (attributes, USERNAME_KEY);
- host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
value = secret_item_get_secret (item);
password = secret_value_get (value, NULL);
+ origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+ if (origin == NULL) {
+ g_hash_table_unref (attributes);
+ continue;
+ }
gtk_list_store_insert_with_values (GTK_LIST_STORE (dialog->priv->liststore),
&iter,
-1,
- COL_PASSWORDS_HOST, host,
+ COL_PASSWORDS_ORIGIN, origin,
COL_PASSWORDS_USER, username,
COL_PASSWORDS_PASSWORD, password,
COL_PASSWORDS_INVISIBLE, "●●●●●●●●",
COL_PASSWORDS_DATA, item,
-1);
- g_free (host);
+ g_free (origin);
g_hash_table_unref (attributes);
}
@@ -496,23 +500,23 @@ row_visible_func (GtkTreeModel *model,
PasswordsDialog *dialog)
{
char *username;
- char *host;
+ char *origin;
gboolean visible = FALSE;
if (dialog->priv->search_text == NULL)
return TRUE;
gtk_tree_model_get (model, iter,
- COL_PASSWORDS_HOST, &host,
+ COL_PASSWORDS_ORIGIN, &origin,
COL_PASSWORDS_USER, &username,
-1);
- if (host != NULL && g_strrstr (host, dialog->priv->search_text) != NULL)
+ if (origin != NULL && g_strrstr (origin, dialog->priv->search_text) != NULL)
visible = TRUE;
else if (username != NULL && g_strrstr (username, dialog->priv->search_text) != NULL)
visible = TRUE;
- g_free (host);
+ g_free (origin);
g_free (username);
return visible;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
