[epiphany/wip/form-auth-problem: 1/3] form-auth: Store passwords for security origins, not hosts
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/wip/form-auth-problem: 1/3] form-auth: Store passwords for security origins, not hosts
- Date: Mon, 30 Jan 2017 05:27:15 +0000 (UTC)
commit e59055d7a51197202eef711d91fed73bcb78ff75
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Dec 29 19:33:48 2016 -0600
form-auth: Store passwords for security origins, not hosts
This prevents an active MITM attacker from enumerating all your saved
passwords. The attacker will now only be able to access passwords saved
on http:// sites. That's by design, though; users are now warned when
focusing insecure password forms and should think twice before saving
such passwords.
Unfortunately this does introduce a migration issue, in that no
previously-saved passwords will be available on https:// websites
anymore, and all previously-saved passwords will still be enumerable by
attackers. I'm not sure how to handle migration. We might be able to
handle it nicely by using the history service to guess whether a
password should be migrated from http:// to https://, but that is not a
simple project.
https://bugzilla.gnome.org/show_bug.cgi?id=752738
lib/ephy-form-auth-data.c | 34 +++++++++++++++-------------------
src/passwords-dialog.c | 24 ++++++++++++++----------
2 files changed, 29 insertions(+), 29 deletions(-)
---
diff --git a/lib/ephy-form-auth-data.c b/lib/ephy-form-auth-data.c
index 6896016..c0c245d 100644
--- a/lib/ephy-form-auth-data.c
+++ b/lib/ephy-form-auth-data.c
@@ -21,7 +21,7 @@
#include "config.h"
#include "ephy-form-auth-data.h"
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
#include <glib/gi18n.h>
#include <libsoup/soup.h>
@@ -48,12 +48,6 @@ normalize_and_prepare_uri (SoupURI *uri,
{
g_assert (uri != NULL);
- /* We normalize https? schemes here so that we use passwords
- * we stored in https sites in their http counterparts, and
- * vice-versa. */
- if (uri->scheme == SOUP_URI_SCHEME_HTTPS)
- soup_uri_set_scheme (uri, SOUP_URI_SCHEME_HTTP);
-
soup_uri_set_query (uri, NULL);
if (remove_path)
soup_uri_set_path (uri, "/");
@@ -132,14 +126,14 @@ ephy_form_auth_data_store (const char *uri,
form_password, username);
if (username != NULL) {
/* Translators: The first %s is the username and the second one is the
- * hostname where this is happening. Example: gnome gmail com and
- * mail.google.com.
+ * security origin where this is happening. Example: gnome gmail com and
+ * https://mail.google.com.
*/
label = g_strdup_printf (_("Password for %s in a form in %s"),
username, fake_uri_str);
} else {
- /* Translators: The first %s is the hostname where this is happening.
- * Example: mail.google.com.
+ /* Translators: The first %s is the security origin where this is happening.
+ * Example: https://mail.google.com.
*/
label = g_strdup_printf (_("Password in a form in %s"), fake_uri_str);
}
@@ -316,16 +310,18 @@ screcet_service_search_finished (SecretService *service,
for (p = results; p; p = p->next) {
SecretItem *item = (SecretItem *)p->data;
GHashTable *attributes;
- char *host;
+ char *origin;
attributes = secret_item_get_attributes (item);
- host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
- ephy_form_auth_data_cache_add (cache, host,
- g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
- g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
- g_hash_table_lookup (attributes, USERNAME_KEY));
-
- g_free (host);
+ origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+ if (origin != NULL) {
+ ephy_form_auth_data_cache_add (cache, origin,
+ g_hash_table_lookup (attributes, FORM_USERNAME_KEY),
+ g_hash_table_lookup (attributes, FORM_PASSWORD_KEY),
+ g_hash_table_lookup (attributes, USERNAME_KEY));
+
+ g_free (origin);
+ }
g_hash_table_unref (attributes);
}
diff --git a/src/passwords-dialog.c b/src/passwords-dialog.c
index 30c4253..fcdaafa 100644
--- a/src/passwords-dialog.c
+++ b/src/passwords-dialog.c
@@ -28,11 +28,11 @@
#include <libsecret/secret.h>
#include "ephy-form-auth-data.h"
-#include "ephy-string.h"
+#include "ephy-uri-helpers.h"
#include "passwords-dialog.h"
typedef enum {
- COL_PASSWORDS_HOST,
+ COL_PASSWORDS_ORIGIN,
COL_PASSWORDS_USER,
COL_PASSWORDS_PASSWORD,
COL_PASSWORDS_INVISIBLE,
@@ -404,26 +404,30 @@ secrets_search_ready_cb (GObject *source_object,
GHashTable *attributes = NULL;
const char *username = NULL;
const char *password = NULL;
- char *host = NULL;
+ char *origin = NULL;
GtkTreeIter iter;
attributes = secret_item_get_attributes (item);
username = g_hash_table_lookup (attributes, USERNAME_KEY);
- host = ephy_string_get_host_name (g_hash_table_lookup (attributes, URI_KEY));
value = secret_item_get_secret (item);
password = secret_value_get (value, NULL);
+ origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY));
+ if (origin == NULL) {
+ g_hash_table_unref (attributes);
+ continue;
+ }
gtk_list_store_insert_with_values (GTK_LIST_STORE (dialog->liststore),
&iter,
-1,
- COL_PASSWORDS_HOST, host,
+ COL_PASSWORDS_ORIGIN, origin,
COL_PASSWORDS_USER, username,
COL_PASSWORDS_PASSWORD, password,
COL_PASSWORDS_INVISIBLE, "●●●●●●●●",
COL_PASSWORDS_DATA, item,
-1);
- g_free (host);
+ g_free (origin);
g_hash_table_unref (attributes);
}
@@ -465,23 +469,23 @@ row_visible_func (GtkTreeModel *model,
EphyPasswordsDialog *dialog)
{
char *username;
- char *host;
+ char *origin;
gboolean visible = FALSE;
if (dialog->search_text == NULL)
return TRUE;
gtk_tree_model_get (model, iter,
- COL_PASSWORDS_HOST, &host,
+ COL_PASSWORDS_ORIGIN, &origin,
COL_PASSWORDS_USER, &username,
-1);
- if (host != NULL && g_strrstr (host, dialog->search_text) != NULL)
+ if (origin != NULL && g_strrstr (origin, dialog->search_text) != NULL)
visible = TRUE;
else if (username != NULL && g_strrstr (username, dialog->search_text) != NULL)
visible = TRUE;
- g_free (host);
+ g_free (origin);
g_free (username);
return visible;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
