[Nautilus-list] Re: [PATCH] hide some sensitive information

From: Miguel Rodríguez Pérez <migrax terra es>
To: nautilus-list lists eazel com
Subject: [Nautilus-list] Re: [PATCH] hide some sensitive information
Date: Fri, 22 Jun 2001 20:06:21 +0200

Miguel Rodríguez Pérez wrote:

This patch just prevents nautilus from saving the password in theURL's stores in ~/.nautilus/thumbnails.
(As always any badly written/expressed english is the soleresponsability of the mailer program).

Well, there was a bug in the code..., so here goes an updated patch(this one works).

(Learned lesson: never ever modify a patch after it is tested.)

Index: ChangeLog
===================================================================
RCS file: /cvs/gnome/nautilus/ChangeLog,v
retrieving revision 1.4660
diff -d -u -r1.4660 ChangeLog
--- ChangeLog	2001/06/18 19:36:24	1.4660
+++ ChangeLog	2001/06/22 17:57:57
@@ -1,3 +1,13 @@
+2001-06-20  Miguel Rodríguez Pérez  <migras atlas uvigo es>
+
+	* libnautilus-private/nautilus-thumbnails.c (obfuscate_password): 
+	New function to look for a password in una uri and change it
+	for 6 asterisks.
+	(make_thumbnail_uri): Call obfuscate_passwd before generating the
+	final uri.
+	This prevents the password to be saved in cleartext in 
+	~/.nautilus/thumbnails if the user accesses some remote server.
+
 2001-06-18  Ramiro Estrugo  <ramiro fateware com>
 
 	* nautilus.spec.in:
Index: libnautilus-private/nautilus-thumbnails.c
===================================================================
RCS file: /cvs/gnome/nautilus/libnautilus-private/nautilus-thumbnails.c,v
retrieving revision 1.22
diff -d -u -r1.22 nautilus-thumbnails.c
--- libnautilus-private/nautilus-thumbnails.c	2001/06/06 19:01:15	1.22
+++ libnautilus-private/nautilus-thumbnails.c	2001/06/22 17:58:28
@@ -121,6 +121,33 @@
 	return !uri_is_local (image_uri);
 }
 
+/* this functions looks for a password in a uri and changes it for 6 '*' */
+
+static char *
+obfuscate_password (const char *escaped_uri)
+{
+	const char *passwd_start, *passwd_end;
+        char *new_uri, *new_uri_temp;
+
+	passwd_start = strchr (escaped_uri, ':');
+	g_assert (passwd_start != NULL);
+	passwd_start = strchr (passwd_start + 1, ':'); /* The fisrt ':' is for the protocol */
+	if (passwd_start == NULL) { /* There's no password */
+		return g_strdup (escaped_uri);
+	}
+	passwd_end = strchr (passwd_start, '@');
+
+	/* This URL has no valid password */
+	if (passwd_end == NULL || passwd_start == NULL || passwd_end <= passwd_start) {
+		return g_strdup (escaped_uri);
+	} else {
+		new_uri_temp = g_strndup (escaped_uri, passwd_start - escaped_uri);
+		new_uri = g_strdup_printf ("%s:******%s", new_uri_temp, passwd_end);
+		g_free (new_uri_temp);
+		return new_uri;
+	}
+}
+
 /* utility routine that, given the uri of an image, constructs the uri to the corresponding thumbnail */
 
 static char *
@@ -148,11 +175,13 @@
 		GnomeVFSResult result;
 		GnomeVFSURI *thumbnail_directory_uri;
 	        	
-		char *escaped_uri = gnome_vfs_escape_slashes (directory_name);		
-		thumbnail_path = g_strdup_printf ("%s/.nautilus/thumbnails/%s", g_get_home_dir(), escaped_uri);
+		char *escaped_uri = gnome_vfs_escape_slashes (directory_name);
+		char *protected_uri = obfuscate_password (escaped_uri);
+		g_free (escaped_uri);
+		thumbnail_path = g_strdup_printf ("%s/.nautilus/thumbnails/%s", g_get_home_dir(), protected_uri);
 		thumbnail_uri = gnome_vfs_get_uri_from_local_path (thumbnail_path);
 		g_free (thumbnail_path);
-		g_free(escaped_uri);
+		g_free (protected_uri);
 		
 		/* we must create the directory if it doesn't exist */

Follow-Ups:
- Re: [Nautilus-list] Re: [PATCH] hide some sensitive information
  - From: Ramiro Estrugo
- Re: [Nautilus-list] Re: [PATCH] hide some sensitive information
  - From: Ramiro Estrugo

References:
- [Nautilus-list] [PATCH hide some sensitive information
  - From: Miguel Rodríguez Pérez

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]