Mercurial Mercurial > mcabber-isbear-patches / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
guard-xmpp-password.diff
author Myhailo Danylenko <isbear@ukrpost.net>
Wed, 15 May 2013 13:07:05 +0300
changeset 85 93c3cc0d7891
parent 52 887f44e99aa1
child 87 78238d26911a
permissions -rw-r--r--
[refresh] Add round-high-priority.diff, refresh => API 41-42 * add round-high-priority.diff * refresh patches according to changes in upstream * API version bump - 41-42

Guard XMPP password with option guard

  * instead of filtering access to stored in public place
    restricted data, better store restricted data somewhere else
  * add xmpp_init() and xmpp_have_password (non-api)

diff -r ce54b748207b mcabber/mcabber/commands.c
--- a/mcabber/mcabber/commands.c	Thu Oct 18 13:43:12 2012 +0300
+++ b/mcabber/mcabber/commands.c	Thu Oct 18 13:43:18 2012 +0300
@@ -2274,10 +2274,8 @@
 
 static void list_option_cb(char *k, char *v, void *f)
 {
-  if (strcmp(k, "password")) {
-    GSList **list = f;
-    *list = g_slist_insert_sorted(*list, k, (GCompareFunc)strcmp);
-  }
+  GSList **list = f;
+  *list = g_slist_insert_sorted(*list, k, (GCompareFunc)strcmp);
 }
 
 static void do_set(char *arg)
diff -r ce54b748207b mcabber/mcabber/main.c
--- a/mcabber/mcabber/main.c	Thu Oct 18 13:43:12 2012 +0300
+++ b/mcabber/mcabber/main.c	Thu Oct 18 13:43:18 2012 +0300
@@ -381,6 +381,7 @@
   scr_init_locale_charset();
   ut_init_debug();
   help_init();
+  xmpp_init();
 
   /* Parsing config file... */
   ret = cfg_read_file(configFile, TRUE);
@@ -417,8 +418,9 @@
 
   /* If no password is stored, we ask for it before entering
      ncurses mode -- unless the username is unknown. */
-  if (settings_opt_get("jid") && !settings_opt_get("password")) {
+  if (settings_opt_get("jid") && !xmpp_have_password) {
     char *pwd = ask_password("your Jabber password");
+    /* Will be intercepted by guard */
     settings_set(SETTINGS_TYPE_OPTION, "password", pwd);
     g_free(pwd);
   }
diff -r ce54b748207b mcabber/mcabber/xmpp.c
--- a/mcabber/mcabber/xmpp.c	Thu Oct 18 13:43:12 2012 +0300
+++ b/mcabber/mcabber/xmpp.c	Thu Oct 18 13:43:18 2012 +0300
@@ -23,6 +23,8 @@
  */
 #include <stdlib.h>
 #include <string.h>
+#include <sys/mman.h>
+#include <errno.h>
 
 #include "xmpp.h"
 #include "xmpp_helper.h"
@@ -53,6 +55,9 @@
 static enum imstatus mywantedstatus = available;
 gchar *mystatusmsg;
 
+static char *xmpp_password = NULL;
+gboolean xmpp_have_password = FALSE;
+
 char imstatus2char[imstatus_size+1] = {
     '_', 'o', 'f', 'd', 'n', 'a', 'i', '\0'
 };
@@ -891,16 +896,15 @@
   GError *error = NULL;
 
   if (success) {
-    const char *password, *resource;
+    const char *resource;
     char *username;
     username   = jid_get_username(settings_opt_get("jid"));
-    password   = settings_opt_get("password");
     resource   = strchr(lm_connection_get_jid(connection),
                         JID_RESOURCE_SEPARATOR);
     if (resource)
       resource++;
 
-    if (!lm_connection_authenticate(lconnection, username, password, resource,
+    if (!lm_connection_authenticate(lconnection, username, xmpp_password, resource,
                                     connection_auth_cb, NULL, FALSE, &error)) {
       scr_LogPrint(LPRINT_LOGNORM, "Failed to authenticate: %s",
                    error->message);
@@ -1783,13 +1787,37 @@
   }
 }
 
+static gchar *xmpp_password_guard(const gchar *key, const gchar *new_value)
+{
+  if (xmpp_password) {
+    size_t len = strlen(xmpp_password);
+    memset(xmpp_password, '\0', len);
+    if (munlock(xmpp_password, len))
+      scr_LogPrint(LPRINT_DEBUG, "password guard: Cannot unlock memory: %s.",
+                   strerror(errno));
+    g_free(xmpp_password);
+  }
+  xmpp_password = g_strdup(new_value);
+  if (xmpp_password) {
+    if (mlock(xmpp_password, strlen(xmpp_password)))
+      scr_LogPrint(LPRINT_DEBUG, "password guard: Cannot lock memory: %s.",
+                   strerror(errno));
+    xmpp_have_password = TRUE;
+  }
+  return NULL;
+}
+
+void xmpp_init(void)
+{
+  settings_set_guard("password", xmpp_password_guard);
+}
 
 //  xmpp_connect()
 // Return a non-zero value if there's an obvious problem
 // (no JID, no password, etc.)
 gint xmpp_connect(void)
 {
-  const char *userjid, *password, *resource, *servername, *ssl_fpr;
+  const char *userjid, *resource, *servername, *ssl_fpr;
   char *dynresource = NULL;
   char fpr[16];
   const char *proxy_host;
@@ -1806,7 +1834,6 @@
 
   servername = settings_opt_get("server");
   userjid    = settings_opt_get("jid");
-  password   = settings_opt_get("password");
   resource   = settings_opt_get("resource");
   proxy_host = settings_opt_get("proxy_host");
   ssl_fpr    = settings_opt_get("ssl_fingerprint");
@@ -1815,7 +1842,7 @@
     scr_LogPrint(LPRINT_LOGNORM, "Your JID has not been specified!");
     return -1;
   }
-  if (!password) {
+  if (!xmpp_password) {
     scr_LogPrint(LPRINT_LOGNORM, "Your password has not been specified!");
     return -1;
   }
diff -r ce54b748207b mcabber/mcabber/xmpp.h
--- a/mcabber/mcabber/xmpp.h	Thu Oct 18 13:43:12 2012 +0300
+++ b/mcabber/mcabber/xmpp.h	Thu Oct 18 13:43:18 2012 +0300
@@ -33,7 +33,9 @@
 
 extern LmConnection* lconnection;
 extern LmSSL* lssl;
+extern gboolean xmpp_have_password; /* private */
 
+void xmpp_init(void); /* private */
 int  xmpp_connect(void);
 void xmpp_disconnect(void);
 gboolean xmpp_is_online(void);
mcabber-isbear-patches