aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am16
-rw-r--r--src/ephy-nss-glue.c259
-rw-r--r--src/ephy-nss-glue.h29
-rw-r--r--src/ephy-profile-migration.c262
4 files changed, 563 insertions, 3 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 330326648..492a7688c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -140,6 +140,18 @@ libephymain_la_SOURCES += \
libephymain_la_CFLAGS += $(SEED_CFLAGS)
endif # ENABLE_SEED
+if ENABLE_NSS
+NOINST_H_FILES += \
+ ephy-nss-glue.h \
+ $(NULL)
+
+libephymain_la_SOURCES += \
+ ephy-nss-glue.c
+ $(NULL)
+
+libephymain_la_CFLAGS += $(NSS_CFLAGS)
+endif # ENABLE_NSS
+
epiphany_SOURCES = ephy-main.c
epiphany_CPPFLAGS = \
@@ -181,6 +193,10 @@ if ENABLE_SEED
epiphany_LDADD += $(SEED_LIBS)
endif # ENABLE_SEED
+if ENABLE_NSS
+epiphany_LDADD += $(NSS_LIBS)
+endif # ENABLE_NSS
+
if ENABLE_NETWORK_MANAGER
epiphany_LDADD += \
$(NETWORK_MANAGER_LIBS)
diff --git a/src/ephy-nss-glue.c b/src/ephy-nss-glue.c
new file mode 100644
index 000000000..a5f58cc06
--- /dev/null
+++ b/src/ephy-nss-glue.c
@@ -0,0 +1,259 @@
+/*
+ * Copyright © 2009 Igalia S.L.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ */
+
+/* Portions of this file based on Chromium code.
+ * License block as follows:
+ *
+ * Copyright (c) 2009 The Chromium Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * The LICENSE file from Chromium can be found in the LICENSE.chromium
+ * file.
+ */
+
+#include "config.h"
+
+#include "ephy-nss-glue.h"
+
+#include "ephy-file-helpers.h"
+
+#include <nss.h>
+#include <pk11pub.h>
+#include <pk11sdr.h>
+
+static gboolean nss_initialized = FALSE;
+static PK11SlotInfo *db_slot = NULL;
+
+gboolean ephy_nss_glue_init ()
+{
+ char *config_dir, *modspec;
+ SECStatus rv;
+
+ config_dir = g_build_filename (ephy_dot_dir (),
+ "mozilla", "epiphany",
+ NULL);
+ rv = NSS_Init (config_dir);
+
+ if (rv < 0) {
+ g_free (config_dir);
+ return FALSE;
+ }
+
+ modspec = g_strdup_printf ("configDir='%s' tokenDescription='Firefox NSS database' "
+ "flags=readOnly", config_dir);
+ db_slot = SECMOD_OpenUserDB (modspec);
+ g_free (config_dir);
+ g_free (modspec);
+
+ if (!db_slot)
+ return FALSE;
+
+ nss_initialized = TRUE;
+
+ return TRUE;
+}
+
+void ephy_nss_glue_close ()
+{
+ if (db_slot) {
+ PK11_FreeSlot (db_slot);
+ db_slot = NULL;
+ }
+
+ NSS_Shutdown ();
+
+ nss_initialized = FALSE;
+}
+
+typedef struct SDRResult
+{
+ SECItem keyid;
+ SECAlgorithmID alg;
+ SECItem data;
+} SDRResult;
+
+static SEC_ASN1Template g_template[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (SDRResult) },
+ { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, keyid) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SDRResult, alg),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, data) },
+ { 0 }
+};
+
+static SECStatus
+unpadBlock(SECItem *data, int blockSize, SECItem *result)
+{
+ SECStatus rv = SECSuccess;
+ int padLength;
+ int i;
+
+ result->data = 0;
+ result->len = 0;
+
+ /* Remove the padding from the end if the input data */
+ if (data->len == 0 || data->len % blockSize != 0) { rv = SECFailure; goto loser; }
+
+ padLength = data->data[data->len-1];
+ if (padLength > blockSize) { rv = SECFailure; goto loser; }
+
+ /* verify padding */
+ for (i=data->len - padLength; (uint32)i < data->len; i++) {
+ if (data->data[i] != padLength) {
+ rv = SECFailure;
+ goto loser;
+ }
+ }
+
+ result->len = data->len - padLength;
+ result->data = (unsigned char *)PORT_Alloc(result->len);
+ if (!result->data) { rv = SECFailure; goto loser; }
+
+ PORT_Memcpy(result->data, data->data, result->len);
+
+ if (padLength < 2) {
+ return SECWouldBlock;
+ }
+
+loser:
+ return rv;
+}
+
+static SECStatus
+pk11Decrypt (PK11SlotInfo *slot, PLArenaPool *arena,
+ CK_MECHANISM_TYPE type, PK11SymKey *key,
+ SECItem *params, SECItem *in, SECItem *result)
+{
+ PK11Context *ctx = 0;
+ SECItem paddedResult;
+ SECStatus rv;
+
+ paddedResult.len = 0;
+ paddedResult.data = 0;
+
+ ctx = PK11_CreateContextBySymKey (type, CKA_DECRYPT, key, params);
+ if (!ctx) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ paddedResult.len = in->len;
+ paddedResult.data = (unsigned char*)PORT_ArenaAlloc (arena, paddedResult.len);
+
+ rv = PK11_CipherOp (ctx, paddedResult.data,
+ (int*)&paddedResult.len, paddedResult.len,
+ in->data, in->len);
+ if (rv != SECSuccess)
+ goto loser;
+
+ PK11_Finalize(ctx);
+
+ /* Remove the padding */
+ rv = unpadBlock (&paddedResult, PK11_GetBlockSize(type, 0), result);
+ if (rv)
+ goto loser;
+
+loser:
+ if (ctx)
+ PK11_DestroyContext (ctx, PR_TRUE);
+
+ return rv;
+}
+
+static SECStatus
+PK11SDR_DecryptWithSlot (PK11SlotInfo *slot, SECItem *data, SECItem *result, void *cx)
+{
+ SECStatus rv = SECSuccess;
+ PK11SymKey *key = NULL;
+ CK_MECHANISM_TYPE type;
+ SDRResult sdrResult;
+ SECItem *params = NULL;
+ SECItem possibleResult = { (SECItemType)0, NULL, 0 };
+ PLArenaPool *arena = NULL;
+
+ arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
+ if (!arena) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Decode the incoming data */
+ memset (&sdrResult, 0, sizeof sdrResult);
+ rv = SEC_QuickDERDecodeItem (arena, &sdrResult, g_template, data);
+ if (rv != SECSuccess)
+ goto loser; /* Invalid format */
+
+ /* Get the parameter values from the data */
+ params = PK11_ParamFromAlgid (&sdrResult.alg);
+ if (!params) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Use triple-DES (Should look up the algorithm) */
+ type = CKM_DES3_CBC;
+ key = PK11_FindFixedKey (slot, type, &sdrResult.keyid, cx);
+ if (!key) {
+ rv = SECFailure;
+ } else {
+ rv = pk11Decrypt (slot, arena, type, key, params,
+ &sdrResult.data, result);
+ }
+
+ loser:
+ if (arena)
+ PORT_FreeArena (arena, PR_TRUE);
+
+ if (key)
+ PK11_FreeSymKey(key);
+
+ if (params)
+ SECITEM_ZfreeItem(params, PR_TRUE);
+
+ if (possibleResult.data)
+ SECITEM_ZfreeItem(&possibleResult, PR_FALSE);
+
+ return rv;
+}
+
+char * ephy_nss_glue_decrypt (const unsigned char *data, gsize length)
+{
+ char *plain = NULL;
+ SECItem request, reply;
+ SECStatus result;
+
+ result = PK11_Authenticate (db_slot, PR_TRUE, NULL);
+ if (result != SECSuccess)
+ return NULL;
+
+ request.data = (unsigned char*)data;
+ request.len = length;
+ reply.data = NULL;
+ reply.len = 0;
+
+ result = PK11SDR_DecryptWithSlot (db_slot, &request, &reply, NULL);
+ if (result == SECSuccess)
+ plain = g_strndup ((const char*)reply.data, reply.len);
+
+ SECITEM_FreeItem (&reply, PR_FALSE);
+
+ return plain;
+}
+
diff --git a/src/ephy-nss-glue.h b/src/ephy-nss-glue.h
new file mode 100644
index 000000000..0c157226a
--- /dev/null
+++ b/src/ephy-nss-glue.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright © 2009 Igalia S.L.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef EPHY_NSS_GLUE_H
+#define EPHY_NSS_GLUE_H
+
+#include <glib.h>
+
+gboolean ephy_nss_glue_init (void);
+void ephy_nss_glue_close (void);
+char * ephy_nss_glue_decrypt (const unsigned char *, gsize);
+
+#endif
diff --git a/src/ephy-profile-migration.c b/src/ephy-profile-migration.c
index 621aa53ef..777e8e677 100644
--- a/src/ephy-profile-migration.c
+++ b/src/ephy-profile-migration.c
@@ -17,12 +17,28 @@
*
*/
+/* Portions of this file based on Chromium code.
+ * License block as follows:
+ *
+ * Copyright (c) 2009 The Chromium Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * The LICENSE file from Chromium can be found in the LICENSE.chromium
+ * file.
+ */
+
#include "config.h"
-#include "ephy-file-helpers.h"
#include "ephy-profile-migration.h"
+#include "ephy-file-helpers.h"
+#ifdef ENABLE_NSS
+#include "ephy-nss-glue.h"
+#endif
+
#include <glib/gi18n.h>
+#include <gnome-keyring.h>
#include <libsoup/soup-gnome.h>
/*
@@ -31,7 +47,7 @@
* - Add your function at the end of the 'migrators' array
*/
-#define PROFILE_MIGRATION_VERSION 1
+#define PROFILE_MIGRATION_VERSION 2
typedef void (*EphyProfileMigrator) (void);
@@ -91,8 +107,248 @@ migrate_cookies ()
g_free (dest);
}
+#ifdef ENABLE_NSS
+static gchar*
+_g_utf8_substr(const gchar* string, gint start, gint end)
+{
+ gchar *start_ptr, *output;
+ gsize len_in_bytes;
+ glong str_len = g_utf8_strlen (string, -1);
+
+ if (start > str_len || end > str_len)
+ return NULL;
+
+ start_ptr = g_utf8_offset_to_pointer (string, start);
+ len_in_bytes = g_utf8_offset_to_pointer (string, end) - start_ptr + 1;
+ output = g_malloc0 (len_in_bytes + 1);
+
+ return g_utf8_strncpy (output, start_ptr, end - start + 1);
+}
+
+static char*
+decrypt (const char *data)
+{
+ unsigned char *plain;
+ gsize out_len;
+
+ /* The old style password is encoded in base64. They are identified
+ * by a leading '~'. Otherwise, we should decrypt the text.
+ */
+ plain = g_base64_decode (data, &out_len);
+ if (data[0] != '~') {
+ char *decrypted;
+
+ decrypted = ephy_nss_glue_decrypt (plain, out_len);
+ g_free (plain);
+ plain = (unsigned char*)decrypted;
+ }
+
+ return (char*)plain;
+}
+
+static void
+parse_and_decrypt_signons (const char *signons)
+{
+ int version;
+ gchar **lines;
+ int i;
+
+ lines = g_strsplit (signons, "\r\n", -1);
+ if (!g_ascii_strncasecmp (lines[0], "#2c", 3))
+ version = 1;
+ else if (!g_ascii_strncasecmp (lines[0], "#2d", 3))
+ version = 2;
+ else if (!g_ascii_strncasecmp (lines[0], "#2e", 3))
+ version = 3;
+ else
+ goto out;
+
+ /* Skip the never-saved list */
+ for (i = 1; lines[i] && !g_str_equal (lines[i], "."); i++) {
+ ;
+ }
+
+ i++;
+
+ /*
+ * Read saved passwords. The information is stored in blocks
+ * separated by lines that only contain a dot. We find a block by
+ * the separator and parse them one by one.
+ */
+ while (lines[i]) {
+ size_t begin = i;
+ size_t end = i + 1;
+ const char *realmBracketBegin = " (";
+ const char *realmBracketEnd = ")";
+ SoupURI *uri = NULL;
+ char *realm = NULL;
+
+ while (lines[end] && !g_str_equal (lines[end], "."))
+ end++;
+
+ i = end + 1;
+
+ /* A block has at least five lines */
+ if (end - begin < 5)
+ continue;
+
+ /* The first line is the site URL.
+ * For HTTP authentication logins, the URL may contain http realm,
+ * which will be in bracket:
+ * sitename:8080 (realm)
+ */
+ if (g_strstr_len (lines[begin], -1, realmBracketBegin)) {
+ char *start_ptr, *end_ptr;
+ char *full_url, *url;
+ glong start, end;
+
+ /* In this case the scheme may not exist. We assume that the
+ * scheme is HTTP.
+ */
+ if (!g_strstr_len (lines[begin], -1, "://"))
+ full_url = g_strconcat ("http://", lines[begin], NULL);
+ else
+ full_url = g_strdup (lines[begin]);
+
+ start_ptr = g_strstr_len (full_url, -1, realmBracketBegin);
+ start = g_utf8_pointer_to_offset (full_url, start_ptr);
+ url = _g_utf8_substr (full_url, 0, start);
+ uri = soup_uri_new (url);
+ g_free (url);
+
+ start += strlen (realmBracketBegin);
+ end_ptr = g_strstr_len (full_url, -1, realmBracketEnd);
+ end = g_utf8_pointer_to_offset (full_url, end_ptr);
+ realm = _g_utf8_substr (full_url, start, end);
+
+ g_free (full_url);
+ } else {
+ /* Don't have HTTP realm. It is the URL that the following
+ * password belongs to.
+ */
+ uri = soup_uri_new (lines[begin]);
+ }
+
+ if (!SOUP_URI_VALID_FOR_HTTP (uri)) {
+ soup_uri_free (uri);
+ g_free (realm);
+ continue;
+ }
+
+ ++begin;
+
+ /* There may be multiple username/password pairs for this site.
+ * In this case, they are saved in one block without a separated
+ * line (contains a dot).
+ */
+ while (begin + 4 < end) {
+ char *username = NULL;
+ char *password = NULL;
+ guint32 item_id;
+
+ /* The username */
+ begin++; /* Skip username element */
+ username = decrypt (lines[begin++]);
+
+ /* The password */
+ /* The element name has a leading '*' */
+ if (lines[begin][0] == '*') {
+ begin++; /* Skip password element */
+ password = decrypt (lines[begin++]);
+ } else {
+ /* Maybe the file is broken, skip to the next block */
+ g_free (username);
+ break;
+ }
+
+ /* The action attribute for from the form element. This line
+ * exists in version 2 or above
+ */
+ if (version >= 2) {
+ if (begin < end)
+ /* Skip it */ ;
+ begin ++;
+
+ /* Version 3 has an extra line for further use */
+ if (version == 3)
+ begin++;
+ }
+
+ if (username && password)
+ gnome_keyring_set_network_password_sync (NULL,
+ username,
+ realm,
+ uri->host,
+ NULL,
+ uri->scheme,
+ NULL,
+ uri->port,
+ password,
+ &item_id);
+ g_free (username);
+ g_free (password);
+ }
+
+ soup_uri_free (uri);
+ g_free (realm);
+ }
+
+ out:
+ g_strfreev (lines);
+}
+#endif
+
+static void
+migrate_passwords ()
+{
+#ifdef ENABLE_NSS
+ char *dest, *contents, *gecko_passwords_backup;
+ gsize length;
+ GError *error = NULL;
+
+ dest = g_build_filename (ephy_dot_dir (),
+ "mozilla", "epiphany", "signons3.txt",
+ NULL);
+ if (!g_file_test (dest, G_FILE_TEST_EXISTS)) {
+ g_free (dest);
+ dest = g_build_filename (ephy_dot_dir (),
+ "mozilla", "epiphany", "signons2.txt",
+ NULL);
+ if (!g_file_test (dest, G_FILE_TEST_EXISTS)) {
+ g_free (dest);
+ return;
+ }
+ }
+
+ if (!ephy_nss_glue_init ())
+ return;
+
+ if (!g_file_get_contents (dest, &contents, &length, &error)) {
+ g_free (dest);
+ }
+
+ parse_and_decrypt_signons (contents);
+
+ /* Save the contents in a backup directory for future data
+ extraction when we support more features */
+ gecko_passwords_backup = g_build_filename (ephy_dot_dir (),
+ "gecko-passwords.txt", NULL);
+
+ if (!g_file_set_contents (gecko_passwords_backup, contents,
+ -1, &error)) {
+ g_error_free (error);
+ }
+
+ g_free (gecko_passwords_backup);
+ g_free (contents);
+
+ ephy_nss_glue_close ();
+#endif
+}
+
const EphyProfileMigrator migrators[] = {
- migrate_cookies
+ migrate_cookies,
+ migrate_passwords
};
#define PROFILE_MIGRATION_FILE ".migrated"