/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ /* vim: set sw=2 ts=2 sts=2 et: */ /* * Copyright © 2009 Xan López * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * */ /* Portions of this file based on Chromium code. * License block as follows: * * Copyright (c) 2009 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * The LICENSE file from Chromium can be found in the LICENSE.chromium * file. */ #include "config.h" #include "ephy-profile-migration.h" #include "ephy-debug.h" #include "ephy-file-helpers.h" #ifdef ENABLE_NSS #include "ephy-nss-glue.h" #endif #include #include #include /* * What to do to add new migration steps: * - Bump PROFILE_MIGRATION_VERSION * - Add your function at the end of the 'migrators' array */ #define PROFILE_MIGRATION_VERSION 4 typedef void (*EphyProfileMigrator) (void); static void migrate_cookies () { const char *cookies_file_sqlite = "cookies.sqlite"; const char *cookies_file_txt = "cookies.txt"; char *src_sqlite = NULL, *src_txt = NULL, *dest = NULL; dest = g_build_filename (ephy_dot_dir (), cookies_file_sqlite, NULL); /* If we already have a cookies.sqlite file, do nothing */ if (g_file_test (dest, G_FILE_TEST_EXISTS)) goto out; src_sqlite = g_build_filename (ephy_dot_dir (), "mozilla", "epiphany", cookies_file_sqlite, NULL); src_txt = g_build_filename (ephy_dot_dir (), "mozilla", "epiphany", cookies_file_txt, NULL); /* First check if we have a cookies.sqlite file in Mozilla */ if (g_file_test (src_sqlite, G_FILE_TEST_EXISTS)) { GFile *gsrc, *gdest; /* Copy the file */ gsrc = g_file_new_for_path (src_sqlite); gdest = g_file_new_for_path (dest); if (!g_file_copy (gsrc, gdest, 0, NULL, NULL, NULL, NULL)) g_warning (_("Failed to copy cookies file from Mozilla.")); g_object_unref (gsrc); g_object_unref (gdest); } else if (g_file_test (src_txt, G_FILE_TEST_EXISTS)) { /* Create a SoupCookieJarSQLite with the contents of the txt file */ GSList *cookies, *p; SoupCookieJar *txt, *sqlite; txt = soup_cookie_jar_text_new (src_txt, TRUE); sqlite = soup_cookie_jar_sqlite_new (dest, FALSE); cookies = soup_cookie_jar_all_cookies (txt); for (p = cookies; p; p = p->next) { SoupCookie *cookie = (SoupCookie*)p->data; /* Cookie is stolen, so we won't free it */ soup_cookie_jar_add_cookie (sqlite, cookie); } g_slist_free (cookies); g_object_unref (txt); g_object_unref (sqlite); } out: g_free (src_sqlite); g_free (src_txt); g_free (dest); } #ifdef ENABLE_NSS static gchar* _g_utf8_substr(const gchar* string, gint start, gint end) { gchar *start_ptr, *output; gsize len_in_bytes; glong str_len = g_utf8_strlen (string, -1); if (start > str_len || end > str_len) return NULL; start_ptr = g_utf8_offset_to_pointer (string, start); len_in_bytes = g_utf8_offset_to_pointer (string, end) - start_ptr + 1; output = g_malloc0 (len_in_bytes + 1); return g_utf8_strncpy (output, start_ptr, end - start + 1); } static char* decrypt (const char *data) { unsigned char *plain; gsize out_len; /* The old style password is encoded in base64. They are identified * by a leading '~'. Otherwise, we should decrypt the text. */ plain = g_base64_decode (data, &out_len); if (data[0] != '~') { char *decrypted; decrypted = ephy_nss_glue_decrypt (plain, out_len); g_free (plain); plain = (unsigned char*)decrypted; } return (char*)plain; } static void parse_and_decrypt_signons (const char *signons, gboolean handle_forms) { int version; gchar **lines; int i; guint length; lines = g_strsplit (signons, "\r\n", -1); if (!g_ascii_strncasecmp (lines[0], "#2c", 3)) version = 1; else if (!g_ascii_strncasecmp (lines[0], "#2d", 3)) version = 2; else if (!g_ascii_strncasecmp (lines[0], "#2e", 3)) version = 3; else goto out; /* Skip the never-saved list */ for (i = 1; lines[i] && !g_str_equal (lines[i], "."); i++) { ; } i++; /* * Read saved passwords. The information is stored in blocks * separated by lines that only contain a dot. We find a block by * the separator and parse them one by one. */ length = g_strv_length (lines); while (i < length) { size_t begin = i; size_t end = i + 1; const char *realmBracketBegin = " ("; const char *realmBracketEnd = ")"; SoupURI *uri = NULL; char *realm = NULL; while (lines[end] && !g_str_equal (lines[end], ".")) end++; i = end + 1; /* A block has at least five lines */ if (end - begin < 5) continue; /* The first line is the site URL. * For HTTP authentication logins, the URL may contain http realm, * which will be in bracket: * sitename:8080 (realm) */ if (g_strstr_len (lines[begin], -1, realmBracketBegin)) { char *start_ptr, *end_ptr; char *full_url, *url; glong start, end; /* In this case the scheme may not exist. We assume that the * scheme is HTTP. */ if (!g_strstr_len (lines[begin], -1, "://")) full_url = g_strconcat ("http://", lines[begin], NULL); else full_url = g_strdup (lines[begin]); start_ptr = g_strstr_len (full_url, -1, realmBracketBegin); start = g_utf8_pointer_to_offset (full_url, start_ptr); url = _g_utf8_substr (full_url, 0, start); url = g_strstrip (url); uri = soup_uri_new (url); g_free (url); start += strlen (realmBracketBegin); end_ptr = g_strstr_len (full_url, -1, realmBracketEnd) -1; end = g_utf8_pointer_to_offset (full_url, end_ptr); realm = _g_utf8_substr (full_url, start, end); g_free (full_url); } else { /* Don't have HTTP realm. It is the URL that the following * password belongs to. */ uri = soup_uri_new (lines[begin]); } if (!SOUP_URI_VALID_FOR_HTTP (uri)) { soup_uri_free (uri); g_free (realm); continue; } ++begin; /* There may be multiple username/password pairs for this site. * In this case, they are saved in one block without a separated * line (contains a dot). */ while (begin + 4 < end) { char *username = NULL; char *password = NULL; char *form_username = NULL; char *form_password = NULL; guint32 item_id; /* The username */ if (handle_forms) { form_username = g_strdup (lines[begin++]); } else { begin++; /* Skip username element */ } username = decrypt (lines[begin++]); /* The password */ /* The element name has a leading '*' */ if (lines[begin][0] == '*') { if (handle_forms) { form_password = g_strdup (lines[begin++]); } else { begin++; /* Skip password element */ } password = decrypt (lines[begin++]); } else { /* Maybe the file is broken, skip to the next block */ g_free (username); break; } /* The action attribute for from the form element. This line * exists in version 2 or above */ if (version >= 2) { if (begin < end) /* Skip it */ ; begin++; /* Version 3 has an extra line for further use */ if (version == 3) begin++; } if (handle_forms && !realm && username && password && !g_str_equal (username, "") && !g_str_equal (form_username, "") && !g_str_equal (form_password, "*")) { char *u = soup_uri_to_string (uri, FALSE); /* We skip the '*' at the beginning of form_password. */ _ephy_profile_store_form_auth_data (u, form_username, form_password+1, username, password); g_free (u); } else if (!handle_forms && realm && username && password && !g_str_equal (username, "") && form_username == NULL && form_password == NULL) { gnome_keyring_set_network_password_sync (NULL, username, realm, uri->host, NULL, uri->scheme, NULL, uri->port, password, &item_id); } g_free (username); g_free (password); g_free (form_username); g_free (form_password); } soup_uri_free (uri); g_free (realm); } out: g_strfreev (lines); } #endif static void migrate_passwords () { #ifdef ENABLE_NSS char *dest, *contents, *gecko_passwords_backup; gsize length; GError *error = NULL; dest = g_build_filename (ephy_dot_dir (), "mozilla", "epiphany", "signons3.txt", NULL); if (!g_file_test (dest, G_FILE_TEST_EXISTS)) { g_free (dest); dest = g_build_filename (ephy_dot_dir (), "mozilla", "epiphany", "signons2.txt", NULL); if (!g_file_test (dest, G_FILE_TEST_EXISTS)) { g_free (dest); return; } } if (!ephy_nss_glue_init ()) return; if (!g_file_get_contents (dest, &contents, &length, &error)) { g_free (dest); } parse_and_decrypt_signons (contents, FALSE); /* Save the contents in a backup directory for future data extraction when we support more features */ gecko_passwords_backup = g_build_filename (ephy_dot_dir (), "gecko-passwords.txt", NULL); if (!g_file_set_contents (gecko_passwords_backup, contents, -1, &error)) { g_error_free (error); } g_free (gecko_passwords_backup); g_free (contents); ephy_nss_glue_close (); #endif } static void migrate_passwords2 () { #ifdef ENABLE_NSS char *dest, *contents; gsize length; GError *error = NULL; dest = g_build_filename (ephy_dot_dir (), "gecko-passwords.txt", NULL); if (!g_file_test (dest, G_FILE_TEST_EXISTS)) { g_free (dest); return; } if (!ephy_nss_glue_init ()) return; if (!g_file_get_contents (dest, &contents, &length, &error)) { g_free (dest); } parse_and_decrypt_signons (contents, TRUE); g_free (contents); ephy_nss_glue_close (); #endif } const EphyProfileMigrator migrators[] = { migrate_cookies, migrate_passwords, /* Yes, again! Version 2 had some bugs, so we need to run migrate_passwords again to possibly migrate more passwords*/ migrate_passwords, /* Very similar to migrate_passwords, but this migrates * login/passwords for page forms, which we previously ignored */ migrate_passwords2 }; static void store_form_password_cb (GnomeKeyringResult result, guint32 id, gpointer data) { /* FIXME: should we do anything if the operation failed? */ } static void normalize_and_prepare_uri (SoupURI *uri, const char *form_username, const char *form_password) { g_return_if_fail (uri != NULL); /* We normalize https? schemes here so that we use passwords * we stored in https sites in their http counterparts, and * vice-versa. */ if (g_str_equal (uri->scheme, SOUP_URI_SCHEME_HTTPS)) soup_uri_set_scheme (uri, SOUP_URI_SCHEME_HTTP); /* Store the form login and password names encoded in the * URL. A bit of an abuse of keyring, but oh well */ soup_uri_set_query_from_fields (uri, FORM_USERNAME_KEY, form_username, FORM_PASSWORD_KEY, form_password, NULL); } void _ephy_profile_store_form_auth_data (const char *uri, const char *form_username, const char *form_password, const char *username, const char *password) { SoupURI *fake_uri; char *fake_uri_str; g_return_if_fail (uri); g_return_if_fail (form_username); g_return_if_fail (form_password); g_return_if_fail (username); g_return_if_fail (password); fake_uri = soup_uri_new (uri); if (fake_uri == NULL) return; normalize_and_prepare_uri (fake_uri, form_username, form_password); fake_uri_str = soup_uri_to_string (fake_uri, FALSE); gnome_keyring_set_network_password (NULL, username, NULL, fake_uri_str, NULL, fake_uri->scheme, NULL, fake_uri->port, password, (GnomeKeyringOperationGetIntCallback)store_form_password_cb, NULL, NULL); soup_uri_free (fake_uri); g_free (fake_uri_str); } void _ephy_profile_query_form_auth_data (const char *uri, const char *form_username, const char *form_password, GnomeKeyringOperationGetListCallback callback, gpointer data, GDestroyNotify destroy_data) { SoupURI *key; char *key_str; g_return_if_fail (uri); g_return_if_fail (form_username); g_return_if_fail (form_password); key = soup_uri_new (uri); g_return_if_fail (key); normalize_and_prepare_uri (key, form_username, form_password); key_str = soup_uri_to_string (key, FALSE); LOG ("Querying Keyring: %s", key_str); gnome_keyring_find_network_password (NULL, NULL, key_str, NULL, NULL, NULL, 0, callback, data, destroy_data); soup_uri_free (key); g_free (key_str); } #define PROFILE_MIGRATION_FILE ".migrated" void _ephy_profile_migrate () { int latest, i; char *migrated_file, *contents; /* Figure out the latest migration that occured */ migrated_file = g_build_filename (ephy_dot_dir (), PROFILE_MIGRATION_FILE, NULL); if (g_file_test (migrated_file, G_FILE_TEST_EXISTS)) { gsize size; int result; g_file_get_contents (migrated_file, &contents, &size, NULL); result = sscanf(contents, "%d", &latest); g_free (contents); if (result != 1) { g_warning (_("Failed to read latest migration marker, aborting profile migration.")); g_free (migrated_file); return; } } else /* Never migrated */ latest = 0; for (i = latest; i < PROFILE_MIGRATION_VERSION; i++) { EphyProfileMigrator m; /* No need to run the password migration twice in a row. It appears twice in the list for the benefit of people that were using the development snapshots, since an early version didn't migrate all passwords correctly. */ if (i == 1) continue; m = migrators[i]; m(); } /* Write down the latest migration */ contents = g_strdup_printf ("%d", PROFILE_MIGRATION_VERSION); g_file_set_contents (migrated_file, contents, -1, NULL); g_free (contents); g_free (migrated_file); }