/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ /* * e-passwords.c * * Copyright (C) 2001 Ximian, Inc. */ /* * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public * License as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA. */ /* * This looks a lot more complicated than it is, and than you'd think * it would need to be. There is however, method to the madness. * * The code most cope with being called from any thread at any time, * recursively from the main thread, and then serialising every * request so that sane and correct values are always returned, and * duplicate requests are never made. * * To this end, every call is marshalled and queued and a dispatch * method invoked until that request is satisfied. If mainloop * recursion occurs, then the sub-call will necessarily return out of * order, but will not be processed out of order. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include <string.h> #include <libgnome/gnome-config.h> #include <libgnome/gnome-i18n.h> #include <gtk/gtkversion.h> #include <gtk/gtkentry.h> #include <gtk/gtkvbox.h> #include <gtk/gtkcheckbutton.h> #include <gtk/gtkmessagedialog.h> #include "e-passwords.h" #include "libedataserver/e-msgport.h" #include "widgets/misc/e-error.h" #ifndef ENABLE_THREADS #define ENABLE_THREADS (1) #endif #ifdef ENABLE_THREADS #include <pthread.h> static pthread_t main_thread; static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; #define LOCK() pthread_mutex_lock(&lock) #define UNLOCK() pthread_mutex_unlock(&lock) #else #define LOCK() #define UNLOCK() #endif struct _EPassMsg { EMsg msg; void (*dispatch)(struct _EPassMsg *); /* input */ struct _GtkWindow *parent; const char *component; const char *key; const char *title; const char *prompt; const char *oldpass; guint32 flags; /* output */ gboolean *remember; char *password; /* work variables */ GtkWidget *entry; GtkWidget *check; int ismain:1; int noreply:1; /* supress replies; when calling * dispatch functions from others */ }; typedef struct _EPassMsg EPassMsg; static GHashTable *passwords = NULL; static GtkDialog *password_dialog; static EDList request_list = E_DLIST_INITIALISER(request_list); static int idle_id; static int ep_online_state = TRUE; static char *decode_base64 (char *base64); static int base64_encode_close(unsigned char *in, int inlen, gboolean break_lines, unsigned char *out, int *state, int *save); static int base64_encode_step(unsigned char *in, int len, gboolean break_lines, unsigned char *out, int *state, int *save); static gboolean ep_idle_dispatch(void *data) { EPassMsg *msg; /* As soon as a password window is up we stop; it will re-invoke us when it has been closed down */ LOCK(); while (password_dialog == NULL && (msg = (EPassMsg *)e_dlist_remhead(&request_list))) { UNLOCK(); msg->dispatch(msg); LOCK(); } idle_id = 0; UNLOCK(); return FALSE; } static EPassMsg * ep_msg_new(void (*dispatch)(EPassMsg *)) { EPassMsg *msg; e_passwords_init(); msg = g_malloc0(sizeof(*msg)); msg->dispatch = dispatch; msg->msg.reply_port = e_msgport_new(); #ifdef ENABLE_THREADS msg->ismain = pthread_self() == main_thread; #else msg->ismain = TRUE; #endif return msg; } static void ep_msg_free(EPassMsg *msg) { e_msgport_destroy(msg->msg.reply_port); g_free(msg->password); g_free(msg); } static void ep_msg_send(EPassMsg *msg) { int needidle = 0; LOCK(); e_dlist_addtail(&request_list, (EDListNode *)&msg->msg); if (!idle_id) { if (!msg->ismain) idle_id = g_idle_add(ep_idle_dispatch, NULL); else needidle = 1; } UNLOCK(); if (msg->ismain) { EPassMsg *m; if (needidle) ep_idle_dispatch(NULL); while ((m = (EPassMsg *)e_msgport_get(msg->msg.reply_port)) == NULL) g_main_context_iteration(NULL, TRUE); g_assert(m == msg); } else { e_msgport_wait(msg->msg.reply_port); g_assert(e_msgport_get(msg->msg.reply_port) == &msg->msg); } } /* the functions that actually do the work */ static void ep_clear_passwords(EPassMsg *msg) { char *path; path = g_strdup_printf ("/Evolution/Passwords-%s", msg->component); gnome_config_private_clean_section (path); gnome_config_private_sync_file ("/Evolution"); g_free (path); if (!msg->noreply) e_msgport_reply(&msg->msg); } static gboolean free_entry (gpointer key, gpointer value, gpointer user_data) { g_free (key); memset (value, 0, strlen (value)); g_free (value); return TRUE; } static void ep_forget_passwords(EPassMsg *msg) { void *it; char *key; it = gnome_config_private_init_iterator_sections("/Evolution"); while ( (it = gnome_config_iterator_next(it, &key, NULL)) ) { if (0 == strncmp(key, "Passwords-", 10)) { char *section = g_strdup_printf("/Evolution/%s", key); gnome_config_private_clean_section (section); g_free(section); } g_free(key); } gnome_config_private_sync_file ("/Evolution"); /* free up the session passwords */ g_hash_table_foreach_remove (passwords, free_entry, NULL); if (!msg->noreply) e_msgport_reply(&msg->msg); } static char * password_path (const char *component_name, const char *key) { char *keycopy, *path; int i; keycopy = g_strdup (key); for (i = 0; i < strlen (keycopy); i ++) if (keycopy[i] == '/' || keycopy[i] =='=') keycopy[i] = '_'; path = g_strdup_printf ("/Evolution/Passwords-%s/%s", component_name, keycopy); g_free (keycopy); return path; } static void ep_remember_password(EPassMsg *msg) { gpointer okey, value; char *path, *pass64; int len, state, save; if (g_hash_table_lookup_extended (passwords, msg->key, &okey, &value)) { /* add it to the on-disk cache of passwords */ path = password_path (msg->component, okey); len = strlen (value); pass64 = g_malloc0 ((len + 2) * 4 / 3 + 1); state = save = 0; base64_encode_close (value, len, FALSE, pass64, &state, &save); gnome_config_private_set_string (path, pass64); g_free (path); g_free (pass64); /* now remove it from our session hash */ g_hash_table_remove (passwords, msg->key); g_free (okey); g_free (value); gnome_config_private_sync_file ("/Evolution"); } if (!msg->noreply) e_msgport_reply(&msg->msg); } static void ep_forget_password (EPassMsg *msg) { gpointer okey, value; char *path; if (g_hash_table_lookup_extended (passwords, msg->key, &okey, &value)) { g_hash_table_remove (passwords, msg->key); memset (value, 0, strlen (value)); g_free (okey); g_free (value); } /* clear it in the on disk db */ path = password_path (msg->component, msg->key); gnome_config_private_clean_key (path); gnome_config_private_sync_file ("/Evolution"); g_free (path); if (!msg->noreply) e_msgport_reply(&msg->msg); } static void ep_get_password (EPassMsg *msg) { char *path, *passwd; char *encoded = NULL; passwd = g_hash_table_lookup (passwords, msg->key); if (passwd) { msg->password = g_strdup(passwd); } else { /* not part of the session hash, look it up in the on disk db */ path = password_path (msg->component, msg->key); encoded = gnome_config_private_get_string_with_default (path, NULL); g_free (path); if (encoded) { msg->password = decode_base64 (encoded); g_free (encoded); } } if (!msg->noreply) e_msgport_reply(&msg->msg); } static void ep_add_password (EPassMsg *msg) { gpointer okey, value; if (g_hash_table_lookup_extended (passwords, msg->key, &okey, &value)) { g_hash_table_remove (passwords, msg->key); g_free (okey); g_free (value); } g_hash_table_insert (passwords, g_strdup (msg->key), g_strdup (msg->oldpass)); if (!msg->noreply) e_msgport_reply(&msg->msg); } static void ep_ask_password(EPassMsg *msg); static void pass_response(GtkDialog *dialog, int response, void *data) { EPassMsg *msg = data; int type = msg->flags & E_PASSWORDS_REMEMBER_MASK; EDList pending = E_DLIST_INITIALISER(pending); EPassMsg *mw, *mn; if (response == GTK_RESPONSE_OK) { msg->password = g_strdup(gtk_entry_get_text((GtkEntry *)msg->entry)); if (type != E_PASSWORDS_REMEMBER_NEVER) { int noreply = msg->noreply; *msg->remember = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (msg->check)); msg->noreply = 1; if (*msg->remember || type == E_PASSWORDS_REMEMBER_FOREVER) { msg->oldpass = msg->password; ep_add_password(msg); } if (*msg->remember && type == E_PASSWORDS_REMEMBER_FOREVER) ep_remember_password(msg); msg->noreply = noreply; } } gtk_widget_destroy((GtkWidget *)dialog); password_dialog = NULL; /* ok, here things get interesting, we suck up any pending * operations on this specific password, and return the same * result or ignore other operations */ LOCK(); mw = (EPassMsg *)request_list.head; mn = (EPassMsg *)mw->msg.ln.next; while (mn) { if ((mw->dispatch == ep_forget_password || mw->dispatch == ep_get_password || mw->dispatch == ep_ask_password) && (strcmp(mw->component, msg->component) == 0 && strcmp(mw->key, msg->key) == 0)) { e_dlist_remove((EDListNode *)mw); mw->password = g_strdup(msg->password); e_msgport_reply(&mw->msg); } mw = mn; mn = (EPassMsg *)mn->msg.ln.next; } UNLOCK(); if (!msg->noreply) e_msgport_reply(&msg->msg); ep_idle_dispatch(NULL); } static void ep_ask_password(EPassMsg *msg) { GtkWidget *vbox; int type = msg->flags & E_PASSWORDS_REMEMBER_MASK; int noreply = msg->noreply; AtkObject *a11y; msg->noreply = 1; /*password_dialog = (GtkDialog *)e_error_new(msg->parent, "mail:ask-session-password", msg->prompt, NULL);*/ password_dialog = (GtkDialog *)gtk_message_dialog_new (msg->parent, 0, GTK_MESSAGE_QUESTION, GTK_BUTTONS_OK_CANCEL, "%s", msg->prompt); gtk_window_set_title(GTK_WINDOW(password_dialog), msg->title); #if !GTK_CHECK_VERSION (2,4,0) gtk_dialog_set_has_separator(password_dialog, FALSE); #endif gtk_dialog_set_default_response(password_dialog, GTK_RESPONSE_OK); vbox = gtk_vbox_new (FALSE, 6); gtk_widget_show (vbox); gtk_box_pack_start (GTK_BOX (GTK_DIALOG (password_dialog)->vbox), vbox, TRUE, FALSE, 0); gtk_container_set_border_width((GtkContainer *)vbox, 6); msg->entry = gtk_entry_new (); a11y = gtk_widget_get_accessible (msg->entry); atk_object_set_description (a11y, msg->prompt); gtk_entry_set_visibility ((GtkEntry *)msg->entry, !(msg->flags & E_PASSWORDS_SECRET)); gtk_entry_set_activates_default((GtkEntry *)msg->entry, TRUE); gtk_box_pack_start (GTK_BOX (vbox), msg->entry, TRUE, FALSE, 3); gtk_widget_show (msg->entry); gtk_widget_grab_focus (msg->entry); if ((msg->flags & E_PASSWORDS_REPROMPT)) { ep_get_password(msg); if (msg->password) { gtk_entry_set_text ((GtkEntry *) msg->entry, msg->password); g_free (msg->password); msg->password = NULL; } } /* static password, shouldn't be remembered between sessions, but will be remembered within the session beyond our control */ if (type != E_PASSWORDS_REMEMBER_NEVER) { msg->check = gtk_check_button_new_with_mnemonic(type == E_PASSWORDS_REMEMBER_FOREVER ? _("_Remember this password") : _("_Remember this password for the remainder of this session")); gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (msg->check), *msg->remember); gtk_box_pack_start (GTK_BOX (vbox), msg->check, TRUE, FALSE, 3); gtk_widget_show (msg->check); } msg->noreply = noreply; g_signal_connect(password_dialog, "response", G_CALLBACK (pass_response), msg); gtk_widget_show((GtkWidget *)password_dialog); } /** * e_passwords_init: * * Initializes the e_passwords routines. Must be called before any other * e_passwords_* function. **/ void e_passwords_init (void) { LOCK(); if (!passwords) { /* create the per-session hash table */ passwords = g_hash_table_new (g_str_hash, g_str_equal); #ifdef ENABLE_THREADS main_thread = pthread_self(); #endif } UNLOCK(); } /** * e_passwords_cancel: * * Cancel any outstanding password operations and close any dialogues * currently being shown. **/ void e_passwords_cancel(void) { EPassMsg *msg; LOCK(); while ((msg = (EPassMsg *)e_dlist_remhead(&request_list))) e_msgport_reply(&msg->msg); UNLOCK(); if (password_dialog) gtk_widget_destroy((GtkWidget *)password_dialog); } /** * e_passwords_shutdown: * * Cleanup routine to call before exiting. **/ void e_passwords_shutdown (void) { /* shouldn't need this really - everything is synchronous */ gnome_config_private_sync_file ("/Evolution"); e_passwords_cancel(); if (passwords) { /* and destroy our per session hash */ g_hash_table_foreach_remove (passwords, free_entry, NULL); g_hash_table_destroy (passwords); passwords = NULL; } } /** * e_passwords_set_online: * @state: * * Set the offline-state of the application. This is a work-around * for having the backends fully offline aware, and returns a * cancellation response instead of prompting for passwords. * * FIXME: This is not a permanent api, review post 2.0. **/ void e_passwords_set_online(int state) { ep_online_state = state; /* TODO: we could check that a request is open and close it, or maybe who cares */ } /** * e_passwords_forget_passwords: * * Forgets all cached passwords, in memory and on disk. **/ void e_passwords_forget_passwords (void) { EPassMsg *msg = ep_msg_new(ep_forget_passwords); ep_msg_send(msg); ep_msg_free(msg); } /** * e_passwords_clear_passwords: * * Forgets all disk cached passwords for the component. **/ void e_passwords_clear_passwords (const char *component_name) { EPassMsg *msg = ep_msg_new(ep_clear_passwords); msg->component = component_name; ep_msg_send(msg); ep_msg_free(msg); } /** * e_passwords_remember_password: * @key: the key * * Saves the password associated with @key to disk. **/ void e_passwords_remember_password (const char *component_name, const char *key) { EPassMsg *msg; g_return_if_fail(component_name != NULL); g_return_if_fail(key != NULL); msg = ep_msg_new(ep_remember_password); msg->component = component_name; msg->key = key; ep_msg_send(msg); ep_msg_free(msg); } /** * e_passwords_forget_password: * @key: the key * * Forgets the password associated with @key, in memory and on disk. **/ void e_passwords_forget_password (const char *component_name, const char *key) { EPassMsg *msg; g_return_if_fail(component_name != NULL); g_return_if_fail(key != NULL); msg = ep_msg_new(ep_forget_password); msg->component = component_name; msg->key = key; ep_msg_send(msg); ep_msg_free(msg); } /** * e_passwords_get_password: * @key: the key * * Return value: the password associated with @key, or %NULL. Caller * must free the returned password. **/ char * e_passwords_get_password (const char *component_name, const char *key) { EPassMsg *msg; char *passwd; g_return_val_if_fail(component_name != NULL, NULL); g_return_val_if_fail(key != NULL, NULL); msg = ep_msg_new(ep_get_password); msg->component = component_name; msg->key = key; ep_msg_send(msg); passwd = msg->password; msg->password = NULL; ep_msg_free(msg); return passwd; } /** * e_passwords_add_password: * @key: a key * @passwd: the password for @key * * This stores the @key/@passwd pair in the current session's password * hash. **/ void e_passwords_add_password (const char *key, const char *passwd) { EPassMsg *msg; g_return_if_fail(key != NULL); g_return_if_fail(passwd != NULL); msg = ep_msg_new(ep_add_password); msg->key = key; msg->oldpass = passwd; ep_msg_send(msg); ep_msg_free(msg); } /** * e_passwords_ask_password: * @title: title for the password dialog * @component_name: the name of the component for which we're storing * the password (e.g. Mail, Addressbook, etc.) * @key: key to store the password under * @prompt: prompt string * @secret: whether or not the password text should be ***ed out * @remember_type: whether or not to offer to remember the password, * and for how long. * @remember: on input, the default state of the remember checkbox. * on output, the state of the checkbox when the dialog was closed. * @parent: parent window of the dialog, or %NULL * * Asks the user for a password. * * Return value: the password, which the caller must free, or %NULL if * the user cancelled the operation. *@remember will be set if the * return value is non-%NULL and @remember_type is not * E_PASSWORDS_DO_NOT_REMEMBER. **/ char * e_passwords_ask_password (const char *title, const char *component_name, const char *key, const char *prompt, EPasswordsRememberType type, gboolean *remember, GtkWindow *parent) { char *passwd; EPassMsg *msg = ep_msg_new(ep_ask_password); if ((type & E_PASSWORDS_ONLINE) && !ep_online_state) return NULL; msg->title = title; msg->component = component_name; msg->key = key; msg->prompt = prompt; msg->flags = type; msg->remember = remember; msg->parent = parent; ep_msg_send(msg); passwd = msg->password; msg->password = NULL; ep_msg_free(msg); return passwd; } static char *base64_alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; static unsigned char camel_mime_base64_rank[256] = { 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255, 62,255,255,255, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,255,255,255, 0,255,255, 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,255,255,255,255,255, 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, }; /* call this when finished encoding everything, to flush off the last little bit */ static int base64_encode_close(unsigned char *in, int inlen, gboolean break_lines, unsigned char *out, int *state, int *save) { int c1, c2; unsigned char *outptr = out; if (inlen>0) outptr += base64_encode_step(in, inlen, break_lines, outptr, state, save); c1 = ((unsigned char *)save)[1]; c2 = ((unsigned char *)save)[2]; switch (((char *)save)[0]) { case 2: outptr[2] = base64_alphabet[ ( (c2 &0x0f) << 2 ) ]; g_assert(outptr[2] != 0); goto skip; case 1: outptr[2] = '='; skip: outptr[0] = base64_alphabet[ c1 >> 2 ]; outptr[1] = base64_alphabet[ c2 >> 4 | ( (c1&0x3) << 4 )]; outptr[3] = '='; outptr += 4; break; } if (break_lines) *outptr++ = '\n'; *save = 0; *state = 0; return outptr-out; } /* performs an 'encode step', only encodes blocks of 3 characters to the output at a time, saves left-over state in state and save (initialise to 0 on first invocation). */ static int base64_encode_step(unsigned char *in, int len, gboolean break_lines, unsigned char *out, int *state, int *save) { register unsigned char *inptr, *outptr; if (len<=0) return 0; inptr = in; outptr = out; if (len + ((char *)save)[0] > 2) { unsigned char *inend = in+len-2; register int c1, c2, c3; register int already; already = *state; switch (((char *)save)[0]) { case 1: c1 = ((unsigned char *)save)[1]; goto skip1; case 2: c1 = ((unsigned char *)save)[1]; c2 = ((unsigned char *)save)[2]; goto skip2; } /* yes, we jump into the loop, no i'm not going to change it, it's beautiful! */ while (inptr < inend) { c1 = *inptr++; skip1: c2 = *inptr++; skip2: c3 = *inptr++; *outptr++ = base64_alphabet[ c1 >> 2 ]; *outptr++ = base64_alphabet[ c2 >> 4 | ( (c1&0x3) << 4 ) ]; *outptr++ = base64_alphabet[ ( (c2 &0x0f) << 2 ) | (c3 >> 6) ]; *outptr++ = base64_alphabet[ c3 & 0x3f ]; /* this is a bit ugly ... */ if (break_lines && (++already)>=19) { *outptr++='\n'; already = 0; } } ((char *)save)[0] = 0; len = 2-(inptr-inend); *state = already; } if (len>0) { register char *saveout; /* points to the slot for the next char to save */ saveout = & (((char *)save)[1]) + ((char *)save)[0]; /* len can only be 0 1 or 2 */ switch(len) { case 2: *saveout++ = *inptr++; case 1: *saveout++ = *inptr++; } ((char *)save)[0]+=len; } return outptr-out; } /** * base64_decode_step: decode a chunk of base64 encoded data * @in: input stream * @len: max length of data to decode * @out: output stream * @state: holds the number of bits that are stored in @save * @save: leftover bits that have not yet been decoded * * Decodes a chunk of base64 encoded data **/ static int base64_decode_step(unsigned char *in, int len, unsigned char *out, int *state, unsigned int *save) { register unsigned char *inptr, *outptr; unsigned char *inend, c; register unsigned int v; int i; inend = in+len; outptr = out; /* convert 4 base64 bytes to 3 normal bytes */ v=*save; i=*state; inptr = in; while (inptr<inend) { c = camel_mime_base64_rank[*inptr++]; if (c != 0xff) { v = (v<<6) | c; i++; if (i==4) { *outptr++ = v>>16; *outptr++ = v>>8; *outptr++ = v; i=0; } } } *save = v; *state = i; /* quick scan back for '=' on the end somewhere */ /* fortunately we can drop 1 output char for each trailing = (upto 2) */ i=2; while (inptr>in && i) { inptr--; if (camel_mime_base64_rank[*inptr] != 0xff) { if (*inptr == '=') outptr--; i--; } } /* if i!= 0 then there is a truncation error! */ return outptr-out; } static char * decode_base64 (char *base64) { char *plain, *pad = "=="; int len, out, state, save; len = strlen (base64); plain = g_malloc0 (len); state = save = 0; out = base64_decode_step (base64, len, plain, &state, &save); if (len % 4) { base64_decode_step (pad, 4 - len % 4, plain + out, &state, &save); } return plain; }