aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorguidog <guidog@517b70f8-ed25-0410-8bf6-f5db08f7b76e>2009-01-10 13:25:28 +0000
committerguidog <guidog@517b70f8-ed25-0410-8bf6-f5db08f7b76e>2009-01-10 13:25:28 +0000
commitaf9d2e62e392533987d17ada803bb6327c54afee (patch)
tree84abf061730e3ed8ae5bb0b7bc6334a730cac0f5
parent07b6e82910238b8abff8124d067634df0a00dd9d (diff)
use GtkSecureEntry instead of GtkEntry for the password entry
From gtksecentry.h: The entry is now always invisible, uses secure memory methods to allocate the text memory, and all potentially dangerous methods (copy & paste, popup, etc.) have been removed. git-svn-id: http://svn.gnome.org/svn/krb5-auth-dialog/trunk@103 517b70f8-ed25-0410-8bf6-f5db08f7b76e
-rw-r--r--ChangeLog12
-rw-r--r--src/Makefile.am2
-rw-r--r--src/krb5-auth-dialog.c45
-rw-r--r--src/krb5-auth-dialog.glade2
4 files changed, 56 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index c88d2af..b870fd6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+Sun Jan 4 14:50:59 CET 2009 Guido Günther <agx@sigxcpu.org>
+
+ use GtkSecureEntry instead of GtkEntry for the password entry
+ * src/Makefile.am (AM_CPPFLAGS): add secmem/, gtksecentry/ to include
+ path
+ * src/krb5-auth-dialog.c: use gtk_secure_entry_get_text instead of
+ gtk_entry_get_text
+ * src/krb5-auth-dialog.glade (krb5_auth_dialog_setup): use custom widget
+ (ka_create_gtk_secure_entry,ka_secmem_init): new functions
+ (main): call ka_secmem_init, set custom glade handler for password
+ entry field
+
Sun Jan 4 14:48:14 CET 2009 Guido Günther <agx@sigxcpu.org>
move dbus handling into a separate file
diff --git a/src/Makefile.am b/src/Makefile.am
index e447bb0..066e582 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -34,6 +34,8 @@ krb5_auth_dialog_LDADD = \
@GLADE_LIBS@ \
@GTK_LIBS@
+AM_CPPFLAGS = -I $(top_srcdir)/gtksecentry/ -I $(top_srcdir)/secmem/
+
gladedir = $(datadir)/krb5-auth-dialog
glade_DATA = \
krb5-auth-dialog.glade
diff --git a/src/krb5-auth-dialog.c b/src/krb5-auth-dialog.c
index a140e99..1974465 100644
--- a/src/krb5-auth-dialog.c
+++ b/src/krb5-auth-dialog.c
@@ -30,6 +30,10 @@
#include <glib/gi18n.h>
#include <glade/glade.h>
+#include "gtksecentry.h"
+#include "secmem-util.h"
+#include "memory.h"
+
#include "krb5-auth-dialog.h"
#include "krb5-auth-applet.h"
#include "krb5-auth-gconf.h"
@@ -261,8 +265,7 @@ krb5_auth_dialog_setup (Krb5AuthApplet *applet,
/* Clear the password entry field */
entry = glade_xml_get_widget (applet->pw_xml, "krb5_entry");
- gtk_entry_set_text (GTK_ENTRY (entry), "");
- gtk_entry_set_visibility (GTK_ENTRY (entry), !hide_password);
+ gtk_secure_entry_set_text (GTK_SECURE_ENTRY (entry), "");
/* Use the prompt label that krb5 provides us */
label = glade_xml_get_widget (applet->pw_xml, "krb5_message_label");
@@ -324,8 +327,8 @@ auth_dialog_prompter (krb5_context ctx,
errcode = KRB5_LIBOS_CANTREADPWD;
- entry = glade_xml_get_widget (applet->pw_xml, "krb5_entry");
krb5_auth_dialog_setup (applet, (gchar *) prompts[i].prompt, prompts[i].hidden);
+ entry = glade_xml_get_widget (applet->pw_xml, "krb5_entry");
gtk_widget_grab_focus (entry);
source_id = g_timeout_add_seconds (5, (GSourceFunc)krb5_auth_dialog_do_updates, applet);
@@ -333,7 +336,7 @@ auth_dialog_prompter (krb5_context ctx,
switch (response)
{
case GTK_RESPONSE_OK:
- password = gtk_entry_get_text (GTK_ENTRY (entry));
+ password = gtk_secure_entry_get_text (GTK_SECURE_ENTRY (entry));
password_len = strlen (password);
errcode = 0;
break;
@@ -657,6 +660,38 @@ ka_grab_credentials (Krb5AuthApplet* applet)
}
+static GtkWidget*
+ka_create_gtk_secure_entry (GladeXML *xml, gchar *func_name, gchar *name,
+ gchar *s1, gchar *s2, gint i1, gint i2,
+ gpointer user_data)
+{
+ GtkWidget* entry = NULL;
+
+ if (!strcmp(name, "krb5_entry")) {
+ entry = gtk_secure_entry_new ();
+ gtk_secure_entry_set_activates_default(GTK_SECURE_ENTRY(entry), TRUE);
+ gtk_widget_show (entry);
+ } else {
+ g_warning("Don't know anything about widget %s", name);
+ }
+ return entry;
+}
+
+
+static void
+ka_secmem_init ()
+{
+ /* Initialize secure memory. 1 is too small, so the default size
+ will be used. */
+ secmem_init (1);
+ secmem_set_flags (SECMEM_WARN);
+ drop_privs ();
+
+ if (atexit (secmem_term))
+ g_error("Couln't register atexit handler");
+}
+
+
int
main (int argc, char *argv[])
{
@@ -694,6 +729,7 @@ main (int argc, char *argv[])
textdomain (PACKAGE);
bind_textdomain_codeset (PACKAGE, "UTF-8");
bindtextdomain (PACKAGE, LOCALE_DIR);
+ ka_secmem_init();
if (!ka_dbus_connect (&status))
exit(status);
@@ -709,6 +745,7 @@ main (int argc, char *argv[])
return 1;
/* setup the pw dialog */
+ glade_set_custom_handler (&ka_create_gtk_secure_entry, NULL);
applet->pw_xml = glade_xml_new (GLADEDIR "krb5-auth-dialog.glade", NULL, NULL);
applet->pw_wrong_label = glade_xml_get_widget (applet->pw_xml, "krb5_wrong_label");
applet->pw_dialog = glade_xml_get_widget (applet->pw_xml, "krb5_dialog");
diff --git a/src/krb5-auth-dialog.glade b/src/krb5-auth-dialog.glade
index 66d34e5..7440dff 100644
--- a/src/krb5-auth-dialog.glade
+++ b/src/krb5-auth-dialog.glade
@@ -177,7 +177,7 @@
</child>
<child>
- <widget class="GtkEntry" id="krb5_entry">
+ <widget class="Custom" id="krb5_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="editable">True</property>