Mercurial > gftp.yaz

changeset 330:532eb171d5c2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
2003-12-7 Brian Masney <masneyb@gftp.org> * lib/config_file.c lib/gftp.h lib/misc.c lib/options.h - added scramble passwords option. This patch is mostly from Aurelien Jarno <lists@aurel32.net>, but it was modified by me quite a bit. This is not safe, and can be broken. That is why it's labeled scrambled passwords instead of encrypt passwords. * acinclude.m4 - fix to AC_INTL_PRINTF
author masneyb
date Mon, 08 Dec 2003 02:53:24 +0000
parents df4c91bf4adf
children 6c394c91ee57
files ChangeLog acinclude.m4 lib/config_file.c lib/gftp.h lib/misc.c lib/options.h
diffstat 6 files changed, 114 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Mon Dec 08 02:14:26 2003 +0000
+++ b/ChangeLog	Mon Dec 08 02:53:24 2003 +0000
@@ -1,4 +1,12 @@
 2003-12-7 Brian Masney <masneyb@gftp.org>
+	* lib/config_file.c lib/gftp.h lib/misc.c lib/options.h - added
+	scramble passwords option. This patch is mostly from Aurelien Jarno
+        <lists@aurel32.net>, but it was modified by me quite a bit. This is
+	not safe, and can be broken. That is why it's labeled scrambled
+	passwords instead of encrypt passwords.
+
+	* acinclude.m4 - fix to AC_INTL_PRINTF
+
 	* src/gtk/dnd.c (openurl_get_drag_data) - if we are connected to a
 	remote site, disconnect before parsing the URL. This fixes a bug where
 	the directory was not being refreshed properly (from Aurelien Jarno
@@ -1812,7 +1820,7 @@
 
 	* cvsclean - added this script
 
-	* *.[ch] - added $Id: ChangeLog,v 1.180 2003/12/08 02:14:25 masneyb Exp $ tags
+	* *.[ch] - added $Id: ChangeLog,v 1.181 2003/12/08 02:53:23 masneyb Exp $ tags
 
 	* debian/* - updated files from Debian maintainer
 
--- a/acinclude.m4	Mon Dec 08 02:14:26 2003 +0000
+++ b/acinclude.m4	Mon Dec 08 02:53:24 2003 +0000
@@ -145,7 +145,7 @@
                int main(void) {
                  char buf[20];
                  sprintf (buf, "%'ld", (long) 1);
-                 if (strchr ('1', buf) == NULL)
+                 if (strchr (buf, '1') == NULL)
                    return (1);
                  return (0);
                }],
--- a/lib/config_file.c	Mon Dec 08 02:14:26 2003 +0000
+++ b/lib/config_file.c	Mon Dec 08 02:53:24 2003 +0000
@@ -258,7 +258,10 @@
 	  curpos = buf + 9;
 	  if (newentry->pass)
 	    g_free (newentry->pass);
-	  newentry->pass = g_strdup (curpos);
+
+	  /* Always try to descramble passords. If the password is not
+             scrambled, descramble_password returns the string unchanged */
+	  newentry->pass = gftp_descramble_password (curpos);
 	  newentry->save_password = *newentry->pass != '\0';
 	}
       else if (strncmp (buf, "account", 7) == 0 && newentry)
@@ -715,7 +718,8 @@
 gftp_write_bookmarks_file (void)
 {
   gftp_bookmarks_var * tempentry;
-  char *bmhdr, *tempstr;
+  char *bmhdr, *tempstr, *password;
+  intptr_t scramble_passwords;
   FILE * bmfile;
   int i;
 
@@ -739,6 +743,8 @@
   write_comment (bmfile, _(bmhdr));
   fwrite ("\n", 1, 1, bmfile);
 
+  gftp_lookup_global_option ("scramble_passwords", &scramble_passwords);
+  
   tempentry = gftp_bookmarks->children;
   while (tempentry != NULL)
     {
@@ -747,9 +753,21 @@
 	  tempentry = tempentry->children;
 	  continue;
 	}
+
       tempstr = tempentry->path;
       while (*tempstr == '/')
 	tempstr++;
+
+      if (tempentry->save_password && tempentry->pass != NULL)
+        {
+	  if (scramble_passwords)
+            password = gftp_scramble_password (tempentry->pass);
+	  else
+	    password = g_strdup (tempentry->pass);
+	}
+      else
+        password = NULL;
+
       fprintf (bmfile,
 	       "[%s]\nhostname=%s\nport=%d\nprotocol=%s\nremote directory=%s\nlocal directory=%s\nusername=%s\npassword=%s\naccount=%s\n",
 	       tempstr, tempentry->hostname == NULL ? "" : tempentry->hostname,
@@ -759,10 +777,12 @@
 	       tempentry->remote_dir == NULL ? "" : tempentry->remote_dir,
 	       tempentry->local_dir == NULL ? "" : tempentry->local_dir,
 	       tempentry->user == NULL ? "" : tempentry->user,
-	       !tempentry->save_password
-	       || tempentry->pass == NULL ? "" : tempentry->pass,
+	       password == NULL ? "" : password,
 	       tempentry->acct == NULL ? "" : tempentry->acct);
 
+      if (password != NULL)
+        g_free(password);
+
       if (tempentry->local_options_vars != NULL)
         {
           for (i=0; i<tempentry->num_local_options_vars; i++)
--- a/lib/gftp.h	Mon Dec 08 02:14:26 2003 +0000
+++ b/lib/gftp.h	Mon Dec 08 02:53:24 2003 +0000
@@ -717,6 +717,10 @@
 
 void gftp_locale_init 			( void );
 
+char * gftp_scramble_password		( const char *password );
+
+char * gftp_descramble_password		( const char *password );
+
 /* protocols.c */
 #define GFTP_FTP_NUM				0
 #define GFTP_HTTP_NUM				1
--- a/lib/misc.c	Mon Dec 08 02:14:26 2003 +0000
+++ b/lib/misc.c	Mon Dec 08 02:53:24 2003 +0000
@@ -1240,3 +1240,76 @@
 #endif /* HAVE_GETTEXT */
 }
 
+/* Very primary encryption/decryption to make the passwords unreadable
+   with 'cat ~/.gftp/bookmarks'.
+   
+   Each character is separated in two nibbles. Then each nibble is stored
+   under the form 01xxxx01. The resulted string is prefixed by a '$'.
+*/
+
+
+char * 
+gftp_scramble_password (const char *password)
+{
+  char *newstr, *newpos;
+
+  if (strcmp (password, "@EMAIL@") == 0)
+    return (g_strdup (password));
+
+  newstr = g_malloc (strlen(password) * 2 + 2);
+  newpos = newstr;
+  
+  *newpos++ = '$';
+
+  while (*password != 0)
+    {
+      *newpos++ = ((*password >> 2) & 0x3c) | 0x41;
+      *newpos++ = ((*password << 2) & 0x3c) | 0x41;
+      password++;
+    }
+  *newpos = 0;
+  
+  return (newstr);
+}
+
+
+char *
+gftp_descramble_password (const char *password)
+{
+  const char *passwordpos;
+  char *newstr, *newpos;
+  int error;
+
+  if (*password != '$')
+    return (g_strdup (password));
+
+  passwordpos = password + 1;
+  newstr = g_malloc (strlen (passwordpos) / 2 + 1);
+  newpos = newstr;
+ 
+  error = 0;
+  while (*passwordpos != '\0' && (*passwordpos + 1) != '\0')
+    {
+      if ((*passwordpos & 0xc3) != 0x41 ||
+          (*(passwordpos + 1) & 0xc3) != 0x41)
+        {
+          error = 1;
+          break;
+        }
+
+      *newpos++ = ((*passwordpos & 0x3c) << 2) | 
+                  ((*(passwordpos + 1) & 0x3c) >> 2);
+
+      passwordpos += 2;
+    }
+
+  if (error)
+    {
+      g_free (newstr);
+      return (g_strdup (password));
+    }
+
+  *newpos = '\0';
+  return (newstr);
+}
+
--- a/lib/options.h	Mon Dec 08 02:14:26 2003 +0000
+++ b/lib/options.h	Mon Dec 08 02:53:24 2003 +0000
@@ -88,6 +88,9 @@
   {"show_trans_in_title", N_("Show transfer status in title"), 
    gftp_option_type_checkbox, GINT_TO_POINTER(1), NULL, 0,
    N_("Show the file transfer status in the titlebar"), GFTP_PORT_GTK, NULL},
+  {"scramble_passwords", N_("Store passwords in scrambled form"),
+   gftp_option_type_checkbox, GINT_TO_POINTER(1), NULL, 0,
+   N_("Scramble passwords stored in ~/.gftp/bookmarks"), GFTP_PORT_ALL, NULL},
 
   {"", N_("Network"), gftp_option_type_notebook, NULL, NULL, 
    GFTP_CVARS_FLAGS_SHOW_BOOKMARK, NULL, GFTP_PORT_GTK, NULL},