Use account ID instead of name in passwordstorerc.
[claws.git] / src / passwordstore.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 2016 The Claws Mail Team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  *
18  */
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #include "claws-features.h"
23 #endif
24
25 #ifdef PASSWORD_CRYPTO_GNUTLS
26 # include <gnutls/gnutls.h>
27 # include <gnutls/crypto.h>
28 #endif
29
30 #include <glib.h>
31 #include <glib/gi18n.h>
32
33 #include "common/defs.h"
34 #include "common/utils.h"
35 #include "passwordstore.h"
36 #include "password.h"
37 #include "prefs_gtk.h"
38
39 static GSList *_password_store;
40
41 /* Finds password block of given type and name in the pwdstore. */
42 static PasswordBlock *_get_block(PasswordBlockType block_type,
43                 const gchar *block_name)
44 {
45         GSList *item;
46         PasswordBlock *block;
47
48         g_return_val_if_fail(block_type >= 0 && block_type < NUM_PWS_TYPES,
49                         NULL);
50         g_return_val_if_fail(block_name != NULL, NULL);
51
52         for (item = _password_store; item != NULL; item = item->next) {
53                 block = (PasswordBlock *)item->data;
54                 if (block->block_type == block_type &&
55                                 !strcmp(block->block_name, block_name))
56                         return block;
57         }
58
59         return NULL;
60 }
61
62 static gboolean _hash_equal_func(gconstpointer a, gconstpointer b)
63 {
64         if (g_strcmp0((const gchar *)a, (const gchar *)b) == 0)
65                 return TRUE;
66         return FALSE;
67 }
68
69 /* Creates a new, empty block and adds it to the pwdstore. */
70 static PasswordBlock *_new_block(PasswordBlockType block_type,
71                 const gchar *block_name)
72 {
73         PasswordBlock *block;
74
75         g_return_val_if_fail(block_type >= 0 && block_type < NUM_PWS_TYPES,
76                         NULL);
77         g_return_val_if_fail(block_name != NULL, NULL);
78
79         /* First check to see if the block doesn't already exist. */
80         if (_get_block(block_type, block_name)) {
81                 debug_print("Block (%d/%s) already exists.\n",
82                                 block_type, block_name);
83                 return NULL;
84         }
85
86         /* Let's create an empty block, and add it to pwdstore. */
87         block = g_new0(PasswordBlock, 1);
88         block->block_type = block_type;
89         block->block_name = g_strdup(block_name);
90         block->entries = g_hash_table_new_full(g_str_hash,
91                         (GEqualFunc)_hash_equal_func,
92                         g_free, g_free);
93         debug_print("Created password block (%d/%s)\n",
94                         block_type, block_name);
95
96         _password_store = g_slist_append(_password_store, block);
97
98         return block;
99 }
100
101 ///////////////////////////////////////////////////////////////
102
103 /* Stores a password. */
104 gboolean passwd_store_set(PasswordBlockType block_type,
105                 const gchar *block_name,
106                 const gchar *password_id,
107                 const gchar *password,
108                 gboolean encrypted)
109 {
110         PasswordBlock *block;
111         gchar *encrypted_password;
112
113         g_return_val_if_fail(block_type >= 0 && block_type < NUM_PWS_TYPES,
114                         FALSE);
115         g_return_val_if_fail(block_name != NULL, FALSE);
116         g_return_val_if_fail(password_id != NULL, FALSE);
117
118         debug_print("%s password '%s' in block (%d/%s)%s\n",
119                         (password == NULL ? "Deleting" : "Storing"),
120                         password_id, block_type, block_name,
121                         (encrypted ? ", already encrypted" : "") );
122
123         // find correct block (create if needed)
124         if ((block = _get_block(block_type, block_name)) == NULL &&
125                         (block = _new_block(block_type, block_name)) == NULL) {
126                 debug_print("Could not create password block (%d/%s)\n",
127                                 block_type, block_name);
128                 return FALSE;
129         }
130
131         if (password == NULL) {
132                 /* NULL password was passed to us, so delete the entry with
133                  * corresponding id */
134                 g_hash_table_remove(block->entries, password_id);
135         } else {
136                 if (!encrypted) {
137                         /* encrypt password before saving it */
138                         if ((encrypted_password =
139                                                 password_encrypt(password, NULL)) == NULL) {
140                                 debug_print("Could not encrypt password '%s' for block (%d/%s).\n",
141                                                 password_id, block_type, block_name);
142                                 return FALSE;
143                         }
144                 } else {
145                         /* password is already in encrypted form already */
146                         encrypted_password = g_strdup(password);
147                 }
148
149                 // add encrypted password to the block
150                 g_hash_table_insert(block->entries,
151                                 g_strdup(password_id),
152                                 encrypted_password);
153         }
154
155         return TRUE;
156 }
157
158 /* Retrieves a password. */
159 gchar *passwd_store_get(PasswordBlockType block_type,
160                 const gchar *block_name,
161                 const gchar *password_id)
162 {
163         PasswordBlock *block;
164         gchar *encrypted_password, *password;
165
166         g_return_val_if_fail(block_type >= 0 && block_type < NUM_PWS_TYPES,
167                         NULL);
168         g_return_val_if_fail(block_name != NULL, NULL);
169         g_return_val_if_fail(password_id != NULL, NULL);
170
171         debug_print("Getting password '%s' from block (%d/%s)\n",
172                         password_id, block_type, block_name);
173
174         // find correct block
175         if ((block = _get_block(block_type, block_name)) == NULL) {
176                 debug_print("Block (%d/%s) not found.\n", block_type, block_name);
177                 return NULL;
178         }
179
180         // grab pointer to encrypted password
181         if ((encrypted_password =
182                                 g_hash_table_lookup(block->entries, password_id)) == NULL) {
183                 debug_print("Password '%s' in block (%d/%s) not found.\n",
184                                 password_id, block_type, block_name);
185                 return NULL;
186         }
187
188         // decrypt password
189         if ((password =
190                                 password_decrypt(encrypted_password, NULL)) == NULL) {
191                 debug_print("Could not decrypt password '%s' for block (%d/%s).\n",
192                                 password_id, block_type, block_name);
193                 return NULL;
194         }
195
196         // return decrypted password
197         return password;
198 }
199
200 gboolean passwd_store_set_account(gint account_id,
201                 const gchar *password_id,
202                 const gchar *password,
203                 gboolean encrypted)
204 {
205         gchar *uid = g_strdup_printf("%d", account_id);
206         gboolean ret = passwd_store_set(PWS_ACCOUNT, uid,
207                         password_id, password, encrypted);
208         g_free(uid);
209         return ret;
210 }
211
212 gchar *passwd_store_get_account(gint account_id,
213                 const gchar *password_id)
214 {
215         gchar *uid = g_strdup_printf("%d", account_id);
216         gchar *ret = passwd_store_get(PWS_ACCOUNT, uid, password_id);
217         g_free(uid);
218         return ret;
219 }
220
221 /* Reencrypts all stored passwords. */
222 void passwd_store_reencrypt_all(const gchar *old_mpwd,
223                 const gchar *new_mpwd)
224 {
225         PasswordBlock *block;
226         GSList *item;
227         GList *keys, *eitem;
228         gchar *encrypted_password, *decrypted_password, *key;
229
230         g_return_if_fail(old_mpwd != NULL);
231         g_return_if_fail(new_mpwd != NULL);
232
233         for (item = _password_store; item != NULL; item = item->next) {
234                 block = (PasswordBlock *)item->data;
235                 if (block == NULL)
236                         continue; /* Just in case. */
237
238                 debug_print("Reencrypting passwords in block (%d/%s).\n",
239                                 block->block_type, block->block_name);
240
241                 if (g_hash_table_size(block->entries) == 0)
242                         continue;
243
244                 keys = g_hash_table_get_keys(block->entries);
245                 for (eitem = keys; eitem != NULL; eitem = eitem->next) {
246                         key = (gchar *)eitem->data;
247                         if ((encrypted_password =
248                                                 g_hash_table_lookup(block->entries, key)) == NULL)
249                                 continue;
250
251                         if ((decrypted_password =
252                                                 password_decrypt(encrypted_password, old_mpwd)) == NULL) {
253                                 debug_print("Reencrypt: couldn't decrypt password for '%s'.\n", key);
254                                 continue;
255                         }
256
257                         encrypted_password = password_encrypt(decrypted_password, new_mpwd);
258                         memset(decrypted_password, 0, strlen(decrypted_password));
259                         g_free(decrypted_password);
260                         if (encrypted_password == NULL) {
261                                 debug_print("Reencrypt: couldn't encrypt password for '%s'.\n", key);
262                                 continue;
263                         }
264
265                         g_hash_table_insert(block->entries, g_strdup(key), encrypted_password);
266                 }
267
268                 g_list_free(keys);
269         }
270
271         debug_print("Reencrypting done.\n");
272 }
273
274 static gint _write_to_file(FILE *fp)
275 {
276         PasswordBlock *block;
277         GSList *item;
278         GList *keys, *eitem;
279         gchar *typestr, *line, *key, *pwd;
280
281         for (item = _password_store; item != NULL; item = item->next) {
282                 block = (PasswordBlock*)item->data;
283                 if (block == NULL)
284                         continue; /* Just in case. */
285
286                 /* Do not save empty blocks. */
287                 if (g_hash_table_size(block->entries) == 0)
288                         continue;
289
290                 /* Prepare the section header string and write it out. */
291                 typestr = NULL;
292                 if (block->block_type == PWS_CORE) {
293                         typestr = "core";
294                 } else if (block->block_type == PWS_ACCOUNT) {
295                         typestr = "account";
296                 } else if (block->block_type == PWS_PLUGIN) {
297                         typestr = "plugin";
298                 }
299                 line = g_strdup_printf("[%s:%s]\n", typestr, block->block_name);
300
301                 if (fputs(line, fp) == EOF) {
302                         FILE_OP_ERROR("password store", "fputs");
303                         g_free(line);
304                         return -1;
305                 }
306                 g_free(line);
307
308                 /* Now go through all passwords in the block and write each out. */
309                 keys = g_hash_table_get_keys(block->entries);
310                 for (eitem = keys; eitem != NULL; eitem = eitem->next) {
311                         key = (gchar *)eitem->data;
312                         if ((pwd = g_hash_table_lookup(block->entries, key)) == NULL)
313                                 continue;
314
315                         line = g_strdup_printf("%s %s\n", key, pwd);
316                         if (fputs(line, fp) == EOF) {
317                                 FILE_OP_ERROR("password store", "fputs");
318                                 g_free(line);
319                                 return -1;
320                         }
321                         g_free(line);
322                 }
323                 g_list_free(keys);
324
325                 if (item->next != NULL && fputs("\n", fp) == EOF) {
326                         FILE_OP_ERROR("password store", "fputs");
327                         return -1;
328                 }
329
330         }
331
332         return 1;
333 }
334
335 void passwd_store_write_config(void)
336 {
337         gchar *rcpath;
338         PrefFile *pfile;
339
340         debug_print("Writing password store...\n");
341
342         rcpath = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
343                         PASSWORD_STORE_RC, NULL);
344
345         if ((pfile = prefs_write_open(rcpath)) == NULL) {
346                 g_warning("failed to open password store file for writing");
347                 g_free(rcpath);
348                 return;
349         }
350
351         g_free(rcpath);
352
353         if (_write_to_file(pfile->fp) < 0) {
354                 g_warning("failed to write password store to file");
355                 prefs_file_close_revert(pfile);
356         } else if (prefs_file_close(pfile) < 0) {
357                 g_warning("failed to properly close password store file after writing");
358         }
359 }
360
361 void passwd_store_read_config(void)
362 {
363         gchar *rcpath, *contents, **lines, **line, *typestr, *name;
364         GError *error = NULL;
365         guint i = 0;
366         PasswordBlock *block = NULL;
367         PasswordBlockType type;
368
369         // TODO: passwd_store_clear();
370
371         debug_print("Reading password store from file...\n");
372
373         rcpath = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
374                         PASSWORD_STORE_RC, NULL);
375
376         if (!g_file_get_contents(rcpath, &contents, NULL, &error)) {
377                 g_warning("couldn't read password store from file: %s\n", error->message);
378                 g_error_free(error);
379                 g_free(rcpath);
380                 return;
381         }
382         g_free(rcpath);
383
384         lines = g_strsplit(contents, "\n", -1);
385
386         while (lines[i] != NULL) {
387                 if (*lines[i] == '[') {
388                         /* Beginning of a new block */
389                         line = g_strsplit_set(lines[i], "[:]", -1);
390                         if (line[0] != NULL && strlen(line[0]) == 0
391                                         && line[1] != NULL && strlen(line[1]) > 0
392                                         && line[2] != NULL && strlen(line[2]) > 0
393                                         && line[3] != NULL && strlen(line[3]) == 0) {
394                                 typestr = line[1];
395                                 name = line[2];
396                                 if (!strcmp(typestr, "core")) {
397                                         type = PWS_CORE;
398                                 } else if (!strcmp(typestr, "account")) {
399                                         type = PWS_ACCOUNT;
400                                 } else if (!strcmp(typestr, "plugin")) {
401                                         type = PWS_PLUGIN;
402                                 } else {
403                                         debug_print("Uknown password block type: '%s'\n", typestr);
404                                         g_strfreev(line);
405                                         i++; continue;
406                                 }
407
408                                 if ((block = _new_block(type, name)) == NULL) {
409                                         debug_print("Duplicate password block, ignoring: (%d/%s)\n",
410                                                         type, name);
411                                         g_strfreev(line);
412                                         i++; continue;
413                                 }
414                         }
415                         g_strfreev(line);
416                 } else if (strlen(lines[i]) > 0 && block != NULL) {
417                         /* If we have started a password block, test for a
418                          * "password_id = password" line. */
419                         line = g_strsplit(lines[i], " ", -1);
420                         if (line[0] != NULL && strlen(line[0]) > 0
421                                         && line[1] != NULL && strlen(line[1]) > 0
422                                         && line[2] == NULL) {
423                                 debug_print("Adding password '%s'\n", line[0]);
424                                 g_hash_table_insert(block->entries,
425                                                 g_strdup(line[0]), g_strdup(line[1]));
426                         }
427                         g_strfreev(line);
428                 }
429                 i++;
430         }
431         g_strfreev(lines);
432 }