Actually encrypt passwords before storing them
authorColin Leroy <colin@colino.net>
Thu, 11 Feb 2016 11:11:48 +0000 (12:11 +0100)
committerColin Leroy <colin@colino.net>
Thu, 11 Feb 2016 11:11:48 +0000 (12:11 +0100)
src/plugins/gdata/cm_gdata_contacts.c
src/plugins/spam_report/claws.def
src/plugins/spam_report/spam_report_prefs.c
src/plugins/vcalendar/claws.def
src/plugins/vcalendar/vcal_prefs.c

index 9a30763..0a062d2 100644 (file)
@@ -624,6 +624,8 @@ gboolean cm_gdata_update_contacts_cache(void)
 
 void cm_gdata_contacts_done(void)
 {
 
 void cm_gdata_contacts_done(void)
 {
+  gchar *pass;
+
   g_free(contacts_group_id);
   contacts_group_id = NULL;
 
   g_free(contacts_group_id);
   contacts_group_id = NULL;
 
@@ -635,7 +637,10 @@ void cm_gdata_contacts_done(void)
   {
 #if GDATA_CHECK_VERSION(0,17,2)
     /* store refresh token */
   {
 #if GDATA_CHECK_VERSION(0,17,2)
     /* store refresh token */
-    cm_gdata_config.oauth2_refresh_token = gdata_oauth2_authorizer_dup_refresh_token(authorizer);
+    pass = gdata_oauth2_authorizer_dup_refresh_token(authorizer);
+    cm_gdata_config.oauth2_refresh_token = password_encrypt(pass, NULL);
+    memset(pass, 0, strlen(pass));
+    g_free(pass);
 #endif
 
     g_object_unref(G_OBJECT(authorizer));
 #endif
 
     g_object_unref(G_OBJECT(authorizer));
index 723dae8..0d5e81a 100644 (file)
@@ -34,6 +34,7 @@ matcherlist_match
 matcherlist_new
 matcherprop_new
 password_decrypt
 matcherlist_new
 matcherprop_new
 password_decrypt
+password_encrypt
 pref_get_escaped_pref
 pref_get_unescaped_pref
 prefs_common
 pref_get_escaped_pref
 pref_get_unescaped_pref
 prefs_common
index f2353e7..7d0e88d 100644 (file)
@@ -198,6 +198,7 @@ static void save_spamreport_prefs(PrefsPage *page)
         int i = 0;
        
        for (i = 0; i < INTF_LAST; i++) {
         int i = 0;
        
        for (i = 0; i < INTF_LAST; i++) {
+               gchar *pass;
 
                g_free(spamreport_prefs.user[i]);
                g_free(spamreport_prefs.pass[i]);
 
                g_free(spamreport_prefs.user[i]);
                g_free(spamreport_prefs.pass[i]);
@@ -206,8 +207,11 @@ static void save_spamreport_prefs(PrefsPage *page)
                        GTK_TOGGLE_BUTTON(prefs_page->enabled_chkbtn[i]));
                spamreport_prefs.user[i] = gtk_editable_get_chars(
                        GTK_EDITABLE(prefs_page->user_entry[i]), 0, -1);
                        GTK_TOGGLE_BUTTON(prefs_page->enabled_chkbtn[i]));
                spamreport_prefs.user[i] = gtk_editable_get_chars(
                        GTK_EDITABLE(prefs_page->user_entry[i]), 0, -1);
-               spamreport_prefs.pass[i] = gtk_editable_get_chars(
-                       GTK_EDITABLE(prefs_page->pass_entry[i]), 0, -1);
+
+               pass = gtk_editable_get_chars(GTK_EDITABLE(prefs_page->pass_entry[i]), 0, -1);
+               spamreport_prefs.pass[i] = password_encrypt(pass, NULL);
+               memset(pass, 0, strlen(pass));
+               g_free(pass);
        }
 
         pref_file = prefs_write_open(rc_file_path);
        }
 
         pref_file = prefs_write_open(rc_file_path);
index 1d38f53..297aa5f 100644 (file)
@@ -110,6 +110,7 @@ mimeview_unregister_viewer_factory
 move_file
 open_uri
 password_decrypt
 move_file
 open_uri
 password_decrypt
+password_encrypt
 prefs_button_toggled
 prefs_common
 prefs_common_get_uri_cmd
 prefs_button_toggled
 prefs_common
 prefs_common_get_uri_cmd
index 06c6fd4..a039d3f 100644 (file)
@@ -628,6 +628,7 @@ void vcal_prefs_save(void)
 {
        PrefFile *pfile;
        gchar *rcpath;
 {
        PrefFile *pfile;
        gchar *rcpath;
+
        rcpath = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, COMMON_RC, NULL);
        pfile = prefs_write_open(rcpath);
        g_free(rcpath);
        rcpath = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, COMMON_RC, NULL);
        pfile = prefs_write_open(rcpath);
        g_free(rcpath);
@@ -649,6 +650,7 @@ void vcal_prefs_save(void)
 static void vcal_prefs_save_func(PrefsPage * _page)
 {
        struct VcalendarPage *page = (struct VcalendarPage *) _page;
 static void vcal_prefs_save_func(PrefsPage * _page)
 {
        struct VcalendarPage *page = (struct VcalendarPage *) _page;
+       gchar *pass;
 
 /* alert */
        vcalprefs.alert_enable =
 
 /* alert */
        vcalprefs.alert_enable =
@@ -679,8 +681,11 @@ static void vcal_prefs_save_func(PrefsPage * _page)
        vcalprefs.export_user =
            gtk_editable_get_chars(GTK_EDITABLE(page->export_user_entry), 0, -1);
        g_free(vcalprefs.export_pass);
        vcalprefs.export_user =
            gtk_editable_get_chars(GTK_EDITABLE(page->export_user_entry), 0, -1);
        g_free(vcalprefs.export_pass);
-       vcalprefs.export_pass =
-           gtk_editable_get_chars(GTK_EDITABLE(page->export_pass_entry), 0, -1);
+       pass = gtk_editable_get_chars(GTK_EDITABLE(page->export_pass_entry), 0, -1);
+       
+       vcalprefs.export_pass = password_encrypt(pass, NULL);
+       memset(pass, 0, strlen(pass));
+       g_free(pass);
        
 /* free/busy export */
        vcalprefs.export_freebusy_enable = 
        
 /* free/busy export */
        vcalprefs.export_freebusy_enable = 
@@ -699,9 +704,10 @@ static void vcal_prefs_save_func(PrefsPage * _page)
        vcalprefs.export_freebusy_user =
            gtk_editable_get_chars(GTK_EDITABLE(page->export_freebusy_user_entry), 0, -1);
        g_free(vcalprefs.export_freebusy_pass);
        vcalprefs.export_freebusy_user =
            gtk_editable_get_chars(GTK_EDITABLE(page->export_freebusy_user_entry), 0, -1);
        g_free(vcalprefs.export_freebusy_pass);
-       vcalprefs.export_freebusy_pass =
-           gtk_editable_get_chars(GTK_EDITABLE(page->export_freebusy_pass_entry), 0, -1);
-       
+       pass = gtk_editable_get_chars(GTK_EDITABLE(page->export_freebusy_pass_entry), 0, -1);
+       vcalprefs.export_freebusy_pass = password_encrypt(pass, NULL);
+       memset(pass, 0, strlen(pass));
+       g_free(pass);
 
 /* free/busy import */
        g_free(vcalprefs.freebusy_get_url);
 
 /* free/busy import */
        g_free(vcalprefs.freebusy_get_url);