mirror of
https://gitlab.gnome.org/GNOME/gtk.git
synced 2025-01-16 15:14:17 +00:00
Merge branch 'ebassi/secure-buffer' into 'master'
Add secure entry buffer Closes #3119 and #2403 See merge request GNOME/gtk!2545
This commit is contained in:
commit
887d0b7411
@ -69,6 +69,9 @@
|
||||
/* Define to 1 if you have the `mkstemp' function. */
|
||||
#mesondefine HAVE_MKSTEMP
|
||||
|
||||
/* Define to 1 if you have the `mlock` function. */
|
||||
#mesondefine HAVE_MLOCK
|
||||
|
||||
/* Define to 1 if you have a working `mmap' system call. */
|
||||
#mesondefine HAVE_MMAP
|
||||
|
||||
|
@ -63,7 +63,6 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkCssProvider, g_object_unref)
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkDrawingArea, g_object_unref)
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkEditable, g_object_unref)
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkEntry, g_object_unref)
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkEntryBuffer, g_object_unref)
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkEntryCompletion, g_object_unref)
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkEventController, g_object_unref)
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkExpander, g_object_unref)
|
||||
|
@ -137,6 +137,8 @@ void gtk_entry_buffer_emit_deleted_text (GtkEntryBuffe
|
||||
guint position,
|
||||
guint n_chars);
|
||||
|
||||
G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkEntryBuffer, g_object_unref)
|
||||
|
||||
G_END_DECLS
|
||||
|
||||
#endif /* __GTK_ENTRY_BUFFER_H__ */
|
||||
|
@ -24,15 +24,16 @@
|
||||
|
||||
#include "gtktextprivate.h"
|
||||
#include "gtkeditable.h"
|
||||
#include "gtkeventcontrollerkey.h"
|
||||
#include "gtkgestureclick.h"
|
||||
#include "gtkbox.h"
|
||||
#include "gtkimage.h"
|
||||
#include "gtkintl.h"
|
||||
#include "gtkprivate.h"
|
||||
#include "gtkwidgetprivate.h"
|
||||
#include "gtkmarshalers.h"
|
||||
#include "gtkpasswordentrybufferprivate.h"
|
||||
#include "gtkprivate.h"
|
||||
#include "gtkstylecontext.h"
|
||||
#include "gtkeventcontrollerkey.h"
|
||||
#include "gtkwidgetprivate.h"
|
||||
|
||||
/**
|
||||
* SECTION:gtkpasswordentry
|
||||
@ -41,7 +42,10 @@
|
||||
*
|
||||
* #GtkPasswordEntry is entry that has been tailored for entering secrets.
|
||||
* It does not show its contents in clear text, does not allow to copy it
|
||||
* to the clipboard, and it shows a warning when Caps Lock is engaged.
|
||||
* to the clipboard, and it shows a warning when Caps Lock is engaged. If
|
||||
* the underlying platform allows it, GtkPasswordEntry will also place the
|
||||
* text in a non-pageable memory area, to avoid it being written out to
|
||||
* disk by the operating system.
|
||||
*
|
||||
* Optionally, it can offer a way to reveal the contents in clear text.
|
||||
*
|
||||
@ -159,8 +163,10 @@ static void
|
||||
gtk_password_entry_init (GtkPasswordEntry *entry)
|
||||
{
|
||||
GtkPasswordEntryPrivate *priv = gtk_password_entry_get_instance_private (entry);
|
||||
GtkEntryBuffer *buffer = gtk_password_entry_buffer_new ();
|
||||
|
||||
priv->entry = gtk_text_new ();
|
||||
gtk_text_set_buffer (GTK_TEXT (priv->entry), buffer);
|
||||
gtk_text_set_visibility (GTK_TEXT (priv->entry), FALSE);
|
||||
gtk_widget_set_parent (priv->entry, GTK_WIDGET (entry));
|
||||
gtk_editable_init_delegate (GTK_EDITABLE (entry));
|
||||
@ -175,6 +181,9 @@ gtk_password_entry_init (GtkPasswordEntry *entry)
|
||||
gtk_widget_add_css_class (GTK_WIDGET (entry), I_("password"));
|
||||
|
||||
gtk_password_entry_set_extra_menu (entry, NULL);
|
||||
|
||||
/* Transfer ownership to the GtkText widget */
|
||||
g_object_unref (buffer);
|
||||
}
|
||||
|
||||
static void
|
||||
|
196
gtk/gtkpasswordentrybuffer.c
Normal file
196
gtk/gtkpasswordentrybuffer.c
Normal file
@ -0,0 +1,196 @@
|
||||
/* gtkpasswordentrybuffer.c: Entry buffer with secure allocation
|
||||
*
|
||||
Copyright 2009 Stefan Walter
|
||||
* Copyright 2020 GNOME Foundation
|
||||
*
|
||||
* SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include "gtkpasswordentrybufferprivate.h"
|
||||
|
||||
#include "gtksecurememoryprivate.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Initial size of buffer, in bytes */
|
||||
#define MIN_SIZE 16
|
||||
|
||||
struct _GtkPasswordEntryBuffer
|
||||
{
|
||||
GtkEntryBuffer parent_instance;
|
||||
|
||||
char *text;
|
||||
gsize text_size;
|
||||
gsize text_bytes;
|
||||
guint text_chars;
|
||||
};
|
||||
|
||||
G_DEFINE_TYPE (GtkPasswordEntryBuffer, gtk_password_entry_buffer, GTK_TYPE_ENTRY_BUFFER)
|
||||
|
||||
static const char *
|
||||
gtk_password_entry_buffer_real_get_text (GtkEntryBuffer *buffer,
|
||||
gsize *n_bytes)
|
||||
{
|
||||
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
||||
|
||||
if (n_bytes != NULL)
|
||||
*n_bytes = self->text_bytes;
|
||||
|
||||
if (!self->text)
|
||||
return "";
|
||||
|
||||
return self->text;
|
||||
}
|
||||
|
||||
static guint
|
||||
gtk_password_entry_buffer_real_get_length (GtkEntryBuffer *buffer)
|
||||
{
|
||||
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
||||
return self->text_chars;
|
||||
}
|
||||
|
||||
static guint
|
||||
gtk_password_entry_buffer_real_insert_text (GtkEntryBuffer *buffer,
|
||||
guint position,
|
||||
const char *chars,
|
||||
guint n_chars)
|
||||
{
|
||||
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
||||
|
||||
gsize n_bytes = g_utf8_offset_to_pointer (chars, n_chars) - chars;
|
||||
|
||||
/* Need more memory */
|
||||
if (n_bytes + self->text_bytes + 1 > self->text_size)
|
||||
{
|
||||
/* Calculate our new buffer size */
|
||||
while (n_bytes + self->text_bytes + 1 > self->text_size)
|
||||
{
|
||||
if (self->text_size == 0)
|
||||
{
|
||||
self->text_size = MIN_SIZE;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (2 * self->text_size < GTK_ENTRY_BUFFER_MAX_SIZE)
|
||||
{
|
||||
self->text_size *= 2;
|
||||
}
|
||||
else
|
||||
{
|
||||
self->text_size = GTK_ENTRY_BUFFER_MAX_SIZE;
|
||||
if (n_bytes > self->text_size - self->text_bytes - 1)
|
||||
{
|
||||
n_bytes = self->text_size - self->text_bytes - 1;
|
||||
n_bytes = g_utf8_find_prev_char (chars, chars + n_bytes + 1) - chars;
|
||||
n_chars = g_utf8_strlen (chars, n_bytes);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
self->text = gtk_secure_realloc (self->text, self->text_size);
|
||||
}
|
||||
|
||||
/* Actual text insertion */
|
||||
gsize at = g_utf8_offset_to_pointer (self->text, position) - self->text;
|
||||
memmove (self->text + at + n_bytes, self->text + at, self->text_bytes - at);
|
||||
memcpy (self->text + at, chars, n_bytes);
|
||||
|
||||
/* Book keeping */
|
||||
self->text_bytes += n_bytes;
|
||||
self->text_chars += n_chars;
|
||||
self->text[self->text_bytes] = '\0';
|
||||
|
||||
gtk_entry_buffer_emit_inserted_text (buffer, position, chars, n_chars);
|
||||
|
||||
return n_chars;
|
||||
}
|
||||
|
||||
static guint
|
||||
gtk_password_entry_buffer_real_delete_text (GtkEntryBuffer *buffer,
|
||||
guint position,
|
||||
guint n_chars)
|
||||
{
|
||||
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
||||
|
||||
if (position > self->text_chars)
|
||||
position = self->text_chars;
|
||||
if (position + n_chars > self->text_chars)
|
||||
n_chars = self->text_chars - position;
|
||||
|
||||
if (n_chars > 0)
|
||||
{
|
||||
gsize start = g_utf8_offset_to_pointer (self->text, position) - self->text;
|
||||
gsize end = g_utf8_offset_to_pointer (self->text, position + n_chars) - self->text;
|
||||
|
||||
memmove (self->text + start, self->text + end, self->text_bytes + 1 - end);
|
||||
self->text_chars -= n_chars;
|
||||
self->text_bytes -= (end - start);
|
||||
|
||||
gtk_entry_buffer_emit_deleted_text (buffer, position, n_chars);
|
||||
}
|
||||
|
||||
return n_chars;
|
||||
}
|
||||
|
||||
static void
|
||||
gtk_password_entry_buffer_finalize (GObject *gobject)
|
||||
{
|
||||
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (gobject);
|
||||
|
||||
g_clear_pointer (&self->text, gtk_secure_free);
|
||||
|
||||
self->text_bytes = 0;
|
||||
self->text_size = 0;
|
||||
self->text_chars = 0;
|
||||
|
||||
G_OBJECT_CLASS (gtk_password_entry_buffer_parent_class)->finalize (gobject);
|
||||
}
|
||||
|
||||
static void
|
||||
gtk_password_entry_buffer_class_init (GtkPasswordEntryBufferClass *klass)
|
||||
{
|
||||
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
|
||||
GtkEntryBufferClass *buffer_class = GTK_ENTRY_BUFFER_CLASS (klass);
|
||||
|
||||
gobject_class->finalize = gtk_password_entry_buffer_finalize;
|
||||
|
||||
buffer_class->get_text = gtk_password_entry_buffer_real_get_text;
|
||||
buffer_class->get_length = gtk_password_entry_buffer_real_get_length;
|
||||
buffer_class->insert_text = gtk_password_entry_buffer_real_insert_text;
|
||||
buffer_class->delete_text = gtk_password_entry_buffer_real_delete_text;
|
||||
}
|
||||
|
||||
static void
|
||||
gtk_password_entry_buffer_init (GtkPasswordEntryBuffer *self)
|
||||
{
|
||||
}
|
||||
|
||||
/*< private >
|
||||
* gtk_password_entry_buffer_new:
|
||||
*
|
||||
* Creates a new #GtkEntryBuffer using secure memory allocations.
|
||||
*
|
||||
* Returns: (transfer full): the newly created instance
|
||||
*/
|
||||
GtkEntryBuffer *
|
||||
gtk_password_entry_buffer_new (void)
|
||||
{
|
||||
return g_object_new (GTK_TYPE_PASSWORD_ENTRY_BUFFER, NULL);
|
||||
}
|
33
gtk/gtkpasswordentrybufferprivate.h
Normal file
33
gtk/gtkpasswordentrybufferprivate.h
Normal file
@ -0,0 +1,33 @@
|
||||
/* gtkpasswordentrybufferprivate.h: Entry buffer using secure allocation
|
||||
*
|
||||
* Copyright 2020 GNOME Foundation
|
||||
*
|
||||
* SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <gtk/gtkentrybuffer.h>
|
||||
|
||||
G_BEGIN_DECLS
|
||||
|
||||
#define GTK_TYPE_PASSWORD_ENTRY_BUFFER (gtk_password_entry_buffer_get_type())
|
||||
|
||||
G_DECLARE_FINAL_TYPE (GtkPasswordEntryBuffer, gtk_password_entry_buffer, GTK, PASSWORD_ENTRY_BUFFER, GtkEntryBuffer)
|
||||
|
||||
GtkEntryBuffer * gtk_password_entry_buffer_new (void);
|
||||
|
||||
G_END_DECLS
|
1434
gtk/gtksecurememory.c
Normal file
1434
gtk/gtksecurememory.c
Normal file
File diff suppressed because it is too large
Load Diff
95
gtk/gtksecurememoryprivate.h
Normal file
95
gtk/gtksecurememoryprivate.h
Normal file
@ -0,0 +1,95 @@
|
||||
/* gtksecurememoryprivate.h - Allocator for non-pageable memory
|
||||
|
||||
Copyright 2007 Stefan Walter
|
||||
Copyright 2020 GNOME Foundation
|
||||
|
||||
SPDX-License-Identifier: LGPL-2.0-or-later
|
||||
|
||||
The Gnome Keyring Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Library General Public License as
|
||||
published by the Free Software Foundation; either version 2 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
The Gnome Keyring Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Library General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Library General Public
|
||||
License along with the Gnome Library; see the file COPYING.LIB. If not,
|
||||
see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Author: Stef Walter <stef@memberwebs.com>
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
/*
|
||||
* Main functionality
|
||||
*
|
||||
* Allocations return NULL on failure.
|
||||
*/
|
||||
|
||||
#define GTK_SECURE_USE_FALLBACK 0x0001
|
||||
|
||||
void * gtk_secure_alloc_full (const char *tag,
|
||||
size_t length,
|
||||
int options);
|
||||
|
||||
void * gtk_secure_realloc_full (const char *tag,
|
||||
void *p,
|
||||
size_t length,
|
||||
int options);
|
||||
|
||||
void gtk_secure_free (void *p);
|
||||
|
||||
void gtk_secure_free_full (void *p,
|
||||
int fallback);
|
||||
|
||||
void gtk_secure_clear (void *p,
|
||||
size_t length);
|
||||
|
||||
int gtk_secure_check (const void *p);
|
||||
|
||||
void gtk_secure_validate (void);
|
||||
|
||||
char * gtk_secure_strdup_full (const char *tag,
|
||||
const char *str,
|
||||
int options);
|
||||
|
||||
char * gtk_secure_strndup_full (const char *tag,
|
||||
const char *str,
|
||||
size_t length,
|
||||
int options);
|
||||
|
||||
void gtk_secure_strclear (char *str);
|
||||
|
||||
void gtk_secure_strfree (char *str);
|
||||
|
||||
/* Simple wrappers */
|
||||
|
||||
static inline void *gtk_secure_alloc (size_t length) {
|
||||
return gtk_secure_alloc_full ("gtk", length, GTK_SECURE_USE_FALLBACK);
|
||||
}
|
||||
|
||||
static inline void *gtk_secure_realloc (void *p, size_t length) {
|
||||
return gtk_secure_realloc_full ("gtk", p, length, GTK_SECURE_USE_FALLBACK);
|
||||
}
|
||||
|
||||
static inline void *gtk_secure_strdup (const char *str) {
|
||||
return gtk_secure_strdup_full ("gtk", str, GTK_SECURE_USE_FALLBACK);
|
||||
}
|
||||
|
||||
static inline void *gtk_secure_strndup (const char *str, size_t length) {
|
||||
return gtk_secure_strndup_full ("gtk", str, length, GTK_SECURE_USE_FALLBACK);
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
const char *tag;
|
||||
size_t request_length;
|
||||
size_t block_length;
|
||||
} gtk_secure_rec;
|
||||
|
||||
gtk_secure_rec * gtk_secure_records (unsigned int *count);
|
@ -121,6 +121,7 @@ gtk_private_sources = files([
|
||||
'gtkmenutrackeritem.c',
|
||||
'gtkpango.c',
|
||||
'gskpango.c',
|
||||
'gtkpasswordentrybuffer.c',
|
||||
'gtkpathbar.c',
|
||||
'gtkplacessidebar.c',
|
||||
'gtkplacesview.c',
|
||||
@ -134,6 +135,7 @@ gtk_private_sources = files([
|
||||
'gtkscaler.c',
|
||||
'gtksearchengine.c',
|
||||
'gtksearchenginemodel.c',
|
||||
'gtksecurememory.c',
|
||||
'gtksizerequestcache.c',
|
||||
'gtksortkeys.c',
|
||||
'gtkstyleanimation.c',
|
||||
|
@ -217,6 +217,11 @@ if cc.compiles(uint128_t_src, name : '__uint128_t available')
|
||||
cdata.set('HAVE_UINT128_T', 1)
|
||||
endif
|
||||
|
||||
# Check for mlock
|
||||
if cc.has_function('mlock', prefix: '#include <sys/mman.h>')
|
||||
cdata.set('HAVE_MLOCK', 1)
|
||||
endif
|
||||
|
||||
# Disable deprecation checks for all libraries we depend on on stable branches.
|
||||
# This is so newer versions of those libraries don't cause more warnings with
|
||||
# a stable GTK version.
|
||||
|
Loading…
Reference in New Issue
Block a user