forked from AuroraMiddleware/gtk
fb99bde840
We have a widget for password and passphrase entries, but we have no way to handle the data securely. This is usually performed by a separate GtkEntryBuffer—for instance, the one in GCR. While we have API for setting a new entry buffer on GtkText, we don't have API for GtkPasswordEntry, though, so the options are: - expose additional API for GtkPasswordEntry to allow setting a secure text buffer on the internal GtkText widget - provide a secure text buffer out of the box Given that an insecure-by-default GtkPasswordEntry is basically pointless, might as well have a secure buffer built in. We don't really need to make the password entry buffer public out of the box, but we can re-evaluate at a later date. Fixes: #2403
197 lines
5.8 KiB
C
197 lines
5.8 KiB
C
/* gtkpasswordentrybuffer.c: Entry buffer with secure allocation
|
|
*
|
|
Copyright 2009 Stefan Walter
|
|
* Copyright 2020 GNOME Foundation
|
|
*
|
|
* SPDX-License-Identifier: LGPL-2.1-or-later
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "config.h"
|
|
|
|
#include "gtkpasswordentrybufferprivate.h"
|
|
|
|
#include "gtksecurememoryprivate.h"
|
|
|
|
#include <string.h>
|
|
|
|
/* Initial size of buffer, in bytes */
|
|
#define MIN_SIZE 16
|
|
|
|
struct _GtkPasswordEntryBuffer
|
|
{
|
|
GtkEntryBuffer parent_instance;
|
|
|
|
char *text;
|
|
gsize text_size;
|
|
gsize text_bytes;
|
|
guint text_chars;
|
|
};
|
|
|
|
G_DEFINE_TYPE (GtkPasswordEntryBuffer, gtk_password_entry_buffer, GTK_TYPE_ENTRY_BUFFER)
|
|
|
|
static const char *
|
|
gtk_password_entry_buffer_real_get_text (GtkEntryBuffer *buffer,
|
|
gsize *n_bytes)
|
|
{
|
|
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
|
|
|
if (n_bytes != NULL)
|
|
*n_bytes = self->text_bytes;
|
|
|
|
if (!self->text)
|
|
return "";
|
|
|
|
return self->text;
|
|
}
|
|
|
|
static guint
|
|
gtk_password_entry_buffer_real_get_length (GtkEntryBuffer *buffer)
|
|
{
|
|
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
|
return self->text_chars;
|
|
}
|
|
|
|
static guint
|
|
gtk_password_entry_buffer_real_insert_text (GtkEntryBuffer *buffer,
|
|
guint position,
|
|
const char *chars,
|
|
guint n_chars)
|
|
{
|
|
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
|
|
|
gsize n_bytes = g_utf8_offset_to_pointer (chars, n_chars) - chars;
|
|
|
|
/* Need more memory */
|
|
if (n_bytes + self->text_bytes + 1 > self->text_size)
|
|
{
|
|
/* Calculate our new buffer size */
|
|
while (n_bytes + self->text_bytes + 1 > self->text_size)
|
|
{
|
|
if (self->text_size == 0)
|
|
{
|
|
self->text_size = MIN_SIZE;
|
|
}
|
|
else
|
|
{
|
|
if (2 * self->text_size < GTK_ENTRY_BUFFER_MAX_SIZE)
|
|
{
|
|
self->text_size *= 2;
|
|
}
|
|
else
|
|
{
|
|
self->text_size = GTK_ENTRY_BUFFER_MAX_SIZE;
|
|
if (n_bytes > self->text_size - self->text_bytes - 1)
|
|
{
|
|
n_bytes = self->text_size - self->text_bytes - 1;
|
|
n_bytes = g_utf8_find_prev_char (chars, chars + n_bytes + 1) - chars;
|
|
n_chars = g_utf8_strlen (chars, n_bytes);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
self->text = gtk_secure_realloc (self->text, self->text_size);
|
|
}
|
|
|
|
/* Actual text insertion */
|
|
gsize at = g_utf8_offset_to_pointer (self->text, position) - self->text;
|
|
memmove (self->text + at + n_bytes, self->text + at, self->text_bytes - at);
|
|
memcpy (self->text + at, chars, n_bytes);
|
|
|
|
/* Book keeping */
|
|
self->text_bytes += n_bytes;
|
|
self->text_chars += n_chars;
|
|
self->text[self->text_bytes] = '\0';
|
|
|
|
gtk_entry_buffer_emit_inserted_text (buffer, position, chars, n_chars);
|
|
|
|
return n_chars;
|
|
}
|
|
|
|
static guint
|
|
gtk_password_entry_buffer_real_delete_text (GtkEntryBuffer *buffer,
|
|
guint position,
|
|
guint n_chars)
|
|
{
|
|
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
|
|
|
|
if (position > self->text_chars)
|
|
position = self->text_chars;
|
|
if (position + n_chars > self->text_chars)
|
|
n_chars = self->text_chars - position;
|
|
|
|
if (n_chars > 0)
|
|
{
|
|
gsize start = g_utf8_offset_to_pointer (self->text, position) - self->text;
|
|
gsize end = g_utf8_offset_to_pointer (self->text, position + n_chars) - self->text;
|
|
|
|
memmove (self->text + start, self->text + end, self->text_bytes + 1 - end);
|
|
self->text_chars -= n_chars;
|
|
self->text_bytes -= (end - start);
|
|
|
|
gtk_entry_buffer_emit_deleted_text (buffer, position, n_chars);
|
|
}
|
|
|
|
return n_chars;
|
|
}
|
|
|
|
static void
|
|
gtk_password_entry_buffer_finalize (GObject *gobject)
|
|
{
|
|
GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (gobject);
|
|
|
|
g_clear_pointer (&self->text, gtk_secure_free);
|
|
|
|
self->text_bytes = 0;
|
|
self->text_size = 0;
|
|
self->text_chars = 0;
|
|
|
|
G_OBJECT_CLASS (gtk_password_entry_buffer_parent_class)->finalize (gobject);
|
|
}
|
|
|
|
static void
|
|
gtk_password_entry_buffer_class_init (GtkPasswordEntryBufferClass *klass)
|
|
{
|
|
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
|
|
GtkEntryBufferClass *buffer_class = GTK_ENTRY_BUFFER_CLASS (klass);
|
|
|
|
gobject_class->finalize = gtk_password_entry_buffer_finalize;
|
|
|
|
buffer_class->get_text = gtk_password_entry_buffer_real_get_text;
|
|
buffer_class->get_length = gtk_password_entry_buffer_real_get_length;
|
|
buffer_class->insert_text = gtk_password_entry_buffer_real_insert_text;
|
|
buffer_class->delete_text = gtk_password_entry_buffer_real_delete_text;
|
|
}
|
|
|
|
static void
|
|
gtk_password_entry_buffer_init (GtkPasswordEntryBuffer *self)
|
|
{
|
|
}
|
|
|
|
/*< private >
|
|
* gtk_password_entry_buffer_new:
|
|
*
|
|
* Creates a new #GtkEntryBuffer using secure memory allocations.
|
|
*
|
|
* Returns: (transfer full): the newly created instance
|
|
*/
|
|
GtkEntryBuffer *
|
|
gtk_password_entry_buffer_new (void)
|
|
{
|
|
return g_object_new (GTK_TYPE_PASSWORD_ENTRY_BUFFER, NULL);
|
|
}
|