From 62a7b6613ff827b33bbc30c1bc7852f8986ac85e Mon Sep 17 00:00:00 2001 From: "Matthew R. Trower" Date: Sat, 25 Jun 2016 12:45:10 -0500 Subject: [PATCH] Require login password to view plaintext secrets --- gkr/gkr-item-properties.vala | 33 ++++++++++++++++++++++++++++++++- gkr/gkr-keyring.vala | 28 ++++++++++++++++++++++++++++ help/C/passwords-view.page | 14 -------------- help/cs/cs.po | 31 ------------------------------- help/de/de.po | 35 ----------------------------------- help/el/el.po | 35 ----------------------------------- help/es/es.po | 33 --------------------------------- help/fr/fr.po | 35 ----------------------------------- help/hu/hu.po | 33 --------------------------------- help/ru/ru.po | 24 ------------------------ 10 files changed, 60 insertions(+), 241 deletions(-) diff --git a/gkr/gkr-item-properties.vala b/gkr/gkr-item-properties.vala index 3604cc2..2602327 100644 --- a/gkr/gkr-item-properties.vala +++ b/gkr/gkr-item-properties.vala @@ -70,7 +70,38 @@ public class ItemProperties : Gtk.Dialog { /* The check button for password visibility */ Gtk.CheckButton check = (Gtk.CheckButton)this._builder.get_object("show-password-check"); check.toggled.connect(() => { - this._password_entry.visibility = check.active; + if (check.active) { + /* + * Perform a lock / unlock of target and "login" keyrings, to require + * entry of master password before showing any plaintext secrets. + */ + var backend = Backend.instance(); + try { + var this_keyring = this.item.place; + this_keyring.lock_sync(null, null); + + /* + * Need to lock "login" no matter what, or other keyrings will + * auto-unlock if their secrets are stored in the login keychain. + * If the current keychain *is* "login", skip doing it a second time. + */ + foreach (var keyring in backend.get_keyrings()) { + if (backend.has_alias("login", keyring) && k != this_keyring) { + keyring.lock_sync(null, null); + keyring.unlock_sync(null, null); + break; /* no need to go on */ + } + } + + this_keyring.unlock_sync(null, null); + + this._password_entry.visibility = true; + } catch(GLib.Error ex) { + GLib.error("Failed to lock / unlock keyrings!"); + } + } else { + this._password_entry.visibility = false; + } }); /* Window title */ diff --git a/gkr/gkr-keyring.vala b/gkr/gkr-keyring.vala index 3545b54..83c5e8f 100644 --- a/gkr/gkr-keyring.vala +++ b/gkr/gkr-keyring.vala @@ -125,6 +125,34 @@ public class Keyring : Secret.Collection, Gcr.Collection, Place, Deletable, Lock return unlocked.length() > 0; } + public bool lock_sync(GLib.TlsInteraction? interaction, + GLib.Cancellable? cancellable) throws GLib.Error { + var result = false; + var loop = new MainLoop(); + + this.lock.begin(interaction, cancellable, (obj, res) => { + result = this.lock.end(res); + loop.quit(); + }); + + loop.run(); + return result; + } + + public bool unlock_sync(GLib.TlsInteraction? interaction, + GLib.Cancellable? cancellable) throws GLib.Error { + var result = false; + var loop = new MainLoop(); + + unlock.begin(interaction, cancellable, (obj, res) => { + result = unlock.end(res); + loop.quit(); + }); + + loop.run(); + return result; + } + public async bool load(GLib.Cancellable? cancellable) throws GLib.Error { refresh_collection(); return true; diff --git a/help/C/passwords-view.page b/help/C/passwords-view.page index ffa7802..0d01f1e 100644 --- a/help/C/passwords-view.page +++ b/help/C/passwords-view.page @@ -58,18 +58,4 @@ password.

- - -

Since the contents of any unlocked keyrings are available to programs - you may be running, and Passwords and Keys does not seek to give - a false sense of security, the contents of unlocked keyrings are able to be - viewed without entering the password.

-

This means that if you are logged-in, the contents of the - Login keyring will available without entering a password from - Passwords and Keys.

-

If you need to lend your computer to another person, it is recommended - that you create a user account for them, or allow them to use a guest - account.

- - diff --git a/help/cs/cs.po b/help/cs/cs.po index b672327..0c3dc63 100644 --- a/help/cs/cs.po +++ b/help/cs/cs.po @@ -1257,37 +1257,6 @@ msgstr "" "Pokud je zapotřebí, rozbalte panel Hesla a zaškrtněte Zobrazit heslo, aby se heslo zobrazilo." -#. (itstool) path: note/p -#: C/passwords-view.page:63 -msgid "" -"Since the contents of any unlocked keyrings are available to programs you " -"may be running, and Passwords and Keys does not seek to give a " -"false sense of security, the contents of unlocked keyrings are able to be " -"viewed without entering the password." -msgstr "" -"Vzhledem k tomu, že obsah odemčených klíčenek je přístupný programům, které " -"běží, a Hesla a klíče se nesnaží poskytnout falešný pocit " -"bezpečí, můžete vidět obsah odemčené klíčenky bez zadání hesla." - -#. (itstool) path: note/p -#: C/passwords-view.page:67 -msgid "" -"This means that if you are logged-in, the contents of the Login " -"keyring will available without entering a password from Passwords and " -"Keys." -msgstr "" -"To znamená, že když jste přihlášeni, obsah klíčenky Login bude " -"přístupný bez zadávání hesla do aplikace Hesla a klíče." - -#. (itstool) path: note/p -#: C/passwords-view.page:70 -msgid "" -"If you need to lend your computer to another person, it is recommended that " -"you create a user account for them, or allow them to use a guest account." -msgstr "" -"V případě, že se chystáte svůj počítač někomu půjčit, měli byste pro něj " -"vytvořit oddělený uživatelský účet nebo mu umožnit používat účet hosta." - #. (itstool) path: info/desc #: C/pgp-create.page:32 msgid "Create and use GnuPG keys for encrypting and signing emails." diff --git a/help/de/de.po b/help/de/de.po index 2f7c96c..abbb20f 100644 --- a/help/de/de.po +++ b/help/de/de.po @@ -1323,41 +1323,6 @@ msgstr "" "aktivieren Sie das Ankreuzfeld Passwort anzeigen, um das Passwort zu sehen." -#. (itstool) path: note/p -#: C/passwords-view.page:63 -msgid "" -"Since the contents of any unlocked keyrings are available to programs you " -"may be running, and Passwords and Keys does not seek to give a " -"false sense of security, the contents of unlocked keyrings are able to be " -"viewed without entering the password." -msgstr "" -"Der Inhalt von entsperrten Schlüsselbünden darf ohne Eingabe des Passworts " -"eingesehen werden, weil der Inhalt von jedem entsperrten Schlüsselbund " -"ohnehin für jedes laufende Programm zur Verfügung steht. Passwörter und " -"Schlüssel will keinen falschen Schein von Sicherheit vortäuschen." - -#. (itstool) path: note/p -#: C/passwords-view.page:67 -msgid "" -"This means that if you are logged-in, the contents of the Login " -"keyring will available without entering a password from Passwords and " -"Keys." -msgstr "" -"Das bedeutet, dass nach einer erfolgten Anmeldung der Inhalt des " -"Schlüsselbunds Anmeldung ohne Eingabe eines (weiteren) Passworts " -"durch Passwörter und Schlüssel zur Verfügung steht." - -#. (itstool) path: note/p -#: C/passwords-view.page:70 -msgid "" -"If you need to lend your computer to another person, it is recommended that " -"you create a user account for them, or allow them to use a guest account." -msgstr "" -"Wenn Sie einer anderen Person Ihren Rechner ausleihen oder zur Verfügung " -"stellen, so wird empfohlen, dass Sie für die andere Person ein eigenes " -"Benutzerkonto anlegen. Eventuell kann die Person auch ein Benutzerkonto für " -"Gäste verwenden." - #. (itstool) path: info/desc #: C/pgp-create.page:32 msgid "Create and use GnuPG keys for encrypting and signing emails." diff --git a/help/el/el.po b/help/el/el.po index f7b1912..016d4b8 100644 --- a/help/el/el.po +++ b/help/el/el.po @@ -1342,41 +1342,6 @@ msgstr "" "σημειώστε το πλαίσιο ελέγχου Εμφάνιση κωδικού " "πρόσβασης για να προβάλετε τον κωδικό πρόσβασης." -#. (itstool) path: note/p -#: C/passwords-view.page:63 -msgid "" -"Since the contents of any unlocked keyrings are available to programs you " -"may be running, and Passwords and Keys does not seek to give a " -"false sense of security, the contents of unlocked keyrings are able to be " -"viewed without entering the password." -msgstr "" -"Αφού τα περιεχόμενα οποιασδήποτε κλειδοθήκης είναι διαθέσιμα σε προγράμματα " -"που μπορεί να εκτελούνται και το Κωδικοί πρόσβασης και κλειδιά " -"δεν αναζητά να δώσει μια ψευδή αίσθηση ασφάλειας, τα περιεχόμενα των " -"ξεκλείδωτων κλειδοθηκών μπορούν να προβληθούν χωρίς την εισαγωγή του κωδικού " -"πρόσβασης." - -#. (itstool) path: note/p -#: C/passwords-view.page:67 -msgid "" -"This means that if you are logged-in, the contents of the Login " -"keyring will available without entering a password from Passwords and " -"Keys." -msgstr "" -"Αυτό σημαίνει ότι αν συνδεθείτε, τα περιεχόμενα της κλειδοθήκης " -"σύνδεσης θα είναι διαθέσιμα χωρίς να εισάγετε έναν κωδικό " -"πρόσβασης από το Κωδικοί πρόσβασης και κλειδιά." - -#. (itstool) path: note/p -#: C/passwords-view.page:70 -msgid "" -"If you need to lend your computer to another person, it is recommended that " -"you create a user account for them, or allow them to use a guest account." -msgstr "" -"Αν χρειάζεται να δανείσετε τον υπολογιστή σας σε ένα άλλο άτομο, συνιστάται " -"να δημιουργήσετε έναν λογαριασμό χρήστη για αυτος ή να τους επιτρέψετε να " -"χρησιμοποιήσουν έναν λογαριασμό επισκέπτη." - #. (itstool) path: info/desc #: C/pgp-create.page:32 msgid "Create and use GnuPG keys for encrypting and signing emails." diff --git a/help/es/es.po b/help/es/es.po index 5ac8f14..03d9872 100644 --- a/help/es/es.po +++ b/help/es/es.po @@ -1295,39 +1295,6 @@ msgstr "" "Expanda el panel Contraseñas si es necesario y marque la casilla " "Mostrar contraseña para ver la contraseña." -#. (itstool) path: note/p -#: C/passwords-view.page:63 -msgid "" -"Since the contents of any unlocked keyrings are available to programs you " -"may be running, and Passwords and Keys does not seek to give a " -"false sense of security, the contents of unlocked keyrings are able to be " -"viewed without entering the password." -msgstr "" -"Dado que el contenido de cualquier depósito de claves desbloqueado está " -"disponible para los programas en ejecución, y que Contraseñas y claves no quiere ofrece una falsa imagen de seguridad, el contenido de los " -"depósitos desbloqueados se puede ver sin introducir la contraseña." - -#. (itstool) path: note/p -#: C/passwords-view.page:67 -msgid "" -"This means that if you are logged-in, the contents of the Login " -"keyring will available without entering a password from Passwords and " -"Keys." -msgstr "" -"Esto significa que, si ha iniciado sesión, en contenido del depósito de " -"Inicio de sesión estará disponible sin tener que introducir una " -"contraseña en Contraseñas y claves." - -#. (itstool) path: note/p -#: C/passwords-view.page:70 -msgid "" -"If you need to lend your computer to another person, it is recommended that " -"you create a user account for them, or allow them to use a guest account." -msgstr "" -"Si necesita prestar su equipo a otra persona, es recomendable que cree una " -"cuenta para esa persona, o que le permita usar una cuenta de invitado." - #. (itstool) path: info/desc #: C/pgp-create.page:32 msgid "Create and use GnuPG keys for encrypting and signing emails." diff --git a/help/fr/fr.po b/help/fr/fr.po index cd771c1..adf0412 100644 --- a/help/fr/fr.po +++ b/help/fr/fr.po @@ -1313,41 +1313,6 @@ msgstr "" "Développez le panneau Mots de passe si nécessaire, et cochez la " "case Afficher le mot de passe." -#. (itstool) path: note/p -#: C/passwords-view.page:63 -msgid "" -"Since the contents of any unlocked keyrings are available to programs you " -"may be running, and Passwords and Keys does not seek to give a " -"false sense of security, the contents of unlocked keyrings are able to be " -"viewed without entering the password." -msgstr "" -"Puisque le contenu des trousseaux déverrouillés est disponible pour les " -"programmes que vous êtes en train d'exécuter, et que Mots de passe et " -"clés ne cherche pas à donner un faux sentiments de sécurité, le " -"contenu des trousseaux déverrouillés peut être affiché sans saisir le mot de " -"passe." - -#. (itstool) path: note/p -#: C/passwords-view.page:67 -msgid "" -"This means that if you are logged-in, the contents of the Login " -"keyring will available without entering a password from Passwords and " -"Keys." -msgstr "" -"Cela signifie que si vous êtes connecté, le contenu du trousseau " -"Identifiant est disponible sans saisir de mot de passe dans " -"Mots de passe et clés." - -#. (itstool) path: note/p -#: C/passwords-view.page:70 -msgid "" -"If you need to lend your computer to another person, it is recommended that " -"you create a user account for them, or allow them to use a guest account." -msgstr "" -"Si vous avez besoin de prêter votre ordinateur à une autre personne, il est " -"recommandé de créer un compte utilisateur pour elle, ou de lui permettre " -"d'utiliser un compte invité." - #. (itstool) path: info/desc #: C/pgp-create.page:32 msgid "Create and use GnuPG keys for encrypting and signing emails." diff --git a/help/hu/hu.po b/help/hu/hu.po index 3e32569..e2a9318 100644 --- a/help/hu/hu.po +++ b/help/hu/hu.po @@ -1297,39 +1297,6 @@ msgstr "" "Ha szükséges, bontsa ki a Jelszavak panelt, és aktiválja a Jelszó megjelenítése jelölőnégyzetet." -#. (itstool) path: note/p -#: C/passwords-view.page:63 -msgid "" -"Since the contents of any unlocked keyrings are available to programs you " -"may be running, and Passwords and Keys does not seek to give a " -"false sense of security, the contents of unlocked keyrings are able to be " -"viewed without entering the password." -msgstr "" -"Mivel minden egyes feloldott kulcstartó tartalmához minden futó alkalmazás " -"hozzáférhet, és mivel a Jelszavak és kulcsok nem kíván hamis " -"biztonságérzetet nyújtani, minden egyes feloldott kulcstartó tartalma " -"megtekinthető jelszó megadása nélkül." - -#. (itstool) path: note/p -#: C/passwords-view.page:67 -msgid "" -"This means that if you are logged-in, the contents of the Login " -"keyring will available without entering a password from Passwords and " -"Keys." -msgstr "" -"Ez azt jelenti, hogy ha be van jelentkezve, a Bejelentkezési " -"kulcstartó tartalma a Jelszavak és kulcsok jelszava megadása " -"nélkül is megtekinthető." - -#. (itstool) path: note/p -#: C/passwords-view.page:70 -msgid "" -"If you need to lend your computer to another person, it is recommended that " -"you create a user account for them, or allow them to use a guest account." -msgstr "" -"Ha kölcsön kell adnia a gépét, akkor készítsen az illető személynek egy " -"saját felhasználói fiókot, vagy engedélyezze a vendég fiók használatát." - #. (itstool) path: info/desc #: C/pgp-create.page:32 msgid "Create and use GnuPG keys for encrypting and signing emails." diff --git a/help/ru/ru.po b/help/ru/ru.po index e9b5509..ae93f98 100644 --- a/help/ru/ru.po +++ b/help/ru/ru.po @@ -979,30 +979,6 @@ msgid "" "\"checkbox\">Show password checkbox to view the password." msgstr "" -#. (itstool) path: note/p -#: C/passwords-view.page:63 -msgid "" -"Since the contents of any unlocked keyrings are available to programs you " -"may be running, and Passwords and Keys does not seek to give a " -"false sense of security, the contents of unlocked keyrings are able to be " -"viewed without entering the password." -msgstr "" - -#. (itstool) path: note/p -#: C/passwords-view.page:67 -msgid "" -"This means that if you are logged-in, the contents of the Login " -"keyring will available without entering a password from Passwords and " -"Keys." -msgstr "" - -#. (itstool) path: note/p -#: C/passwords-view.page:70 -msgid "" -"If you need to lend your computer to another person, it is recommended that " -"you create a user account for them, or allow them to use a guest account." -msgstr "" - #. (itstool) path: info/desc #: C/passwords.page:22 msgid "" -- 2.7.4