From 6a1f983018c5d066d3706c47ae03e9130f978fca Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Thu, 16 Aug 2012 15:50:59 -0400 Subject: Give each tab its own session key for xtp links. While here, kill a bunch of trailing whitespace. --- about.c | 177 ++++++++++++++----------------------------------------- externaleditor.c | 2 +- inputfocus.c | 2 +- settings.c | 8 +-- xombrero.c | 16 ++--- xombrero.h | 23 ++++---- 6 files changed, 70 insertions(+), 158 deletions(-) diff --git a/about.c b/about.c index fdd6032..317744f 100644 --- a/about.c +++ b/about.c @@ -85,6 +85,10 @@ void update_cookie_tabs(struct tab *apart_from); int about_webkit(struct tab *, struct karg *); int allthethings(struct tab *, struct karg *); +/* + * If you change the index of any of these, correct the + * XT_XTP_TAB_MEANING_* macros in xombrero.h! + */ struct about_type about_list[] = { { XT_URI_ABOUT_ABOUT, xtp_page_ab }, { XT_URI_ABOUT_ALLTHETHINGS, allthethings }, @@ -132,16 +136,6 @@ struct search_type { #define XT_XTP_SES_KEY_HEX_FMT \ "%02" PRIx8 "%02" PRIx8 "%02" PRIx8 "%02" PRIx8 "%02" PRIx8 "%02" PRIx8 "%02" PRIx8 "%02" PRIx8 -char *dl_session_key; /* downloads */ -char *hl_session_key; /* history list */ -char *cl_session_key; /* cookie list */ -char *fl_session_key; /* favorites list */ -char *sl_session_key; /* search */ -char *ab_session_key; /* about */ -char *sv_session_key; /* secviolation */ -char *rt_session_key; /* set */ - -int updating_ab_tabs = 0; int updating_fl_tabs = 0; int updating_dl_tabs = 0; int updating_hl_tabs = 0; @@ -720,7 +714,8 @@ done: } char * -search_engine_add(char *body, const char *name, const char *url, int select) +search_engine_add(char *body, const char *name, const char *url, + const char *key, int select) { char *b = body; @@ -733,7 +728,7 @@ search_engine_add(char *body, const char *name, const char *url, int select) body, name, url, - XT_XTP_STR, XT_XTP_SL, sl_session_key, XT_XTP_SL_SET, select); + XT_XTP_STR, XT_XTP_SL, key, XT_XTP_SL_SET, select); g_free(b); return (body); } @@ -972,21 +967,20 @@ xtp_handle_rt(struct tab *t, uint8_t cmd, int id, const char *query) /* link an XTP class to it's session key and handler function */ struct xtp_despatch { uint8_t xtp_class; - char **session_key; void (*handle_func)(struct tab *, uint8_t, int, const char *query); }; struct xtp_despatch xtp_despatches[] = { - { XT_XTP_DL, &dl_session_key, xtp_handle_dl }, - { XT_XTP_HL, &hl_session_key, xtp_handle_hl }, - { XT_XTP_FL, &fl_session_key, xtp_handle_fl }, - { XT_XTP_CL, &cl_session_key, xtp_handle_cl }, - { XT_XTP_SL, &sl_session_key, xtp_handle_sl }, - { XT_XTP_AB, &ab_session_key, xtp_handle_ab }, - { XT_XTP_SV, &sv_session_key, xtp_handle_sv }, - { XT_XTP_RT, &rt_session_key, xtp_handle_rt }, - { XT_XTP_INVALID, NULL, NULL } + { XT_XTP_DL, xtp_handle_dl }, + { XT_XTP_HL, xtp_handle_hl }, + { XT_XTP_FL, xtp_handle_fl }, + { XT_XTP_CL, xtp_handle_cl }, + { XT_XTP_SL, xtp_handle_sl }, + { XT_XTP_AB, xtp_handle_ab }, + { XT_XTP_SV, xtp_handle_sv }, + { XT_XTP_RT, xtp_handle_rt }, + { XT_XTP_INVALID, NULL } }; /* @@ -1012,26 +1006,14 @@ generate_xtp_session_key(char **key) DNPRINTF(XT_D_DOWNLOAD, "%s: new session key '%s'\n", __func__, *key); } -void -xtp_generate_keys(void) -{ - /* generate session keys for xtp pages */ - generate_xtp_session_key(&dl_session_key); - generate_xtp_session_key(&hl_session_key); - generate_xtp_session_key(&cl_session_key); - generate_xtp_session_key(&fl_session_key); - generate_xtp_session_key(&ab_session_key); - generate_xtp_session_key(&sv_session_key); -} - /* * validate a xtp session key. * return (1) if OK */ int -validate_xtp_session_key(struct tab *t, char *trusted, char *untrusted) +validate_xtp_session_key(struct tab *t, char *key) { - if (strcmp(trusted, untrusted) != 0) { + if (strcmp(t->session_key, key) != 0) { show_oops(t, "%s: xtp session key mismatch possible spoof", __func__); return (0); @@ -1093,7 +1075,7 @@ parse_xtp_url(struct tab *t, const char *uri_str) } /* check session key and call despatch function */ - if (validate_xtp_session_key(t, *(dsp_match->session_key), sv[0])) { + if (validate_xtp_session_key(t, sv[0])) { ret = TRUE; /* all is well, this was a valid xtp request */ if (sv[2]) dsp_match->handle_func(t, atoi(sv[1]), atoi(sv[2]), @@ -1119,6 +1101,7 @@ void update_favorite_tabs(struct tab *apart_from) { struct tab *t; + if (!updating_fl_tabs) { updating_fl_tabs = 1; /* stop infinite recursion */ TAILQ_FOREACH(t, &tabs, entry) @@ -1137,6 +1120,7 @@ void update_download_tabs(struct tab *apart_from) { struct tab *t; + if (!updating_dl_tabs) { updating_dl_tabs = 1; /* stop infinite recursion */ TAILQ_FOREACH(t, &tabs, entry) @@ -1155,6 +1139,7 @@ void update_cookie_tabs(struct tab *apart_from) { struct tab *t; + if (!updating_cl_tabs) { updating_cl_tabs = 1; /* stop infinite recursion */ TAILQ_FOREACH(t, &tabs, entry) @@ -1203,44 +1188,6 @@ update_search_tabs(struct tab *apart_from) } } -/* - * update all about tabs apart from one. Pass NULL if - * you want to update all. - */ -void -update_about_tabs(struct tab *apart_from) -{ - struct tab *t; - - if (!updating_ab_tabs) { - updating_ab_tabs = 1; /* stop infinite recursion */ - TAILQ_FOREACH(t, &tabs, entry) - if ((t->xtp_meaning == XT_XTP_TAB_MEANING_AB) - && (t != apart_from)) - xtp_page_ab(t, NULL); - updating_ab_tabs = 0; - } -} - -/* - * update all secviolation tabs apart from one. Pass NULL if - * you want to update all. - */ -void -update_secviolation_tabs(struct tab *apart_from) -{ - struct tab *t; - - if (!updating_sv_tabs) { - updating_sv_tabs = 1; /* stop infinite recursion */ - TAILQ_FOREACH(t, &tabs, entry) - if ((t->xtp_meaning == XT_XTP_TAB_MEANING_SV) - && (t != apart_from)) - xtp_page_sv(t, NULL); - updating_sv_tabs = 0; - } -} - int xtp_page_ab(struct tab *t, struct karg *args) { @@ -1249,13 +1196,7 @@ xtp_page_ab(struct tab *t, struct karg *args) if (t == NULL) show_oops(NULL, "about invalid parameters"); - /* - * Generate a new session key for next page instance. - * This only happens for the top level call to xtp_page_ab() - * in which case updating_sl_tabs is 0. - */ - if (!updating_ab_tabs) - generate_xtp_session_key(&ab_session_key); + generate_xtp_session_key(&t->session_key); body = g_strdup_printf("Version: %s" #ifdef XOMBRERO_BUILDSTR @@ -1295,7 +1236,7 @@ xtp_page_ab(struct tab *t, struct karg *args) ,pwd->pw_dir, XT_XTP_STR, XT_XTP_AB, - ab_session_key, + t->session_key, XT_XTP_AB_EDIT_CONF, XT_CONF_FILE ); @@ -1305,8 +1246,6 @@ xtp_page_ab(struct tab *t, struct karg *args) load_webkit_string(t, page, XT_URI_ABOUT_ABOUT); - update_about_tabs(t); - g_free(page); return (0); @@ -1329,9 +1268,7 @@ xtp_page_fl(struct tab *t, struct karg *args) if (t == NULL) warn("%s: bad param", __func__); - /* new session key */ - if (!updating_fl_tabs) - generate_xtp_session_key(&fl_session_key); + generate_xtp_session_key(&t->session_key); /* open favorites */ snprintf(file, sizeof file, "%s" PS "%s", work_dir, XT_FAVS_FILE); @@ -1369,7 +1306,7 @@ xtp_page_fl(struct tab *t, struct karg *args) "X" "\n", body, i, uri, title, - XT_XTP_STR, XT_XTP_FL, fl_session_key, XT_XTP_FL_REMOVE, i); + XT_XTP_STR, XT_XTP_FL, t->session_key, XT_XTP_FL_REMOVE, i); g_free(tmp); @@ -1437,7 +1374,7 @@ xtp_page_dl_row(struct tab *t, char *html, struct download *dl) * xxxt://class/seskey */ xtp_prefix = g_strdup_printf("%s%d/%s/", - XT_XTP_STR, XT_XTP_DL, dl_session_key); + XT_XTP_STR, XT_XTP_DL, t->session_key); stat = webkit_download_get_status(dl->download); @@ -1537,9 +1474,7 @@ xtp_page_cl(struct tab *t, struct karg *args) return (1); } - /* Generate a new session key */ - if (!updating_cl_tabs) - generate_xtp_session_key(&cl_session_key); + generate_xtp_session_key(&t->session_key); /* table headers */ table_headers = g_strdup_printf("" @@ -1558,7 +1493,7 @@ xtp_page_cl(struct tab *t, struct karg *args) body = g_strdup_printf("
" "[ Remove All Cookies From All Domains ]
\n", - XT_XTP_STR, XT_XTP_CL, cl_session_key, XT_XTP_CL_REMOVE_ALL); + XT_XTP_STR, XT_XTP_CL, t->session_key, XT_XTP_CL_REMOVE_ALL); last_domain = g_strdup(""); for (; sc; sc = sc->next) { @@ -1578,7 +1513,7 @@ xtp_page_cl(struct tab *t, struct karg *args) "[ Remove All From This Domain ]" "%s\n", body, c->domain, - XT_XTP_STR, XT_XTP_CL, cl_session_key, + XT_XTP_STR, XT_XTP_CL, t->session_key, XT_XTP_CL_REMOVE_DOMAIN, domain_id, table_headers); g_free(tmp); @@ -1589,7 +1524,7 @@ xtp_page_cl(struct tab *t, struct karg *args) "" "[ Remove All From This Domain ]%s\n", c->domain, XT_XTP_STR, XT_XTP_CL, - cl_session_key, XT_XTP_CL_REMOVE_DOMAIN, + t->session_key, XT_XTP_CL_REMOVE_DOMAIN, domain_id, table_headers); } } @@ -1627,7 +1562,7 @@ xtp_page_cl(struct tab *t, struct karg *args) XT_XTP_STR, XT_XTP_CL, - cl_session_key, + t->session_key, XT_XTP_CL_REMOVE, i ); @@ -1675,9 +1610,7 @@ xtp_page_hl(struct tab *t, struct karg *args) return (1); } - /* Generate a new session key */ - if (!updating_hl_tabs) - generate_xtp_session_key(&hl_session_key); + generate_xtp_session_key(&t->session_key); /* body */ body = g_strdup_printf("
" @@ -1685,7 +1618,7 @@ xtp_page_hl(struct tab *t, struct karg *args) "
" "" "\n", - XT_XTP_STR, XT_XTP_HL, hl_session_key, XT_XTP_HL_REMOVE_ALL); + XT_XTP_STR, XT_XTP_HL, t->session_key, XT_XTP_HL_REMOVE_ALL); RB_FOREACH_REVERSE(h, history_list, &hl) { tmp = body; @@ -1697,7 +1630,7 @@ xtp_page_hl(struct tab *t, struct karg *args) "\n", body, h->uri, h->uri, h->title, ctime(&h->time), - XT_XTP_STR, XT_XTP_HL, hl_session_key, + XT_XTP_STR, XT_XTP_HL, t->session_key, XT_XTP_HL_REMOVE, i); g_free(tmp); @@ -1750,13 +1683,7 @@ xtp_page_dl(struct tab *t, struct karg *args) return (1); } - /* - * Generate a new session key for next page instance. - * This only happens for the top level call to xtp_page_dl() - * in which case updating_dl_tabs is 0. - */ - if (!updating_dl_tabs) - generate_xtp_session_key(&dl_session_key); + generate_xtp_session_key(&t->session_key); /* header - with refresh so as to update */ if (refresh_interval >= 1) @@ -1766,7 +1693,7 @@ xtp_page_dl(struct tab *t, struct karg *args) refresh_interval, XT_XTP_STR, XT_XTP_DL, - dl_session_key, + t->session_key, XT_XTP_DL_LIST); else ref = g_strdup(""); @@ -1775,7 +1702,7 @@ xtp_page_dl(struct tab *t, struct karg *args) "

\n\n[ Refresh Downloads ]\n" "

URITitleLast visitedRm
" "X
\n\n", - XT_XTP_STR, XT_XTP_DL, dl_session_key, XT_XTP_DL_LIST); + XT_XTP_STR, XT_XTP_DL, t->session_key, XT_XTP_DL_LIST); RB_FOREACH_REVERSE(dl, download_list, &downloads) { body = xtp_page_dl_row(t, body, dl); @@ -1820,13 +1747,7 @@ xtp_page_sl(struct tab *t, struct karg *args) DNPRINTF(XT_D_SEARCH, "%s", __func__); - /* - * Generate a new session key for next page instance. - * This only happens for the top level call to xtp_page_sl() - * in which case updating_sl_tabs is 0. - */ - if (!updating_sl_tabs) - generate_xtp_session_key(&sl_session_key); + generate_xtp_session_key(&t->session_key); if (t == NULL) { show_oops(NULL, "%s invalid parameters", __func__); @@ -1849,7 +1770,7 @@ xtp_page_sl(struct tab *t, struct karg *args) for (i = 0; i < (sizeof search_list / sizeof (struct search_type)); ++i) body = search_engine_add(body, search_list[i].name, - search_list[i].url, i); + search_list[i].url, t->session_key, i); tmp = body; body = g_strdup_printf("%s
" "FileProgressCommand
", body); @@ -1881,13 +1802,7 @@ xtp_page_sv(struct tab *t, struct karg *args) if (t == NULL) show_oops(NULL, "secviolation invalid parameters"); - /* - * Generate a new session key for next page instance. - * This only happens for the top level call to xtp_page_ab() - * in which case updating_sv_tabs = 0. - */ - if (!updating_sv_tabs) - generate_xtp_session_key(&sv_session_key); + generate_xtp_session_key(&t->session_key); if (args == NULL) { find.xtp_arg = t->xtp_arg; @@ -1923,20 +1838,18 @@ xtp_page_sv(struct tab *t, struct karg *args) "
Show new certificate", sv->uri, soupuri->host, - XT_XTP_STR, XT_XTP_SV, sv_session_key, XT_XTP_SV_ALLOW_SESSION, + XT_XTP_STR, XT_XTP_SV, t->session_key, XT_XTP_SV_ALLOW_SESSION, sv->xtp_arg, - XT_XTP_STR, XT_XTP_SV, sv_session_key, XT_XTP_SV_CACHE, + XT_XTP_STR, XT_XTP_SV, t->session_key, XT_XTP_SV_CACHE, sv->xtp_arg, - XT_XTP_STR, XT_XTP_SV, sv_session_key, XT_XTP_SV_SHOW_CACHED_CERT, + XT_XTP_STR, XT_XTP_SV, t->session_key, XT_XTP_SV_SHOW_CACHED_CERT, sv->xtp_arg, - XT_XTP_STR, XT_XTP_SV, sv_session_key, XT_XTP_SV_SHOW_NEW_CERT, + XT_XTP_STR, XT_XTP_SV, t->session_key, XT_XTP_SV_SHOW_NEW_CERT, sv->xtp_arg); page = get_html_page("Security Violation", body, "", 0); g_free(body); - update_secviolation_tabs(t); - load_webkit_string(t, page, XT_URI_ABOUT_SECVIOLATION); g_free(page); diff --git a/externaleditor.c b/externaleditor.c index 3fa34fd..4a0988c 100644 --- a/externaleditor.c +++ b/externaleditor.c @@ -137,7 +137,7 @@ open_external_editor_cb(gpointer data) } /* Tab was deleted */ - if (!found_tab) + if (!found_tab) goto done; if (update_contents(args)) diff --git a/inputfocus.c b/inputfocus.c index fc6f259..23bbd71 100644 --- a/inputfocus.c +++ b/inputfocus.c @@ -25,7 +25,7 @@ focus_body(WebKitDOMDocument *doc) { WebKitDOMNodeList *body = NULL; WebKitDOMNode *n; - int i; + int i; body = webkit_dom_document_get_elements_by_tag_name(doc, "body"); for (i = 0; i < webkit_dom_node_list_get_length(body); ++i) { diff --git a/settings.c b/settings.c index 2ae5cdd..d421429 100644 --- a/settings.c +++ b/settings.c @@ -3738,11 +3738,7 @@ xtp_page_rt(struct tab *t, struct karg *args) int i = 1; struct settings_args sa; - /* - * We intentionally do *not* update other about:set tabs here as - * there may be modifications and we don't want to lose those. - */ - generate_xtp_session_key(&rt_session_key); + generate_xtp_session_key(&t->session_key); bzero(&sa, sizeof sa); sa.body = &body; @@ -3760,7 +3756,7 @@ xtp_page_rt(struct tab *t, struct karg *args) body ? body : "", XT_XTP_STR, XT_XTP_RT, - rt_session_key, + t->session_key, XT_XTP_RT_SAVE); g_free(tmp); diff --git a/xombrero.c b/xombrero.c index cd24a6d..682e797 100644 --- a/xombrero.c +++ b/xombrero.c @@ -2069,7 +2069,7 @@ cert_cmd(struct tab *t, struct karg *args) return (1); } - /* + /* * if we're only showing the local certs, don't open a socket and get * the remote certs */ @@ -5933,7 +5933,7 @@ done: * main_window losing its is-active and has-toplevel-focus properties. * This is the most correct and portable solution we could come up with * without relying on calling internal GTK functions (which we - * couldn't link to in Linux). + * couldn't link to in Linux). */ void fake_focus_in(GtkWidget *w) @@ -5957,7 +5957,7 @@ handle_keypress(struct tab *t, GdkEventKey *e, int entry) /* * This sometimes gets randomly unset for whatever reason in GTK3. * If we're handling a keypress, the main window's is-active propery - * *must* be true, or else many things will break. + * *must* be true, or else many things will break. */ #if GTK_CHECK_VERSION(3, 0, 0) fake_focus_in(main_window); @@ -6573,7 +6573,7 @@ entry_focus_cb(GtkWidget *w, GdkEvent e, struct tab *t) * This sometimes gets randomly unset for whatever reason in GTK3, * causing a GtkEntry's text cursor becomes invisible. When we focus * a GtkEntry, be sure to manually reset the main window's is-active - * property so the cursor is shown correctly. + * property so the cursor is shown correctly. */ #if GTK_CHECK_VERSION(3, 0, 0) fake_focus_in(main_window); @@ -6750,7 +6750,7 @@ wv_popup_activ_cb(GtkMenuItem *menu, struct tab *t) const gchar *name, *uri; a = gtk_activatable_get_related_action(GTK_ACTIVATABLE(menu)); - if (a == NULL) + if (a == NULL) return; name = gtk_action_get_name(a); @@ -7443,6 +7443,10 @@ delete_tab(struct tab *t) if (t->search_id) g_source_remove(t->search_id); + /* session key */ + if (t->session_key) + g_free(t->session_key); + /* inspector */ bzero(&a, sizeof a); a.i = XT_INS_CLOSE; @@ -8674,8 +8678,6 @@ main(int argc, char **argv) init_keybindings(); - xtp_generate_keys(); - pwd = getpwuid(getuid()); if (pwd == NULL) errx(1, "invalid user %d", getuid()); diff --git a/xombrero.h b/xombrero.h index 1b47f3e..5853bf4 100644 --- a/xombrero.h +++ b/xombrero.h @@ -251,6 +251,7 @@ struct tab { gchar *status; int xtp_meaning; /* identifies dls/favorites */ int xtp_arg; + char *session_key; gchar *tmp_uri; int popup; /* 1 if cmd_entry has popup visible */ int download_requested; @@ -491,7 +492,6 @@ int add_favorite(struct tab *, struct karg *); void update_favorite_tabs(struct tab *); void update_history_tabs(struct tab *); void update_download_tabs(struct tab *); -void xtp_generate_keys(void); size_t about_list_size(void); int cookie_cmd(struct tab *, struct karg *); int js_cmd(struct tab *, struct karg *); @@ -503,15 +503,17 @@ void startpage_add(const char *, ...); * xtp tab meanings * identifies which tabs have xtp pages in (corresponding to about_list indices) */ -#define XT_XTP_TAB_MEANING_NORMAL (-1) /* normal url */ -#define XT_XTP_TAB_MEANING_BL (1) /* about:blank in this tab */ -#define XT_XTP_TAB_MEANING_CL (4) /* cookie manager in this tab */ -#define XT_XTP_TAB_MEANING_DL (5) /* download manager in this tab */ -#define XT_XTP_TAB_MEANING_FL (6) /* favorite manager in this tab */ -#define XT_XTP_TAB_MEANING_HL (8) /* history manager in this tab */ -#define XT_XTP_TAB_MEANING_SL (9) /* search engine chooser */ -#define XT_XTP_TAB_MEANING_AB (10) /* about:about in this tab */ -#define XT_XTP_TAB_MEANING_SV (18) /* about:secviolation in tab */ +#define XT_XTP_TAB_MEANING_NORMAL (-1) /* normal url */ +#define XT_XTP_TAB_MEANING_AB (0) /* any other about page */ +#define XT_XTP_TAB_MEANING_BL (2) /* about:blank in this tab */ +#define XT_XTP_TAB_MEANING_CL (5) /* cookie manager in this tab */ +#define XT_XTP_TAB_MEANING_DL (6) /* download manager in this tab */ +#define XT_XTP_TAB_MEANING_FL (7) /* favorite manager in this tab */ +#define XT_XTP_TAB_MEANING_HL (9) /* history manager in this tab */ +#define XT_XTP_TAB_MEANING_SET (11) /* settings manager/viewer */ +#define XT_XTP_TAB_MEANING_SL (18) /* search engine chooser */ +#define XT_XTP_TAB_MEANING_RT (19) /* about:runtime in this tab */ +#define XT_XTP_TAB_MEANING_SV (20) /* about:secviolation in tab */ /* whitelists */ #define XT_WL_TOGGLE (1<<0) @@ -736,7 +738,6 @@ int command_mode(struct tab *, struct karg *); /* needed for xtp_page_rt in settings.c */ void generate_xtp_session_key(char **); -extern char *rt_session_key; struct key_binding { char *cmd; -- cgit 1.4.1-2-gfad0