Improve secret service detection

FreeRDP · Apr 2, 2018 · 9c15a8c · 9c15a8c
1 parent 5a057d0
commit 9c15a8c
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 19 deletions.
diff --git a/plugins/secret/src/glibsecret_plugin.c b/plugins/secret/src/glibsecret_plugin.c
@@ -56,7 +56,20 @@ static SecretService* secretservice;
 static SecretCollection* defaultcollection;
 #endif
 
-static void  remmina_plugin_glibsecret_unlock_secret_service()
+
+gboolean remmina_plugin_glibsecret_is_service_available()
+{
+#ifdef LIBSECRET_VERSION_0_18
+	if (secretservice && defaultcollection)
+		return TRUE;
+	else
+		return FALSE;
+#else
+	return FALSE;
+#endif
+}
+
+static void remmina_plugin_glibsecret_unlock_secret_service()
 {
 	TRACE_CALL(__func__);
 
@@ -87,8 +100,6 @@ void remmina_plugin_glibsecret_store_password(RemminaFile *remminafile, const gc
 	const gchar *path;
 	gchar *s;
 
-	remmina_plugin_glibsecret_unlock_secret_service();
-
 	path = remmina_plugin_service->file_get_path(remminafile);
 	s = g_strdup_printf("Remmina: %s - %s", remmina_plugin_service->file_get_string(remminafile, "name"), key);
 	secret_password_store_sync(&remmina_file_secret_schema, SECRET_COLLECTION_DEFAULT, s, password,
@@ -111,8 +122,6 @@ remmina_plugin_glibsecret_get_password(RemminaFile *remminafile, const gchar *ke
 	gchar *password;
 	gchar *p;
 
-	remmina_plugin_glibsecret_unlock_secret_service();
-
 	path = remmina_plugin_service->file_get_path(remminafile);
 	password = secret_password_lookup_sync(&remmina_file_secret_schema, NULL, &r, "filename", path, "key", key, NULL);
 	if (r == NULL) {
@@ -132,8 +141,6 @@ void remmina_plugin_glibsecret_delete_password(RemminaFile *remminafile, const g
 	GError *r = NULL;
 	const gchar *path;
 
-	remmina_plugin_glibsecret_unlock_secret_service();
-
 	path = remmina_plugin_service->file_get_path(remminafile);
 	secret_password_clear_sync(&remmina_file_secret_schema, NULL, &r, "filename", path, "key", key, NULL);
 	if (r == NULL) {
@@ -144,9 +151,17 @@ void remmina_plugin_glibsecret_delete_password(RemminaFile *remminafile, const g
 }
 
 static RemminaSecretPlugin remmina_plugin_glibsecret =
-{ REMMINA_PLUGIN_TYPE_SECRET, "glibsecret",				"GNOME libsecret",			NULL, VERSION,
-
-  TRUE,			      remmina_plugin_glibsecret_store_password, remmina_plugin_glibsecret_get_password, remmina_plugin_glibsecret_delete_password };
+{ REMMINA_PLUGIN_TYPE_SECRET,
+  "glibsecret",
+  "GNOME libsecret",
+  NULL,
+  VERSION,
+  TRUE,
+  remmina_plugin_glibsecret_store_password,
+  remmina_plugin_glibsecret_get_password,
+  remmina_plugin_glibsecret_delete_password,
+  remmina_plugin_glibsecret_is_service_available
+};
 
 G_MODULE_EXPORT gboolean
 remmina_plugin_entry(RemminaPluginService *service)
@@ -164,17 +179,27 @@ remmina_plugin_entry(RemminaPluginService *service)
 	error = NULL;
 	secretservice = secret_service_get_sync(SECRET_SERVICE_LOAD_COLLECTIONS, NULL, &error);
 	if (error) {
-		remmina_plugin_service->log_printf("[glibsecret] unable to get secret service: %s\n", error->message);
+		g_print("[glibsecret] unable to get secret service: %s\n", error->message);
+		return FALSE;
+	}
+	if (secretservice == NULL) {
+		g_print("[glibsecret] unable to get secret service: Unknown error.\n");
 		return FALSE;
 	}
 
 	defaultcollection = secret_collection_for_alias_sync(secretservice, SECRET_COLLECTION_DEFAULT, SECRET_COLLECTION_NONE, NULL, &error);
 	if (error) {
-		remmina_plugin_service->log_printf("[glibsecret] unable to get secret service default collection: %s\n", error->message);
+		g_print("[glibsecret] unable to get secret service default collection: %s\n", error->message);
 		return FALSE;
 	}
-#endif
 
+	remmina_plugin_glibsecret_unlock_secret_service();
 	return TRUE;
+
+#else
+	g_print("Libsecret was too old during compilation, disabling secret service.\n");
+	return FALSE;
+#endif
+
 }
 
diff --git a/remmina/include/remmina/plugin.h b/remmina/include/remmina/plugin.h
@@ -137,6 +137,7 @@ typedef struct _RemminaSecretPlugin {
 	void (* store_password)(RemminaFile *remminafile, const gchar *key, const gchar *password);
 	gchar* (*get_password)(RemminaFile * remminafile, const gchar * key);
 	void (* delete_password)(RemminaFile *remminafile, const gchar *key);
+	gboolean (* is_service_available)(void);
 } RemminaSecretPlugin;
 
 /* Plugin Service is a struct containing a list of function pointers,

diff --git a/remmina/src/remmina.c b/remmina/src/remmina.c
@@ -201,6 +201,9 @@ static gint remmina_on_command_line(GApplication *app, GApplicationCommandLine *
 static void remmina_on_startup(GApplication *app)
 {
 	TRACE_CALL(__func__);
+
+	RemminaSecretPlugin *secret_plugin;
+
 	remmina_file_manager_init();
 	remmina_pref_init();
 	remmina_plugin_manager_init();
@@ -217,6 +220,18 @@ static void remmina_on_startup(GApplication *app)
 	g_application_hold(app);
 
 	remmina_stats_sender_schedule();
+
+	/* Check for secret plugin and service initialization and show some warnings on the console if
+	 * there is something missing */
+	secret_plugin = remmina_plugin_manager_get_secret_plugin();
+	if (!secret_plugin) {
+		g_print("WARNING: Remmina is running without a secret plugin. Passwords will be saved in a less secure way.\n");
+	} else {
+		if (!secret_plugin->is_service_available()) {
+			g_print("WARNING: Remmina is running with a secret plugin, but it cannot connect to a secret service.\n");
+		}
+	}
+
 }
 
 static gint remmina_on_local_cmdline(GApplication *app, GVariantDict *options, gpointer user_data)

diff --git a/remmina/src/remmina_file.c b/remmina/src/remmina_file.c
@@ -216,6 +216,7 @@ remmina_file_load(const gchar *filename)
 	gchar *s, *sec;
 	RemminaProtocolPlugin* protocol_plugin;
 	RemminaSecretPlugin *secret_plugin;
+	gboolean secret_service_available;
 	int w, h;
 
 	gkeyfile = g_key_file_new();
@@ -238,6 +239,8 @@ remmina_file_load(const gchar *filename)
 		}
 
 		secret_plugin = remmina_plugin_manager_get_secret_plugin();
+		secret_service_available = secret_plugin->is_service_available();
+
 		remminafile->filename = g_strdup(filename);
 		keys = g_key_file_get_keys(gkeyfile, "remmina", NULL, NULL);
 		if (keys) {
@@ -246,7 +249,7 @@ remmina_file_load(const gchar *filename)
 				if (is_encrypted_setting_by_name(key, protocol_plugin)) {
 					s = g_key_file_get_string(gkeyfile, "remmina", key, NULL);
 					if (g_strcmp0(s, ".") == 0) {
-						if (secret_plugin) {
+						if (secret_service_available) {
 							sec = secret_plugin->get_password(remminafile, key);
 							remmina_file_set_string(remminafile, key, sec);
 							/* Annotate in spsettings that this value comes from secret_plugin */
@@ -406,6 +409,7 @@ void remmina_file_save(RemminaFile *remminafile)
 {
 	TRACE_CALL(__func__);
 	RemminaSecretPlugin *secret_plugin;
+	gboolean secret_service_available;
 	RemminaProtocolPlugin* protocol_plugin;
 	GHashTableIter iter;
 	const gchar *key, *value;
@@ -429,12 +433,13 @@ void remmina_file_save(RemminaFile *remminafile)
 	}
 
 	secret_plugin = remmina_plugin_manager_get_secret_plugin();
+	secret_service_available = secret_plugin->is_service_available();
 
 	g_hash_table_iter_init(&iter, remminafile->settings);
 	while (g_hash_table_iter_next(&iter, (gpointer*)&key, (gpointer*)&value)) {
 		if (is_encrypted_setting_by_name(key, protocol_plugin)) {
 			if (remminafile->filename && g_strcmp0(remminafile->filename, remmina_pref_file)) {
-				if (secret_plugin) {
+				if (secret_service_available) {
 					if (value && value[0]) {
 						if (g_strcmp0(value, ".") != 0) {
 							secret_plugin->store_password(remminafile, key, value);

diff --git a/remmina/src/remmina_main.c b/remmina/src/remmina_main.c
@@ -198,16 +198,23 @@ static void remmina_main_show_snap_welcome()
 	static gboolean shown_once = FALSE;
 	gboolean need_snap_interface_connections = FALSE;
 	GtkWidget* dsa;
+	RemminaSecretPlugin *remmina_secret_plugin;
 
 	if (shown_once)
 		return;
 	else
 		shown_once = TRUE;
 
 	g_print("Remmina is compiled as a SNAP package.\n");
-	if (remmina_plugin_manager_get_secret_plugin() == NULL) {
-		g_print("  but we can't access a secret service\n");
+	remmina_secret_plugin = remmina_plugin_manager_get_secret_plugin();
+	if (remmina_secret_plugin == NULL) {
+		g_print("  but we can't find the secret plugin inside the SNAP.\n");
 		need_snap_interface_connections = TRUE;
+	} else {
+		if (!remmina_secret_plugin->is_service_available()) {
+			g_print("  but we can't access a secret service. Secret service or SNAP interface connection is missing.\n");
+			need_snap_interface_connections = TRUE;
+		}
 	}
 
 	if (need_snap_interface_connections && !remmina_pref.prevent_snap_welcome_message) {

diff --git a/remmina/src/remmina_plugin_manager.c b/remmina/src/remmina_plugin_manager.c
@@ -103,9 +103,7 @@ static gboolean remmina_gtksocket_available()
 		available = TRUE;
 	}
 #endif
-
 	return available;
-
 }