Commit 07311c73 authored by Kees vd Broek's avatar Kees vd Broek Committed by Ivan Čukić

Use XDG_DATA_HOME and security fix

Summary:
The EncFS has security issues when the encrypted files are shared
in the open. For instance on a usb-pendrive or a shared drive.

Only when the user picks EncFS we then continue to not allow the user to pick his 'device' directory where the encrypted files would go, just store this on the XDG_DATA_HOME which is defined as;
 the base directory relative to which user specific data files should be stored

Users can continue picking their datadir just fine when they pick the CryFS and other future backends.

BUG:385982

Reviewers: ivan, #plasma

Reviewed By: ivan, #plasma

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D8469
parent bd8d38c0
......@@ -23,18 +23,22 @@
#include "vault.h"
#include <QStandardPaths>
class DirectoryPairChooserWidget::Private {
public:
Ui::DirectoryPairChooserWidget ui;
DirectoryPairChooserWidget::Flags flags;
const DirectoryPairChooserWidget::Flags flags;
bool mountPointValid = false;
bool encryptedLocationValid = false;
DirectoryPairChooserWidget *const q;
Private(DirectoryPairChooserWidget *parent)
: q(parent)
Private(DirectoryPairChooserWidget *parent, DirectoryPairChooserWidget::Flags flags)
: flags(flags), q(parent)
{
if (flags & DirectoryPairChooserWidget::SkipDevicePicker)
encryptedLocationValid = true;
}
void setEncryptedLocationValid(bool valid)
......@@ -66,6 +70,7 @@ public:
bool isDirectoryValid(const QUrl &url) const
{
if (url.isEmpty()) return false;
// TODO check the vaults database to see if another vault already uses this dir
QDir directory(url.toString());
......@@ -76,35 +81,33 @@ public:
}
};
DirectoryPairChooserWidget::DirectoryPairChooserWidget(
DirectoryPairChooserWidget::Flags flags)
: DialogDsl::DialogModule(false), d(new Private(this))
: DialogDsl::DialogModule(false), d(new Private(this, flags))
{
d->ui.setupUi(this);
d->flags = flags;
connect(d->ui.editDevice, &KUrlRequester::textEdited,
this, [&] (const QString &url) {
d->setEncryptedLocationValid(d->isDirectoryValid(url));
});
if (flags & DirectoryPairChooserWidget::SkipDevicePicker) {
d->ui.editDevice->setVisible(false);
d->ui.labelDevice->setVisible(false);
} else {
connect(d->ui.editDevice, &KUrlRequester::textEdited,
this, [&] (const QString &url) {
d->setEncryptedLocationValid(d->isDirectoryValid(url));
});
}
connect(d->ui.editMountPoint, &KUrlRequester::textEdited,
this, [&] (const QString &url) {
d->setMountPointValid(d->isDirectoryValid(url));
});
}
DirectoryPairChooserWidget::~DirectoryPairChooserWidget()
{
}
PlasmaVault::Vault::Payload DirectoryPairChooserWidget::fields() const
{
return {
......@@ -118,11 +121,15 @@ PlasmaVault::Vault::Payload DirectoryPairChooserWidget::fields() const
void DirectoryPairChooserWidget::init(
const PlasmaVault::Vault::Payload &payload)
{
const QString basePath = QStandardPaths::writableLocation(QStandardPaths::GenericDataLocation)
+ QStringLiteral("/plasma-vault");
const auto name = payload[KEY_NAME].toString();
d->ui.editDevice->setText("~/.vaults/" + name + ".enc");
d->ui.editMountPoint->setText("~/Vaults/" + name);
Q_ASSERT(!name.isEmpty());
QString path = QString("%1/%2.enc").arg(basePath).arg(name);
int index = 1;
while (QDir(path).exists()) {
path = QString("%1/%2_%3.enc").arg(basePath).arg(name).arg(index++);
}
d->ui.editDevice->setText(path);
d->ui.editMountPoint->setText(QDir::homePath() + QStringLiteral("/Vaults/") + name);
}
......@@ -29,10 +29,8 @@ class DirectoryPairChooserWidget: public DialogDsl::DialogModule {
public:
enum Flags {
RequireNothing = 0,
RequireEmptyEncryptedLocation = 1,
RequireEmptyMountPoint = 2,
RequireEmptyDirectories = RequireEmptyEncryptedLocation | RequireEmptyMountPoint
NoFlags = 0,
SkipDevicePicker = 1
};
DirectoryPairChooserWidget(Flags flags);
......@@ -46,7 +44,7 @@ private:
QScopedPointer<Private> d;
};
inline DialogDsl::ModuleFactory directoryPairChooser(DirectoryPairChooserWidget::Flags flags)
inline DialogDsl::ModuleFactory directoryPairChooser(DirectoryPairChooserWidget::Flags flags = DirectoryPairChooserWidget::NoFlags)
{
return [=] {
return new DirectoryPairChooserWidget(flags);
......
......@@ -80,7 +80,7 @@ public:
See <a href='http://defuse.ca/audits/encfs.htm'>defuse.ca/audits/encfs.htm</a> for more information."))
},
step { passwordChooser() },
step { directoryPairChooser(DirectoryPairChooserWidget::RequireEmptyDirectories) },
step { directoryPairChooser(DirectoryPairChooserWidget::SkipDevicePicker) },
step { activitiesChooser() }
}
},
......@@ -103,7 +103,7 @@ public:
which confirms this."))
},
step { passwordChooser() },
step { directoryPairChooser(DirectoryPairChooserWidget::RequireEmptyDirectories) },
step { directoryPairChooser() },
step {
cryfsCypherChooser(),
activitiesChooser()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment