check to make sure the account string was not appended onto the end of the retrieved password (as reported in issue #2)

Author: aebrahim

pidgin-wincred.c

@@ -6,6 +6,7 @@
 #include <account.h>
 #include <signal.h>
 #include <core.h>
+#include <debug.h>
 
 #include <glib.h>
 #include <string.h>
@@ -14,11 +15,13 @@
 #include <wincred.h>
 
 #define MAX_READ_LEN 2048
+#define PLUGIN_ID "core-wincred"
+
 
 /* function prototypes */
-static void keyring_password_store(PurpleAccount *account, char *password);
+static void keyring_password_store(PurpleAccount *account);
 static BOOL keyring_password_get(PurpleAccount *account);
-static gunichar2 * create_account_str(PurpleAccount *account);
+static gchar * create_account_str(PurpleAccount *account);
 static void sign_in_cb(PurpleAccount *account, gpointer data);
 static void connecting_cb(PurpleAccount *account, gpointer data);
 static PurplePluginPrefFrame * get_pref_frame(PurplePlugin *plugin);
@@ -54,13 +57,8 @@ static gboolean plugin_load(PurplePlugin *plugin) {
         /* if the password was saved by libpurple before then
          * save it in the keyring, and tell libpurple to forget it */
         if (purple_account_get_remember_password(account)) {
-            gchar *password = g_strdup(account->password);
-            keyring_password_store(account, password);
+            keyring_password_store(account);
             purple_account_set_remember_password(account, FALSE);
-            /* temporarily set a fake password, then the real one again */
-            purple_account_set_password(account, "fakedoopdeedoop");
-            purple_account_set_password(account, password);
-            g_free(password);
         }
     }
     /* done with the notFound, so free it */
@@ -80,7 +78,7 @@ static gboolean plugin_load(PurplePlugin *plugin) {
 
 /* callback to whenever an account is signed in */
 static void sign_in_cb(PurpleAccount *account, gpointer data) {
-    keyring_password_store(account, account->password);
+    keyring_password_store(account);
     return;
 }
 
@@ -96,45 +94,61 @@ static void connecting_cb(PurpleAccount *account, gpointer data) {
 /* Creats a newly allocated account string to name the windows
  * credential. The string returned must later be freed with g_free()
  */
-static gunichar2 * create_account_str(PurpleAccount *account) {
+static gchar * create_account_str(PurpleAccount *account) {
     gchar *account_str = g_strdup_printf("libpurple/%s/%s",
         account->protocol_id, account->username);
-    gunichar2 *uaccount_str = g_utf8_to_utf16(account_str,
-        strlen(account_str), NULL, NULL, NULL);
-    g_free(account_str);
-    return uaccount_str;
+    return (account_str);
 }
 
 /* store a password in the keyring */
-static void keyring_password_store(PurpleAccount *account,
-                                   char *password) {
+static void keyring_password_store(PurpleAccount *account) {
+    char *password = account->password;
     int length = strlen(password);
-    /* unicode encoding of the password */
-    gunichar2 *upass = g_utf8_to_utf16(password, length, NULL, NULL, NULL);
-    gunichar2 *account_str = create_account_str(account);
+    gchar *account_str = create_account_str(account);
+    /* unicode encodings of the password and account string */
+    gunichar2 *unicode_password = g_utf8_to_utf16(password, length,
+        NULL, NULL, NULL);
+    gunichar2 *unicode_account_str = g_utf8_to_utf16(account_str,
+        strlen(account_str), NULL, NULL, NULL);
     /* make the credential */
     CREDENTIALW cred = {0};
     cred.Type = CRED_TYPE_GENERIC;
     cred.Persist = CRED_PERSIST_LOCAL_MACHINE;
-    cred.TargetName = account_str;
-    cred.UserName = account_str;
-    cred.CredentialBlob = (BYTE *) upass;
+    cred.TargetName = unicode_account_str;
+    cred.UserName = unicode_account_str;
+    cred.CredentialBlob = (BYTE *) unicode_password;
     cred.CredentialBlobSize = sizeof(BYTE) * sizeof(gunichar2) * length;
     /* write the credential, then free memory */
     CredWriteW(&cred, 0);
     g_free(account_str);
-    g_free(upass);
+    g_free(unicode_password);
+    g_free(unicode_account_str);
 }
 
 /* retrive a password from the keyring */
 static BOOL keyring_password_get(PurpleAccount *account) {
-    gunichar2 *account_str = create_account_str(account);
+    gchar *account_str = create_account_str(account);
+    gunichar2 *unicode_account_str = g_utf8_to_utf16(account_str,
+        strlen(account_str), NULL, NULL, NULL);
     PCREDENTIALW cred;
-    BOOL result = CredReadW(account_str, CRED_TYPE_GENERIC, 0, &cred);
+    BOOL result = CredReadW(unicode_account_str, CRED_TYPE_GENERIC, 0, &cred);
     /* if the password exists in the keyring, set it in pidgin */
     if (result) {
+        /* decode the password from unicode */
         gchar *password = g_utf16_to_utf8((gunichar2 *)cred->CredentialBlob,
             MAX_READ_LEN, NULL, NULL, NULL);
+        /* process the password in case account_str was appended to
+         * the end, as observed in some cases */
+        char *appended = strstr(password, account_str);
+        if (appended != NULL) {
+            int actual_length = appended - password;
+            gchar *fixed_password = g_strndup(password, actual_length);
+            g_free(password);
+            password = fixed_password;
+            purple_debug_warning(PLUGIN_ID,
+                "account_string %s detected at the end of the password\n",
+                account_str);
+        }
         purple_account_set_password(account, password);
         /* set the account to not remember passwords */
         purple_account_set_remember_password(account, FALSE);
@@ -144,6 +158,7 @@ static BOOL keyring_password_get(PurpleAccount *account) {
         g_free(password);
     }
     g_free(account_str);
+    g_free(unicode_account_str);
     CredFree(cred);
     return result;
 }
@@ -186,10 +201,10 @@ static PurplePluginInfo info = {
     NULL,
     PURPLE_PRIORITY_HIGHEST,
 
-    "core-wincred",
+    PLUGIN_ID,
     "Windows Credentials",
     /* version */
-    "0.3",
+    "0.4",
 
     "Save passwords as windows credentials instead of as plaintext",
     "Save passwords as windows credentials instead of as plaintext",