gnome-keyring r1164 - in trunk: . daemon library/tests

[nnielsen svn gnome org]

Author: nnielsen
Date: Wed Jul  2 15:45:54 2008
New Revision: 1164
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1164&view=rev

Log:
	* daemon/gkr-daemon-ops.c:
	* library/tests/unit-test-keyrings-prompt.c:
	* configure.in: Add --disable-acl-prompts option to disable
	all access/allow ACL prompts. These were dubious security 
	value. Disabling may become the default in the future.  
	Fixes bug #533493


Modified:
   trunk/ChangeLog
   trunk/configure.in
   trunk/daemon/gkr-daemon-ops.c
   trunk/library/tests/unit-test-keyrings-prompt.c

Modified: trunk/configure.in
==============================================================================
--- trunk/configure.in	(original)
+++ trunk/configure.in	Wed Jul  2 15:45:54 2008
@@ -303,13 +303,28 @@
 	fi
 fi
 
+# --------------------------------------------------------------------
+# Disable ACL Prompts
+
+AC_ARG_ENABLE(acl-prompts, 
+	    AC_HELP_STRING([--disable-acl-prompts],
+	    [Disable prompted for user to give access to passwords]))
+
+echo "!!!!!!$enable_acl_prompts!!!!!"
+if test "$enable_acl_prompts" != "no"; then
+	AC_DEFINE(ENABLE_ACL_PROMPTS, 1, [Whether to prompt before giving access to passwords])
+fi
+
+# --------------------------------------------------------------------
+# PAM Module Directory
+
 AC_ARG_WITH([pam-dir],
             [AC_HELP_STRING([--with-pam-dir=DIR],
                              [directory to install pam modules in])],
              [], [with_pam_dir="${prefix}/lib/security"])
 PAM_DEST_DIR="$with_pam_dir"
 AC_SUBST(PAM_DEST_DIR)
-	
+
 AM_CONDITIONAL(WITH_PAM, test "$have_pam" = "yes")
 
 if test "$have_pam" = "yes"; then

Modified: trunk/daemon/gkr-daemon-ops.c
==============================================================================
--- trunk/daemon/gkr-daemon-ops.c	(original)
+++ trunk/daemon/gkr-daemon-ops.c	Wed Jul  2 15:45:54 2008
@@ -182,6 +182,7 @@
 		return GKR_ASK_STOP_REQUEST;
 	}
 	
+#ifdef ENABLE_ACL_PROMPTS
 	/* Did prompting already occur? */
 	if (ask->response) {
 		
@@ -197,6 +198,10 @@
 	
 	/* Continue with prompting */
 	return GKR_ASK_DONT_CARE;
+#else /* !ENABLE_ACL_PROMPTS */
+	ask->response = GKR_ASK_RESPONSE_ALLOW;
+	return GKR_ASK_STOP_REQUEST;
+#endif /* ENABLE_ACL_PROMPTS */
 }
 
 static gboolean

Modified: trunk/library/tests/unit-test-keyrings-prompt.c
==============================================================================
--- trunk/library/tests/unit-test-keyrings-prompt.c	(original)
+++ trunk/library/tests/unit-test-keyrings-prompt.c	Wed Jul  2 15:45:54 2008
@@ -143,11 +143,14 @@
 	sleep(2);
 
 	/* Now try to read the item, should be prompted */
+#ifdef ENABLE_ACL_PROMPTS
 	TELL("Press 'Allow Once' to give program access to the data");
+#endif
 	res = gnome_keyring_item_get_info_sync (KEYRING_NAME, id, &info); 
 	CuAssertIntEquals(cu, GNOME_KEYRING_RESULT_OK, res);
 	CuAssert(cu, "didn't return a secret when it should have", gnome_keyring_item_info_get_secret (info) != NULL);
 	
+#ifdef ENABLE_ACL_PROMPTS
 	/* Now try to read the item again, give forever access */
 	TELL("Press 'Always Allow' to give program access to the data");
 	res = gnome_keyring_item_get_info_sync (KEYRING_NAME, id, &info); 
@@ -158,6 +161,7 @@
 	res = gnome_keyring_item_get_info_sync (KEYRING_NAME, id, &info); 
 	CuAssertIntEquals(cu, GNOME_KEYRING_RESULT_OK, res);
 	sleep(2);	
+#endif
 }
 
 void unit_test_application_secret (CuTest* cu)