gnome-keyring r1197 - in trunk: . daemon/pk daemon/ssh



Author: nnielsen
Date: Thu Jul 24 02:22:33 2008
New Revision: 1197
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1197&view=rev

Log:
	* daemon/pk/gkr-pk-import.c:
	* daemon/pk/gkr-pk-index.c:
	* daemon/pk/gkr-pk-index.h:
	* daemon/pk/gkr-pk-object.c:
	* daemon/pk/gkr-pk-object-storage.c:
	* daemon/pk/gkr-pk-root-storage.c:
	* daemon/pk/gkr-pk-storage.c:
	* daemon/ssh/gkr-pk-storage.c: Use the login keyring for storing
	indexes of PK objects. Handle the 'deny' to unlock use case 
	better. 

Modified:
   trunk/ChangeLog
   trunk/daemon/pk/gkr-pk-import.c
   trunk/daemon/pk/gkr-pk-index.c
   trunk/daemon/pk/gkr-pk-index.h
   trunk/daemon/pk/gkr-pk-object-storage.c
   trunk/daemon/pk/gkr-pk-object.c
   trunk/daemon/pk/gkr-pk-root-storage.c
   trunk/daemon/pk/gkr-pk-storage.c
   trunk/daemon/ssh/gkr-ssh-storage.c

Modified: trunk/daemon/pk/gkr-pk-import.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-import.c	(original)
+++ trunk/daemon/pk/gkr-pk-import.c	Thu Jul 24 02:22:33 2008
@@ -32,8 +32,6 @@
 
 #include "common/gkr-secure-memory.h"
 
-#include "keyrings/gkr-keyring-login.h"
-
 #include "pkcs11/pkcs11.h"
 #include "pkcs11/pkcs11g.h"
 
@@ -170,9 +168,6 @@
 		return TRUE;
 	}
 	
-	index = gkr_pk_storage_index (import->import_storage, loc);
-	g_return_val_if_fail (index, FALSE);
-
 	if (!label) 
 		label = import->import_label;
 		
@@ -190,7 +185,8 @@
 	 * object to.
 	 */
 		
-	if (gkr_keyring_login_is_usable ())
+	index = gkr_pk_storage_index (import->import_storage, loc);
+	if (index && gkr_pk_index_is_secure (index))
 		gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
 		
 	/* Prompt the user */

Modified: trunk/daemon/pk/gkr-pk-index.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-index.c	(original)
+++ trunk/daemon/pk/gkr-pk-index.c	Thu Jul 24 02:22:33 2008
@@ -382,6 +382,27 @@
 	return index;
 }
 
+gboolean
+gkr_pk_index_is_secure (GkrPkIndex *index)
+{
+	g_return_val_if_fail (GKR_IS_PK_INDEX (index), FALSE);
+	g_return_val_if_fail (GKR_IS_KEYRING (index->keyring), FALSE);
+	return !gkr_keyring_is_insecure (index->keyring);
+}
+
+GkrPkIndex*
+gkr_pk_index_open_for_login (GnomeKeyringAttributeList *defaults)
+{
+	GkrKeyring *login;
+
+	if (!gkr_keyring_login_unlock (NULL))
+		return NULL;
+	
+	login = gkr_keyrings_get_login ();
+	g_return_val_if_fail (login, NULL);
+	
+	return gkr_pk_index_new (login, defaults);
+}
 
 GkrPkIndex*
 gkr_pk_index_open (GQuark index_location, const gchar *name, 
@@ -650,6 +671,13 @@
 		index = gkr_pk_index_default ();
 
 	g_return_val_if_fail (GKR_IS_PK_INDEX (index), FALSE);
+	
+	/* Cannot store secrets in an insecure keyring. Caller should have checked this. */
+	if (val != NULL && gkr_keyring_is_insecure (index->keyring)) {
+		g_warning ("gkr_pk_index_set_secret() called on an insecure keyring. Cannot "
+		           "store secrets in a text based or otherwise insecure keyring.");
+		return FALSE;
+	}
 
 	item = find_item_for_digest (index, digest, TRUE);
 	if (!item)

Modified: trunk/daemon/pk/gkr-pk-index.h
==============================================================================
--- trunk/daemon/pk/gkr-pk-index.h	(original)
+++ trunk/daemon/pk/gkr-pk-index.h	Thu Jul 24 02:22:33 2008
@@ -58,14 +58,18 @@
 GkrPkIndex*         gkr_pk_index_open                  (GQuark index_location, const gchar *name, 
                                                         GnomeKeyringAttributeList *defaults);
 
+GkrPkIndex*         gkr_pk_index_open_for_login        (GnomeKeyringAttributeList *defaults);
+
 GkrPkIndex*         gkr_pk_index_default               (void);
 
+gboolean            gkr_pk_index_is_secure             (GkrPkIndex *index);
+
 gboolean            gkr_pk_index_get_boolean           (GkrPkIndex *index, gkrconstid digest,
                                                         const gchar *field, gboolean defvalue);
 
 guint               gkr_pk_index_get_uint              (GkrPkIndex *index, gkrconstid digest, 
                                                         const gchar *field, guint defvalue);
-                                                                  
+
 gchar*              gkr_pk_index_get_string            (GkrPkIndex *index, gkrconstid digest,
                                                         const gchar *field);
 

Modified: trunk/daemon/pk/gkr-pk-object-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-object-storage.c	(original)
+++ trunk/daemon/pk/gkr-pk-object-storage.c	Thu Jul 24 02:22:33 2008
@@ -476,6 +476,13 @@
 	G_OBJECT_CLASS (gkr_pk_object_storage_parent_class)->finalize (obj);
 }
 
+static GkrPkIndex* 
+gkr_pk_object_storage_index (GkrPkStorage *storage, GQuark location)
+{
+	/* TODO: When it's not a local location, we should use an index nearer to the location */
+	return GKR_PK_STORAGE_CLASS (gkr_pk_object_storage_parent_class)->index (storage, location);
+}
+
 static void
 gkr_pk_object_storage_class_init (GkrPkObjectStorageClass *klass)
 {
@@ -491,6 +498,7 @@
 	storage_class->refresh = gkr_pk_object_storage_refresh;
 	storage_class->store = gkr_pk_object_storage_store;
 	storage_class->remove = gkr_pk_object_storage_remove;
+	storage_class->index = gkr_pk_object_storage_index;
 
 	g_type_class_add_private (gobject_class, sizeof (GkrPkObjectStoragePrivate));
 }

Modified: trunk/daemon/pk/gkr-pk-object.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-object.c	(original)
+++ trunk/daemon/pk/gkr-pk-object.c	Thu Jul 24 02:22:33 2008
@@ -134,10 +134,16 @@
 	GkrPkIndex *old_index = NULL;
 	GkrPkIndex *new_index = NULL;
 	
-	if (obj->storage)
+	if (obj->storage) {
 		old_index = gkr_pk_storage_index (obj->storage, obj->location);
-	if (copy_storage)
+		if (!old_index) /* User may have denied us access to index */
+			return;
+	}
+	if (copy_storage) {
 		new_index = gkr_pk_storage_index (copy_storage, copy_location);
+		if (!old_index) /* User may have denied us access to index */
+			return;
+	}
 	
 	if (old_index == new_index)
 		return;
@@ -921,7 +927,8 @@
 	if (object->storage) {
 		g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_val_if_fail (index, FALSE);
+		if (!index)
+			return FALSE;
 	} 
 	
 	return gkr_pk_index_has_value (index, object->digest, field);
@@ -939,7 +946,8 @@
 	if (object->storage) {
 		g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_val_if_fail (index, FALSE);
+		if (!index)
+			return NULL;
 	} 
 	
 	return gkr_pk_index_get_quarks (index, object->digest, field);
@@ -957,7 +965,8 @@
 	if (object->storage) {
 		g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_val_if_fail (index, FALSE);
+		if (!index)
+			return NULL;
 	} 
 	
 	return gkr_pk_index_get_string (index, object->digest, field);
@@ -976,7 +985,8 @@
 	if (object->storage) {
 		g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_val_if_fail (index, FALSE);
+		if (!index)
+			return NULL;
 	} 
 	
 	return gkr_pk_index_get_binary (index, object->digest, field, n_data);
@@ -995,7 +1005,8 @@
 	if (object->storage) {
 		g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_if_fail (index);
+		if (!index)
+			return;
 	} 
 	
 	if (gkr_pk_index_set_boolean (index, object->digest, field, value))
@@ -1015,7 +1026,8 @@
 	if (object->storage) {
 		g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_if_fail (index);
+		if (!index)
+			return;
 	} 
 	
 	if (gkr_pk_index_set_string (index, object->digest, field, string))
@@ -1035,7 +1047,8 @@
 	if (object->storage) {
 		g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_if_fail (index);
+		if (!index)
+			return;
 	}
 	
 	if (gkr_pk_index_set_binary (index, object->digest, field, data, n_data))
@@ -1054,7 +1067,8 @@
 	if (object->storage) {
 		g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
 		index = gkr_pk_storage_index (object->storage, object->location);
-		g_return_if_fail (index);
+		if (!index)
+			return;
 	}
 	
 	if (gkr_pk_index_clear (index, object->digest, field))

Modified: trunk/daemon/pk/gkr-pk-root-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-root-storage.c	(original)
+++ trunk/daemon/pk/gkr-pk-root-storage.c	Thu Jul 24 02:22:33 2008
@@ -218,21 +218,15 @@
 {
  	GkrPkRootStoragePrivate *pv = GKR_PK_ROOT_STORAGE_GET_PRIVATE (storage);
  	GnomeKeyringAttributeList *attrs;
-	GQuark kloc;
 	
 	if (!pv->index) {
-		/* We default to a keyring stored on the computer */
-		kloc = gkr_location_from_child (GKR_LOCATION_VOLUME_LOCAL, 
-		                                "pk-storage.keyring");
-		
+
 		/* Default attributes for our index */
 		attrs = gnome_keyring_attribute_list_new ();
 		gnome_keyring_attribute_list_append_string (attrs, "user-trust", "trusted");
-		
-		pv->index = gkr_pk_index_open (kloc, "pk-storage", attrs);
+
+		pv->index = gkr_pk_index_open_for_login (attrs);
 		gnome_keyring_attribute_list_free (attrs);
-		
-		g_return_val_if_fail (pv->index, NULL);
 	}
 	
 	return pv->index;

Modified: trunk/daemon/pk/gkr-pk-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-storage.c	(original)
+++ trunk/daemon/pk/gkr-pk-storage.c	Thu Jul 24 02:22:33 2008
@@ -287,16 +287,9 @@
 gkr_pk_storage_internal_index (GkrPkStorage *storage, GQuark unused)
 {
  	GkrPkStoragePrivate *pv = GKR_PK_STORAGE_GET_PRIVATE (storage);
-	GQuark kloc;
 	
-	if (!pv->index) {
-		/* We default to a keyring stored on the computer */
-		kloc = gkr_location_from_child (GKR_LOCATION_VOLUME_LOCAL, 
-		                                "pk-storage.keyring");
-	
-		pv->index = gkr_pk_index_open (kloc, "pk-storage", NULL);
-		g_return_val_if_fail (pv->index, NULL);
-	}
+	if (!pv->index)
+		pv->index = gkr_pk_index_open_for_login (NULL);
 	
 	return pv->index;
 }
@@ -670,7 +663,6 @@
 	g_return_val_if_fail (result != NULL, FALSE);
 
 	index = gkr_pk_storage_index (storage, location);
-	g_return_val_if_fail (index, FALSE);
 
 	/*
 	 * We save the password while still here in this function.
@@ -680,7 +672,7 @@
 	 */
 
 	/* See if we can just use the login keyring password for this */
-	if (gkr_keyring_login_is_usable ()) {
+	if (index && gkr_keyring_login_is_usable () && gkr_pk_index_is_secure (index)) {
 		login = gkr_keyrings_get_login ();
 		g_return_val_if_fail (login, FALSE);
 		g_return_val_if_fail (login->password, FALSE);
@@ -710,7 +702,7 @@
 
 	gkr_ask_request_set_location (ask, location);
 			
-	if (gkr_keyring_login_is_usable ())
+	if (index && gkr_pk_index_is_secure (index))
 		gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
 		
 	/* Prompt the user */
@@ -782,7 +774,6 @@
 	}
 	
 	index = gkr_pk_storage_index (storage, location);
-	g_return_val_if_fail (index, FALSE);
 	
 	/*
 	 * The password prompting is somewhat convoluted with the end goal of 
@@ -797,9 +788,11 @@
 		
 	/* See if we can find a valid password for this location */
 	if (st == 2) {
-		*result = gkr_pk_index_get_secret (index, digest);
-		if (*result != NULL)
-			 return TRUE;
+		if (index) {
+			*result = gkr_pk_index_get_secret (index, digest);
+			if (*result != NULL)
+				return TRUE;
+		}
 		
 		/* 
 		 * COMPATIBILITY: This is for compatibility with old versions 2.22, which 
@@ -816,18 +809,21 @@
 		
 	/* If we've already tried this password unsuccesfully, then clear */
 	} else {
-		gkr_pk_index_set_secret (index, digest, NULL);
+		if (index)
+			gkr_pk_index_set_secret (index, digest, NULL);
 	}
 
 	/*
 	 * If we've parsed this before, then we can lookup in our index as to what 
 	 * exactly this is we're talking about here.  
 	 */
-	stype = gkr_pk_index_get_string (index, digest, "parsed-type");
-	if (stype) {
-		if (!type && stype[0])
-			type = g_quark_from_string (stype);
-		g_free (stype);
+	if (index) {
+		stype = gkr_pk_index_get_string (index, digest, "parsed-type");
+		if (stype) {
+			if (!type && stype[0])
+				type = g_quark_from_string (stype);
+			g_free (stype);
+		}
 	}
 	
 	if (!label) 
@@ -844,7 +840,7 @@
 
 	gkr_ask_request_set_location (ask, location);
 			
-	if (gkr_keyring_login_is_usable ())
+	if (index && gkr_pk_index_is_secure (index))
 		gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
 		
 	/* Prompt the user */

Modified: trunk/daemon/ssh/gkr-ssh-storage.c
==============================================================================
--- trunk/daemon/ssh/gkr-ssh-storage.c	(original)
+++ trunk/daemon/ssh/gkr-ssh-storage.c	Thu Jul 24 02:22:33 2008
@@ -270,7 +270,8 @@
 	g_return_if_fail (loc);
 	
 	index = gkr_ssh_storage_index (GKR_PK_STORAGE (storage), loc);
-	g_return_if_fail (index);
+	if (!index)
+		return;
 	
 	ploc = public_location_for_private (loc);
 	g_return_if_fail (ploc);
@@ -665,21 +666,14 @@
 {
  	GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (storage);
  	GnomeKeyringAttributeList *attrs;
-	GQuark kloc;
 	
 	if (!pv->index) {
-		/* We default to a keyring stored on the computer */
-		kloc = gkr_location_from_child (GKR_LOCATION_VOLUME_LOCAL, 
-		                                "pk-storage.keyring");
-		
 		/* Default attributes for our index */
 		attrs = gnome_keyring_attribute_list_new ();
 		gnome_keyring_attribute_list_append_string (attrs, "purposes", "ssh-authentication");
 		
-		pv->index = gkr_pk_index_open (kloc, "pk-storage", attrs);
+		pv->index = gkr_pk_index_open_for_login (attrs);
 		gnome_keyring_attribute_list_free (attrs);
-		
-		g_return_val_if_fail (pv->index, NULL);
 	}
 	
 	return pv->index;



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]