gnome-keyring r1197 - in trunk: . daemon/pk daemon/ssh
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1197 - in trunk: . daemon/pk daemon/ssh
- Date: Thu, 24 Jul 2008 02:22:33 +0000 (UTC)
Author: nnielsen
Date: Thu Jul 24 02:22:33 2008
New Revision: 1197
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1197&view=rev
Log:
* daemon/pk/gkr-pk-import.c:
* daemon/pk/gkr-pk-index.c:
* daemon/pk/gkr-pk-index.h:
* daemon/pk/gkr-pk-object.c:
* daemon/pk/gkr-pk-object-storage.c:
* daemon/pk/gkr-pk-root-storage.c:
* daemon/pk/gkr-pk-storage.c:
* daemon/ssh/gkr-pk-storage.c: Use the login keyring for storing
indexes of PK objects. Handle the 'deny' to unlock use case
better.
Modified:
trunk/ChangeLog
trunk/daemon/pk/gkr-pk-import.c
trunk/daemon/pk/gkr-pk-index.c
trunk/daemon/pk/gkr-pk-index.h
trunk/daemon/pk/gkr-pk-object-storage.c
trunk/daemon/pk/gkr-pk-object.c
trunk/daemon/pk/gkr-pk-root-storage.c
trunk/daemon/pk/gkr-pk-storage.c
trunk/daemon/ssh/gkr-ssh-storage.c
Modified: trunk/daemon/pk/gkr-pk-import.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-import.c (original)
+++ trunk/daemon/pk/gkr-pk-import.c Thu Jul 24 02:22:33 2008
@@ -32,8 +32,6 @@
#include "common/gkr-secure-memory.h"
-#include "keyrings/gkr-keyring-login.h"
-
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11g.h"
@@ -170,9 +168,6 @@
return TRUE;
}
- index = gkr_pk_storage_index (import->import_storage, loc);
- g_return_val_if_fail (index, FALSE);
-
if (!label)
label = import->import_label;
@@ -190,7 +185,8 @@
* object to.
*/
- if (gkr_keyring_login_is_usable ())
+ index = gkr_pk_storage_index (import->import_storage, loc);
+ if (index && gkr_pk_index_is_secure (index))
gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
/* Prompt the user */
Modified: trunk/daemon/pk/gkr-pk-index.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-index.c (original)
+++ trunk/daemon/pk/gkr-pk-index.c Thu Jul 24 02:22:33 2008
@@ -382,6 +382,27 @@
return index;
}
+gboolean
+gkr_pk_index_is_secure (GkrPkIndex *index)
+{
+ g_return_val_if_fail (GKR_IS_PK_INDEX (index), FALSE);
+ g_return_val_if_fail (GKR_IS_KEYRING (index->keyring), FALSE);
+ return !gkr_keyring_is_insecure (index->keyring);
+}
+
+GkrPkIndex*
+gkr_pk_index_open_for_login (GnomeKeyringAttributeList *defaults)
+{
+ GkrKeyring *login;
+
+ if (!gkr_keyring_login_unlock (NULL))
+ return NULL;
+
+ login = gkr_keyrings_get_login ();
+ g_return_val_if_fail (login, NULL);
+
+ return gkr_pk_index_new (login, defaults);
+}
GkrPkIndex*
gkr_pk_index_open (GQuark index_location, const gchar *name,
@@ -650,6 +671,13 @@
index = gkr_pk_index_default ();
g_return_val_if_fail (GKR_IS_PK_INDEX (index), FALSE);
+
+ /* Cannot store secrets in an insecure keyring. Caller should have checked this. */
+ if (val != NULL && gkr_keyring_is_insecure (index->keyring)) {
+ g_warning ("gkr_pk_index_set_secret() called on an insecure keyring. Cannot "
+ "store secrets in a text based or otherwise insecure keyring.");
+ return FALSE;
+ }
item = find_item_for_digest (index, digest, TRUE);
if (!item)
Modified: trunk/daemon/pk/gkr-pk-index.h
==============================================================================
--- trunk/daemon/pk/gkr-pk-index.h (original)
+++ trunk/daemon/pk/gkr-pk-index.h Thu Jul 24 02:22:33 2008
@@ -58,14 +58,18 @@
GkrPkIndex* gkr_pk_index_open (GQuark index_location, const gchar *name,
GnomeKeyringAttributeList *defaults);
+GkrPkIndex* gkr_pk_index_open_for_login (GnomeKeyringAttributeList *defaults);
+
GkrPkIndex* gkr_pk_index_default (void);
+gboolean gkr_pk_index_is_secure (GkrPkIndex *index);
+
gboolean gkr_pk_index_get_boolean (GkrPkIndex *index, gkrconstid digest,
const gchar *field, gboolean defvalue);
guint gkr_pk_index_get_uint (GkrPkIndex *index, gkrconstid digest,
const gchar *field, guint defvalue);
-
+
gchar* gkr_pk_index_get_string (GkrPkIndex *index, gkrconstid digest,
const gchar *field);
Modified: trunk/daemon/pk/gkr-pk-object-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-object-storage.c (original)
+++ trunk/daemon/pk/gkr-pk-object-storage.c Thu Jul 24 02:22:33 2008
@@ -476,6 +476,13 @@
G_OBJECT_CLASS (gkr_pk_object_storage_parent_class)->finalize (obj);
}
+static GkrPkIndex*
+gkr_pk_object_storage_index (GkrPkStorage *storage, GQuark location)
+{
+ /* TODO: When it's not a local location, we should use an index nearer to the location */
+ return GKR_PK_STORAGE_CLASS (gkr_pk_object_storage_parent_class)->index (storage, location);
+}
+
static void
gkr_pk_object_storage_class_init (GkrPkObjectStorageClass *klass)
{
@@ -491,6 +498,7 @@
storage_class->refresh = gkr_pk_object_storage_refresh;
storage_class->store = gkr_pk_object_storage_store;
storage_class->remove = gkr_pk_object_storage_remove;
+ storage_class->index = gkr_pk_object_storage_index;
g_type_class_add_private (gobject_class, sizeof (GkrPkObjectStoragePrivate));
}
Modified: trunk/daemon/pk/gkr-pk-object.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-object.c (original)
+++ trunk/daemon/pk/gkr-pk-object.c Thu Jul 24 02:22:33 2008
@@ -134,10 +134,16 @@
GkrPkIndex *old_index = NULL;
GkrPkIndex *new_index = NULL;
- if (obj->storage)
+ if (obj->storage) {
old_index = gkr_pk_storage_index (obj->storage, obj->location);
- if (copy_storage)
+ if (!old_index) /* User may have denied us access to index */
+ return;
+ }
+ if (copy_storage) {
new_index = gkr_pk_storage_index (copy_storage, copy_location);
+ if (!old_index) /* User may have denied us access to index */
+ return;
+ }
if (old_index == new_index)
return;
@@ -921,7 +927,8 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_val_if_fail (index, FALSE);
+ if (!index)
+ return FALSE;
}
return gkr_pk_index_has_value (index, object->digest, field);
@@ -939,7 +946,8 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_val_if_fail (index, FALSE);
+ if (!index)
+ return NULL;
}
return gkr_pk_index_get_quarks (index, object->digest, field);
@@ -957,7 +965,8 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_val_if_fail (index, FALSE);
+ if (!index)
+ return NULL;
}
return gkr_pk_index_get_string (index, object->digest, field);
@@ -976,7 +985,8 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_val_if_fail (index, FALSE);
+ if (!index)
+ return NULL;
}
return gkr_pk_index_get_binary (index, object->digest, field, n_data);
@@ -995,7 +1005,8 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_if_fail (index);
+ if (!index)
+ return;
}
if (gkr_pk_index_set_boolean (index, object->digest, field, value))
@@ -1015,7 +1026,8 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_if_fail (index);
+ if (!index)
+ return;
}
if (gkr_pk_index_set_string (index, object->digest, field, string))
@@ -1035,7 +1047,8 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_if_fail (index);
+ if (!index)
+ return;
}
if (gkr_pk_index_set_binary (index, object->digest, field, data, n_data))
@@ -1054,7 +1067,8 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- g_return_if_fail (index);
+ if (!index)
+ return;
}
if (gkr_pk_index_clear (index, object->digest, field))
Modified: trunk/daemon/pk/gkr-pk-root-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-root-storage.c (original)
+++ trunk/daemon/pk/gkr-pk-root-storage.c Thu Jul 24 02:22:33 2008
@@ -218,21 +218,15 @@
{
GkrPkRootStoragePrivate *pv = GKR_PK_ROOT_STORAGE_GET_PRIVATE (storage);
GnomeKeyringAttributeList *attrs;
- GQuark kloc;
if (!pv->index) {
- /* We default to a keyring stored on the computer */
- kloc = gkr_location_from_child (GKR_LOCATION_VOLUME_LOCAL,
- "pk-storage.keyring");
-
+
/* Default attributes for our index */
attrs = gnome_keyring_attribute_list_new ();
gnome_keyring_attribute_list_append_string (attrs, "user-trust", "trusted");
-
- pv->index = gkr_pk_index_open (kloc, "pk-storage", attrs);
+
+ pv->index = gkr_pk_index_open_for_login (attrs);
gnome_keyring_attribute_list_free (attrs);
-
- g_return_val_if_fail (pv->index, NULL);
}
return pv->index;
Modified: trunk/daemon/pk/gkr-pk-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-storage.c (original)
+++ trunk/daemon/pk/gkr-pk-storage.c Thu Jul 24 02:22:33 2008
@@ -287,16 +287,9 @@
gkr_pk_storage_internal_index (GkrPkStorage *storage, GQuark unused)
{
GkrPkStoragePrivate *pv = GKR_PK_STORAGE_GET_PRIVATE (storage);
- GQuark kloc;
- if (!pv->index) {
- /* We default to a keyring stored on the computer */
- kloc = gkr_location_from_child (GKR_LOCATION_VOLUME_LOCAL,
- "pk-storage.keyring");
-
- pv->index = gkr_pk_index_open (kloc, "pk-storage", NULL);
- g_return_val_if_fail (pv->index, NULL);
- }
+ if (!pv->index)
+ pv->index = gkr_pk_index_open_for_login (NULL);
return pv->index;
}
@@ -670,7 +663,6 @@
g_return_val_if_fail (result != NULL, FALSE);
index = gkr_pk_storage_index (storage, location);
- g_return_val_if_fail (index, FALSE);
/*
* We save the password while still here in this function.
@@ -680,7 +672,7 @@
*/
/* See if we can just use the login keyring password for this */
- if (gkr_keyring_login_is_usable ()) {
+ if (index && gkr_keyring_login_is_usable () && gkr_pk_index_is_secure (index)) {
login = gkr_keyrings_get_login ();
g_return_val_if_fail (login, FALSE);
g_return_val_if_fail (login->password, FALSE);
@@ -710,7 +702,7 @@
gkr_ask_request_set_location (ask, location);
- if (gkr_keyring_login_is_usable ())
+ if (index && gkr_pk_index_is_secure (index))
gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
/* Prompt the user */
@@ -782,7 +774,6 @@
}
index = gkr_pk_storage_index (storage, location);
- g_return_val_if_fail (index, FALSE);
/*
* The password prompting is somewhat convoluted with the end goal of
@@ -797,9 +788,11 @@
/* See if we can find a valid password for this location */
if (st == 2) {
- *result = gkr_pk_index_get_secret (index, digest);
- if (*result != NULL)
- return TRUE;
+ if (index) {
+ *result = gkr_pk_index_get_secret (index, digest);
+ if (*result != NULL)
+ return TRUE;
+ }
/*
* COMPATIBILITY: This is for compatibility with old versions 2.22, which
@@ -816,18 +809,21 @@
/* If we've already tried this password unsuccesfully, then clear */
} else {
- gkr_pk_index_set_secret (index, digest, NULL);
+ if (index)
+ gkr_pk_index_set_secret (index, digest, NULL);
}
/*
* If we've parsed this before, then we can lookup in our index as to what
* exactly this is we're talking about here.
*/
- stype = gkr_pk_index_get_string (index, digest, "parsed-type");
- if (stype) {
- if (!type && stype[0])
- type = g_quark_from_string (stype);
- g_free (stype);
+ if (index) {
+ stype = gkr_pk_index_get_string (index, digest, "parsed-type");
+ if (stype) {
+ if (!type && stype[0])
+ type = g_quark_from_string (stype);
+ g_free (stype);
+ }
}
if (!label)
@@ -844,7 +840,7 @@
gkr_ask_request_set_location (ask, location);
- if (gkr_keyring_login_is_usable ())
+ if (index && gkr_pk_index_is_secure (index))
gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
/* Prompt the user */
Modified: trunk/daemon/ssh/gkr-ssh-storage.c
==============================================================================
--- trunk/daemon/ssh/gkr-ssh-storage.c (original)
+++ trunk/daemon/ssh/gkr-ssh-storage.c Thu Jul 24 02:22:33 2008
@@ -270,7 +270,8 @@
g_return_if_fail (loc);
index = gkr_ssh_storage_index (GKR_PK_STORAGE (storage), loc);
- g_return_if_fail (index);
+ if (!index)
+ return;
ploc = public_location_for_private (loc);
g_return_if_fail (ploc);
@@ -665,21 +666,14 @@
{
GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (storage);
GnomeKeyringAttributeList *attrs;
- GQuark kloc;
if (!pv->index) {
- /* We default to a keyring stored on the computer */
- kloc = gkr_location_from_child (GKR_LOCATION_VOLUME_LOCAL,
- "pk-storage.keyring");
-
/* Default attributes for our index */
attrs = gnome_keyring_attribute_list_new ();
gnome_keyring_attribute_list_append_string (attrs, "purposes", "ssh-authentication");
- pv->index = gkr_pk_index_open (kloc, "pk-storage", attrs);
+ pv->index = gkr_pk_index_open_for_login (attrs);
gnome_keyring_attribute_list_free (attrs);
-
- g_return_val_if_fail (pv->index, NULL);
}
return pv->index;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]