[gnome-keyring] [login] Fix security problem storing user's login password in keyring.

From: Stefan Walter <stefw src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keyring] [login] Fix security problem storing user's login password in keyring.
Date: Wed, 21 Apr 2010 17:24:38 +0000 (UTC)
commit 4efbaf1a7567359a42967d98fd7fbd9fcb984930
Author: Stef Walter <stef memberwebs com>
Date:   Wed Apr 21 16:40:36 2010 +0000

    [login] Fix security problem storing user's login password in keyring.
    
    Don't store the user's login password in the keyring, which was being
    done when initializing the PKCS#11 user storage module.
    
    In addition put in a temporary fix which removes such passwords stored.
    This problem started during the 2.29.x betas, so anyone doing beta testing
    will be covered by this removal.
    
    Fixes bug #616174

 configure.in             |    7 ++++---
 daemon/login/gkd-login.c |   38 ++++++++++++++++++++++++++++++++------
 2 files changed, 36 insertions(+), 9 deletions(-)
---
diff --git a/configure.in b/configure.in
index a86f5a3..dcb2916 100644
--- a/configure.in
+++ b/configure.in
@@ -17,6 +17,10 @@ GCR_AGE=0		# Increment for interface that doesn't break anything
 
 dnl ****************************************************************************
 
+version_bits=`echo $VERSION | tr '.' ' '`
+full_version=`printf %03d%03d%03d $version_bits`
+AC_DEFINE_UNQUOTED(GKR_VERSION, $full_version, [The gnome-keyring version as a number])
+
 AM_SANITY_CHECK
 AM_MAINTAINER_MODE
 
@@ -34,9 +38,6 @@ AM_PROG_LIBTOOL
 IT_PROG_INTLTOOL([0.35.0])
 AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
 
-LIB_GNOME_KEYRING_LT_VERSION=1:1:1
-AC_SUBST(LIB_GNOME_KEYRING_LT_VERSION)
-
 AC_TYPE_PID_T
 AC_TYPE_SIGNAL
 AC_TYPE_SIZE_T
diff --git a/daemon/login/gkd-login.c b/daemon/login/gkd-login.c
index 373561c..9031fca 100644
--- a/daemon/login/gkd-login.c
+++ b/daemon/login/gkd-login.c
@@ -47,6 +47,36 @@ note_that_unlock_succeeded (void)
 	g_atomic_int_set (&unlock_failures, 0);
 }
 
+#if GKR_VERSION >= 002031000
+	#error "This function should be removed in 2.31.x"
+#else
+
+static void
+cleanup_security_issue_in_2_29_x_betas (const gchar *master)
+{
+	gchar *password;
+
+	/*
+	 * Remove the login password from keyring. This was a bug in 2.29.x
+	 * versions, and 2.30.0 (fixed in 2.30.1) which stored the master
+	 * password in tnhe login keyring. Try to cleanup that situation.
+	 */
+
+	password = gkd_login_lookup_secret ("manufacturer", "Gnome Keyring",
+	                                    "serial-number", "1:USER:DEFAULT",
+	                                    NULL);
+
+	if (password && g_str_equal (password, master)) {
+		gkd_login_remove_secret ("manufacturer", "Gnome Keyring",
+		                         "serial-number", "1:USER:DEFAULT",
+		                         NULL);
+	}
+
+	egg_secure_strfree (password);
+}
+
+#endif /* GKR_VERSION */
+
 gboolean
 gkd_login_did_unlock_fail (void)
 {
@@ -257,6 +287,7 @@ unlock_or_create_login (GP11Module *module, const gchar *master)
 
 	/* The unlock succeeded yay */
 	} else {
+		cleanup_security_issue_in_2_29_x_betas (master);
 		note_that_unlock_succeeded ();
 	}
 
@@ -290,12 +321,7 @@ init_pin_for_uninitialized_slots (GP11Module *module, const gchar *master)
 		if (initialize) {
 			session = open_and_login_session (l->data, CKU_SO, NULL);
 			if (session != NULL) {
-				if (gp11_session_init_pin (session, (const guchar*)master, strlen (master), &error)) {
-					gkd_login_attach_secret (info->label, master,
-					                         "manufacturer", info->manufacturer_id,
-					                         "serial-number", info->serial_number,
-					                         NULL);
-				} else {
+				if (!gp11_session_init_pin (session, (const guchar*)master, strlen (master), &error)) {
 					if (!g_error_matches (error, GP11_ERROR, CKR_FUNCTION_NOT_SUPPORTED))
 						g_warning ("couldn't initialize slot with master password: %s",
 						           egg_error_message (error));
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]