- Update to 2.31.92

- Built against gtk3
This commit is contained in:
Tomas Bzatek 2010-09-13 14:51:31 +02:00
parent 2c91fc77d8
commit 1491244d5b
8 changed files with 28 additions and 2122 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,259 +0,0 @@
From d30630070b2e7f6173ea872f45bb47b70948e796 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sat, 20 Mar 2010 02:19:44 +0000
Subject: [secret-store] Don't save session keyring to disk.
There was a major problem where the session keyring was being saved
to disk, and since it had to master password, as a cleartext keyring
Mark the session keyring as transient so it doesn't even come near
the storage code. Also rework the collection storage code, so that
it properly handles various corner cases.
Fixes bug #612977
---
diff --git a/pkcs11/gck/gck-object.c b/pkcs11/gck/gck-object.c
index a568042..a2d03e2 100644
--- a/pkcs11/gck/gck-object.c
+++ b/pkcs11/gck/gck-object.c
@@ -41,7 +41,8 @@ enum {
PROP_MODULE,
PROP_MANAGER,
PROP_STORE,
- PROP_UNIQUE
+ PROP_UNIQUE,
+ PROP_TRANSIENT
};
enum {
@@ -201,6 +202,13 @@ find_credential (GckCredential *cred, GckObject *object, gpointer user_data)
return TRUE;
}
+static void
+mark_object_transient (GckObject *self)
+{
+ if (!self->pv->transient)
+ self->pv->transient = g_slice_new0 (GckObjectTransient);
+}
+
/* -----------------------------------------------------------------------------
* OBJECT
*/
@@ -337,7 +345,7 @@ gck_object_real_create_attributes (GckObject *self, GckSession *session,
CKA_G_DESTRUCT_IDLE, CKA_GNOME_TRANSIENT, G_MAXULONG);
if (transient) {
- self->pv->transient = g_slice_new0 (GckObjectTransient);
+ mark_object_transient (self);
self->pv->transient->timed_after = after;
self->pv->transient->timed_idle = idle;
}
@@ -481,6 +489,11 @@ gck_object_set_property (GObject *obj, guint prop_id, const GValue *value,
g_return_if_fail (!self->pv->unique);
self->pv->unique = g_value_dup_string (value);
break;
+ case PROP_TRANSIENT:
+ g_return_if_fail (!self->pv->transient);
+ if (g_value_get_boolean (value))
+ mark_object_transient (self);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
@@ -510,6 +523,9 @@ gck_object_get_property (GObject *obj, guint prop_id, GValue *value,
case PROP_UNIQUE:
g_value_set_string (value, gck_object_get_unique (self));
break;
+ case PROP_TRANSIENT:
+ g_value_set_boolean (value, gck_object_is_transient (self));
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
@@ -556,7 +572,11 @@ gck_object_class_init (GckObjectClass *klass)
g_object_class_install_property (gobject_class, PROP_UNIQUE,
g_param_spec_string ("unique", "Unique Identifer", "Machine unique identifier",
NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
-
+
+ g_object_class_install_property (gobject_class, PROP_TRANSIENT,
+ g_param_spec_boolean ("transient", "Transient Object", "Transient Object",
+ FALSE, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+
signals[EXPOSE_OBJECT] = g_signal_new ("expose-object", GCK_TYPE_OBJECT,
G_SIGNAL_RUN_FIRST, G_STRUCT_OFFSET (GckObjectClass, expose_object),
NULL, NULL, g_cclosure_marshal_VOID__BOOLEAN,
diff --git a/pkcs11/secret-store/gck-secret-module.c b/pkcs11/secret-store/gck-secret-module.c
index 5b08008..c3cba91 100644
--- a/pkcs11/secret-store/gck-secret-module.c
+++ b/pkcs11/secret-store/gck-secret-module.c
@@ -42,10 +42,7 @@ struct _GckSecretModule {
GckFileTracker *tracker;
GHashTable *collections;
gchar *directory;
-
- /* Special 'session' keyring */
GckCredential *session_credential;
- GckSecretCollection *session_collection;
};
static const CK_SLOT_INFO gck_secret_module_slot_info = {
@@ -301,42 +298,52 @@ gck_secret_module_real_refresh_token (GckModule *base)
}
static void
+gck_secret_module_real_add_object (GckModule *module, GckTransaction *transaction,
+ GckObject *object)
+{
+ GckSecretModule *self = GCK_SECRET_MODULE (module);
+ GckSecretCollection *collection;
+ const gchar *identifier;
+ gchar *filename;
+
+ g_return_if_fail (!gck_transaction_get_failed (transaction));
+
+ if (GCK_IS_SECRET_COLLECTION (object)) {
+ collection = GCK_SECRET_COLLECTION (object);
+
+ /* Setup a filename for this collection */
+ identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (collection));
+ filename = identifier_to_new_filename (self, identifier);
+ gck_secret_collection_set_filename (collection, filename);
+ g_free (filename);
+
+ add_collection (self, transaction, collection);
+ }
+}
+
+static void
gck_secret_module_real_store_object (GckModule *module, GckTransaction *transaction,
GckObject *object)
{
GckSecretModule *self = GCK_SECRET_MODULE (module);
GckSecretCollection *collection = NULL;
- const gchar *identifier;
- gchar *filename;
- /* Storing an item */
+ /* Store the item's collection */
if (GCK_IS_SECRET_ITEM (object)) {
collection = gck_secret_item_get_collection (GCK_SECRET_ITEM (object));
g_return_if_fail (GCK_IS_SECRET_COLLECTION (collection));
+ gck_module_store_token_object (GCK_MODULE (self), transaction, GCK_OBJECT (collection));
/* Storing a collection */
} else if (GCK_IS_SECRET_COLLECTION (object)) {
collection = GCK_SECRET_COLLECTION (object);
- }
+ gck_secret_collection_save (collection, transaction);
/* No other kind of token object */
- if (collection == NULL) {
+ } else {
g_warning ("can't store object of type '%s' on secret token", G_OBJECT_TYPE_NAME (object));
gck_transaction_fail (transaction, CKR_GENERAL_ERROR);
- return;
- }
-
- /* Setup a filename for this collection */
- if (!gck_secret_collection_get_filename (collection)) {
- identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (collection));
- filename = identifier_to_new_filename (self, identifier);
- gck_secret_collection_set_filename (collection, filename);
- g_free (filename);
}
-
- gck_secret_collection_save (collection, transaction);
- if (!gck_transaction_get_failed (transaction))
- add_collection (self, transaction, collection);
}
static void
@@ -351,11 +358,6 @@ gck_secret_module_real_remove_object (GckModule *module, GckTransaction *transac
GCK_OBJECT (self->session_credential) == object)
return;
- /* Ignore the session keyring collection */
- if (self->session_collection != NULL &&
- GCK_OBJECT (self->session_collection) == object)
- return;
-
/* Removing an item */
if (GCK_IS_SECRET_ITEM (object)) {
collection = gck_secret_item_get_collection (GCK_SECRET_ITEM (object));
@@ -384,6 +386,7 @@ gck_secret_module_constructor (GType type, guint n_props, GObjectConstructParam
{
GckSecretModule *self = GCK_SECRET_MODULE (G_OBJECT_CLASS (gck_secret_module_parent_class)->constructor(type, n_props, props));
GckManager *manager;
+ GckObject *collection;
CK_RV rv;
g_return_val_if_fail (self, NULL);
@@ -401,22 +404,27 @@ gck_secret_module_constructor (GType type, guint n_props, GObjectConstructParam
manager = gck_module_get_manager (GCK_MODULE (self));
+ collection = g_object_new (GCK_TYPE_SECRET_COLLECTION,
+ "module", self,
+ "identifier", "session",
+ "manager", manager,
+ "transient", TRUE,
+ NULL);
+
/* Create the 'session' keyring, which is not stored to disk */
- self->session_collection = g_object_new (GCK_TYPE_SECRET_COLLECTION,
- "module", self,
- "identifier", "session",
- "manager", manager,
- NULL);
- gck_object_expose (GCK_OBJECT (self->session_collection), TRUE);
+ g_return_val_if_fail (gck_object_is_transient (collection), NULL);
+ gck_module_add_token_object (GCK_MODULE (self), NULL, collection);
+ gck_object_expose (collection, TRUE);
/* Unlock the 'session' keyring */
- rv = gck_credential_create (GCK_MODULE (self), manager, GCK_OBJECT (self->session_collection),
+ rv = gck_credential_create (GCK_MODULE (self), manager, GCK_OBJECT (collection),
NULL, 0, &self->session_credential);
if (rv == CKR_OK)
gck_object_expose (GCK_OBJECT (self->session_credential), TRUE);
else
g_warning ("couldn't unlock the 'session' keyring");
+ g_object_unref (collection);
return G_OBJECT (self);
}
@@ -438,10 +446,6 @@ gck_secret_module_dispose (GObject *obj)
g_object_unref (self->tracker);
self->tracker = NULL;
- if (self->session_collection)
- g_object_unref (self->session_collection);
- self->session_collection = NULL;
-
if (self->session_credential)
g_object_unref (self->session_credential);
self->session_credential = NULL;
@@ -465,7 +469,6 @@ gck_secret_module_finalize (GObject *obj)
self->directory = NULL;
g_assert (!self->session_credential);
- g_assert (!self->session_collection);
G_OBJECT_CLASS (gck_secret_module_parent_class)->finalize (obj);
}
@@ -484,8 +487,9 @@ gck_secret_module_class_init (GckSecretModuleClass *klass)
module_class->get_token_info = gck_secret_module_real_get_token_info;
module_class->parse_argument = gck_secret_module_real_parse_argument;
module_class->refresh_token = gck_secret_module_real_refresh_token;
- module_class->remove_token_object = gck_secret_module_real_remove_object;
+ module_class->add_token_object = gck_secret_module_real_add_object;
module_class->store_token_object = gck_secret_module_real_store_object;
+ module_class->remove_token_object = gck_secret_module_real_remove_object;
}
/* ---------------------------------------------------------------------------------------
--
cgit v0.8.3.1

View File

@ -1,335 +0,0 @@
From d864698a290c55d1ccda5cc20946894ade5e827d Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 21 Mar 2010 15:55:51 +0000
Subject: [login] Fix various issues storing and using auto unlock passwords.
* Unwrap secrets directly into login keyring for auto unlock.
* Fix various corner cases using auto unlock stuff in login keyring.
---
diff --git a/daemon/dbus/gkd-secret-session.c b/daemon/dbus/gkd-secret-session.c
index 80cd054..73551df 100644
--- a/daemon/dbus/gkd-secret-session.c
+++ b/daemon/dbus/gkd-secret-session.c
@@ -730,6 +730,8 @@ gkd_secret_session_create_credential (GkdSecretSession *self, GP11Session *sessi
}
g_clear_error (&error);
return NULL;
+ } else {
+ gp11_object_set_session (object, session);
}
return object;
diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c
index 8a70ddc..f5df63b 100644
--- a/daemon/dbus/gkd-secret-unlock.c
+++ b/daemon/dbus/gkd-secret-unlock.c
@@ -247,43 +247,35 @@ check_locked_collection (GP11Object *collection, gboolean *locked)
}
static void
-attach_credential_to_login (GP11Object *collection, GP11Object *cred)
+attach_unlock_to_login (GP11Object *collection, GkdSecretSecret *master)
{
- GError *error = NULL;
+ DBusError derr = DBUS_ERROR_INIT;
GP11Attributes *attrs;
- gpointer value;
- gsize n_value;
+ GP11Object *cred;
gchar *location;
gchar *label;
g_assert (GP11_IS_OBJECT (collection));
- g_assert (GP11_IS_OBJECT (cred));
+ /* Relevant information for the unlock item */
attrs = attributes_for_collection (collection);
g_return_if_fail (attrs);
-
location = location_string_for_attributes (attrs);
label = label_string_for_attributes (attrs);
gp11_attributes_unref (attrs);
- value = gp11_object_get_data_full (cred, CKA_VALUE, egg_secure_realloc, NULL, &n_value, &error);
- if (value) {
- if (g_utf8_validate (value, n_value, NULL))
- gkd_login_attach_secret (label, value, "keyring", location, NULL);
- else
- g_warning ("couldn't save non utf-8 unlock credentials in login keyring");
- egg_secure_clear (value, n_value);
- egg_secure_free (value);
-
- } else {
- if (!g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN))
- g_warning ("couldn't read unlock credentials to save in login keyring: %s",
- egg_error_message (error));
- g_clear_error (&error);
- }
-
+ attrs = gkd_login_attach_make_attributes (label, "keyring", location, NULL);
g_free (location);
g_free (label);
+
+ cred = gkd_secret_session_create_credential (master->session, NULL, attrs, master, &derr);
+ gp11_attributes_unref (attrs);
+ g_object_unref (cred);
+
+ if (!cred) {
+ g_warning ("couldn't save unlock password in login collection: %s", derr.message);
+ dbus_error_free (&derr);
+ }
}
static void
@@ -304,6 +296,7 @@ authenticate_collection (GkdSecretUnlock *self, GP11Object *collection, gboolean
GP11Attribute *attr;
GP11Object *cred;
gboolean transient;
+ gboolean result;
g_assert (GKD_SECRET_IS_UNLOCK (self));
g_assert (GP11_IS_OBJECT (collection));
@@ -336,35 +329,37 @@ authenticate_collection (GkdSecretUnlock *self, GP11Object *collection, gboolean
}
cred = gkd_secret_session_create_credential (master->session, NULL, template, master, &derr);
- gkd_secret_secret_free (master);
+ g_object_unref (cred);
if (cred) {
/* Save it to the login keyring */
if (!transient)
- attach_credential_to_login (collection, cred);
- g_object_unref (cred);
+ attach_unlock_to_login (collection, master);
/* Save away the unlock options for next time */
gp11_object_set_template (collection, CKA_G_CREDENTIAL_TEMPLATE, template, NULL);
gp11_attributes_unref (template);
*locked = FALSE;
- return TRUE; /* Operation succeeded, and unlocked */
+ result = TRUE; /* Operation succeeded, and unlocked */
} else {
gp11_attributes_unref (template);
if (dbus_error_has_name (&derr, INTERNAL_ERROR_DENIED)) {
dbus_error_free (&derr);
*locked = TRUE;
- return TRUE; /* Operation succeded, although not unlocked*/
+ result = TRUE; /* Operation succeded, although not unlocked*/
} else {
g_warning ("couldn't create credential for collection: %s",
derr.message);
dbus_error_free (&derr);
- return FALSE; /* Operation failed */
+ result = FALSE; /* Operation failed */
}
}
+
+ gkd_secret_secret_free (master);
+ return result;
}
/* -----------------------------------------------------------------------------
diff --git a/daemon/login/gkd-login.c b/daemon/login/gkd-login.c
index bdef57d..373561c 100644
--- a/daemon/login/gkd-login.c
+++ b/daemon/login/gkd-login.c
@@ -77,7 +77,9 @@ open_and_login_session (GP11Slot *slot, CK_USER_TYPE user_type, GError **error)
session = gp11_slot_open_session (slot, CKF_RW_SESSION, error);
if (session != NULL) {
if (!gp11_session_login (session, user_type, NULL, 0, error)) {
- if ((*error)->code != CKR_USER_ALREADY_LOGGED_IN) {
+ if (g_error_matches (*error, GP11_ERROR, CKR_USER_ALREADY_LOGGED_IN)) {
+ g_clear_error (error);
+ } else {
g_object_unref (session);
session = NULL;
}
@@ -574,20 +576,88 @@ find_login_keyring_item (GP11Session *session, GP11Attribute *fields)
return item;
}
+static GP11Attributes*
+attach_make_attributes_va (GP11Session *session, const gchar *label,
+ const gchar *first, va_list va)
+{
+ GP11Attributes *attrs;
+ GP11Attribute fields;
+ gchar *display_name;
+ GP11Object* item;
+ GError *error = NULL;
+ gpointer value;
+ gsize n_value;
+
+ attrs = gp11_attributes_new ();
+
+ gp11_attribute_init_empty (&fields, CKA_G_FIELDS);
+ string_attribute_list_va (va, first, &fields);
+
+ /*
+ * If there already is such an item, then include its identifier.
+ * What this does is overwrite that item, rather than creating new.
+ */
+ item = find_login_keyring_item (session, &fields);
+ if (item) {
+ value = gp11_object_get_data (item, CKA_ID, &n_value, &error);
+ if (value != NULL) {
+ gp11_attributes_add_data (attrs, CKA_ID, value, n_value);
+ g_free (value);
+ } else {
+ g_warning ("couldn't retrieve id for previous login item: %s",
+ egg_error_message (error));
+ g_clear_error (&error);
+ }
+ g_object_unref (item);
+ }
+
+ if (label == NULL)
+ label = _("Unnamed");
+
+ display_name = g_strdup_printf (_("Unlock password for: %s"), label);
+ gp11_attributes_add_string (attrs, CKA_LABEL, display_name);
+
+ gp11_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
+ gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY);
+ gp11_attributes_add_data (attrs, CKA_G_COLLECTION, "login", (gsize)5);
+ gp11_attributes_add (attrs, &fields);
+
+ gp11_attribute_clear (&fields);
+ return attrs;
+}
+
+GP11Attributes*
+gkd_login_attach_make_attributes (const gchar *label, const gchar *first, ...)
+{
+ GP11Attributes *attrs;
+ GP11Session *session;
+ GP11Module *module;
+ va_list va;
+
+ module = module_instance ();
+ session = lookup_login_session (module);
+
+ va_start (va, first);
+ attrs = attach_make_attributes_va (session, label, first, va);
+ va_end (va);
+
+ g_object_unref (session);
+ g_object_unref (module);
+
+ return attrs;
+}
+
void
gkd_login_attach_secret (const gchar *label, const gchar *secret,
const gchar *first, ...)
{
GError *error = NULL;
- GP11Attribute fields;
GP11Session *session;
GP11Module *module;
- gchar *display_name;
- GP11Object* item;
+ GP11Attributes *attrs;
+ GP11Object *item;
va_list va;
- if (label == NULL)
- label = _("Unnamed");
if (secret == NULL)
secret = "";
@@ -595,29 +665,11 @@ gkd_login_attach_secret (const gchar *label, const gchar *secret,
session = lookup_login_session (module);
va_start(va, first);
- gp11_attribute_init_empty (&fields, CKA_G_FIELDS);
- string_attribute_list_va (va, first, &fields);
+ attrs = attach_make_attributes_va (session, label, first, va);
va_end(va);
- display_name = g_strdup_printf (_("Unlock password for: %s"), label);
-
- item = find_login_keyring_item (session, &fields);
- if (item) {
- gp11_object_set (item, &error,
- CKA_LABEL, strlen (display_name), display_name,
- CKA_VALUE, strlen (secret), secret,
- GP11_INVALID);
- } else {
- item = gp11_session_create_object (session, &error,
- CKA_TOKEN, GP11_BOOLEAN, TRUE,
- CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY,
- CKA_LABEL, strlen (display_name), display_name,
- CKA_VALUE, strlen (secret), secret,
- CKA_G_COLLECTION, (gsize)5, "login",
- CKA_G_FIELDS, fields.length, fields.value,
- GP11_INVALID);
- }
-
+ gp11_attributes_add_string (attrs, CKA_VALUE, secret);
+ item = gp11_session_create_object_full (session, attrs, NULL, &error);
if (error != NULL) {
g_warning ("couldn't store secret in login keyring: %s", egg_error_message (error));
g_clear_error (&error);
@@ -625,8 +677,8 @@ gkd_login_attach_secret (const gchar *label, const gchar *secret,
if (item)
g_object_unref (item);
- g_free (display_name);
- gp11_attribute_clear (&fields);
+
+ gp11_attributes_unref (attrs);
g_object_unref (session);
g_object_unref (module);
}
@@ -701,22 +753,3 @@ gkd_login_remove_secret (const gchar *first, ...)
g_object_unref (session);
g_object_unref (module);
}
-
-GP11Attributes*
-gkd_login_attributes_for_secret (const gchar *first, ...)
-{
- GP11Attributes *attrs;
- GP11Attribute *fields;
- va_list va;
-
- attrs = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY,
- CKA_G_COLLECTION, (gsize)5, "login",
- GP11_INVALID);
-
- va_start(va, first);
- fields = gp11_attributes_add_empty (attrs, CKA_G_FIELDS);
- string_attribute_list_va (va, first, fields);
- va_end(va);
-
- return attrs;
-}
diff --git a/daemon/login/gkd-login.h b/daemon/login/gkd-login.h
index 89157b1..849b9f4 100644
--- a/daemon/login/gkd-login.h
+++ b/daemon/login/gkd-login.h
@@ -40,13 +40,14 @@ void gkd_login_attach_secret (const gchar *label,
const gchar *first,
...);
-gchar* gkd_login_lookup_secret (const gchar *first,
+GP11Attributes* gkd_login_attach_make_attributes (const gchar *label,
+ const gchar *first,
...);
-void gkd_login_remove_secret (const gchar *first,
+gchar* gkd_login_lookup_secret (const gchar *first,
...);
-GP11Attributes* gkd_login_attributes_for_secret (const gchar *first,
+void gkd_login_remove_secret (const gchar *first,
...);
#endif /* __GKD_LOGIN_H__ */
--
cgit v0.8.3.1

View File

@ -1,26 +0,0 @@
From 0512a0b5a30b432f53ee8c48d75acd582c5c9c9d Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 21 Mar 2010 14:24:33 +0000
Subject: [dbus] Hide the automatically unlock check when login not usable.
If the login keyring is locked or not present, hide the auto
unlock check box since that option isn't usable.
---
diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c
index 52e4978..8a70ddc 100644
--- a/daemon/dbus/gkd-secret-unlock.c
+++ b/daemon/dbus/gkd-secret-unlock.c
@@ -200,6 +200,11 @@ prepare_unlock_prompt (GkdSecretUnlock *self, GP11Object *coll, gboolean first)
g_free (label);
+ if (gkd_login_is_usable ())
+ gkd_prompt_show_widget (prompt, "auto_unlock_check");
+ else
+ gkd_prompt_hide_widget (prompt, "auto_unlock_check");
+
/* Setup the unlock options */
if (first) {
template = gp11_object_get_template (coll, CKA_G_CREDENTIAL_TEMPLATE, &error);
--
cgit v0.8.3.1

View File

@ -1,52 +0,0 @@
From e43a24701767d1a8fd72f2f3ed01fe0937364b6d Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 21 Mar 2010 14:06:43 +0000
Subject: [dbus] Allow unlocking even when always unlock is not available.
When the Always Unlock option could not work (due to a missing or
locked login keyring) unlocking a keyring fail when that option
was selected.
Fixes bug #610998
---
diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c
index ee17fd1..52e4978 100644
--- a/daemon/dbus/gkd-secret-unlock.c
+++ b/daemon/dbus/gkd-secret-unlock.c
@@ -271,8 +271,9 @@ attach_credential_to_login (GP11Object *collection, GP11Object *cred)
egg_secure_free (value);
} else {
- g_warning ("couldn't read unlock credentials to save in login keyring: %s",
- egg_error_message (error));
+ if (!g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN))
+ g_warning ("couldn't read unlock credentials to save in login keyring: %s",
+ egg_error_message (error));
g_clear_error (&error);
}
@@ -295,6 +296,7 @@ authenticate_collection (GkdSecretUnlock *self, GP11Object *collection, gboolean
DBusError derr = DBUS_ERROR_INIT;
GkdSecretSecret *master;
GP11Attributes *template;
+ GP11Attribute *attr;
GP11Object *cred;
gboolean transient;
@@ -321,8 +323,12 @@ authenticate_collection (GkdSecretUnlock *self, GP11Object *collection, gboolean
gkd_prompt_get_unlock_options (GKD_PROMPT (self), template);
/* If it's supposed to save non-transient, then we override that */
- if (!gp11_attributes_find_boolean (template, CKA_GNOME_TRANSIENT, &transient))
- transient = TRUE;
+ attr = gp11_attributes_find (template, CKA_GNOME_TRANSIENT);
+ if (attr != NULL) {
+ transient = gp11_attribute_get_boolean (attr);
+ gp11_attribute_clear (attr);
+ gp11_attribute_init_boolean (attr, CKA_GNOME_TRANSIENT, TRUE);
+ }
cred = gkd_secret_session_create_credential (master->session, NULL, template, master, &derr);
gkd_secret_secret_free (master);
--
cgit v0.8.3.1

View File

@ -1,67 +0,0 @@
From 629fecbd61c8585a2bc95e2fcb059de260c34fb8 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 11 Jul 2010 23:18:23 +0000
Subject: [ssh-agent] Try to unlock key before use.
* This allows us to keep the unlocking for the rest of the session.
* Restores behavior from gnome-keyring 2.30 and before.
---
diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c
index 759a06a..dc02245 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-ops.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c
@@ -892,6 +892,42 @@ make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
return hash;
}
+static guchar*
+unlock_and_sign (GP11Session *session, GP11Object *key, gulong mech_type, const guchar *input,
+ gsize n_input, gsize *n_result, GError **err)
+{
+ GP11Attributes *attrs;
+ GP11Object *cred;
+ gboolean always;
+
+ /* First check if we should authenticate the key */
+ attrs = gp11_object_get (key, err, CKA_ALWAYS_AUTHENTICATE, GP11_INVALID);
+ if (!attrs)
+ return NULL;
+
+ /* Authenticate the key if necessary, this allows long term */
+ if (!gp11_attributes_find_boolean (attrs, CKA_ALWAYS_AUTHENTICATE, &always))
+ g_return_val_if_reached (NULL);
+
+ gp11_attributes_unref (attrs);
+
+ if (always == TRUE) {
+ cred = gp11_session_create_object (session, err,
+ CKA_TOKEN, GP11_BOOLEAN, FALSE,
+ CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL,
+ CKA_VALUE, 0, NULL,
+ CKA_G_OBJECT, GP11_ULONG, gp11_object_get_handle (key),
+ GP11_INVALID);
+ if (cred == NULL)
+ return NULL;
+
+ g_object_unref (cred);
+ }
+
+ /* Do the magic */
+ return gp11_session_sign (session, key, mech_type, input, n_input, n_result, err);
+}
+
static gboolean
op_sign_request (GkdSshAgentCall *call)
{
@@ -961,8 +997,7 @@ op_sign_request (GkdSshAgentCall *call)
session = gp11_object_get_session (key);
g_return_val_if_fail (session, FALSE);
- /* Do the magic */
- result = gp11_session_sign (session, key, mech, hash, n_hash, &n_result, &error);
+ result = unlock_and_sign (session, key, mech, hash, n_hash, &n_result, &error);
g_object_unref (session);
g_object_unref (key);
--
cgit v0.8.3.1

View File

@ -1,5 +1,5 @@
%define glib2_version 2.16.0 %define glib2_version 2.25.0
%define gtk2_version 2.20.0 %define gtk3_version 2.90.0
%define dbus_version 1.0 %define dbus_version 1.0
%define hal_version 0.5.7 %define hal_version 0.5.7
%define gcrypt_version 1.2.2 %define gcrypt_version 1.2.2
@ -7,7 +7,7 @@
Summary: Framework for managing passwords and other secrets Summary: Framework for managing passwords and other secrets
Name: gnome-keyring Name: gnome-keyring
Version: 2.31.91 Version: 2.31.92
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
@ -15,12 +15,13 @@ Group: System Environment/Libraries
Source: http://download.gnome.org/sources/gnome-keyring/2.31/gnome-keyring-%{version}.tar.bz2 Source: http://download.gnome.org/sources/gnome-keyring/2.31/gnome-keyring-%{version}.tar.bz2
URL: http://www.gnome.org URL: http://www.gnome.org
# https://bugzilla.gnome.org/show_bug.cgi?id=628457 # http://bugzilla.redhat.com/529709
Patch0: pam-headers.patch # http://bugs.gnome.org/598494
Patch3: gnome-keyring-2.28.1-nopass.patch
BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: gtk2-devel >= %{gtk2_version} BuildRequires: gtk3-devel >= %{gtk3_version}
BuildRequires: GConf2-devel
BuildRequires: dbus-devel >= %{dbus_version} BuildRequires: dbus-devel >= %{dbus_version}
BuildRequires: libgcrypt-devel >= %{gcrypt_version} BuildRequires: libgcrypt-devel >= %{gcrypt_version}
BuildRequires: libtasn1-devel >= %{libtasn1_version} BuildRequires: libtasn1-devel >= %{libtasn1_version}
@ -30,9 +31,7 @@ BuildRequires: gettext
BuildRequires: intltool BuildRequires: intltool
BuildRequires: libtasn1-tools BuildRequires: libtasn1-tools
BuildRequires: libgnome-keyring-devel BuildRequires: libgnome-keyring-devel
Requires(pre): GConf2 BuildRequires: gtk-doc
Requires(preun): GConf2
Requires(post): GConf2
# for smooth transition since the core was split # for smooth transition since the core was split
Requires: libgnome-keyring Requires: libgnome-keyring
@ -69,8 +68,7 @@ automatically unlock the "login" keyring when the user logs in.
%prep %prep
%setup -q -n gnome-keyring-%{version} %setup -q -n gnome-keyring-%{version}
%patch0 -p1 -b .pam-headers %patch3 -p1 -b .no-pass
# Enable daemon autostart in XFCE # Enable daemon autostart in XFCE
for i in daemon/*.desktop.in.in; do for i in daemon/*.desktop.in.in; do
@ -84,7 +82,8 @@ autoreconf -i -f
%configure --disable-gtk-doc \ %configure --disable-gtk-doc \
--with-pam-dir=/%{_lib}/security \ --with-pam-dir=/%{_lib}/security \
--disable-acl-prompts \ --disable-acl-prompts \
--enable-pam --enable-pam \
--with-gtk=3.0
# avoid unneeded direct dependencies # avoid unneeded direct dependencies
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool
@ -92,9 +91,7 @@ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool
make %{?_smp_mflags} make %{?_smp_mflags}
%install %install
export GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=1
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT
unset GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL
rm $RPM_BUILD_ROOT/%{_lib}/security/*.la rm $RPM_BUILD_ROOT/%{_lib}/security/*.la
rm $RPM_BUILD_ROOT%{_libdir}/*.la rm $RPM_BUILD_ROOT%{_libdir}/*.la
@ -107,13 +104,15 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/standalone/*.la
%post %post
/sbin/ldconfig /sbin/ldconfig
%pre %postun
%gconf_schema_obsolete gnome-keyring /sbin/ldconfig
if [ $1 -eq 0 ]; then
glib-compile-schemas %{_datadir}/glib-2.0/schemas
fi
%preun %posttrans
%gconf_schema_remove gnome-keyring glib-compile-schemas %{_datadir}/glib-2.0/schemas
%postun -p /sbin/ldconfig
%files -f gnome-keyring.lang %files -f gnome-keyring.lang
%defattr(-, root, root) %defattr(-, root, root)
@ -128,9 +127,12 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/standalone/*.la
%{_bindir}/* %{_bindir}/*
%{_libexecdir}/* %{_libexecdir}/*
%{_datadir}/dbus-1/services/*.service %{_datadir}/dbus-1/services/*.service
%{_datadir}/gcr %{_datadir}/gcr-3
%{_datadir}/gnome-keyring %{_datadir}/gnome-keyring
%{_datadir}/gnome-keyring-3
%{_sysconfdir}/xdg/autostart/* %{_sysconfdir}/xdg/autostart/*
%{_datadir}/GConf/gsettings/*.convert
%{_datadir}/glib-2.0/schemas/*.gschema.xml
%files devel %files devel
%defattr(-, root, root) %defattr(-, root, root)
@ -145,6 +147,10 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/standalone/*.la
%changelog %changelog
* Mon Sep 13 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.31.92-1
- Update to 2.31.92
- Built against gtk3
* Tue Aug 31 2010 Matthias Clasen <mclasen@redhat.com> - 2.31.91-1 * Tue Aug 31 2010 Matthias Clasen <mclasen@redhat.com> - 2.31.91-1
- Update to 2.31.91 - Update to 2.31.91

View File

@ -1 +1 @@
8abae3120341351a66e0ccd9cacf5218 gnome-keyring-2.31.91.tar.bz2 666ce443754505ccae6d047348c8d1ea gnome-keyring-2.31.92.tar.bz2