- Backport fixes from master related to storing secret value

This commit is contained in:
Tomas Bzatek 2010-02-16 15:52:07 +00:00
parent 0df261f755
commit c48058ffca
7 changed files with 587 additions and 1 deletions

View File

@ -0,0 +1,19 @@
From 6bd4a868bba97d0142b6254784937f8ffe4fc89c Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 14 Feb 2010 04:09:25 +0000
Subject: [dbus] Fix error when setting default keyring to NULL.
---
diff --git a/daemon/dbus/gkd-secret-objects.c b/daemon/dbus/gkd-secret-objects.c
index c19bd50..d2f52eb 100644
--- a/daemon/dbus/gkd-secret-objects.c
+++ b/daemon/dbus/gkd-secret-objects.c
@@ -1328,6 +1328,5 @@ gkd_secret_objects_set_alias (GkdSecretObjects *self, const gchar *alias,
{
g_return_if_fail (GKD_SECRET_IS_OBJECTS (self));
g_return_if_fail (alias);
- g_return_if_fail (identifier);
g_hash_table_replace (self->aliases, g_strdup (alias), g_strdup (identifier));
}
--
cgit v0.8.3.1

View File

@ -0,0 +1,249 @@
From 9a271ef0518949f06fb5132ecad1ed93bcf4f72c Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sat, 13 Feb 2010 23:43:35 +0000
Subject: [pkcs11] Fix problem with not storing secret value properly.
If a new object was not created, such as when unwrapping a
secret item, then the attributes set were not stored properly.
---
diff --git a/pkcs11/gck/gck-aes-key.c b/pkcs11/gck/gck-aes-key.c
index 6274703..14d11e5 100644
--- a/pkcs11/gck/gck-aes-key.c
+++ b/pkcs11/gck/gck-aes-key.c
@@ -129,7 +129,8 @@ factory_create_aes_key (GckSession *session, GckTransaction *transaction,
gck_attribute_consume (value);
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (key);
}
diff --git a/pkcs11/gck/gck-certificate.c b/pkcs11/gck/gck-certificate.c
index 4761731..d547b26 100644
--- a/pkcs11/gck/gck-certificate.c
+++ b/pkcs11/gck/gck-certificate.c
@@ -275,7 +275,8 @@ factory_create_certificate (GckSession *session, GckTransaction *transaction,
/* Note that we ignore the subject */
gck_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG);
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (cert);
}
diff --git a/pkcs11/gck/gck-credential.c b/pkcs11/gck/gck-credential.c
index 74ce3e6..e3a6d58 100644
--- a/pkcs11/gck/gck-credential.c
+++ b/pkcs11/gck/gck-credential.c
@@ -93,7 +93,8 @@ factory_create_credential (GckSession *session, GckTransaction *transaction,
attr ? attr->ulValueLen : 0, &cred);
if (rv == CKR_OK) {
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (cred);
} else {
gck_transaction_fail (transaction, rv);
diff --git a/pkcs11/gck/gck-dh-private-key.c b/pkcs11/gck/gck-dh-private-key.c
index 72af177..278dea0 100644
--- a/pkcs11/gck/gck-dh-private-key.c
+++ b/pkcs11/gck/gck-dh-private-key.c
@@ -72,7 +72,8 @@ factory_create_dh_private_key (GckSession *session, GckTransaction *transaction,
idattr ? idattr->ulValueLen : 0));
gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG);
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, object,
+ TRUE, attrs, n_attrs);
return object;
}
diff --git a/pkcs11/gck/gck-dh-public-key.c b/pkcs11/gck/gck-dh-public-key.c
index d6f5284..be0bb25 100644
--- a/pkcs11/gck/gck-dh-public-key.c
+++ b/pkcs11/gck/gck-dh-public-key.c
@@ -72,7 +72,8 @@ factory_create_dh_public_key (GckSession *session, GckTransaction *transaction,
idattr ? idattr->ulValueLen : 0));
gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG);
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, object,
+ TRUE, attrs, n_attrs);
return object;
}
diff --git a/pkcs11/gck/gck-null-key.c b/pkcs11/gck/gck-null-key.c
index 7bb912d..75d8b76 100644
--- a/pkcs11/gck/gck-null-key.c
+++ b/pkcs11/gck/gck-null-key.c
@@ -53,7 +53,8 @@ factory_create_null_key (GckSession *session, GckTransaction *transaction,
"manager", manager,
NULL);
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (key);
}
diff --git a/pkcs11/gck/gck-private-xsa-key.c b/pkcs11/gck/gck-private-xsa-key.c
index 5940309..4c2704a 100644
--- a/pkcs11/gck/gck-private-xsa-key.c
+++ b/pkcs11/gck/gck-private-xsa-key.c
@@ -163,7 +163,8 @@ factory_create_private_xsa_key (GckSession *session, GckTransaction *transaction
NULL);
key->pv->sexp = sexp;
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (key);
}
diff --git a/pkcs11/gck/gck-public-xsa-key.c b/pkcs11/gck/gck-public-xsa-key.c
index e6f3eb9..f28d56a 100644
--- a/pkcs11/gck/gck-public-xsa-key.c
+++ b/pkcs11/gck/gck-public-xsa-key.c
@@ -155,7 +155,8 @@ factory_create_public_xsa_key (GckSession *session, GckTransaction *transaction,
"manager", gck_manager_for_template (attrs, n_attrs, session),
NULL);
gck_sexp_unref (sexp);
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, object,
+ TRUE, attrs, n_attrs);
}
return object;
diff --git a/pkcs11/gck/gck-session.c b/pkcs11/gck/gck-session.c
index 1389d7d..d2f0ae4 100644
--- a/pkcs11/gck/gck-session.c
+++ b/pkcs11/gck/gck-session.c
@@ -836,8 +836,8 @@ gck_session_create_object_for_attributes (GckSession *self, GckTransaction *tran
}
void
-gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction,
- GckObject *object, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
+gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, GckObject *object,
+ gboolean add, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
gboolean is_private;
gulong i;
@@ -873,7 +873,7 @@ gck_session_complete_object_creation (GckSession *self, GckTransaction *transact
}
/* Add the object to session or token */
- if (!gck_transaction_get_failed (transaction)) {
+ if (add && !gck_transaction_get_failed (transaction)) {
if (gck_object_is_token (object))
gck_module_add_token_object (self->pv->module, transaction, object);
else
diff --git a/pkcs11/gck/gck-session.h b/pkcs11/gck/gck-session.h
index 290443d..fa4cb01 100644
--- a/pkcs11/gck/gck-session.h
+++ b/pkcs11/gck/gck-session.h
@@ -117,6 +117,7 @@ GckObject* gck_session_create_object_for_attributes (GckSess
void gck_session_complete_object_creation (GckSession *self,
GckTransaction *transaction,
GckObject *object,
+ gboolean add,
CK_ATTRIBUTE_PTR attrs,
CK_ULONG n_attrs);
diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c
index 4be98dc..613c1ae 100644
--- a/pkcs11/secret-store/gck-secret-collection.c
+++ b/pkcs11/secret-store/gck-secret-collection.c
@@ -297,7 +297,8 @@ factory_create_collection (GckSession *session, GckTransaction *transaction,
g_object_unref (sdata);
gck_attributes_consume (attrs, n_attrs, CKA_G_CREDENTIAL, G_MAXULONG);
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (collection);
}
diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c
index 5c77723..0c7636d 100644
--- a/pkcs11/secret-store/gck-secret-item.c
+++ b/pkcs11/secret-store/gck-secret-item.c
@@ -141,7 +141,6 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
CK_ATTRIBUTE *attr;
gboolean is_token;
gchar *identifier;
- CK_ULONG i;
g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL);
g_return_val_if_fail (attrs || !n_attrs, NULL);
@@ -176,18 +175,16 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
return NULL;
} else {
- gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG);
- for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) {
- if (!gck_attribute_consumed (&attrs[i]))
- gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]);
- }
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item),
+ FALSE, attrs, n_attrs);
return g_object_ref (item);
}
}
/* Create a new collection which will own the item */
item = gck_secret_collection_create_item (collection, transaction);
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item),
+ TRUE, attrs, n_attrs);
return g_object_ref (item);
}
diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c
index 1315687..07bcd5f 100644
--- a/pkcs11/secret-store/gck-secret-search.c
+++ b/pkcs11/secret-store/gck-secret-search.c
@@ -240,7 +240,8 @@ factory_create_search (GckSession *session, GckTransaction *transaction,
populate_search_from_manager (search, s_manager);
populate_search_from_manager (search, m_manager);
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (search);
}
diff --git a/pkcs11/user-store/gck-user-private-key.c b/pkcs11/user-store/gck-user-private-key.c
index 7577c72..5ee57a3 100644
--- a/pkcs11/user-store/gck-user-private-key.c
+++ b/pkcs11/user-store/gck-user-private-key.c
@@ -83,7 +83,8 @@ factory_create_private_key (GckSession *session, GckTransaction *transaction,
gck_sexp_unref (sexp);
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
+ TRUE, attrs, n_attrs);
return GCK_OBJECT (key);
}
diff --git a/pkcs11/user-store/gck-user-public-key.c b/pkcs11/user-store/gck-user-public-key.c
index 6b2d69c..ce20d1d 100644
--- a/pkcs11/user-store/gck-user-public-key.c
+++ b/pkcs11/user-store/gck-user-public-key.c
@@ -62,7 +62,8 @@ factory_create_public_key (GckSession *session, GckTransaction *transaction,
"manager", gck_manager_for_template (attrs, n_attrs, session),
NULL);
gck_sexp_unref (sexp);
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
+ gck_session_complete_object_creation (session, transaction, object,
+ TRUE, attrs, n_attrs);
}
return object;
--
cgit v0.8.3.1

View File

@ -0,0 +1,224 @@
From b4add492ad707b4503dd1614dc4b7100d3d89d76 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 14 Feb 2010 00:13:30 +0000
Subject: [secret-store] Return OK when a search includes a bad collection identifier.
So basically we just don't return any results. This is for two reasons:
* PKCS#11 isn't very helpful to the caller of C_CreateObject about
which attribute was wrong.
* Race conditions abound where you set up a search of a collection
that is being deleted.
---
diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c
index 07bcd5f..707366d 100644
--- a/pkcs11/secret-store/gck-secret-search.c
+++ b/pkcs11/secret-store/gck-secret-search.c
@@ -39,13 +39,13 @@
enum {
PROP_0,
- PROP_COLLECTION,
+ PROP_COLLECTION_ID,
PROP_FIELDS
};
struct _GckSecretSearch {
GckObject parent;
- GckSecretCollection *collection;
+ gchar *collection_id;
GHashTable *fields;
GList *managers;
GHashTable *handles;
@@ -63,6 +63,7 @@ match_object_against_criteria (GckSecretSearch *self, GckObject *object)
GckSecretCollection *collection;
GckSecretItem *item;
GHashTable *fields;
+ const gchar *identifier;
if (!GCK_IS_SECRET_ITEM (object))
return FALSE;
@@ -70,9 +71,14 @@ match_object_against_criteria (GckSecretSearch *self, GckObject *object)
item = GCK_SECRET_ITEM (object);
/* Collection should match unless any collection allowed */
- collection = gck_secret_item_get_collection (item);
- if (self->collection && collection != self->collection)
- return FALSE;
+ if (self->collection_id) {
+ collection = gck_secret_item_get_collection (item);
+ g_return_val_if_fail (collection, FALSE);
+ identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (collection));
+ g_return_val_if_fail (identifier, FALSE);
+ if (!g_str_equal (identifier, self->collection_id))
+ return FALSE;
+ }
/* Fields should match using our special algorithm */
fields = gck_secret_item_get_fields (item);
@@ -185,9 +191,9 @@ static GckObject*
factory_create_search (GckSession *session, GckTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
- GckSecretCollection *collection = NULL;
GckManager *s_manager, *m_manager;
GckSecretSearch *search;
+ gchar *identifier = NULL;
CK_ATTRIBUTE *attr;
GHashTable *fields;
GckModule *module;
@@ -218,11 +224,10 @@ factory_create_search (GckSession *session, GckTransaction *transaction,
/* See if a collection attribute was specified, not present means all collections */
attr = gck_attributes_find (attrs, n_attrs, CKA_G_COLLECTION);
if (attr) {
- collection = gck_secret_collection_find (attr, s_manager, m_manager, NULL);
- gck_attribute_consume (attr);
- if (!collection) {
+ rv = gck_attribute_get_string (attr, &identifier);
+ if (rv != CKR_OK) {
g_hash_table_unref (fields);
- gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
+ gck_transaction_fail (transaction, rv);
return NULL;
}
}
@@ -231,7 +236,7 @@ factory_create_search (GckSession *session, GckTransaction *transaction,
"module", module,
"manager", s_manager,
"fields", fields,
- "collection", collection,
+ "collection-id", identifier,
NULL);
/* Load any new items or collections */
@@ -284,7 +289,6 @@ static CK_RV
gck_secret_search_get_attribute (GckObject *base, GckSession *session, CK_ATTRIBUTE_PTR attr)
{
GckSecretSearch *self = GCK_SECRET_SEARCH (base);
- const gchar *identifier;
switch (attr->type) {
case CKA_CLASS:
@@ -292,10 +296,9 @@ gck_secret_search_get_attribute (GckObject *base, GckSession *session, CK_ATTRIB
case CKA_MODIFIABLE:
return gck_attribute_set_bool (attr, CK_TRUE); /* TODO: This is needed for deleting? */
case CKA_G_COLLECTION:
- if (!self->collection)
+ if (!self->collection_id)
return gck_attribute_set_empty (attr);
- identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (self->collection));
- return gck_attribute_set_string (attr, identifier);
+ return gck_attribute_set_string (attr, self->collection_id);
case CKA_G_FIELDS:
return gck_secret_fields_serialize (attr, self->fields);
case CKA_G_MATCHED:
@@ -329,9 +332,9 @@ gck_secret_search_set_property (GObject *obj, guint prop_id, const GValue *value
{
GckSecretSearch *self = GCK_SECRET_SEARCH (obj);
switch (prop_id) {
- case PROP_COLLECTION:
- g_return_if_fail (!self->collection);
- self->collection = g_value_dup_object (value);
+ case PROP_COLLECTION_ID:
+ g_return_if_fail (!self->collection_id);
+ self->collection_id = g_value_dup_string (value);
break;
case PROP_FIELDS:
g_return_if_fail (!self->fields);
@@ -350,8 +353,8 @@ gck_secret_search_get_property (GObject *obj, guint prop_id, GValue *value,
{
GckSecretSearch *self = GCK_SECRET_SEARCH (obj);
switch (prop_id) {
- case PROP_COLLECTION:
- g_value_set_object (value, gck_secret_search_get_collection (self));
+ case PROP_COLLECTION_ID:
+ g_value_set_string (value, self->collection_id);
break;
case PROP_FIELDS:
g_return_if_fail (self->fields);
@@ -378,9 +381,8 @@ gck_secret_search_dispose (GObject *obj)
g_list_free (self->managers);
self->managers = NULL;
- if (self->collection)
- g_object_unref (self->collection);
- self->collection = NULL;
+ g_free (self->collection_id);
+ self->collection_id = NULL;
G_OBJECT_CLASS (gck_secret_search_parent_class)->dispose (obj);
}
@@ -415,9 +417,9 @@ gck_secret_search_class_init (GckSecretSearchClass *klass)
gck_class->get_attribute = gck_secret_search_get_attribute;
- g_object_class_install_property (gobject_class, PROP_COLLECTION,
- g_param_spec_object ("collection", "Collection", "Item's Collection",
- GCK_TYPE_SECRET_COLLECTION, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+ g_object_class_install_property (gobject_class, PROP_COLLECTION_ID,
+ g_param_spec_string ("collection-id", "Collection ID", "Item's Collection's Identifier",
+ NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (gobject_class, PROP_FIELDS,
g_param_spec_boxed ("fields", "Fields", "Item's fields",
@@ -455,9 +457,9 @@ gck_secret_search_get_fields (GckSecretSearch *self)
return self->fields;
}
-GckSecretCollection*
-gck_secret_search_get_collection (GckSecretSearch *self)
+const gchar*
+gck_secret_search_get_collection_id (GckSecretSearch *self)
{
g_return_val_if_fail (GCK_IS_SECRET_SEARCH (self), NULL);
- return self->collection;
+ return self->collection_id;
}
diff --git a/pkcs11/secret-store/gck-secret-search.h b/pkcs11/secret-store/gck-secret-search.h
index de85303..34f355a 100644
--- a/pkcs11/secret-store/gck-secret-search.h
+++ b/pkcs11/secret-store/gck-secret-search.h
@@ -49,6 +49,6 @@ GckFactory* gck_secret_search_get_factory (void) G_GNUC_CONST;
GHashTable* gck_secret_search_get_fields (GckSecretSearch *self);
-GckSecretCollection* gck_secret_search_get_collection (GckSecretSearch *self);
+const gchar* gck_secret_search_get_collection_id (GckSecretSearch *self);
#endif /* __GCK_SECRET_SEARCH_H__ */
diff --git a/pkcs11/secret-store/tests/unit-test-secret-search.c b/pkcs11/secret-store/tests/unit-test-secret-search.c
index 1f1be89..51006e0 100644
--- a/pkcs11/secret-store/tests/unit-test-secret-search.c
+++ b/pkcs11/secret-store/tests/unit-test-secret-search.c
@@ -114,7 +114,7 @@ DEFINE_TEST(create_search)
{ CKA_G_FIELDS, "test\0value\0two\0value2", 22 },
};
- GckSecretCollection *collection;
+ const gchar *identifier;
GckObject *object = NULL;
GHashTable *fields;
gpointer vdata;
@@ -156,8 +156,8 @@ DEFINE_TEST(create_search)
g_assert_cmpstr (gck_secret_fields_get (fields, "test"), ==, "value");
/* No collection */
- collection = gck_secret_search_get_collection (GCK_SECRET_SEARCH (object));
- g_assert (collection == NULL);
+ identifier = gck_secret_search_get_collection_id (GCK_SECRET_SEARCH (object));
+ g_assert (identifier == NULL);
g_object_unref (object);
}
@@ -274,7 +274,9 @@ DEFINE_TEST(create_search_for_bad_collection)
GckTransaction *transaction = gck_transaction_new ();
object = gck_session_create_object_for_factory (session, factory, transaction, attrs, 2);
- g_assert (gck_transaction_complete_and_unref (transaction) == CKR_TEMPLATE_INCONSISTENT);
+ g_assert (gck_transaction_complete_and_unref (transaction) == CKR_OK);
+
+ g_object_unref (object);
}
DEFINE_TEST(create_search_for_collection)
--
cgit v0.8.3.1

View File

@ -0,0 +1,21 @@
From 0d82027ae6d68ce889f55833408a00c744bf65df Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 14 Feb 2010 04:32:45 +0000
Subject: [secret-store] Possible fix for a sporadic crash in this area.
---
diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c
index 613c1ae..cf804aa 100644
--- a/pkcs11/secret-store/gck-secret-collection.c
+++ b/pkcs11/secret-store/gck-secret-collection.c
@@ -145,7 +145,7 @@ track_secret_data (GckSecretCollection *self, GckSecretData *data)
self->sdata = data;
if (self->sdata)
g_object_add_weak_pointer (G_OBJECT (self->sdata),
- (gpointer*)&self->sdata);
+ (gpointer*)&(self->sdata));
}
static void
--
cgit v0.8.3.1

View File

@ -0,0 +1,33 @@
From 912891b83b297ac6af2b62f6c1f8c31b1d3cc8bd Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sat, 13 Feb 2010 04:16:50 +0000
Subject: [secret-store] Fix regression: secret value not stored properly.
---
diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c
index b0c5659..5c77723 100644
--- a/pkcs11/secret-store/gck-secret-item.c
+++ b/pkcs11/secret-store/gck-secret-item.c
@@ -141,6 +141,7 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
CK_ATTRIBUTE *attr;
gboolean is_token;
gchar *identifier;
+ CK_ULONG i;
g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL);
g_return_val_if_fail (attrs || !n_attrs, NULL);
@@ -175,7 +176,11 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
return NULL;
} else {
- gck_attributes_consume (attrs, n_attrs, CKA_ID, G_MAXULONG);
+ gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG);
+ for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) {
+ if (!gck_attribute_consumed (&attrs[i]))
+ gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]);
+ }
return g_object_ref (item);
}
}
--
cgit v0.8.3.1

View File

@ -0,0 +1,24 @@
From 5fa82147450c0910072d9aa86e62a42a23576215 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Sun, 14 Feb 2010 00:22:10 +0000
Subject: [ssh-agent] Don't raise error if ssh client disconnects early.
---
diff --git a/daemon/ssh-agent/gkd-ssh-agent.c b/daemon/ssh-agent/gkd-ssh-agent.c
index 7e6c801..0a851ce 100644
--- a/daemon/ssh-agent/gkd-ssh-agent.c
+++ b/daemon/ssh-agent/gkd-ssh-agent.c
@@ -85,8 +85,9 @@ write_all (int fd, const guchar *buf, int len)
if (res <= 0) {
if (errno == EAGAIN && errno == EINTR)
continue;
- g_warning ("couldn't write %u bytes to client: %s", all,
- res < 0 ? g_strerror (errno) : "");
+ if (errno != EPIPE)
+ g_warning ("couldn't write %u bytes to client: %s", all,
+ res < 0 ? g_strerror (errno) : "");
return FALSE;
} else {
len -= res;
--
cgit v0.8.3.1

View File

@ -8,7 +8,7 @@
Summary: Framework for managing passwords and other secrets
Name: gnome-keyring
Version: 2.29.90
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Libraries
Source: http://download.gnome.org/sources/gnome-keyring/2.29/gnome-keyring-%{version}.tar.bz2
@ -16,6 +16,13 @@ Source: http://download.gnome.org/sources/gnome-keyring/2.29/gnome-keyring-%{ver
# http://bugzilla.redhat.com/529709
# http://bugs.gnome.org/598494
Patch3: gnome-keyring-2.28.1-nopass.patch
# from upstream
Patch4: gnome-keyring-2.29.90-secret-store-value-store.patch
Patch5: gnome-keyring-2.29.90-pkcs11-value-store.patch
Patch6: gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch
Patch7: gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch
Patch8: gnome-keyring-2.29.90-dbus-setting-NULL-default.patch
Patch9: gnome-keyring-2.29.90-secret-store-sporadic-crash.patch
URL: http://www.gnome.org
@ -76,6 +83,12 @@ automatically unlock the "login" keyring when the user logs in.
%prep
%setup -q -n gnome-keyring-%{version}
%patch3 -p1 -b .no-pass
%patch4 -p1 -b .secret-store-value-store
%patch5 -p1 -b .pkcs11-value-store
%patch6 -p1 -b .secret-store-bad-collection-identifier
%patch7 -p1 -b .ssh-agent-disconnect-warning
%patch8 -p1 -b .dbus-setting-NULL-default
%patch9 -p1 -b .secret-store-sporadic-crash
%build
@ -154,6 +167,9 @@ fi
%changelog
* Tue Feb 16 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.29.90-2
- Backport fixes from master related to storing secret value
* Tue Feb 9 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.29.90-1
- Update to 2.29.90