- ssh-agent: fix key unlocking (#611642)

2010-07-20 16:38:46 +00:00 · 2010-07-20 16:38:46 +00:00 · c641fbc535
commit c641fbc535
parent 498bf7b532
2 changed files with 77 additions and 1 deletions
--- a/gnome-keyring-2.31.5-ssh-agent-unlock.patch
+++ b/gnome-keyring-2.31.5-ssh-agent-unlock.patch
@ -0,0 +1,67 @@
 From 629fecbd61c8585a2bc95e2fcb059de260c34fb8 Mon Sep 17 00:00:00 2001
 From: Stef Walter <stef@memberwebs.com>
 Date: Sun, 11 Jul 2010 23:18:23 +0000
 Subject: [ssh-agent] Try to unlock key before use.
 * This allows us to keep the unlocking for the rest of the session.
 * Restores behavior from gnome-keyring 2.30 and before.
 ---
 diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c
 index 759a06a..dc02245 100644
 --- a/daemon/ssh-agent/gkd-ssh-agent-ops.c
 +++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c
@@ -892,6 +892,42 @@ make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
 	return hash;
 }
 +static guchar*
 +unlock_and_sign (GP11Session *session, GP11Object *key, gulong mech_type, const guchar *input,
 +                 gsize n_input, gsize *n_result, GError **err)
 +{
 +	GP11Attributes *attrs;
 +	GP11Object *cred;
 +	gboolean always;
 +
 +	/* First check if we should authenticate the key */
 +	attrs = gp11_object_get (key, err, CKA_ALWAYS_AUTHENTICATE, GP11_INVALID);
 +	if (!attrs)
 +		return NULL;
 +
 +	/* Authenticate the key if necessary, this allows long term */
 +	if (!gp11_attributes_find_boolean (attrs, CKA_ALWAYS_AUTHENTICATE, &always))
 +		g_return_val_if_reached (NULL);
 +
 +	gp11_attributes_unref (attrs);
 +
 +	if (always == TRUE) {
 +		cred = gp11_session_create_object (session, err,
 +		                                   CKA_TOKEN, GP11_BOOLEAN, FALSE,
 +		                                   CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL,
 +		                                   CKA_VALUE, 0, NULL,
 +		                                   CKA_G_OBJECT, GP11_ULONG, gp11_object_get_handle (key),
 +		                                   GP11_INVALID);
 +		if (cred == NULL)
 +			return NULL;
 +
 +		g_object_unref (cred);
 +	}
 +
 +	/* Do the magic */
 +	return gp11_session_sign (session, key, mech_type, input, n_input, n_result, err);
 +}
 +
 static gboolean
 op_sign_request (GkdSshAgentCall *call)
 {
@@ -961,8 +997,7 @@ op_sign_request (GkdSshAgentCall *call)
 	session = gp11_object_get_session (key);
 	g_return_val_if_fail (session, FALSE);
 -	/* Do the magic */
 -	result = gp11_session_sign (session, key, mech, hash, n_hash, &n_result, &error);
 +	result = unlock_and_sign (session, key, mech, hash, n_hash, &n_result, &error);
 	g_object_unref (session);
 	g_object_unref (key);
 --
 cgit v0.8.3.1
--- a/gnome-keyring.spec
+++ b/gnome-keyring.spec
@ -8,7 +8,7 @@
 Summary: Framework for managing passwords and other secrets
 Name: gnome-keyring
 Version: 2.31.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Libraries
 #VCS: git:git://git.gnome.org/gnome-keyring
@ -22,6 +22,11 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Patch3: gnome-keyring-2.28.1-nopass.patch
 # Bug 611642  - gnome-keyring isn't staying unlocked 
 # https://bugzilla.redhat.com/show_bug.cgi?id=611642
 Patch4: gnome-keyring-2.31.5-ssh-agent-unlock.patch
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gtk2-devel >= %{gtk2_version}
 BuildRequires: GConf2-devel
@ -77,6 +82,7 @@ automatically unlock the "login" keyring when the user logs in.
 %prep
 %setup -q -n gnome-keyring-%{version}
 %patch3 -p1 -b .no-pass
 %patch4 -p1 -b .ssh-unlock
 # Enable daemon autostart in XFCE
 for i in daemon/*.desktop.in.in; do
@ -166,6 +172,9 @@ fi
 %changelog
 * Tue Jul 20 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.31.4-2
 - ssh-agent: fix key unlocking (#611642)
 * Tue Jun 29 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.31.4-1
 - Update to 2.31.4