Remove unused patch
This commit is contained in:
parent
99a10b97e7
commit
dbcf4d2d89
@ -1,22 +0,0 @@
|
|||||||
diff -up gnome-keyring-2.28.1/pam/gkr-pam-module.c.nopass gnome-keyring-2.28.1/pam/gkr-pam-module.c
|
|
||||||
--- gnome-keyring-2.28.1/pam/gkr-pam-module.c.nopass 2009-09-25 21:55:50.000000000 -0400
|
|
||||||
+++ gnome-keyring-2.28.1/pam/gkr-pam-module.c 2009-10-19 11:27:34.000000000 -0400
|
|
||||||
@@ -878,6 +878,7 @@ pam_sm_authenticate (pam_handle_t *ph, i
|
|
||||||
|
|
||||||
started_daemon = 0;
|
|
||||||
|
|
||||||
+
|
|
||||||
/* Should we start the daemon? */
|
|
||||||
if (args & ARG_AUTO_START) {
|
|
||||||
ret = start_daemon_if_necessary (ph, pwd, password, &started_daemon);
|
|
||||||
@@ -944,8 +945,9 @@ pam_sm_open_session (pam_handle_t *ph, i
|
|
||||||
* different PAM callbacks from different processes.
|
|
||||||
*
|
|
||||||
* No use complaining
|
|
||||||
+ * Do not start gnome-keyring, dbus will start it on login.
|
|
||||||
*/
|
|
||||||
- password = NULL;
|
|
||||||
+ return PAM_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
started_daemon = 0;
|
|
@ -1,49 +0,0 @@
|
|||||||
From fd0bf3d36f3295fbc7c6d4bed34e2d2849764e68 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vincent Untz <vuntz@gnome.org>
|
|
||||||
Date: Fri, 6 May 2011 14:14:21 +0200
|
|
||||||
Subject: [PATCH] Improved checks for fs capabilities, and drop unneeded ones
|
|
||||||
|
|
||||||
If we have fs capabilities, we first need to check that we really do
|
|
||||||
have ipc_lock, and if that's the case we just keep ipc_lock and drop
|
|
||||||
everything else.
|
|
||||||
|
|
||||||
https://bugzilla.gnome.org/show_bug.cgi?id=649560
|
|
||||||
---
|
|
||||||
daemon/gkd-capability.c | 19 +++++++++++++++++--
|
|
||||||
1 files changed, 17 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/daemon/gkd-capability.c b/daemon/gkd-capability.c
|
|
||||||
index 5b47f4e..e15200a 100644
|
|
||||||
--- a/daemon/gkd-capability.c
|
|
||||||
+++ b/daemon/gkd-capability.c
|
|
||||||
@@ -71,11 +71,26 @@ gkd_capability_obtain_capability_and_drop_privileges (void)
|
|
||||||
early_error ("failed dropping capabilities");
|
|
||||||
break;
|
|
||||||
case CAPNG_FAIL:
|
|
||||||
- case CAPNG_NONE:
|
|
||||||
early_error ("error getting process capabilities");
|
|
||||||
break;
|
|
||||||
+ case CAPNG_NONE:
|
|
||||||
+ early_error ("insufficient process capabilities");
|
|
||||||
+ break;
|
|
||||||
case CAPNG_PARTIAL: /* File system based capabilities */
|
|
||||||
- break;
|
|
||||||
+ if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) {
|
|
||||||
+ early_error ("insufficient process capabilities");
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Drop all capabilities except ipc_lock */
|
|
||||||
+ capng_clear (CAPNG_SELECT_BOTH);
|
|
||||||
+ if (capng_update (CAPNG_ADD,
|
|
||||||
+ CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
||||||
+ CAP_IPC_LOCK) != 0)
|
|
||||||
+ early_error ("error dropping process capabilities");
|
|
||||||
+ if (capng_apply (CAPNG_SELECT_BOTH) != 0)
|
|
||||||
+ early_error ("error dropping process capabilities");
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
#endif /* HAVE_LIBCAPNG */
|
|
||||||
}
|
|
||||||
--
|
|
||||||
1.7.4.2
|
|
@ -1,50 +0,0 @@
|
|||||||
From 156f6f318daa782cd209c90ed69a0d24595af5d1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vincent Untz <vuntz@gnome.org>
|
|
||||||
Date: Fri, 6 May 2011 14:18:00 +0200
|
|
||||||
Subject: [PATCH] Accept to run if ipc_lock capability is not available
|
|
||||||
|
|
||||||
We print a warning about potential use of unsecure memory, but still
|
|
||||||
run (and drop unneeded capabilities if we have some). This is better
|
|
||||||
than nothing.
|
|
||||||
|
|
||||||
https://bugzilla.gnome.org/show_bug.cgi?id=649560
|
|
||||||
---
|
|
||||||
daemon/gkd-capability.c | 13 +++++++++++--
|
|
||||||
1 files changed, 11 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/daemon/gkd-capability.c b/daemon/gkd-capability.c
|
|
||||||
index e15200a..92c000c 100644
|
|
||||||
--- a/daemon/gkd-capability.c
|
|
||||||
+++ b/daemon/gkd-capability.c
|
|
||||||
@@ -42,6 +42,12 @@ early_error (const char *err_string)
|
|
||||||
exit (1);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void
|
|
||||||
+early_warning (const char *warn_string)
|
|
||||||
+{
|
|
||||||
+ fprintf (stderr, "gnome-keyring-daemon: %s\n", warn_string);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#endif /* HAVE_LIPCAPNG */
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -74,11 +80,14 @@ gkd_capability_obtain_capability_and_drop_privileges (void)
|
|
||||||
early_error ("error getting process capabilities");
|
|
||||||
break;
|
|
||||||
case CAPNG_NONE:
|
|
||||||
- early_error ("insufficient process capabilities");
|
|
||||||
+ early_warning ("insufficient process capabilities, unsecure memory might get used");
|
|
||||||
break;
|
|
||||||
case CAPNG_PARTIAL: /* File system based capabilities */
|
|
||||||
if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) {
|
|
||||||
- early_error ("insufficient process capabilities");
|
|
||||||
+ early_warning ("insufficient process capabilities, unsecure memory might get used");
|
|
||||||
+ /* Drop all capabilities */
|
|
||||||
+ capng_clear (CAPNG_SELECT_BOTH);
|
|
||||||
+ capng_apply (CAPNG_SELECT_BOTH);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
1.7.4.2
|
|
@ -1,13 +0,0 @@
|
|||||||
--- gnome-keyring-3.3.4/daemon/dbus/gkd-secret-error.c 2011-12-19 02:51:11.000000000 -0500
|
|
||||||
+++ foo/daemon/dbus/gkd-secret-error.c 2012-01-18 09:12:28.976906276 -0500
|
|
||||||
@@ -60,7 +60,9 @@
|
|
||||||
|
|
||||||
g_return_val_if_fail (error != NULL, NULL);
|
|
||||||
|
|
||||||
- if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN)) {
|
|
||||||
+ if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN) ||
|
|
||||||
+ g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) {
|
|
||||||
+
|
|
||||||
dbus_set_error (&derr, INTERNAL_ERROR_DENIED, "The password was invalid");
|
|
||||||
|
|
||||||
} else if (g_error_matches (error, GCK_ERROR, CKR_WRAPPED_KEY_INVALID) ||
|
|
Loading…
Reference in New Issue
Block a user