rpms / gnome-keyring

Clone
Source Code
GIT

Blame gnome-keyring-2.30.0-dont-save-session-keyring-to-disk.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f20-gnome-3-12 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main rawhide
  1.   f13
  2.   gnome-keyring-2.30.0-dont-save-session-keyring-to-disk.patch
Blob History Raw
Tomas Bzatek 9bb2af2 
From d30630070b2e7f6173ea872f45bb47b70948e796 Mon Sep 17 00:00:00 2001
Tomas Bzatek 9bb2af2 
From: Stef Walter <stef@memberwebs.com>
Tomas Bzatek 9bb2af2 
Date: Sat, 20 Mar 2010 02:19:44 +0000
Tomas Bzatek 9bb2af2 
Subject: [secret-store] Don't save session keyring to disk.
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
There was a major problem where the session keyring was being saved
Tomas Bzatek 9bb2af2 
to disk, and since it had to master password, as a cleartext keyring
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
Mark the session keyring as transient so it doesn't even come near
Tomas Bzatek 9bb2af2 
the storage code. Also rework the collection storage code, so that
Tomas Bzatek 9bb2af2 
it properly handles various corner cases.
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
Fixes bug #612977
Tomas Bzatek 9bb2af2 
---
Tomas Bzatek 9bb2af2 
diff --git a/pkcs11/gck/gck-object.c b/pkcs11/gck/gck-object.c
Tomas Bzatek 9bb2af2 
index a568042..a2d03e2 100644
Tomas Bzatek 9bb2af2 
--- a/pkcs11/gck/gck-object.c
Tomas Bzatek 9bb2af2 
+++ b/pkcs11/gck/gck-object.c
Tomas Bzatek 9bb2af2 
@@ -41,7 +41,8 @@ enum {
Tomas Bzatek 9bb2af2 
 	PROP_MODULE,
Tomas Bzatek 9bb2af2 
 	PROP_MANAGER,
Tomas Bzatek 9bb2af2 
 	PROP_STORE,
Tomas Bzatek 9bb2af2 
-	PROP_UNIQUE
Tomas Bzatek 9bb2af2 
+	PROP_UNIQUE,
Tomas Bzatek 9bb2af2 
+	PROP_TRANSIENT
Tomas Bzatek 9bb2af2 
 };
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 enum {
Tomas Bzatek 9bb2af2 
@@ -201,6 +202,13 @@ find_credential (GckCredential *cred, GckObject *object, gpointer user_data)
Tomas Bzatek 9bb2af2 
 	return TRUE;
Tomas Bzatek 9bb2af2 
 }
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
+static void
Tomas Bzatek 9bb2af2 
+mark_object_transient (GckObject *self)
Tomas Bzatek 9bb2af2 
+{
Tomas Bzatek 9bb2af2 
+	if (!self->pv->transient)
Tomas Bzatek 9bb2af2 
+		self->pv->transient = g_slice_new0 (GckObjectTransient);
Tomas Bzatek 9bb2af2 
+}
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
 /* -----------------------------------------------------------------------------
Tomas Bzatek 9bb2af2 
  * OBJECT
Tomas Bzatek 9bb2af2 
  */
Tomas Bzatek 9bb2af2 
@@ -337,7 +345,7 @@ gck_object_real_create_attributes (GckObject *self, GckSession *session,
Tomas Bzatek 9bb2af2 
 	                        CKA_G_DESTRUCT_IDLE, CKA_GNOME_TRANSIENT, G_MAXULONG);
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	if (transient) {
Tomas Bzatek 9bb2af2 
-		self->pv->transient = g_slice_new0 (GckObjectTransient);
Tomas Bzatek 9bb2af2 
+		mark_object_transient (self);
Tomas Bzatek 9bb2af2 
 		self->pv->transient->timed_after = after;
Tomas Bzatek 9bb2af2 
 		self->pv->transient->timed_idle = idle;
Tomas Bzatek 9bb2af2 
 	}
Tomas Bzatek 9bb2af2 
@@ -481,6 +489,11 @@ gck_object_set_property (GObject *obj, guint prop_id, const GValue *value,
Tomas Bzatek 9bb2af2 
 		g_return_if_fail (!self->pv->unique);
Tomas Bzatek 9bb2af2 
 		self->pv->unique = g_value_dup_string (value);
Tomas Bzatek 9bb2af2 
 		break;
Tomas Bzatek 9bb2af2 
+	case PROP_TRANSIENT:
Tomas Bzatek 9bb2af2 
+		g_return_if_fail (!self->pv->transient);
Tomas Bzatek 9bb2af2 
+		if (g_value_get_boolean (value))
Tomas Bzatek 9bb2af2 
+			mark_object_transient (self);
Tomas Bzatek 9bb2af2 
+		break;
Tomas Bzatek 9bb2af2 
 	default:
Tomas Bzatek 9bb2af2 
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
Tomas Bzatek 9bb2af2 
 		break;
Tomas Bzatek 9bb2af2 
@@ -510,6 +523,9 @@ gck_object_get_property (GObject *obj, guint prop_id, GValue *value,
Tomas Bzatek 9bb2af2 
 	case PROP_UNIQUE:
Tomas Bzatek 9bb2af2 
 		g_value_set_string (value, gck_object_get_unique (self));
Tomas Bzatek 9bb2af2 
 		break;
Tomas Bzatek 9bb2af2 
+	case PROP_TRANSIENT:
Tomas Bzatek 9bb2af2 
+		g_value_set_boolean (value, gck_object_is_transient (self));
Tomas Bzatek 9bb2af2 
+		break;
Tomas Bzatek 9bb2af2 
 	default:
Tomas Bzatek 9bb2af2 
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
Tomas Bzatek 9bb2af2 
 		break;
Tomas Bzatek 9bb2af2 
@@ -556,7 +572,11 @@ gck_object_class_init (GckObjectClass *klass)
Tomas Bzatek 9bb2af2 
 	g_object_class_install_property (gobject_class, PROP_UNIQUE,
Tomas Bzatek 9bb2af2 
 	           g_param_spec_string ("unique", "Unique Identifer", "Machine unique identifier",
Tomas Bzatek 9bb2af2 
 	                                NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
Tomas Bzatek 9bb2af2 
-
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
+	g_object_class_install_property (gobject_class, PROP_TRANSIENT,
Tomas Bzatek 9bb2af2 
+	           g_param_spec_boolean ("transient", "Transient Object", "Transient Object",
Tomas Bzatek 9bb2af2 
+	                                 FALSE, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
 	signals[EXPOSE_OBJECT] = g_signal_new ("expose-object", GCK_TYPE_OBJECT,
Tomas Bzatek 9bb2af2 
 	                                       G_SIGNAL_RUN_FIRST, G_STRUCT_OFFSET (GckObjectClass, expose_object),
Tomas Bzatek 9bb2af2 
 		                               NULL, NULL, g_cclosure_marshal_VOID__BOOLEAN,
Tomas Bzatek 9bb2af2 
diff --git a/pkcs11/secret-store/gck-secret-module.c b/pkcs11/secret-store/gck-secret-module.c
Tomas Bzatek 9bb2af2 
index 5b08008..c3cba91 100644
Tomas Bzatek 9bb2af2 
--- a/pkcs11/secret-store/gck-secret-module.c
Tomas Bzatek 9bb2af2 
+++ b/pkcs11/secret-store/gck-secret-module.c
Tomas Bzatek 9bb2af2 
@@ -42,10 +42,7 @@ struct _GckSecretModule {
Tomas Bzatek 9bb2af2 
 	GckFileTracker *tracker;
Tomas Bzatek 9bb2af2 
 	GHashTable *collections;
Tomas Bzatek 9bb2af2 
 	gchar *directory;
Tomas Bzatek 9bb2af2 
-
Tomas Bzatek 9bb2af2 
-	/* Special 'session' keyring */
Tomas Bzatek 9bb2af2 
 	GckCredential *session_credential;
Tomas Bzatek 9bb2af2 
-	GckSecretCollection *session_collection;
Tomas Bzatek 9bb2af2 
 };
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 static const CK_SLOT_INFO gck_secret_module_slot_info = {
Tomas Bzatek 9bb2af2 
@@ -301,42 +298,52 @@ gck_secret_module_real_refresh_token (GckModule *base)
Tomas Bzatek 9bb2af2 
 }
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 static void
Tomas Bzatek 9bb2af2 
+gck_secret_module_real_add_object (GckModule *module, GckTransaction *transaction,
Tomas Bzatek 9bb2af2 
+                                   GckObject *object)
Tomas Bzatek 9bb2af2 
+{
Tomas Bzatek 9bb2af2 
+	GckSecretModule *self = GCK_SECRET_MODULE (module);
Tomas Bzatek 9bb2af2 
+	GckSecretCollection *collection;
Tomas Bzatek 9bb2af2 
+	const gchar *identifier;
Tomas Bzatek 9bb2af2 
+	gchar *filename;
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
+	g_return_if_fail (!gck_transaction_get_failed (transaction));
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
+	if (GCK_IS_SECRET_COLLECTION (object)) {
Tomas Bzatek 9bb2af2 
+		collection = GCK_SECRET_COLLECTION (object);
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
+		/* Setup a filename for this collection */
Tomas Bzatek 9bb2af2 
+		identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (collection));
Tomas Bzatek 9bb2af2 
+		filename = identifier_to_new_filename (self, identifier);
Tomas Bzatek 9bb2af2 
+		gck_secret_collection_set_filename (collection, filename);
Tomas Bzatek 9bb2af2 
+		g_free (filename);
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
+		add_collection (self, transaction, collection);
Tomas Bzatek 9bb2af2 
+	}
Tomas Bzatek 9bb2af2 
+}
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
+static void
Tomas Bzatek 9bb2af2 
 gck_secret_module_real_store_object (GckModule *module, GckTransaction *transaction,
Tomas Bzatek 9bb2af2 
                                      GckObject *object)
Tomas Bzatek 9bb2af2 
 {
Tomas Bzatek 9bb2af2 
 	GckSecretModule *self = GCK_SECRET_MODULE (module);
Tomas Bzatek 9bb2af2 
 	GckSecretCollection *collection = NULL;
Tomas Bzatek 9bb2af2 
-	const gchar *identifier;
Tomas Bzatek 9bb2af2 
-	gchar *filename;
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
-	/* Storing an item */
Tomas Bzatek 9bb2af2 
+	/* Store the item's collection */
Tomas Bzatek 9bb2af2 
 	if (GCK_IS_SECRET_ITEM (object)) {
Tomas Bzatek 9bb2af2 
 		collection = gck_secret_item_get_collection (GCK_SECRET_ITEM (object));
Tomas Bzatek 9bb2af2 
 		g_return_if_fail (GCK_IS_SECRET_COLLECTION (collection));
Tomas Bzatek 9bb2af2 
+		gck_module_store_token_object (GCK_MODULE (self), transaction, GCK_OBJECT (collection));
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	/* Storing a collection */
Tomas Bzatek 9bb2af2 
 	} else if (GCK_IS_SECRET_COLLECTION (object)) {
Tomas Bzatek 9bb2af2 
 		collection = GCK_SECRET_COLLECTION (object);
Tomas Bzatek 9bb2af2 
-	}
Tomas Bzatek 9bb2af2 
+		gck_secret_collection_save (collection, transaction);
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	/* No other kind of token object */
Tomas Bzatek 9bb2af2 
-	if (collection == NULL) {
Tomas Bzatek 9bb2af2 
+	} else {
Tomas Bzatek 9bb2af2 
 		g_warning ("can't store object of type '%s' on secret token", G_OBJECT_TYPE_NAME (object));
Tomas Bzatek 9bb2af2 
 		gck_transaction_fail (transaction, CKR_GENERAL_ERROR);
Tomas Bzatek 9bb2af2 
-		return;
Tomas Bzatek 9bb2af2 
-	}
Tomas Bzatek 9bb2af2 
-
Tomas Bzatek 9bb2af2 
-	/* Setup a filename for this collection */
Tomas Bzatek 9bb2af2 
-	if (!gck_secret_collection_get_filename (collection)) {
Tomas Bzatek 9bb2af2 
-		identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (collection));
Tomas Bzatek 9bb2af2 
-		filename = identifier_to_new_filename (self, identifier);
Tomas Bzatek 9bb2af2 
-		gck_secret_collection_set_filename (collection, filename);
Tomas Bzatek 9bb2af2 
-		g_free (filename);
Tomas Bzatek 9bb2af2 
 	}
Tomas Bzatek 9bb2af2 
-
Tomas Bzatek 9bb2af2 
-	gck_secret_collection_save (collection, transaction);
Tomas Bzatek 9bb2af2 
-	if (!gck_transaction_get_failed (transaction))
Tomas Bzatek 9bb2af2 
-		add_collection (self, transaction, collection);
Tomas Bzatek 9bb2af2 
 }
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 static void
Tomas Bzatek 9bb2af2 
@@ -351,11 +358,6 @@ gck_secret_module_real_remove_object (GckModule *module, GckTransaction *transac
Tomas Bzatek 9bb2af2 
 	    GCK_OBJECT (self->session_credential) == object)
Tomas Bzatek 9bb2af2 
 		return;
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
-	/* Ignore the session keyring collection */
Tomas Bzatek 9bb2af2 
-	if (self->session_collection != NULL &&
Tomas Bzatek 9bb2af2 
-	    GCK_OBJECT (self->session_collection) == object)
Tomas Bzatek 9bb2af2 
-		return;
Tomas Bzatek 9bb2af2 
-
Tomas Bzatek 9bb2af2 
 	/* Removing an item */
Tomas Bzatek 9bb2af2 
 	if (GCK_IS_SECRET_ITEM (object)) {
Tomas Bzatek 9bb2af2 
 		collection = gck_secret_item_get_collection (GCK_SECRET_ITEM (object));
Tomas Bzatek 9bb2af2 
@@ -384,6 +386,7 @@ gck_secret_module_constructor (GType type, guint n_props, GObjectConstructParam
Tomas Bzatek 9bb2af2 
 {
Tomas Bzatek 9bb2af2 
 	GckSecretModule *self = GCK_SECRET_MODULE (G_OBJECT_CLASS (gck_secret_module_parent_class)->constructor(type, n_props, props));
Tomas Bzatek 9bb2af2 
 	GckManager *manager;
Tomas Bzatek 9bb2af2 
+	GckObject *collection;
Tomas Bzatek 9bb2af2 
 	CK_RV rv;
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	g_return_val_if_fail (self, NULL);
Tomas Bzatek 9bb2af2 
@@ -401,22 +404,27 @@ gck_secret_module_constructor (GType type, guint n_props, GObjectConstructParam
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	manager = gck_module_get_manager (GCK_MODULE (self));
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
+	collection = g_object_new (GCK_TYPE_SECRET_COLLECTION,
Tomas Bzatek 9bb2af2 
+	                           "module", self,
Tomas Bzatek 9bb2af2 
+	                           "identifier", "session",
Tomas Bzatek 9bb2af2 
+	                           "manager", manager,
Tomas Bzatek 9bb2af2 
+	                           "transient", TRUE,
Tomas Bzatek 9bb2af2 
+	                           NULL);
Tomas Bzatek 9bb2af2 
+
Tomas Bzatek 9bb2af2 
 	/* Create the 'session' keyring, which is not stored to disk */
Tomas Bzatek 9bb2af2 
-	self->session_collection = g_object_new (GCK_TYPE_SECRET_COLLECTION,
Tomas Bzatek 9bb2af2 
-	                                         "module", self,
Tomas Bzatek 9bb2af2 
-	                                         "identifier", "session",
Tomas Bzatek 9bb2af2 
-	                                         "manager", manager,
Tomas Bzatek 9bb2af2 
-	                                         NULL);
Tomas Bzatek 9bb2af2 
-	gck_object_expose (GCK_OBJECT (self->session_collection), TRUE);
Tomas Bzatek 9bb2af2 
+	g_return_val_if_fail (gck_object_is_transient (collection), NULL);
Tomas Bzatek 9bb2af2 
+	gck_module_add_token_object (GCK_MODULE (self), NULL, collection);
Tomas Bzatek 9bb2af2 
+	gck_object_expose (collection, TRUE);
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	/* Unlock the 'session' keyring */
Tomas Bzatek 9bb2af2 
-	rv = gck_credential_create (GCK_MODULE (self), manager, GCK_OBJECT (self->session_collection),
Tomas Bzatek 9bb2af2 
+	rv = gck_credential_create (GCK_MODULE (self), manager, GCK_OBJECT (collection),
Tomas Bzatek 9bb2af2 
 	                            NULL, 0, &self->session_credential);
Tomas Bzatek 9bb2af2 
 	if (rv == CKR_OK)
Tomas Bzatek 9bb2af2 
 		gck_object_expose (GCK_OBJECT (self->session_credential), TRUE);
Tomas Bzatek 9bb2af2 
 	else
Tomas Bzatek 9bb2af2 
 		g_warning ("couldn't unlock the 'session' keyring");
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
+	g_object_unref (collection);
Tomas Bzatek 9bb2af2 
 	return G_OBJECT (self);
Tomas Bzatek 9bb2af2 
 }
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
@@ -438,10 +446,6 @@ gck_secret_module_dispose (GObject *obj)
Tomas Bzatek 9bb2af2 
 		g_object_unref (self->tracker);
Tomas Bzatek 9bb2af2 
 	self->tracker = NULL;
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
-	if (self->session_collection)
Tomas Bzatek 9bb2af2 
-		g_object_unref (self->session_collection);
Tomas Bzatek 9bb2af2 
-	self->session_collection = NULL;
Tomas Bzatek 9bb2af2 
-
Tomas Bzatek 9bb2af2 
 	if (self->session_credential)
Tomas Bzatek 9bb2af2 
 		g_object_unref (self->session_credential);
Tomas Bzatek 9bb2af2 
 	self->session_credential = NULL;
Tomas Bzatek 9bb2af2 
@@ -465,7 +469,6 @@ gck_secret_module_finalize (GObject *obj)
Tomas Bzatek 9bb2af2 
 	self->directory = NULL;
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	g_assert (!self->session_credential);
Tomas Bzatek 9bb2af2 
-	g_assert (!self->session_collection);
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 	G_OBJECT_CLASS (gck_secret_module_parent_class)->finalize (obj);
Tomas Bzatek 9bb2af2 
 }
Tomas Bzatek 9bb2af2 
@@ -484,8 +487,9 @@ gck_secret_module_class_init (GckSecretModuleClass *klass)
Tomas Bzatek 9bb2af2 
 	module_class->get_token_info = gck_secret_module_real_get_token_info;
Tomas Bzatek 9bb2af2 
 	module_class->parse_argument = gck_secret_module_real_parse_argument;
Tomas Bzatek 9bb2af2 
 	module_class->refresh_token = gck_secret_module_real_refresh_token;
Tomas Bzatek 9bb2af2 
-	module_class->remove_token_object = gck_secret_module_real_remove_object;
Tomas Bzatek 9bb2af2 
+	module_class->add_token_object = gck_secret_module_real_add_object;
Tomas Bzatek 9bb2af2 
 	module_class->store_token_object = gck_secret_module_real_store_object;
Tomas Bzatek 9bb2af2 
+	module_class->remove_token_object = gck_secret_module_real_remove_object;
Tomas Bzatek 9bb2af2 
 }
Tomas Bzatek 9bb2af2
Tomas Bzatek 9bb2af2 
 /* ---------------------------------------------------------------------------------------
Tomas Bzatek 9bb2af2 
--
Tomas Bzatek 9bb2af2 
cgit v0.8.3.1
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.