gnome-keyring r1202 - in trunk: . daemon/pk daemon/ssh daemon/ui
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1202 - in trunk: . daemon/pk daemon/ssh daemon/ui
- Date: Fri, 25 Jul 2008 17:11:40 +0000 (UTC)
Author: nnielsen
Date: Fri Jul 25 17:11:40 2008
New Revision: 1202
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1202&view=rev
Log:
* daemon/pk/gkr-pk-import.c:
* daemon/pk/gkr-pk-index.c:
* daemon/pk/gkr-pk-index.h:
* daemon/pk/gkr-pk-object.c:
* daemon/pk/gkr-pk-root-storage.c:
* daemon/pk/gkr-pk-storage.c:
* daemon/ssh/gkr-ssh-storage.c:
* daemon/ui/gkr-ask-daemon.c: Fix problems using SSH and other PK
related stuff when index unlock is denied by the user. We should
default to a session index.
Modified:
trunk/ChangeLog
trunk/daemon/pk/gkr-pk-import.c
trunk/daemon/pk/gkr-pk-index.c
trunk/daemon/pk/gkr-pk-index.h
trunk/daemon/pk/gkr-pk-object.c
trunk/daemon/pk/gkr-pk-root-storage.c
trunk/daemon/pk/gkr-pk-storage.c
trunk/daemon/ssh/gkr-ssh-storage.c
trunk/daemon/ui/gkr-ask-daemon.c
Modified: trunk/daemon/pk/gkr-pk-import.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-import.c (original)
+++ trunk/daemon/pk/gkr-pk-import.c Fri Jul 25 17:11:40 2008
@@ -186,7 +186,7 @@
*/
index = gkr_pk_storage_index (import->import_storage, loc);
- if (index && gkr_pk_index_is_secure (index))
+ if (gkr_pk_index_allows_secrets (index))
gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
/* Prompt the user */
Modified: trunk/daemon/pk/gkr-pk-index.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-index.c (original)
+++ trunk/daemon/pk/gkr-pk-index.c Fri Jul 25 17:11:40 2008
@@ -383,15 +383,39 @@
}
gboolean
-gkr_pk_index_is_secure (GkrPkIndex *index)
+gkr_pk_index_allows_secrets (GkrPkIndex *index)
{
+ if (!index)
+ return FALSE;
+
g_return_val_if_fail (GKR_IS_PK_INDEX (index), FALSE);
g_return_val_if_fail (GKR_IS_KEYRING (index->keyring), FALSE);
- return !gkr_keyring_is_insecure (index->keyring);
+
+ /*
+ * Secrets can be stored on:
+ * - Disk base indexes (memory based doesn't make sense,
+ * it's just confusing to the user. It's not really 'stored').
+ * - Encrypted indexes. It's not secure to store password
+ * in clear text indexes.
+ */
+
+ return index->keyring->location &&
+ !gkr_keyring_is_insecure (index->keyring);
+}
+
+GkrPkIndex*
+gkr_pk_index_open_session (GnomeKeyringAttributeList *defaults)
+{
+ GkrKeyring *session;
+
+ session = gkr_keyrings_get_session ();
+ g_return_val_if_fail (session, NULL);
+
+ return gkr_pk_index_new (session, defaults);
}
GkrPkIndex*
-gkr_pk_index_open_for_login (GnomeKeyringAttributeList *defaults)
+gkr_pk_index_open_login (GnomeKeyringAttributeList *defaults)
{
GkrKeyring *login;
@@ -673,7 +697,7 @@
g_return_val_if_fail (GKR_IS_PK_INDEX (index), FALSE);
/* Cannot store secrets in an insecure keyring. Caller should have checked this. */
- if (val != NULL && gkr_keyring_is_insecure (index->keyring)) {
+ if (val != NULL && !gkr_pk_index_allows_secrets (index)) {
g_warning ("gkr_pk_index_set_secret() called on an insecure keyring. Cannot "
"store secrets in a text based or otherwise insecure keyring.");
return FALSE;
Modified: trunk/daemon/pk/gkr-pk-index.h
==============================================================================
--- trunk/daemon/pk/gkr-pk-index.h (original)
+++ trunk/daemon/pk/gkr-pk-index.h Fri Jul 25 17:11:40 2008
@@ -58,11 +58,13 @@
GkrPkIndex* gkr_pk_index_open (GQuark index_location, const gchar *name,
GnomeKeyringAttributeList *defaults);
-GkrPkIndex* gkr_pk_index_open_for_login (GnomeKeyringAttributeList *defaults);
+GkrPkIndex* gkr_pk_index_open_login (GnomeKeyringAttributeList *defaults);
+
+GkrPkIndex* gkr_pk_index_open_session (GnomeKeyringAttributeList *defaults);
GkrPkIndex* gkr_pk_index_default (void);
-gboolean gkr_pk_index_is_secure (GkrPkIndex *index);
+gboolean gkr_pk_index_allows_secrets (GkrPkIndex *index);
gboolean gkr_pk_index_get_boolean (GkrPkIndex *index, gkrconstid digest,
const gchar *field, gboolean defvalue);
Modified: trunk/daemon/pk/gkr-pk-object.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-object.c (original)
+++ trunk/daemon/pk/gkr-pk-object.c Fri Jul 25 17:11:40 2008
@@ -134,16 +134,10 @@
GkrPkIndex *old_index = NULL;
GkrPkIndex *new_index = NULL;
- if (obj->storage) {
+ if (obj->storage)
old_index = gkr_pk_storage_index (obj->storage, obj->location);
- if (!old_index) /* User may have denied us access to index */
- return;
- }
- if (copy_storage) {
+ if (copy_storage)
new_index = gkr_pk_storage_index (copy_storage, copy_location);
- if (!old_index) /* User may have denied us access to index */
- return;
- }
if (old_index == new_index)
return;
@@ -927,8 +921,6 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return FALSE;
}
return gkr_pk_index_has_value (index, object->digest, field);
@@ -946,8 +938,6 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return NULL;
}
return gkr_pk_index_get_quarks (index, object->digest, field);
@@ -965,8 +955,6 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return NULL;
}
return gkr_pk_index_get_string (index, object->digest, field);
@@ -985,8 +973,6 @@
if (object->storage) {
g_return_val_if_fail (GKR_IS_PK_STORAGE (object->storage), FALSE);
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return NULL;
}
return gkr_pk_index_get_binary (index, object->digest, field, n_data);
@@ -1005,8 +991,6 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return;
}
if (gkr_pk_index_set_boolean (index, object->digest, field, value))
@@ -1026,8 +1010,6 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return;
}
if (gkr_pk_index_set_string (index, object->digest, field, string))
@@ -1047,8 +1029,6 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return;
}
if (gkr_pk_index_set_binary (index, object->digest, field, data, n_data))
@@ -1067,8 +1047,6 @@
if (object->storage) {
g_return_if_fail (GKR_IS_PK_STORAGE (object->storage));
index = gkr_pk_storage_index (object->storage, object->location);
- if (!index)
- return;
}
if (gkr_pk_index_clear (index, object->digest, field))
Modified: trunk/daemon/pk/gkr-pk-root-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-root-storage.c (original)
+++ trunk/daemon/pk/gkr-pk-root-storage.c Fri Jul 25 17:11:40 2008
@@ -225,7 +225,10 @@
attrs = gnome_keyring_attribute_list_new ();
gnome_keyring_attribute_list_append_string (attrs, "user-trust", "trusted");
- pv->index = gkr_pk_index_open_for_login (attrs);
+ pv->index = gkr_pk_index_open_login (attrs);
+ if (!pv->index)
+ pv->index = gkr_pk_index_open_session (attrs);
+
gnome_keyring_attribute_list_free (attrs);
}
Modified: trunk/daemon/pk/gkr-pk-storage.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-storage.c (original)
+++ trunk/daemon/pk/gkr-pk-storage.c Fri Jul 25 17:11:40 2008
@@ -288,8 +288,11 @@
{
GkrPkStoragePrivate *pv = GKR_PK_STORAGE_GET_PRIVATE (storage);
- if (!pv->index)
- pv->index = gkr_pk_index_open_for_login (NULL);
+ if (!pv->index) {
+ pv->index = gkr_pk_index_open_login (NULL);
+ if (!pv->index)
+ pv->index = gkr_pk_index_open_session (NULL);
+ }
return pv->index;
}
@@ -672,7 +675,7 @@
*/
/* See if we can just use the login keyring password for this */
- if (index && gkr_keyring_login_is_usable () && gkr_pk_index_is_secure (index)) {
+ if (index && gkr_keyring_login_is_usable () && gkr_pk_index_allows_secrets (index)) {
login = gkr_keyrings_get_login ();
g_return_val_if_fail (login, FALSE);
g_return_val_if_fail (login->password, FALSE);
@@ -702,7 +705,7 @@
gkr_ask_request_set_location (ask, location);
- if (index && gkr_pk_index_is_secure (index))
+ if (index && gkr_pk_index_allows_secrets (index))
gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
/* Prompt the user */
@@ -788,11 +791,9 @@
/* See if we can find a valid password for this location */
if (st == 2) {
- if (index) {
- *result = gkr_pk_index_get_secret (index, digest);
- if (*result != NULL)
- return TRUE;
- }
+ *result = gkr_pk_index_get_secret (index, digest);
+ if (*result != NULL)
+ return TRUE;
/*
* COMPATIBILITY: This is for compatibility with old versions 2.22, which
@@ -809,21 +810,18 @@
/* If we've already tried this password unsuccesfully, then clear */
} else {
- if (index)
- gkr_pk_index_set_secret (index, digest, NULL);
+ gkr_pk_index_set_secret (index, digest, NULL);
}
/*
* If we've parsed this before, then we can lookup in our index as to what
* exactly this is we're talking about here.
*/
- if (index) {
- stype = gkr_pk_index_get_string (index, digest, "parsed-type");
- if (stype) {
- if (!type && stype[0])
- type = g_quark_from_string (stype);
- g_free (stype);
- }
+ stype = gkr_pk_index_get_string (index, digest, "parsed-type");
+ if (stype) {
+ if (!type && stype[0])
+ type = g_quark_from_string (stype);
+ g_free (stype);
}
if (!label)
@@ -840,7 +838,7 @@
gkr_ask_request_set_location (ask, location);
- if (index && gkr_pk_index_is_secure (index))
+ if (index && gkr_pk_index_allows_secrets (index))
gkr_ask_request_set_check_option (ask, prepare_ask_check (type));
/* Prompt the user */
Modified: trunk/daemon/ssh/gkr-ssh-storage.c
==============================================================================
--- trunk/daemon/ssh/gkr-ssh-storage.c (original)
+++ trunk/daemon/ssh/gkr-ssh-storage.c Fri Jul 25 17:11:40 2008
@@ -269,10 +269,6 @@
g_return_if_fail (loc);
- index = gkr_ssh_storage_index (GKR_PK_STORAGE (storage), loc);
- if (!index)
- return;
-
ploc = public_location_for_private (loc);
g_return_if_fail (ploc);
@@ -303,6 +299,7 @@
}
/* Write key to the indexes */
+ index = gkr_ssh_storage_index (GKR_PK_STORAGE (storage), loc);
if (!gkr_pk_index_has_value (index, digest, GKR_PK_INDEX_PUBLIC_KEY)) {
data = gkr_pkix_der_write_public_key (sexp, &n_data);
g_return_if_fail (data != NULL);
@@ -672,7 +669,10 @@
attrs = gnome_keyring_attribute_list_new ();
gnome_keyring_attribute_list_append_string (attrs, "purposes", "ssh-authentication");
- pv->index = gkr_pk_index_open_for_login (attrs);
+ pv->index = gkr_pk_index_open_login (attrs);
+ if (!pv->index)
+ pv->index = gkr_pk_index_open_session (attrs);
+
gnome_keyring_attribute_list_free (attrs);
}
Modified: trunk/daemon/ui/gkr-ask-daemon.c
==============================================================================
--- trunk/daemon/ui/gkr-ask-daemon.c (original)
+++ trunk/daemon/ui/gkr-ask-daemon.c Fri Jul 25 17:11:40 2008
@@ -153,6 +153,7 @@
* We only keep this cache for the current client connection.
*/
if (check_previously_denied (ask)) {
+ g_message ("user denied this prompt previously, skipping prompt and automatically denying");
gkr_ask_request_deny (ask);
goto done;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]