gnome-keyring r1659 - in trunk: . pkcs11/ssh-agent
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1659 - in trunk: . pkcs11/ssh-agent
- Date: Tue, 3 Mar 2009 22:25:12 +0000 (UTC)
Author: nnielsen
Date: Tue Mar 3 22:25:12 2009
New Revision: 1659
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1659&view=rev
Log:
Only login to a token once we have a public key for which we want to use the private.
Modified:
trunk/ChangeLog
trunk/pkcs11/ssh-agent/gck-ssh-agent-ops.c
trunk/pkcs11/ssh-agent/gck-ssh-agent-standalone.c
trunk/pkcs11/ssh-agent/gck-ssh-agent.c
Modified: trunk/pkcs11/ssh-agent/gck-ssh-agent-ops.c
==============================================================================
--- trunk/pkcs11/ssh-agent/gck-ssh-agent-ops.c (original)
+++ trunk/pkcs11/ssh-agent/gck-ssh-agent-ops.c Tue Mar 3 22:25:12 2009
@@ -57,6 +57,30 @@
gp11_attributes_add (dest, attr);
}
+static gboolean
+login_session (GP11Session *session)
+{
+ GP11SessionInfo *info;
+ GError *error = NULL;
+ gboolean ret = TRUE;
+
+ /* TODO: We should have a way to just get the state */
+ info = gp11_session_get_info (session);
+ g_return_val_if_fail (info, FALSE);
+
+ /* Log in the session if necessary */
+ if (info->state == CKS_RO_PUBLIC_SESSION || info->state == CKS_RW_PUBLIC_SESSION) {
+ if (!gp11_session_login (session, CKU_USER, NULL, 0, &error)) {
+ g_message ("couldn't log into session: %s", error->message);
+ ret = FALSE;
+ }
+ }
+
+ gp11_session_info_free (info);
+
+ return ret;
+}
+
static GP11Attributes*
build_like_attributes (GP11Attributes *attrs, CK_OBJECT_CLASS klass)
{
@@ -195,7 +219,10 @@
session = gp11_object_get_session (object);
g_return_val_if_fail (GP11_IS_SESSION (session), FALSE);
-
+
+ if (!login_session (session))
+ return FALSE;
+
/* Search for the matching private key */
objects = gp11_session_find_objects (session, NULL,
CKA_ID, attr->length, attr->value,
@@ -222,12 +249,8 @@
load_identity_v1_attributes (GP11Object *object, gpointer user_data)
{
GP11Attributes *attrs;
- GP11Attribute *attr;
- GP11Session *session;
GError *error = NULL;
- gboolean valid = TRUE;
GList **all_attrs;
- GList *objects;
g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE);
g_return_val_if_fail (user_data, FALSE);
@@ -245,31 +268,8 @@
return TRUE;
}
- /* Find a private key for this one */
- attr = gp11_attributes_find (attrs, CKA_ID);
- if (attr != NULL) {
- session = gp11_object_get_session (object);
- g_return_val_if_fail (GP11_IS_SESSION (session), FALSE);
-
- objects = gp11_session_find_objects (session, NULL,
- CKA_ID, attr->length, attr->value,
- CKA_CLASS, GP11_ULONG, CKO_PRIVATE_KEY,
- CKA_TOKEN, GP11_BOOLEAN, FALSE,
- GP11_INVALID);
-
- g_object_unref (session);
-
- if (!objects)
- valid = FALSE;
-
- gp11_list_unref_free (objects);
- }
-
all_attrs = (GList**)user_data;
- if (valid == TRUE)
- *all_attrs = g_list_prepend (*all_attrs, attrs);
- else
- gp11_attributes_unref (attrs);
+ *all_attrs = g_list_prepend (*all_attrs, attrs);
/* Note that we haven't reffed the object or session */
@@ -282,12 +282,10 @@
{
GP11Attributes *attrs;
GP11Attribute *attr;
- GP11Session *session;
GError *error = NULL;
gboolean valid = TRUE;
gboolean token;
GList **all_attrs;
- GList *objects;
g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE);
g_return_val_if_fail (user_data, FALSE);
@@ -313,26 +311,6 @@
if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token))
token = FALSE;
- /* Find a private key for this one */
- attr = gp11_attributes_find (attrs, CKA_ID);
- if (attr != NULL) {
- session = gp11_object_get_session (object);
- g_return_val_if_fail (GP11_IS_SESSION (session), FALSE);
-
- objects = gp11_session_find_objects (session, NULL,
- CKA_ID, attr->length, attr->value,
- CKA_CLASS, GP11_ULONG, CKO_PRIVATE_KEY,
- CKA_TOKEN, GP11_BOOLEAN, token,
- GP11_INVALID);
-
- g_object_unref (session);
-
- if (!objects)
- valid = FALSE;
-
- gp11_list_unref_free (objects);
- }
-
all_attrs = (GList**)user_data;
if (valid == TRUE)
*all_attrs = g_list_prepend (*all_attrs, attrs);
@@ -352,6 +330,9 @@
g_assert (GP11_IS_SESSION (session));
+ if (!login_session (session))
+ return;
+
if (priv != NULL) {
gp11_object_set_session (priv, session);
gp11_object_destroy (priv, &error);
@@ -381,6 +362,9 @@
GError *error = NULL;
g_assert (GP11_IS_SESSION (session));
g_assert (GP11_IS_OBJECT (pub));
+
+ if (!login_session (session))
+ return;
gp11_object_set_session (priv, session);
gp11_object_set (priv, &error, CKA_GNOME_AUTH_CACHED, GP11_BOOLEAN, FALSE, GP11_INVALID);
@@ -408,6 +392,9 @@
g_assert (GP11_IS_SESSION (session));
g_assert (GP11_IS_OBJECT (pub));
+
+ if (!login_session (session))
+ return;
gp11_object_set_session (pub, session);
attrs = gp11_object_get (pub, &error,
@@ -463,6 +450,9 @@
g_assert (priv);
g_assert (pub);
+ if (!login_session (session))
+ return FALSE;
+
priv_key = gp11_session_create_object_full (session, priv, NULL, &error);
if (error) {
g_warning ("couldn't create session private key: %s", error->message);
@@ -515,6 +505,9 @@
g_assert (GP11_IS_SESSION (session));
g_assert (priv);
g_assert (pub);
+
+ if (!login_session (session))
+ return FALSE;
gp11_attributes_add_boolean (priv, CKA_TOKEN, FALSE);
gp11_attributes_add_boolean (pub, CKA_TOKEN, FALSE);
@@ -1080,8 +1073,6 @@
gck_ssh_agent_checkin_main_session (session);
- /* TODO: Implement locking of other keys */
-
egg_buffer_add_byte (call->resp, GCK_SSH_RES_SUCCESS);
return TRUE;
@@ -1152,8 +1143,6 @@
gp11_list_unref_free (objects);
gck_ssh_agent_checkin_main_session (session);
-
- /* TODO: Go through all open tokens and lock private SSH keys */
egg_buffer_add_byte (call->resp, GCK_SSH_RES_SUCCESS);
return TRUE;
Modified: trunk/pkcs11/ssh-agent/gck-ssh-agent-standalone.c
==============================================================================
--- trunk/pkcs11/ssh-agent/gck-ssh-agent-standalone.c (original)
+++ trunk/pkcs11/ssh-agent/gck-ssh-agent-standalone.c Tue Mar 3 22:25:12 2009
@@ -100,7 +100,7 @@
g_signal_connect (module, "authenticate-slot", G_CALLBACK (authenticate_slot), NULL);
g_signal_connect (module, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
- gp11_module_set_auto_authenticate (module, TRUE);
+ gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS);
sock = gck_ssh_agent_initialize_with_module ("/tmp/test-gck-ssh-agent", module);
g_object_unref (module);
Modified: trunk/pkcs11/ssh-agent/gck-ssh-agent.c
==============================================================================
--- trunk/pkcs11/ssh-agent/gck-ssh-agent.c (original)
+++ trunk/pkcs11/ssh-agent/gck-ssh-agent.c Tue Mar 3 22:25:12 2009
@@ -399,7 +399,7 @@
g_return_val_if_fail (prefix, -1);
module = gp11_module_new (funcs);
- gp11_module_set_auto_authenticate (module, TRUE);
+ gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS);
gp11_module_set_pool_sessions (module, TRUE);
sock = gck_ssh_agent_initialize_with_module (prefix, module);
g_object_unref (module);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
