[gnome-keyring] [ssh-agent] Move into daemon component, rather than pkcs11.
- From: Stefan Walter <stefw src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [gnome-keyring] [ssh-agent] Move into daemon component, rather than pkcs11.
- Date: Sun, 3 Jan 2010 20:57:13 +0000 (UTC)
commit a68cf761f9fa2af1a692ca75dbf0ad4b048fafca
Author: Stef Walter <stef memberwebs com>
Date: Sun Jan 3 19:31:48 2010 +0000
[ssh-agent] Move into daemon component, rather than pkcs11.
configure.in | 2 +-
daemon/.gitignore | 2 +
daemon/Makefile.am | 3 +-
daemon/pkcs11/gkd-pkcs11.c | 15 +-
{pkcs11 => daemon}/ssh-agent/.gitignore | 0
daemon/ssh-agent/Makefile.am | 38 ++
.../ssh-agent/gkd-ssh-agent-ops.c | 580 ++++++++++----------
.../ssh-agent/gkd-ssh-agent-private.h | 162 +++---
.../ssh-agent/gkd-ssh-agent-proto.c | 239 ++++----
.../ssh-agent/gkd-ssh-agent-standalone.c | 38 +-
.../ssh-agent/gkd-ssh-agent.c | 136 +++---
daemon/ssh-agent/gkd-ssh-agent.h | 40 ++
pkcs11/Makefile.am | 1 -
pkcs11/ssh-agent/Makefile.am | 49 --
pkcs11/ssh-agent/gck-ssh-agent.h | 18 -
15 files changed, 668 insertions(+), 655 deletions(-)
---
diff --git a/configure.in b/configure.in
index 96a8615..a3978eb 100644
--- a/configure.in
+++ b/configure.in
@@ -557,6 +557,7 @@ daemon/login/Makefile
daemon/pkcs11/Makefile
daemon/prompt/Makefile
daemon/prompt/tests/Makefile
+daemon/ssh-agent/Makefile
docs/Makefile
docs/reference/Makefile
docs/reference/gcr/Makefile
@@ -580,7 +581,6 @@ pkcs11/roots-store/tests/Makefile
pkcs11/rpc-layer/Makefile
pkcs11/secret-store/Makefile
pkcs11/secret-store/tests/Makefile
-pkcs11/ssh-agent/Makefile
pkcs11/ssh-store/Makefile
pkcs11/ssh-store/tests/Makefile
pkcs11/user-store/Makefile
diff --git a/daemon/.gitignore b/daemon/.gitignore
index 1fdb294..8bf0ce8 100644
--- a/daemon/.gitignore
+++ b/daemon/.gitignore
@@ -18,3 +18,5 @@ run-auto-test*
/control/tests/test-control-change
/control/tests/test-control-init
/control/tests/test-control-unlock
+
+/ssh-agent/gkd-ssh-agent-standalone
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 1958193..be96523 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -2,6 +2,7 @@ SUBDIRS = \
prompt \
login \
control \
+ ssh-agent \
pkcs11 \
dbus \
data
@@ -33,11 +34,11 @@ gnome_keyring_daemon_LDADD = \
$(top_builddir)/daemon/login/libgkd-login.la \
$(top_builddir)/daemon/control/libgkd-control.la \
$(top_builddir)/daemon/prompt/libgkd-prompt.la \
+ $(top_builddir)/daemon/ssh-agent/libgkd-ssh-agent.la \
$(top_builddir)/pkcs11/plex-layer/libgck-plex-layer.la \
$(top_builddir)/pkcs11/roots-store/libgck-roots-store.la \
$(top_builddir)/pkcs11/rpc-layer/libgck-rpc-layer.la \
$(top_builddir)/pkcs11/secret-store/libgck-secret-store.la \
- $(top_builddir)/pkcs11/ssh-agent/libgck-ssh-agent.la \
$(top_builddir)/pkcs11/ssh-store/libgck-ssh-store.la \
$(top_builddir)/pkcs11/user-store/libgck-user-store.la \
$(top_builddir)/pkcs11/gck/libgck.la \
diff --git a/daemon/pkcs11/gkd-pkcs11.c b/daemon/pkcs11/gkd-pkcs11.c
index 8009e8f..2475cf3 100644
--- a/daemon/pkcs11/gkd-pkcs11.c
+++ b/daemon/pkcs11/gkd-pkcs11.c
@@ -25,15 +25,16 @@
#include "gkd-pkcs11-auth.h"
#include "gkd-pkcs11.h"
+#include "egg/egg-cleanup.h"
+
#include "pkcs11/plex-layer/gck-plex-layer.h"
#include "pkcs11/roots-store/gck-roots-store.h"
#include "pkcs11/rpc-layer/gck-rpc-layer.h"
#include "pkcs11/secret-store/gck-secret-store.h"
-#include "pkcs11/ssh-agent/gck-ssh-agent.h"
#include "pkcs11/ssh-store/gck-ssh-store.h"
#include "pkcs11/user-store/gck-user-store.h"
-#include "egg/egg-cleanup.h"
+#include "ssh-agent/gkd-ssh-agent.h"
/* The top level of our internal PKCS#11 module stack */
static CK_FUNCTION_LIST_PTR pkcs11_roof = NULL;
@@ -46,7 +47,7 @@ pkcs11_daemon_cleanup (gpointer unused)
g_assert (pkcs11_roof);
- gck_ssh_agent_uninitialize ();
+ gkd_ssh_agent_uninitialize ();
gck_rpc_layer_uninitialize ();
rv = (pkcs11_roof->C_Finalize) (NULL);
@@ -102,7 +103,7 @@ gkd_pkcs11_initialize (void)
egg_cleanup_register (pkcs11_daemon_cleanup, NULL);
- ret = gck_ssh_agent_initialize (pkcs11_roof) &&
+ ret = gkd_ssh_agent_initialize (pkcs11_roof) &&
gck_rpc_layer_initialize (pkcs11_roof);
return ret;
@@ -149,14 +150,14 @@ gkd_pkcs11_startup_pkcs11 (void)
static void
pkcs11_ssh_cleanup (gpointer unused)
{
- gck_ssh_agent_shutdown ();
+ gkd_ssh_agent_shutdown ();
}
static gboolean
accept_ssh_client (GIOChannel *channel, GIOCondition cond, gpointer unused)
{
if (cond == G_IO_IN)
- gck_ssh_agent_accept ();
+ gkd_ssh_agent_accept ();
return TRUE;
}
@@ -170,7 +171,7 @@ gkd_pkcs11_startup_ssh (void)
base_dir = gkd_util_get_master_directory ();
g_return_val_if_fail (base_dir, FALSE);
- sock = gck_ssh_agent_startup (base_dir);
+ sock = gkd_ssh_agent_startup (base_dir);
if (sock == -1)
return FALSE;
diff --git a/pkcs11/ssh-agent/.gitignore b/daemon/ssh-agent/.gitignore
similarity index 100%
rename from pkcs11/ssh-agent/.gitignore
rename to daemon/ssh-agent/.gitignore
diff --git a/daemon/ssh-agent/Makefile.am b/daemon/ssh-agent/Makefile.am
new file mode 100644
index 0000000..d3c4e57
--- /dev/null
+++ b/daemon/ssh-agent/Makefile.am
@@ -0,0 +1,38 @@
+
+INCLUDES = \
+ -I$(top_builddir) \
+ -I$(top_srcdir) \
+ -I$(top_srcdir)/pkcs11 \
+ $(GOBJECT_CFLAGS) \
+ $(GLIB_CFLAGS)
+
+# ------------------------------------------------------------------------------
+# The ssh-agent component code
+
+noinst_LTLIBRARIES = \
+ libgkd-ssh-agent.la
+
+libgkd_ssh_agent_la_SOURCES = \
+ gkd-ssh-agent.c gkd-ssh-agent.h \
+ gkd-ssh-agent-private.h \
+ gkd-ssh-agent-ops.c \
+ gkd-ssh-agent-proto.c
+
+# ------------------------------------------------------------------------------
+# Standalone binary
+
+noinst_PROGRAMS = \
+ gkd-ssh-agent-standalone
+
+gkd_ssh_agent_standalone_SOURCES = \
+ gkd-ssh-agent-standalone.c
+
+gkd_ssh_agent_standalone_LDADD = \
+ libgkd-ssh-agent.la \
+ $(top_builddir)/gp11/libgp11.la \
+ $(top_builddir)/egg/libegg-buffer.la \
+ $(top_builddir)/egg/libegg-secure.la \
+ $(GOBJECT_LIBS) \
+ $(GTHREAD_LIBS) \
+ $(LIBGCRYPT_LIBS) \
+ $(GLIB_LIBS)
diff --git a/pkcs11/ssh-agent/gck-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c
similarity index 83%
rename from pkcs11/ssh-agent/gck-ssh-agent-ops.c
rename to daemon/ssh-agent/gkd-ssh-agent-ops.c
index 8324374..98567ae 100644
--- a/pkcs11/ssh-agent/gck-ssh-agent-ops.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c
@@ -1,5 +1,5 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-/* gkr-ssh-daemon-ops.h - SSH agent operations
+/* gkd-ssh-agent-ops.h - SSH agent operations
Copyright (C) 2007 Stefan Walter
@@ -7,12 +7,12 @@
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
-
+
Gnome keyring is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
@@ -22,7 +22,7 @@
#include "config.h"
-#include "gck-ssh-agent-private.h"
+#include "gkd-ssh-agent-private.h"
#include "gp11/gp11.h"
@@ -48,10 +48,10 @@ static void
copy_attribute (GP11Attributes *original, CK_ATTRIBUTE_TYPE type, GP11Attributes *dest)
{
GP11Attribute *attr;
-
+
g_assert (original);
g_assert (dest);
-
+
attr = gp11_attributes_find (original, type);
if (attr)
gp11_attributes_add (dest, attr);
@@ -63,11 +63,11 @@ login_session (GP11Session *session)
GP11SessionInfo *info;
GError *error = NULL;
gboolean ret = TRUE;
-
+
/* TODO: We should have a way to just get the state */
info = gp11_session_get_info (session);
g_return_val_if_fail (info, FALSE);
-
+
/* Log in the session if necessary */
if (info->state == CKS_RO_PUBLIC_SESSION || info->state == CKS_RW_PUBLIC_SESSION) {
if (!gp11_session_login (session, CKU_USER, NULL, 0, &error)) {
@@ -75,9 +75,9 @@ login_session (GP11Session *session)
ret = FALSE;
}
}
-
+
gp11_session_info_free (info);
-
+
return ret;
}
@@ -86,79 +86,79 @@ build_like_attributes (GP11Attributes *attrs, CK_OBJECT_CLASS klass)
{
GP11Attributes *search;
gulong key_type;
-
+
g_assert (attrs);
-
+
/* Determine the key type */
if (!gp11_attributes_find_ulong (attrs, CKA_KEY_TYPE, &key_type))
g_return_val_if_reached (NULL);
-
+
search = gp11_attributes_new ();
gp11_attributes_add_ulong (search, CKA_CLASS, klass);
copy_attribute (attrs, CKA_KEY_TYPE, search);
copy_attribute (attrs, CKA_TOKEN, search);
-
+
switch (key_type) {
case CKK_RSA:
copy_attribute (attrs, CKA_MODULUS, search);
copy_attribute (attrs, CKA_PUBLIC_EXPONENT, search);
break;
-
+
case CKK_DSA:
copy_attribute (attrs, CKA_PRIME, search);
copy_attribute (attrs, CKA_SUBPRIME, search);
copy_attribute (attrs, CKA_BASE, search);
copy_attribute (attrs, CKA_VALUE, search);
break;
-
+
default:
g_return_val_if_reached (NULL);
break;
}
-
+
return search;
}
static void
-search_keys_like_attributes (gpointer session_or_module, GP11Attributes *attrs, CK_OBJECT_CLASS klass,
+search_keys_like_attributes (gpointer session_or_module, GP11Attributes *attrs, CK_OBJECT_CLASS klass,
GP11ObjectForeachFunc func, gpointer user_data)
{
GP11Attributes *search;
GError *error = NULL;
GList *keys, *l;
-
+
search = build_like_attributes (attrs, klass);
-
+
/* In all slots */
if (GP11_IS_MODULE (session_or_module)) {
- if (!gp11_module_enumerate_objects_full (session_or_module, search, NULL,
+ if (!gp11_module_enumerate_objects_full (session_or_module, search, NULL,
func, user_data, &error)) {
g_warning ("couldn't enumerate matching keys: %s", error->message);
g_clear_error (&error);
}
-
+
/* Otherwise search in the session */
} else if (GP11_IS_SESSION (session_or_module)){
keys = gp11_session_find_objects_full (session_or_module, search, NULL, &error);
-
+
if (error) {
g_warning ("couldn't find matching keys: %s", error->message);
g_clear_error (&error);
-
+
} else {
for (l = keys; l; l = g_list_next (l)) {
if (!(func) (l->data, user_data))
break;
}
-
+
gp11_list_unref_free (keys);
}
-
+
/* Bad object passed in */
} else {
g_assert_not_reached ();
}
-
+
gp11_attributes_unref (search);
}
@@ -168,7 +168,7 @@ list_all_matching (GP11Object *object, gpointer user_data)
GList** list = (GList**)user_data;
g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE);
*list = g_list_prepend (*list, g_object_ref (object));
-
+
/* Keep going */
return TRUE;
}
@@ -177,12 +177,12 @@ static gboolean
return_first_matching (GP11Object *object, gpointer user_data)
{
GP11Object **result = (GP11Object**)user_data;
-
+
g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE);
g_return_val_if_fail (result != NULL, FALSE);
g_return_val_if_fail (*result == NULL, FALSE);
*result = g_object_ref (object);
-
+
/* We've seen enough */
return FALSE;
}
@@ -197,11 +197,11 @@ return_private_matching (GP11Object *object, gpointer user_data)
gboolean token;
GList *objects;
GError *error = NULL;
-
+
g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE);
g_return_val_if_fail (result != NULL, FALSE);
g_return_val_if_fail (*result == NULL, FALSE);
-
+
/* Get the key identifier and token */
attrs = gp11_object_get (object, &error, CKA_ID, CKA_TOKEN, GP11_INVALID);
if (error) {
@@ -213,25 +213,25 @@ return_private_matching (GP11Object *object, gpointer user_data)
/* Dig out the key identifier and token */
attr = gp11_attributes_find (attrs, CKA_ID);
g_return_val_if_fail (attr, FALSE);
-
+
if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token))
token = FALSE;
-
+
session = gp11_object_get_session (object);
g_return_val_if_fail (GP11_IS_SESSION (session), FALSE);
if (!login_session (session))
return FALSE;
-
+
/* Search for the matching private key */
- objects = gp11_session_find_objects (session, NULL,
+ objects = gp11_session_find_objects (session, NULL,
CKA_ID, attr->length, attr->value,
CKA_CLASS, GP11_ULONG, CKO_PRIVATE_KEY,
CKA_TOKEN, GP11_BOOLEAN, token,
GP11_INVALID);
-
+
gp11_attributes_unref (attrs);
-
+
/* Keep searching, not found */
if (objects) {
*result = g_object_ref (objects->data);
@@ -245,22 +245,22 @@ return_private_matching (GP11Object *object, gpointer user_data)
return (*result == NULL);
}
-static gboolean
+static gboolean
load_identity_v1_attributes (GP11Object *object, gpointer user_data)
{
GP11Attributes *attrs;
GError *error = NULL;
GList **all_attrs;
-
+
g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE);
g_return_val_if_fail (user_data, FALSE);
-
- /*
+
+ /*
* The encompassing search should have limited to the right label.
* In addition V1 keys are only RSA.
*/
-
- attrs = gp11_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS,
+
+ attrs = gp11_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS,
CKA_PUBLIC_EXPONENT, CKA_CLASS, CKA_MODULUS_BITS, GP11_INVALID);
if (error) {
g_warning ("error retrieving attributes for public key: %s", error->message);
@@ -270,14 +270,14 @@ load_identity_v1_attributes (GP11Object *object, gpointer user_data)
all_attrs = (GList**)user_data;
*all_attrs = g_list_prepend (*all_attrs, attrs);
-
+
/* Note that we haven't reffed the object or session */
/* Keep going */
return TRUE;
}
-static gboolean
+static gboolean
load_identity_v2_attributes (GP11Object *object, gpointer user_data)
{
GP11Attributes *attrs;
@@ -286,27 +286,27 @@ load_identity_v2_attributes (GP11Object *object, gpointer user_data)
gboolean valid = TRUE;
gboolean token;
GList **all_attrs;
-
+
g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE);
g_return_val_if_fail (user_data, FALSE);
-
- attrs = gp11_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS,
- CKA_PUBLIC_EXPONENT, CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
+
+ attrs = gp11_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS,
+ CKA_PUBLIC_EXPONENT, CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
CKA_VALUE, CKA_CLASS, CKA_MODULUS_BITS, CKA_TOKEN, GP11_INVALID);
if (error) {
g_warning ("error retrieving attributes for public key: %s", error->message);
g_clear_error (&error);
return TRUE;
}
-
+
/* Dig out the label, and see if it's not v1, skip if so */
attr = gp11_attributes_find (attrs, CKA_LABEL);
if (attr != NULL) {
- if (attr->length == strlen (V1_LABEL) &&
+ if (attr->length == strlen (V1_LABEL) &&
strncmp ((gchar*)attr->value, V1_LABEL, attr->length) == 0)
valid = FALSE;
}
-
+
/* Figure out if it's a token object or not */
if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token))
token = FALSE;
@@ -314,11 +314,11 @@ load_identity_v2_attributes (GP11Object *object, gpointer user_data)
all_attrs = (GList**)user_data;
if (valid == TRUE)
*all_attrs = g_list_prepend (*all_attrs, attrs);
- else
+ else
gp11_attributes_unref (attrs);
-
+
/* Note that we haven't reffed the object or session */
-
+
/* Keep going */
return TRUE;
}
@@ -327,29 +327,29 @@ static void
remove_key_pair (GP11Session *session, GP11Object *priv, GP11Object *pub)
{
GError *error = NULL;
-
+
g_assert (GP11_IS_SESSION (session));
-
+
if (!login_session (session))
return;
-
+
if (priv != NULL) {
gp11_object_set_session (priv, session);
gp11_object_destroy (priv, &error);
-
+
if (error) {
- if (error->code != CKR_OBJECT_HANDLE_INVALID)
+ if (error->code != CKR_OBJECT_HANDLE_INVALID)
g_warning ("couldn't remove ssh private key: %s", error->message);
g_clear_error (&error);
}
}
-
+
if (pub != NULL) {
gp11_object_set_session (pub, session);
gp11_object_destroy (pub, &error);
-
+
if (error) {
- if (error->code != CKR_OBJECT_HANDLE_INVALID)
+ if (error->code != CKR_OBJECT_HANDLE_INVALID)
g_warning ("couldn't remove ssh public key: %s", error->message);
g_clear_error (&error);
}
@@ -402,20 +402,20 @@ remove_by_public_key (GP11Session *session, GP11Object *pub, gboolean exclude_v1
g_assert (GP11_IS_SESSION (session));
g_assert (GP11_IS_OBJECT (pub));
-
+
if (!login_session (session))
return;
gp11_object_set_session (pub, session);
- attrs = gp11_object_get (pub, &error,
- CKA_LABEL, CKA_ID, CKA_TOKEN,
+ attrs = gp11_object_get (pub, &error,
+ CKA_LABEL, CKA_ID, CKA_TOKEN,
GP11_INVALID);
if (error) {
g_warning ("couldn't lookup attributes for key: %s", error->message);
g_clear_error (&error);
return;
}
-
+
/* Skip over SSH V1 keys */
if (exclude_v1 && gp11_attributes_find_string (attrs, CKA_LABEL, &label)) {
if (label && strcmp (label, V1_LABEL) == 0) {
@@ -428,18 +428,18 @@ remove_by_public_key (GP11Session *session, GP11Object *pub, gboolean exclude_v1
/* Lock token objects, remove session objects */
if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token))
token = FALSE;
-
+
/* Search for exactly the same attributes but with a private key class */
gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PRIVATE_KEY);
objects = gp11_session_find_objects_full (session, attrs, NULL, &error);
gp11_attributes_unref (attrs);
-
+
if (error) {
g_warning ("couldn't search for related key: %s", error->message);
g_clear_error (&error);
return;
}
-
+
/* Lock the token objects */
if (token && objects) {
lock_key_pair (session, objects->data, pub);
@@ -455,37 +455,37 @@ create_key_pair (GP11Session *session, GP11Attributes *priv, GP11Attributes *pub
{
GP11Object *priv_key, *pub_key;
GError *error = NULL;
-
+
g_assert (GP11_IS_SESSION (session));
g_assert (priv);
g_assert (pub);
-
+
if (!login_session (session))
return FALSE;
-
+
priv_key = gp11_session_create_object_full (session, priv, NULL, &error);
if (error) {
g_warning ("couldn't create session private key: %s", error->message);
g_clear_error (&error);
return FALSE;
}
-
+
pub_key = gp11_session_create_object_full (session, pub, NULL, &error);
if (error) {
g_warning ("couldn't create session public key: %s", error->message);
g_clear_error (&error);
-
+
/* Failed, so remove private as well */
gp11_object_set_session (priv_key, session);
gp11_object_destroy (priv_key, NULL);
g_object_unref (priv_key);
-
+
return FALSE;
}
-
+
g_object_unref (pub_key);
g_object_unref (priv_key);
-
+
return TRUE;
}
@@ -496,7 +496,7 @@ destroy_replaced_keys (GP11Session *session, GList *keys)
GList *l;
g_assert (GP11_IS_SESSION (session));
-
+
for (l = keys; l; l = g_list_next (l)) {
gp11_object_set_session (l->data, session);
if (!gp11_object_destroy (l->data, &error)) {
@@ -511,33 +511,33 @@ static gboolean
replace_key_pair (GP11Session *session, GP11Attributes *priv, GP11Attributes *pub)
{
GList *priv_prev, *pub_prev;
-
+
g_assert (GP11_IS_SESSION (session));
g_assert (priv);
g_assert (pub);
-
+
if (!login_session (session))
return FALSE;
gp11_attributes_add_boolean (priv, CKA_TOKEN, FALSE);
gp11_attributes_add_boolean (pub, CKA_TOKEN, FALSE);
-
+
/* Find the previous keys that match the same description */
priv_prev = pub_prev = NULL;
search_keys_like_attributes (session, priv, CKO_PRIVATE_KEY, list_all_matching, &priv_prev);
search_keys_like_attributes (session, priv, CKO_PUBLIC_KEY, list_all_matching, &pub_prev);
-
+
/* Now try and create the new keys */
if (create_key_pair (session, priv, pub)) {
-
+
/* Delete the old keys */
destroy_replaced_keys (session, priv_prev);
destroy_replaced_keys (session, pub_prev);
}
-
+
gp11_list_unref_free (priv_prev);
gp11_list_unref_free (pub_prev);
-
+
return TRUE;
}
@@ -562,7 +562,7 @@ load_contraints (EggBuffer *buffer, gsize offset, gsize *next_offset,
return FALSE;
switch (constraint) {
- case GCK_SSH_FLAG_CONSTRAIN_LIFETIME:
+ case GKD_SSH_FLAG_CONSTRAIN_LIFETIME:
if (!egg_buffer_get_uint32 (buffer, offset, &offset, &lifetime))
return FALSE;
@@ -579,7 +579,7 @@ load_contraints (EggBuffer *buffer, gsize offset, gsize *next_offset,
gp11_attributes_add_data (priv, CKA_GNOME_AUTO_DESTRUCT, buf, 16);
break;
- case GCK_SSH_FLAG_CONSTRAIN_CONFIRM:
+ case GKD_SSH_FLAG_CONSTRAIN_CONFIRM:
/* We can't use prompting as access control on an insecure X desktop */
g_message ("prompt constraints are not supported.");
return FALSE;
@@ -599,7 +599,7 @@ load_contraints (EggBuffer *buffer, gsize offset, gsize *next_offset,
*/
static gboolean
-op_add_identity (GckSshAgentCall *call)
+op_add_identity (GkdSshAgentCall *call)
{
GP11Attributes *pub;
GP11Attributes *priv;
@@ -609,11 +609,11 @@ op_add_identity (GckSshAgentCall *call)
gboolean ret;
gulong algo;
gsize offset;
-
+
if (!egg_buffer_get_string (call->req, 5, &offset, &stype, (EggBufferAllocator)g_realloc))
return FALSE;
-
- algo = gck_ssh_agent_proto_keytype_to_algo (stype);
+
+ algo = gkd_ssh_agent_proto_keytype_to_algo (stype);
if (algo == G_MAXULONG) {
g_warning ("unsupported algorithm from SSH: %s", stype);
g_free (stype);
@@ -623,33 +623,33 @@ op_add_identity (GckSshAgentCall *call)
g_free (stype);
priv = gp11_attributes_new_full ((GP11Allocator)egg_secure_realloc);
pub = gp11_attributes_new_full (g_realloc);
-
+
switch (algo) {
case CKK_RSA:
- ret = gck_ssh_agent_proto_read_pair_rsa (call->req, &offset, priv, pub);
+ ret = gkd_ssh_agent_proto_read_pair_rsa (call->req, &offset, priv, pub);
break;
case CKK_DSA:
- ret = gck_ssh_agent_proto_read_pair_dsa (call->req, &offset, priv, pub);
+ ret = gkd_ssh_agent_proto_read_pair_dsa (call->req, &offset, priv, pub);
break;
default:
g_assert_not_reached ();
return FALSE;
}
-
+
if (!ret) {
g_warning ("couldn't read incoming SSH private key");
gp11_attributes_unref (pub);
gp11_attributes_unref (priv);
return FALSE;
}
-
+
/* Get the comment */
if (!egg_buffer_get_string (call->req, offset, &offset, &comment, (EggBufferAllocator)g_realloc)) {
gp11_attributes_unref (pub);
gp11_attributes_unref (priv);
return FALSE;
}
-
+
gp11_attributes_add_string (pub, CKA_LABEL, comment);
gp11_attributes_add_string (priv, CKA_LABEL, comment);
g_free (comment);
@@ -661,48 +661,48 @@ op_add_identity (GckSshAgentCall *call)
return FALSE;
}
- /*
- * This is the session that owns these objects. Only
- * one thread can use it at a time.
+ /*
+ * This is the session that owns these objects. Only
+ * one thread can use it at a time.
*/
-
- session = gck_ssh_agent_checkout_main_session ();
+
+ session = gkd_ssh_agent_checkout_main_session ();
g_return_val_if_fail (session, FALSE);
-
+
ret = replace_key_pair (session, priv, pub);
-
- gck_ssh_agent_checkin_main_session (session);
-
+
+ gkd_ssh_agent_checkin_main_session (session);
+
gp11_attributes_unref (priv);
gp11_attributes_unref (pub);
-
- egg_buffer_add_byte (call->resp, ret ? GCK_SSH_RES_SUCCESS : GCK_SSH_RES_FAILURE);
- return TRUE;
+
+ egg_buffer_add_byte (call->resp, ret ? GKD_SSH_RES_SUCCESS : GKD_SSH_RES_FAILURE);
+ return TRUE;
}
static gboolean
-op_v1_add_identity (GckSshAgentCall *call)
+op_v1_add_identity (GkdSshAgentCall *call)
{
GP11Attributes *pub, *priv;
GP11Session *session;
gchar *comment = NULL;
gboolean ret;
- gsize offset = 5;
+ gsize offset = 5;
guint32 unused;
-
+
if (!egg_buffer_get_uint32 (call->req, offset, &offset, &unused))
return FALSE;
-
+
priv = gp11_attributes_new_full ((GP11Allocator)egg_secure_realloc);
pub = gp11_attributes_new_full (g_realloc);
- if (!gck_ssh_agent_proto_read_pair_v1 (call->req, &offset, priv, pub)) {
+ if (!gkd_ssh_agent_proto_read_pair_v1 (call->req, &offset, priv, pub)) {
g_warning ("couldn't read incoming SSH private key");
gp11_attributes_unref (pub);
gp11_attributes_unref (priv);
- return FALSE;
+ return FALSE;
}
-
+
/* Get the comment */
if (!egg_buffer_get_string (call->req, offset, &offset, &comment, (EggBufferAllocator)g_realloc)) {
gp11_attributes_unref (pub);
@@ -714,7 +714,7 @@ op_v1_add_identity (GckSshAgentCall *call)
gp11_attributes_add_string (priv, CKA_LABEL, V1_LABEL);
gp11_attributes_add_string (pub, CKA_LABEL, V1_LABEL);
-
+
/* Any constraints on loading the key */
if (!load_contraints (call->req, offset, &offset, priv, pub)) {
gp11_attributes_unref (pub);
@@ -722,27 +722,27 @@ op_v1_add_identity (GckSshAgentCall *call)
return FALSE;
}
- /*
- * This is the session that owns these objects. Only
- * one thread can use it at a time.
+ /*
+ * This is the session that owns these objects. Only
+ * one thread can use it at a time.
*/
- session = gck_ssh_agent_checkout_main_session ();
+ session = gkd_ssh_agent_checkout_main_session ();
g_return_val_if_fail (session, FALSE);
-
+
ret = replace_key_pair (session, priv, pub);
-
- gck_ssh_agent_checkin_main_session (session);
-
+
+ gkd_ssh_agent_checkin_main_session (session);
+
gp11_attributes_unref (priv);
gp11_attributes_unref (pub);
-
- egg_buffer_add_byte (call->resp, ret ? GCK_SSH_RES_SUCCESS : GCK_SSH_RES_FAILURE);
- return TRUE;
+
+ egg_buffer_add_byte (call->resp, ret ? GKD_SSH_RES_SUCCESS : GKD_SSH_RES_FAILURE);
+ return TRUE;
}
static gboolean
-op_request_identities (GckSshAgentCall *call)
+op_request_identities (GkdSshAgentCall *call)
{
GList *all_attrs, *l;
GP11Attributes *attrs;
@@ -752,84 +752,84 @@ op_request_identities (GckSshAgentCall *call)
/* Find all the keys (we filter out v1 later) */
/* TODO: Check SSH purpose */
all_attrs = NULL;
- if (!gp11_module_enumerate_objects (call->module,
+ if (!gp11_module_enumerate_objects (call->module,
load_identity_v2_attributes, &all_attrs,
CKA_CLASS, GP11_ULONG, CKO_PUBLIC_KEY,
GP11_INVALID)) {
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
-
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_IDENTITIES_ANSWER);
+
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_IDENTITIES_ANSWER);
egg_buffer_add_uint32 (call->resp, g_list_length (all_attrs));
-
+
for (l = all_attrs; l; l = g_list_next (l)) {
-
+
attrs = l->data;
-
+
/* Dig out the label */
if (!gp11_attributes_find_string (attrs, CKA_LABEL, &comment))
comment = NULL;
-
- /* Add a space for the key blob length */
+
+ /* Add a space for the key blob length */
blobpos = call->resp->len;
egg_buffer_add_uint32 (call->resp, 0);
/* Write out the key */
- gck_ssh_agent_proto_write_public (call->resp, attrs);
-
+ gkd_ssh_agent_proto_write_public (call->resp, attrs);
+
/* Write back the blob length */
egg_buffer_set_uint32 (call->resp, blobpos, (call->resp->len - blobpos) - 4);
-
+
/* And now a per key comment */
egg_buffer_add_string (call->resp, comment ? comment : "");
-
+
g_free (comment);
gp11_attributes_unref (attrs);
}
-
+
g_list_free (all_attrs);
-
+
return TRUE;
}
static gboolean
-op_v1_request_identities (GckSshAgentCall *call)
+op_v1_request_identities (GkdSshAgentCall *call)
{
GList *all_attrs, *l;
GP11Attributes *attrs;
-
+
/* Find all the keys not on token, and are V1 */
/* TODO: Check SSH purpose */
all_attrs = NULL;
- if (!gp11_module_enumerate_objects (call->module,
+ if (!gp11_module_enumerate_objects (call->module,
load_identity_v1_attributes, &all_attrs,
CKA_CLASS, GP11_ULONG, CKO_PUBLIC_KEY,
CKA_TOKEN, GP11_BOOLEAN, FALSE,
CKA_LABEL, GP11_STRING, V1_LABEL,
GP11_INVALID)) {
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
-
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_RSA_IDENTITIES_ANSWER);
+
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_RSA_IDENTITIES_ANSWER);
egg_buffer_add_uint32 (call->resp, g_list_length (all_attrs));
-
+
for (l = all_attrs; l; l = g_list_next (l)) {
-
+
attrs = l->data;
-
+
/* Write out the key */
- gck_ssh_agent_proto_write_public_v1 (call->resp, attrs);
-
+ gkd_ssh_agent_proto_write_public_v1 (call->resp, attrs);
+
/* And now a per key comment */
egg_buffer_add_string (call->resp, "Public Key");
-
+
gp11_attributes_unref (attrs);
}
-
+
g_list_free (all_attrs);
-
+
return TRUE;
}
@@ -842,20 +842,20 @@ static const guchar MD5_ASN[18] = /* Object ID is 1.2.840.113549.2.5 */
0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
static guchar*
-make_pkcs1_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
+make_pkcs1_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
gsize *n_result)
{
gsize n_algo, n_asn, n_hash;
GChecksum *checksum;
const guchar *asn;
guchar *hash;
-
+
g_assert (data);
g_assert (n_result);
-
+
n_algo = g_checksum_type_get_length (algo);
g_return_val_if_fail (n_algo > 0, FALSE);
-
+
if (algo == G_CHECKSUM_SHA1) {
asn = SHA1_ASN;
n_asn = sizeof (SHA1_ASN);
@@ -863,11 +863,11 @@ make_pkcs1_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
asn = MD5_ASN;
n_asn = sizeof (MD5_ASN);
}
-
+
n_hash = n_algo + n_asn;
hash = g_malloc0 (n_hash);
memcpy (hash, asn, n_asn);
-
+
checksum = g_checksum_new (algo);
g_checksum_update (checksum, data, n_data);
g_checksum_get_digest (checksum, hash + n_asn, &n_algo);
@@ -878,21 +878,21 @@ make_pkcs1_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
}
static guchar*
-make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
+make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
gsize *n_result)
{
gsize n_hash;
GChecksum *checksum;
guchar *hash;
-
+
g_assert (data);
g_assert (n_result);
-
+
n_hash = g_checksum_type_get_length (algo);
g_return_val_if_fail (n_hash > 0, FALSE);
-
+
hash = g_malloc0 (n_hash);
-
+
checksum = g_checksum_new (algo);
g_checksum_update (checksum, data, n_data);
g_checksum_get_digest (checksum, hash, &n_hash);
@@ -902,8 +902,8 @@ make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
return hash;
}
-static gboolean
-op_sign_request (GckSshAgentCall *call)
+static gboolean
+op_sign_request (GkdSshAgentCall *call)
{
GP11Attributes *attrs;
GError *error = NULL;
@@ -921,18 +921,18 @@ op_sign_request (GckSshAgentCall *call)
gulong algo, mech;
GChecksumType halgo;
gsize n_hash = 0;
-
+
offset = 5;
-
+
/* The key packet size */
if (!egg_buffer_get_uint32 (call->req, offset, &offset, &sz))
return FALSE;
/* The key itself */
attrs = gp11_attributes_new ();
- if (!gck_ssh_agent_proto_read_public (call->req, &offset, attrs, &algo))
+ if (!gkd_ssh_agent_proto_read_public (call->req, &offset, attrs, &algo))
return FALSE;
-
+
/* Validate the key type / mechanism */
if (algo == CKK_RSA)
mech = CKM_RSA_PKCS;
@@ -944,65 +944,65 @@ op_sign_request (GckSshAgentCall *call)
if (!egg_buffer_get_byte_array (call->req, offset, &offset, &data, &n_data) ||
!egg_buffer_get_uint32 (call->req, offset, &offset, &flags)) {
gp11_attributes_unref (attrs);
- return FALSE;
+ return FALSE;
}
/* Lookup the key */
search_keys_like_attributes (call->module, attrs, CKO_PUBLIC_KEY, return_private_matching, &key);
gp11_attributes_unref (attrs);
-
+
if (!key) {
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
-
+
/* Usually we hash the data with SHA1 */
- if (flags & GCK_SSH_FLAG_OLD_SIGNATURE)
+ if (flags & GKD_SSH_FLAG_OLD_SIGNATURE)
halgo = G_CHECKSUM_MD5;
else
halgo = G_CHECKSUM_SHA1;
-
+
/* Build the hash */
if (mech == CKM_RSA_PKCS)
hash = make_pkcs1_sign_hash (halgo, data, n_data, &n_hash);
else
hash = make_raw_sign_hash (halgo, data, n_data, &n_hash);
-
+
session = gp11_object_get_session (key);
g_return_val_if_fail (session, FALSE);
-
+
/* Do the magic */
result = gp11_session_sign (session, key, mech, hash, n_hash, &n_result, &error);
-
+
g_object_unref (session);
g_object_unref (key);
g_free (hash);
-
+
if (error) {
if (error->code != CKR_FUNCTION_CANCELED)
g_message ("signing of the data failed: %s", error->message);
g_clear_error (&error);
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
-
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_SIGN_RESPONSE);
-
- /* Add a space for the sig blob length */
+
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_SIGN_RESPONSE);
+
+ /* Add a space for the sig blob length */
blobpos = call->resp->len;
egg_buffer_add_uint32 (call->resp, 0);
-
- salgo = gck_ssh_agent_proto_algo_to_keytype (algo);
+
+ salgo = gkd_ssh_agent_proto_algo_to_keytype (algo);
g_assert (salgo);
egg_buffer_add_string (call->resp, salgo);
switch (algo) {
case CKK_RSA:
- ret = gck_ssh_agent_proto_write_signature_rsa (call->resp, result, n_result);
+ ret = gkd_ssh_agent_proto_write_signature_rsa (call->resp, result, n_result);
break;
case CKK_DSA:
- ret = gck_ssh_agent_proto_write_signature_dsa (call->resp, result, n_result);
+ ret = gkd_ssh_agent_proto_write_signature_dsa (call->resp, result, n_result);
break;
default:
@@ -1011,15 +1011,15 @@ op_sign_request (GckSshAgentCall *call)
g_free (result);
g_return_val_if_fail (ret, FALSE);
-
+
/* Write back the blob length */
egg_buffer_set_uint32 (call->resp, blobpos, (call->resp->len - blobpos) - 4);
-
- return TRUE;
+
+ return TRUE;
}
-static gboolean
-op_v1_challenge (GckSshAgentCall *call)
+static gboolean
+op_v1_challenge (GkdSshAgentCall *call)
{
gsize offset, n_data, n_result, n_hash;
GP11Session *session;
@@ -1035,216 +1035,216 @@ op_v1_challenge (GckSshAgentCall *call)
gboolean ret;
guint i;
guchar b;
-
+
ret = FALSE;
offset = 5;
-
+
attrs = gp11_attributes_new ();
- if (!gck_ssh_agent_proto_read_public_v1 (call->req, &offset, attrs)) {
+ if (!gkd_ssh_agent_proto_read_public_v1 (call->req, &offset, attrs)) {
gp11_attributes_unref (attrs);
return FALSE;
}
-
+
/* Read the entire challenge */
- data = gck_ssh_agent_proto_read_challenge_v1 (call->req, &offset, &n_data);
-
+ data = gkd_ssh_agent_proto_read_challenge_v1 (call->req, &offset, &n_data);
+
/* Only protocol 1.1 is supported */
if (call->req->len <= offset) {
gp11_attributes_unref (attrs);
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
-
+
/* Read out the session id, raw, unbounded */
for (i = 0; i < 16; ++i) {
egg_buffer_get_byte (call->req, offset, &offset, &b);
session_id[i] = b;
}
-
+
/* And the response type */
egg_buffer_get_uint32 (call->req, offset, &offset, &resp_type);
-
+
/* Did parsing fail? */
if (egg_buffer_has_error (call->req) || data == NULL) {
gp11_attributes_unref (attrs);
return FALSE;
}
-
+
/* Not supported request type */
if (resp_type != 1) {
gp11_attributes_unref (attrs);
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
-
+
/* Lookup the key */
search_keys_like_attributes (call->module, attrs, CKO_PUBLIC_KEY, return_private_matching, &key);
gp11_attributes_unref (attrs);
-
+
/* Didn't find a key? */
if (key == NULL) {
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
session = gp11_object_get_session (key);
g_return_val_if_fail (session, FALSE);
-
+
result = gp11_session_decrypt (session, key, CKM_RSA_PKCS, data, n_data, &n_result, &error);
-
+
g_object_unref (session);
g_object_unref (key);
-
+
if (error) {
if (error->code != CKR_FUNCTION_CANCELED)
g_message ("decryption of the data failed: %s", error->message);
g_clear_error (&error);
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
-
+
/* Now build up a hash of this and the session_id */
checksum = g_checksum_new (G_CHECKSUM_MD5);
g_checksum_update (checksum, result, n_result);
g_checksum_update (checksum, session_id, sizeof (session_id));
n_hash = sizeof (hash);
g_checksum_get_digest (checksum, hash, &n_hash);
-
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_RSA_RESPONSE);
+
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_RSA_RESPONSE);
egg_buffer_append (call->resp, hash, n_hash);
-
+
g_free (result);
return TRUE;
}
-static gboolean
-op_remove_identity (GckSshAgentCall *call)
+static gboolean
+op_remove_identity (GkdSshAgentCall *call)
{
GP11Attributes *attrs;
GP11Session *session;
GP11Object *key = NULL;
gsize offset;
guint sz;
-
+
offset = 5;
-
+
/* The key packet size */
if (!egg_buffer_get_uint32 (call->req, offset, &offset, &sz))
return FALSE;
/* The public key itself */
attrs = gp11_attributes_new ();
- if (!gck_ssh_agent_proto_read_public (call->req, &offset, attrs, NULL)) {
+ if (!gkd_ssh_agent_proto_read_public (call->req, &offset, attrs, NULL)) {
gp11_attributes_unref (attrs);
return FALSE;
}
- /*
- * This is the session that owns these objects. Only
- * one thread can use it at a time.
+ /*
+ * This is the session that owns these objects. Only
+ * one thread can use it at a time.
*/
-
- session = gck_ssh_agent_checkout_main_session ();
+
+ session = gkd_ssh_agent_checkout_main_session ();
g_return_val_if_fail (session, FALSE);
search_keys_like_attributes (session, attrs, CKO_PUBLIC_KEY, return_first_matching, &key);
gp11_attributes_unref (attrs);
-
- if (key != NULL) {
+
+ if (key != NULL) {
remove_by_public_key (session, key, TRUE);
g_object_unref (key);
}
- gck_ssh_agent_checkin_main_session (session);
+ gkd_ssh_agent_checkin_main_session (session);
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_SUCCESS);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_SUCCESS);
- return TRUE;
+ return TRUE;
}
-static gboolean
-op_v1_remove_identity (GckSshAgentCall *call)
+static gboolean
+op_v1_remove_identity (GkdSshAgentCall *call)
{
GP11Session *session;
GP11Attributes *attrs;
GP11Object *key = NULL;
gsize offset;
-
+
offset = 5;
-
+
attrs = gp11_attributes_new ();
- if (!gck_ssh_agent_proto_read_public_v1 (call->req, &offset, attrs)) {
- gp11_attributes_unref (attrs);
+ if (!gkd_ssh_agent_proto_read_public_v1 (call->req, &offset, attrs)) {
+ gp11_attributes_unref (attrs);
return FALSE;
}
- /*
- * This is the session that owns these objects. Only
- * one thread can use it at a time.
+ /*
+ * This is the session that owns these objects. Only
+ * one thread can use it at a time.
*/
- session = gck_ssh_agent_checkout_main_session ();
+ session = gkd_ssh_agent_checkout_main_session ();
g_return_val_if_fail (session, FALSE);
search_keys_like_attributes (session, attrs, CKO_PUBLIC_KEY, return_first_matching, &key);
gp11_attributes_unref (attrs);
-
- if (key != NULL) {
+
+ if (key != NULL) {
remove_by_public_key (session, key, FALSE);
g_object_unref (key);
}
- gck_ssh_agent_checkin_main_session (session);
+ gkd_ssh_agent_checkin_main_session (session);
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_SUCCESS);
- return TRUE;
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_SUCCESS);
+ return TRUE;
}
-static gboolean
-op_remove_all_identities (GckSshAgentCall *call)
+static gboolean
+op_remove_all_identities (GkdSshAgentCall *call)
{
GP11Session *session;
GList *objects, *l;
GError *error = NULL;
-
- /*
- * This is the session that owns these objects. Only
- * one thread can use it at a time.
+
+ /*
+ * This is the session that owns these objects. Only
+ * one thread can use it at a time.
*/
-
- session = gck_ssh_agent_checkout_main_session ();
+
+ session = gkd_ssh_agent_checkout_main_session ();
g_return_val_if_fail (session, FALSE);
-
+
/* Find all session SSH public keys */
objects = gp11_session_find_objects (session, &error,
CKA_CLASS, GP11_ULONG, CKO_PUBLIC_KEY,
GP11_INVALID);
-
- for (l = objects; l; l = g_list_next (l))
+
+ for (l = objects; l; l = g_list_next (l))
remove_by_public_key (session, l->data, TRUE);
gp11_list_unref_free (objects);
- gck_ssh_agent_checkin_main_session (session);
+ gkd_ssh_agent_checkin_main_session (session);
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_SUCCESS);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_SUCCESS);
return TRUE;
}
-static gboolean
-op_v1_remove_all_identities (GckSshAgentCall *call)
+static gboolean
+op_v1_remove_all_identities (GkdSshAgentCall *call)
{
GP11Session *session;
GList *objects, *l;
GError *error = NULL;
- /*
- * This is the session that owns these objects. Only
- * one thread can use it at a time.
+ /*
+ * This is the session that owns these objects. Only
+ * one thread can use it at a time.
*/
-
- session = gck_ssh_agent_checkout_main_session ();
+
+ session = gkd_ssh_agent_checkout_main_session ();
g_return_val_if_fail (session, FALSE);
/* Find all session SSH v1 public keys */
@@ -1254,39 +1254,39 @@ op_v1_remove_all_identities (GckSshAgentCall *call)
CKA_LABEL, GP11_STRING, V1_LABEL,
GP11_INVALID);
- for (l = objects; l; l = g_list_next (l))
+ for (l = objects; l; l = g_list_next (l))
remove_by_public_key (session, l->data, FALSE);
gp11_list_unref_free (objects);
- gck_ssh_agent_checkin_main_session (session);
-
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_SUCCESS);
+ gkd_ssh_agent_checkin_main_session (session);
+
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_SUCCESS);
return TRUE;
}
-static gboolean
-op_not_implemented_success (GckSshAgentCall *call)
+static gboolean
+op_not_implemented_success (GkdSshAgentCall *call)
{
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_SUCCESS);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_SUCCESS);
return TRUE;
}
-
+
static gboolean
-op_not_implemented_failure (GckSshAgentCall *call)
+op_not_implemented_failure (GkdSshAgentCall *call)
{
- egg_buffer_add_byte (call->resp, GCK_SSH_RES_FAILURE);
+ egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE);
return TRUE;
}
static gboolean
-op_invalid (GckSshAgentCall *call)
+op_invalid (GkdSshAgentCall *call)
{
/* Invalid request, disconnect immediately */
return FALSE;
}
-const GckSshAgentOperation gck_ssh_agent_operations[GCK_SSH_OP_MAX] = {
+const GkdSshAgentOperation gkd_ssh_agent_operations[GKD_SSH_OP_MAX] = {
op_invalid, /* 0 */
op_v1_request_identities, /* GKR_SSH_OP_REQUEST_RSA_IDENTITIES */
op_invalid, /* 2 */
@@ -1297,13 +1297,13 @@ const GckSshAgentOperation gck_ssh_agent_operations[GCK_SSH_OP_MAX] = {
op_v1_add_identity, /* GKR_SSH_OP_ADD_RSA_IDENTITY */
op_v1_remove_identity, /* GKR_SSH_OP_REMOVE_RSA_IDENTITY */
op_v1_remove_all_identities, /* GKR_SSH_OP_REMOVE_ALL_RSA_IDENTITIES */
- op_invalid, /* 10 */
+ op_invalid, /* 10 */
op_request_identities, /* GKR_SSH_OP_REQUEST_IDENTITIES */
op_invalid, /* 12 */
op_sign_request, /* GKR_SSH_OP_SIGN_REQUEST */
- op_invalid, /* 14 */
- op_invalid, /* 15 */
- op_invalid, /* 16 */
+ op_invalid, /* 14 */
+ op_invalid, /* 15 */
+ op_invalid, /* 16 */
op_add_identity, /* GKR_SSH_OP_ADD_IDENTITY */
op_remove_identity, /* GKR_SSH_OP_REMOVE_IDENTITY */
op_remove_all_identities, /* GKR_SSH_OP_REMOVE_ALL_IDENTITIES */
diff --git a/pkcs11/ssh-agent/gck-ssh-agent-private.h b/daemon/ssh-agent/gkd-ssh-agent-private.h
similarity index 52%
rename from pkcs11/ssh-agent/gck-ssh-agent-private.h
rename to daemon/ssh-agent/gkd-ssh-agent-private.h
index 08af331..c843730 100644
--- a/pkcs11/ssh-agent/gck-ssh-agent-private.h
+++ b/daemon/ssh-agent/gkd-ssh-agent-private.h
@@ -1,5 +1,5 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-/* gkr-ssh-agent-private.h - Private SSH agent declarations
+/* gkd-ssh-agent-private.h - Private SSH agent declarations
Copyright (C) 2007 Stefan Walter
@@ -7,12 +7,12 @@
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
-
+
Gnome keyring is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
@@ -20,8 +20,8 @@
Author: Stef Walter <stef memberwebs com>
*/
-#ifndef GKRSSHPRIVATE_H_
-#define GKRSSHPRIVATE_H_
+#ifndef GKDSSHPRIVATE_H_
+#define GKDSSHPRIVATE_H_
#include "egg/egg-buffer.h"
@@ -31,150 +31,150 @@
#include <glib.h>
-typedef struct _GckSshAgentCall {
+typedef struct _GkdSshAgentCall {
int sock;
GP11Module *module;
EggBuffer *req;
EggBuffer *resp;
-} GckSshAgentCall;
+} GkdSshAgentCall;
/* -----------------------------------------------------------------------------
* SSH OPERATIONS and CONSTANTS
*/
/* Requests from client to daemon */
-#define GCK_SSH_OP_REQUEST_RSA_IDENTITIES 1
-#define GCK_SSH_OP_RSA_CHALLENGE 3
-#define GCK_SSH_OP_ADD_RSA_IDENTITY 7
-#define GCK_SSH_OP_REMOVE_RSA_IDENTITY 8
-#define GCK_SSH_OP_REMOVE_ALL_RSA_IDENTITIES 9
-#define GCK_SSH_OP_REQUEST_IDENTITIES 11
-#define GCK_SSH_OP_SIGN_REQUEST 13
-#define GCK_SSH_OP_ADD_IDENTITY 17
-#define GCK_SSH_OP_REMOVE_IDENTITY 18
-#define GCK_SSH_OP_REMOVE_ALL_IDENTITIES 19
-#define GCK_SSH_OP_ADD_SMARTCARD_KEY 20
-#define GCK_SSH_OP_REMOVE_SMARTCARD_KEY 21
-#define GCK_SSH_OP_LOCK 22
-#define GCK_SSH_OP_UNLOCK 23
-#define GCK_SSH_OP_ADD_RSA_ID_CONSTRAINED 24
-#define GCK_SSH_OP_ADD_ID_CONSTRAINED 25
-#define GCK_SSH_OP_ADD_SMARTCARD_KEY_CONSTRAINED 26
-
-#define GCK_SSH_OP_MAX 27
+#define GKD_SSH_OP_REQUEST_RSA_IDENTITIES 1
+#define GKD_SSH_OP_RSA_CHALLENGE 3
+#define GKD_SSH_OP_ADD_RSA_IDENTITY 7
+#define GKD_SSH_OP_REMOVE_RSA_IDENTITY 8
+#define GKD_SSH_OP_REMOVE_ALL_RSA_IDENTITIES 9
+#define GKD_SSH_OP_REQUEST_IDENTITIES 11
+#define GKD_SSH_OP_SIGN_REQUEST 13
+#define GKD_SSH_OP_ADD_IDENTITY 17
+#define GKD_SSH_OP_REMOVE_IDENTITY 18
+#define GKD_SSH_OP_REMOVE_ALL_IDENTITIES 19
+#define GKD_SSH_OP_ADD_SMARTCARD_KEY 20
+#define GKD_SSH_OP_REMOVE_SMARTCARD_KEY 21
+#define GKD_SSH_OP_LOCK 22
+#define GKD_SSH_OP_UNLOCK 23
+#define GKD_SSH_OP_ADD_RSA_ID_CONSTRAINED 24
+#define GKD_SSH_OP_ADD_ID_CONSTRAINED 25
+#define GKD_SSH_OP_ADD_SMARTCARD_KEY_CONSTRAINED 26
+
+#define GKD_SSH_OP_MAX 27
/* Responses from daemon to client */
-#define GCK_SSH_RES_RSA_IDENTITIES_ANSWER 2
-#define GCK_SSH_RES_RSA_RESPONSE 4
-#define GCK_SSH_RES_FAILURE 5
-#define GCK_SSH_RES_SUCCESS 6
-#define GCK_SSH_RES_IDENTITIES_ANSWER 12
-#define GCK_SSH_RES_SIGN_RESPONSE 14
-#define GCK_SSH_RES_EXTENDED_FAILURE 30
-#define GCK_SSH_RES_SSHCOM_FAILURE 102
+#define GKD_SSH_RES_RSA_IDENTITIES_ANSWER 2
+#define GKD_SSH_RES_RSA_RESPONSE 4
+#define GKD_SSH_RES_FAILURE 5
+#define GKD_SSH_RES_SUCCESS 6
+#define GKD_SSH_RES_IDENTITIES_ANSWER 12
+#define GKD_SSH_RES_SIGN_RESPONSE 14
+#define GKD_SSH_RES_EXTENDED_FAILURE 30
+#define GKD_SSH_RES_SSHCOM_FAILURE 102
-#define GCK_SSH_FLAG_CONSTRAIN_LIFETIME 1
-#define GCK_SSH_FLAG_CONSTRAIN_CONFIRM 2
+#define GKD_SSH_FLAG_CONSTRAIN_LIFETIME 1
+#define GKD_SSH_FLAG_CONSTRAIN_CONFIRM 2
-#define GCK_SSH_DSA_SIGNATURE_PADDING 20
-#define GCK_SSH_FLAG_OLD_SIGNATURE 0x01
+#define GKD_SSH_DSA_SIGNATURE_PADDING 20
+#define GKD_SSH_FLAG_OLD_SIGNATURE 0x01
/* -----------------------------------------------------------------------------
- * gck-ssh-agent-ops.c
+ * gkd-ssh-agent-ops.c
*/
-typedef gboolean (*GckSshAgentOperation) (GckSshAgentCall *call);
-extern const GckSshAgentOperation gck_ssh_agent_operations[GCK_SSH_OP_MAX];
+typedef gboolean (*GkdSshAgentOperation) (GkdSshAgentCall *call);
+extern const GkdSshAgentOperation gkd_ssh_agent_operations[GKD_SSH_OP_MAX];
/* -----------------------------------------------------------------------------
- * gck-ssh-agent.c
+ * gkd-ssh-agent.c
*/
-gboolean gck_ssh_agent_initialize_with_module (GP11Module *module);
+gboolean gkd_ssh_agent_initialize_with_module (GP11Module *module);
-GP11Session* gck_ssh_agent_checkout_main_session (void);
+GP11Session* gkd_ssh_agent_checkout_main_session (void);
-void gck_ssh_agent_checkin_main_session (GP11Session* session);
+void gkd_ssh_agent_checkin_main_session (GP11Session* session);
/* -----------------------------------------------------------------------------
- * gkr-ssh-proto.c
+ * gkd-ssh-agent-proto.c
*/
-gulong gck_ssh_agent_proto_keytype_to_algo (const gchar *salgo);
+gulong gkd_ssh_agent_proto_keytype_to_algo (const gchar *salgo);
-const gchar* gck_ssh_agent_proto_algo_to_keytype (gulong algo);
+const gchar* gkd_ssh_agent_proto_algo_to_keytype (gulong algo);
-gboolean gck_ssh_agent_proto_read_mpi (EggBuffer *req,
- gsize *offset,
- GP11Attributes *attrs,
+gboolean gkd_ssh_agent_proto_read_mpi (EggBuffer *req,
+ gsize *offset,
+ GP11Attributes *attrs,
CK_ATTRIBUTE_TYPE type);
-gboolean gck_ssh_agent_proto_read_mpi_v1 (EggBuffer *req,
- gsize *offset,
+gboolean gkd_ssh_agent_proto_read_mpi_v1 (EggBuffer *req,
+ gsize *offset,
GP11Attributes *attrs,
CK_ATTRIBUTE_TYPE type);
-const guchar* gck_ssh_agent_proto_read_challenge_v1 (EggBuffer *req,
+const guchar* gkd_ssh_agent_proto_read_challenge_v1 (EggBuffer *req,
gsize *offset,
gsize *n_challenge);
-
-gboolean gck_ssh_agent_proto_write_mpi (EggBuffer *resp,
+
+gboolean gkd_ssh_agent_proto_write_mpi (EggBuffer *resp,
GP11Attribute *attr);
-gboolean gck_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp,
+gboolean gkd_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp,
GP11Attribute *attr);
-gboolean gck_ssh_agent_proto_read_public (EggBuffer *req,
- gsize *offset,
- GP11Attributes *attrs,
+gboolean gkd_ssh_agent_proto_read_public (EggBuffer *req,
+ gsize *offset,
+ GP11Attributes *attrs,
gulong *algo);
-gboolean gck_ssh_agent_proto_read_public_rsa (EggBuffer *req,
- gsize *offset,
+gboolean gkd_ssh_agent_proto_read_public_rsa (EggBuffer *req,
+ gsize *offset,
GP11Attributes *attrs);
-gboolean gck_ssh_agent_proto_read_public_dsa (EggBuffer *req,
- gsize *offset,
+gboolean gkd_ssh_agent_proto_read_public_dsa (EggBuffer *req,
+ gsize *offset,
GP11Attributes *attrs);
-gboolean gck_ssh_agent_proto_read_public_v1 (EggBuffer *req,
- gsize *offset,
+gboolean gkd_ssh_agent_proto_read_public_v1 (EggBuffer *req,
+ gsize *offset,
GP11Attributes *attrs);
-gboolean gck_ssh_agent_proto_read_pair_rsa (EggBuffer *req,
- gsize *offset,
+gboolean gkd_ssh_agent_proto_read_pair_rsa (EggBuffer *req,
+ gsize *offset,
GP11Attributes *priv_attrs,
GP11Attributes *pub_attrs);
-gboolean gck_ssh_agent_proto_read_pair_dsa (EggBuffer *req,
- gsize *offset,
+gboolean gkd_ssh_agent_proto_read_pair_dsa (EggBuffer *req,
+ gsize *offset,
GP11Attributes *priv_attrs,
GP11Attributes *pub_attrs);
-gboolean gck_ssh_agent_proto_read_pair_v1 (EggBuffer *req,
- gsize *offset,
+gboolean gkd_ssh_agent_proto_read_pair_v1 (EggBuffer *req,
+ gsize *offset,
GP11Attributes *priv_attrs,
GP11Attributes *pub_attrs);
-gboolean gck_ssh_agent_proto_write_public (EggBuffer *resp,
+gboolean gkd_ssh_agent_proto_write_public (EggBuffer *resp,
GP11Attributes *attrs);
-gboolean gck_ssh_agent_proto_write_public_rsa (EggBuffer *resp,
+gboolean gkd_ssh_agent_proto_write_public_rsa (EggBuffer *resp,
GP11Attributes *attrs);
-gboolean gck_ssh_agent_proto_write_public_dsa (EggBuffer *resp,
+gboolean gkd_ssh_agent_proto_write_public_dsa (EggBuffer *resp,
GP11Attributes *attrs);
-gboolean gck_ssh_agent_proto_write_public_v1 (EggBuffer *resp,
+gboolean gkd_ssh_agent_proto_write_public_v1 (EggBuffer *resp,
GP11Attributes *attrs);
-gboolean gck_ssh_agent_proto_write_signature_rsa (EggBuffer *resp,
- CK_BYTE_PTR signature,
+gboolean gkd_ssh_agent_proto_write_signature_rsa (EggBuffer *resp,
+ CK_BYTE_PTR signature,
CK_ULONG n_signature);
-gboolean gck_ssh_agent_proto_write_signature_dsa (EggBuffer *resp,
- CK_BYTE_PTR signature,
+gboolean gkd_ssh_agent_proto_write_signature_dsa (EggBuffer *resp,
+ CK_BYTE_PTR signature,
CK_ULONG n_signature);
-#endif /*GKRSSHPRIVATE_H_*/
+#endif /*GKDSSHPRIVATE_H_*/
diff --git a/pkcs11/ssh-agent/gck-ssh-agent-proto.c b/daemon/ssh-agent/gkd-ssh-agent-proto.c
similarity index 71%
rename from pkcs11/ssh-agent/gck-ssh-agent-proto.c
rename to daemon/ssh-agent/gkd-ssh-agent-proto.c
index ac56b0b..2e4c51f 100644
--- a/pkcs11/ssh-agent/gck-ssh-agent-proto.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-proto.c
@@ -1,5 +1,5 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-/* gck-ssh-agent-proto.c - SSH agent protocol helpers
+/* gkd-ssh-agent-proto.c - SSH agent protocol helpers
Copyright (C) 2007 Stefan Walter
@@ -7,12 +7,12 @@
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
-
+
Gnome keyring is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
@@ -22,7 +22,7 @@
#include "config.h"
-#include "gck-ssh-agent-private.h"
+#include "gkd-ssh-agent-private.h"
#include "egg/egg-buffer.h"
@@ -33,7 +33,7 @@
#include <string.h>
gulong
-gck_ssh_agent_proto_keytype_to_algo (const gchar *salgo)
+gkd_ssh_agent_proto_keytype_to_algo (const gchar *salgo)
{
g_return_val_if_fail (salgo, G_MAXULONG);
if (strcmp (salgo, "ssh-rsa") == 0)
@@ -44,25 +44,25 @@ gck_ssh_agent_proto_keytype_to_algo (const gchar *salgo)
}
const gchar*
-gck_ssh_agent_proto_algo_to_keytype (gulong algo)
+gkd_ssh_agent_proto_algo_to_keytype (gulong algo)
{
if (algo == CKK_RSA)
return "ssh-rsa";
else if (algo == CKK_DSA)
return "ssh-dss";
- return NULL;
+ return NULL;
}
gboolean
-gck_ssh_agent_proto_read_mpi (EggBuffer *req, gsize *offset, GP11Attributes *attrs,
+gkd_ssh_agent_proto_read_mpi (EggBuffer *req, gsize *offset, GP11Attributes *attrs,
CK_ATTRIBUTE_TYPE type)
{
const guchar *data;
gsize len;
-
+
if (!egg_buffer_get_byte_array (req, *offset, offset, &data, &len))
return FALSE;
-
+
/* Convert to unsigned format */
if (len >= 2 && data[0] == 0 && (data[1] & 0x80)) {
++data;
@@ -74,44 +74,44 @@ gck_ssh_agent_proto_read_mpi (EggBuffer *req, gsize *offset, GP11Attributes *att
}
gboolean
-gck_ssh_agent_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, GP11Attributes *attrs,
+gkd_ssh_agent_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, GP11Attributes *attrs,
CK_ATTRIBUTE_TYPE type)
{
const guchar *data;
gsize bytes;
guint16 bits;
-
+
/* Get the number of bits */
if (!egg_buffer_get_uint16 (req, *offset, offset, &bits))
return FALSE;
-
+
/* Figure out the number of binary bytes following */
bytes = (bits + 7) / 8;
if (bytes > 8 * 1024)
return FALSE;
-
+
/* Pull these out directly */
if (req->len < *offset + bytes)
return FALSE;
data = req->buf + *offset;
*offset += bytes;
-
+
gp11_attributes_add_data (attrs, type, data, bytes);
return TRUE;
}
gboolean
-gck_ssh_agent_proto_write_mpi (EggBuffer *resp, GP11Attribute *attr)
+gkd_ssh_agent_proto_write_mpi (EggBuffer *resp, GP11Attribute *attr)
{
guchar *data;
gsize n_extra;
-
+
g_assert (resp);
g_assert (attr);
-
+
/* Convert from unsigned format */
n_extra = 0;
- if (attr->length && (attr->value[0] & 0x80))
+ if (attr->length && (attr->value[0] & 0x80))
++n_extra;
data = egg_buffer_add_byte_array_empty (resp, attr->length + n_extra);
@@ -124,12 +124,12 @@ gck_ssh_agent_proto_write_mpi (EggBuffer *resp, GP11Attribute *attr)
}
gboolean
-gck_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp, GP11Attribute *attr)
+gkd_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp, GP11Attribute *attr)
{
guchar *data;
-
+
g_return_val_if_fail (attr->length * 8 < G_MAXUSHORT, FALSE);
-
+
if (!egg_buffer_add_uint16 (resp, attr->length * 8))
return FALSE;
@@ -141,21 +141,21 @@ gck_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp, GP11Attribute *attr)
}
const guchar*
-gck_ssh_agent_proto_read_challenge_v1 (EggBuffer *req, gsize *offset, gsize *n_challenge)
+gkd_ssh_agent_proto_read_challenge_v1 (EggBuffer *req, gsize *offset, gsize *n_challenge)
{
const guchar *data;
gsize bytes;
guint16 bits;
-
+
/* Get the number of bits */
if (!egg_buffer_get_uint16 (req, *offset, offset, &bits))
return FALSE;
-
+
/* Figure out the number of binary bytes following */
bytes = (bits + 7) / 8;
if (bytes > 8 * 1024)
return FALSE;
-
+
/* Pull these out directly */
if (req->len < *offset + bytes)
return FALSE;
@@ -166,66 +166,66 @@ gck_ssh_agent_proto_read_challenge_v1 (EggBuffer *req, gsize *offset, gsize *n_c
}
gboolean
-gck_ssh_agent_proto_read_public (EggBuffer *req, gsize *offset, GP11Attributes* attrs, gulong *algo)
+gkd_ssh_agent_proto_read_public (EggBuffer *req, gsize *offset, GP11Attributes* attrs, gulong *algo)
{
gboolean ret;
gchar *stype;
gulong alg;
-
+
g_assert (req);
g_assert (offset);
-
+
/* The string algorithm */
if (!egg_buffer_get_string (req, *offset, offset, &stype, (EggBufferAllocator)g_realloc))
return FALSE;
-
- alg = gck_ssh_agent_proto_keytype_to_algo (stype);
+
+ alg = gkd_ssh_agent_proto_keytype_to_algo (stype);
if (alg == G_MAXULONG) {
g_warning ("unsupported algorithm from SSH: %s", stype);
g_free (stype);
return FALSE;
}
-
+
g_free (stype);
switch (alg) {
case CKK_RSA:
- ret = gck_ssh_agent_proto_read_public_rsa (req, offset, attrs);
+ ret = gkd_ssh_agent_proto_read_public_rsa (req, offset, attrs);
break;
case CKK_DSA:
- ret = gck_ssh_agent_proto_read_public_dsa (req, offset, attrs);
+ ret = gkd_ssh_agent_proto_read_public_dsa (req, offset, attrs);
break;
default:
g_assert_not_reached ();
return FALSE;
}
-
+
if (!ret) {
g_warning ("couldn't read incoming SSH private key");
return FALSE;
}
-
+
if (algo)
*algo = alg;
return ret;
}
gboolean
-gck_ssh_agent_proto_read_pair_rsa (EggBuffer *req, gsize *offset,
+gkd_ssh_agent_proto_read_pair_rsa (EggBuffer *req, gsize *offset,
GP11Attributes *priv_attrs, GP11Attributes *pub_attrs)
{
GP11Attribute *attr;
-
+
g_assert (req);
g_assert (offset);
g_assert (priv_attrs);
g_assert (pub_attrs);
-
- if (!gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_MODULUS) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PUBLIC_EXPONENT) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIVATE_EXPONENT) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_COEFFICIENT) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIME_1) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIME_2))
+
+ if (!gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_MODULUS) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PUBLIC_EXPONENT) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIVATE_EXPONENT) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_COEFFICIENT) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIME_1) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIME_2))
return FALSE;
/* Copy attributes to the public key */
@@ -233,7 +233,7 @@ gck_ssh_agent_proto_read_pair_rsa (EggBuffer *req, gsize *offset,
gp11_attributes_add (pub_attrs, attr);
attr = gp11_attributes_find (priv_attrs, CKA_PUBLIC_EXPONENT);
gp11_attributes_add (pub_attrs, attr);
-
+
/* Add in your basic other required attributes */
gp11_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY);
gp11_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_RSA);
@@ -244,98 +244,98 @@ gck_ssh_agent_proto_read_pair_rsa (EggBuffer *req, gsize *offset,
}
gboolean
-gck_ssh_agent_proto_read_pair_v1 (EggBuffer *req, gsize *offset,
+gkd_ssh_agent_proto_read_pair_v1 (EggBuffer *req, gsize *offset,
GP11Attributes *priv_attrs, GP11Attributes *pub_attrs)
{
GP11Attribute *attr;
-
+
g_assert (req);
g_assert (offset);
g_assert (priv_attrs);
g_assert (pub_attrs);
-
- if (!gck_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_MODULUS) ||
- !gck_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PUBLIC_EXPONENT) ||
- !gck_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIVATE_EXPONENT) ||
- !gck_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_COEFFICIENT) ||
- !gck_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIME_1) ||
- !gck_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIME_2))
- return FALSE;
-
+
+ if (!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_MODULUS) ||
+ !gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PUBLIC_EXPONENT) ||
+ !gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIVATE_EXPONENT) ||
+ !gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_COEFFICIENT) ||
+ !gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIME_1) ||
+ !gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIME_2))
+ return FALSE;
+
/* Copy attributes to the public key */
attr = gp11_attributes_find (priv_attrs, CKA_MODULUS);
gp11_attributes_add (pub_attrs, attr);
attr = gp11_attributes_find (priv_attrs, CKA_PUBLIC_EXPONENT);
gp11_attributes_add (pub_attrs, attr);
-
+
/* Add in your basic other required attributes */
gp11_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY);
gp11_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_RSA);
gp11_attributes_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY);
gp11_attributes_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_RSA);
-
+
return TRUE;
}
gboolean
-gck_ssh_agent_proto_read_public_rsa (EggBuffer *req, gsize *offset, GP11Attributes *attrs)
+gkd_ssh_agent_proto_read_public_rsa (EggBuffer *req, gsize *offset, GP11Attributes *attrs)
{
g_assert (req);
g_assert (offset);
g_assert (attrs);
-
- if (!gck_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_PUBLIC_EXPONENT) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_MODULUS))
+
+ if (!gkd_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_PUBLIC_EXPONENT) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_MODULUS))
return FALSE;
/* Add in your basic other required attributes */
gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY);
gp11_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_RSA);
-
+
return TRUE;
}
gboolean
-gck_ssh_agent_proto_read_public_v1 (EggBuffer *req, gsize *offset, GP11Attributes *attrs)
+gkd_ssh_agent_proto_read_public_v1 (EggBuffer *req, gsize *offset, GP11Attributes *attrs)
{
guint32 bits;
-
+
g_assert (req);
g_assert (offset);
g_assert (attrs);
if (!egg_buffer_get_uint32 (req, *offset, offset, &bits))
return FALSE;
-
- if (!gck_ssh_agent_proto_read_mpi_v1 (req, offset, attrs, CKA_PUBLIC_EXPONENT) ||
- !gck_ssh_agent_proto_read_mpi_v1 (req, offset, attrs, CKA_MODULUS))
+
+ if (!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, attrs, CKA_PUBLIC_EXPONENT) ||
+ !gkd_ssh_agent_proto_read_mpi_v1 (req, offset, attrs, CKA_MODULUS))
return FALSE;
/* Add in your basic other required attributes */
gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY);
gp11_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_RSA);
-
+
return TRUE;
}
gboolean
-gck_ssh_agent_proto_read_pair_dsa (EggBuffer *req, gsize *offset,
+gkd_ssh_agent_proto_read_pair_dsa (EggBuffer *req, gsize *offset,
GP11Attributes *priv_attrs, GP11Attributes *pub_attrs)
{
GP11Attribute *attr;
-
+
g_assert (req);
g_assert (offset);
g_assert (priv_attrs);
g_assert (pub_attrs);
-
- if (!gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIME) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_SUBPRIME) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_BASE) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, pub_attrs, CKA_VALUE) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_VALUE))
- return FALSE;
-
+
+ if (!gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIME) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_SUBPRIME) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_BASE) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, pub_attrs, CKA_VALUE) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_VALUE))
+ return FALSE;
+
/* Copy attributes to the public key */
attr = gp11_attributes_find (priv_attrs, CKA_PRIME);
gp11_attributes_add (pub_attrs, attr);
@@ -343,7 +343,7 @@ gck_ssh_agent_proto_read_pair_dsa (EggBuffer *req, gsize *offset,
gp11_attributes_add (pub_attrs, attr);
attr = gp11_attributes_find (priv_attrs, CKA_BASE);
gp11_attributes_add (pub_attrs, attr);
-
+
/* Add in your basic other required attributes */
gp11_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY);
gp11_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_DSA);
@@ -354,51 +354,51 @@ gck_ssh_agent_proto_read_pair_dsa (EggBuffer *req, gsize *offset,
}
gboolean
-gck_ssh_agent_proto_read_public_dsa (EggBuffer *req, gsize *offset, GP11Attributes *attrs)
+gkd_ssh_agent_proto_read_public_dsa (EggBuffer *req, gsize *offset, GP11Attributes *attrs)
{
g_assert (req);
g_assert (offset);
g_assert (attrs);
-
- if (!gck_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_PRIME) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_SUBPRIME) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_BASE) ||
- !gck_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_VALUE))
- return FALSE;
+
+ if (!gkd_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_PRIME) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_SUBPRIME) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_BASE) ||
+ !gkd_ssh_agent_proto_read_mpi (req, offset, attrs, CKA_VALUE))
+ return FALSE;
/* Add in your basic other required attributes */
gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY);
gp11_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_DSA);
-
+
return TRUE;
}
gboolean
-gck_ssh_agent_proto_write_public (EggBuffer *resp, GP11Attributes *attrs)
+gkd_ssh_agent_proto_write_public (EggBuffer *resp, GP11Attributes *attrs)
{
gboolean ret = FALSE;
const gchar *salgo;
gulong algo;
-
+
g_assert (resp);
g_assert (attrs);
-
+
if (!gp11_attributes_find_ulong (attrs, CKA_KEY_TYPE, &algo))
g_return_val_if_reached (FALSE);
-
- salgo = gck_ssh_agent_proto_algo_to_keytype (algo);
+
+ salgo = gkd_ssh_agent_proto_algo_to_keytype (algo);
g_assert (salgo);
egg_buffer_add_string (resp, salgo);
-
+
switch (algo) {
case CKK_RSA:
- ret = gck_ssh_agent_proto_write_public_rsa (resp, attrs);
+ ret = gkd_ssh_agent_proto_write_public_rsa (resp, attrs);
break;
-
+
case CKK_DSA:
- ret = gck_ssh_agent_proto_write_public_dsa (resp, attrs);
+ ret = gkd_ssh_agent_proto_write_public_dsa (resp, attrs);
break;
-
+
default:
g_return_val_if_reached (FALSE);
break;
@@ -408,74 +408,74 @@ gck_ssh_agent_proto_write_public (EggBuffer *resp, GP11Attributes *attrs)
}
gboolean
-gck_ssh_agent_proto_write_public_rsa (EggBuffer *resp, GP11Attributes *attrs)
+gkd_ssh_agent_proto_write_public_rsa (EggBuffer *resp, GP11Attributes *attrs)
{
GP11Attribute *attr;
-
+
g_assert (resp);
g_assert (attrs);
-
+
attr = gp11_attributes_find (attrs, CKA_PUBLIC_EXPONENT);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi (resp, attr))
return FALSE;
attr = gp11_attributes_find (attrs, CKA_MODULUS);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi (resp, attr))
return FALSE;
return TRUE;
}
gboolean
-gck_ssh_agent_proto_write_public_dsa (EggBuffer *resp, GP11Attributes *attrs)
+gkd_ssh_agent_proto_write_public_dsa (EggBuffer *resp, GP11Attributes *attrs)
{
GP11Attribute *attr;
-
+
g_assert (resp);
g_assert (attrs);
-
+
attr = gp11_attributes_find (attrs, CKA_PRIME);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi (resp, attr))
return FALSE;
attr = gp11_attributes_find (attrs, CKA_SUBPRIME);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi (resp, attr))
return FALSE;
attr = gp11_attributes_find (attrs, CKA_BASE);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi (resp, attr))
return FALSE;
attr = gp11_attributes_find (attrs, CKA_VALUE);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi (resp, attr))
return FALSE;
return TRUE;
}
gboolean
-gck_ssh_agent_proto_write_public_v1 (EggBuffer *resp, GP11Attributes *attrs)
+gkd_ssh_agent_proto_write_public_v1 (EggBuffer *resp, GP11Attributes *attrs)
{
GP11Attribute *attr;
gulong bits;
-
+
g_assert (resp);
g_assert (attrs);
/* This is always an RSA key. */
-
+
/* Write out the number of bits of the key */
if (!gp11_attributes_find_ulong (attrs, CKA_MODULUS_BITS, &bits))
g_return_val_if_reached (FALSE);
@@ -485,29 +485,28 @@ gck_ssh_agent_proto_write_public_v1 (EggBuffer *resp, GP11Attributes *attrs)
attr = gp11_attributes_find (attrs, CKA_PUBLIC_EXPONENT);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi_v1 (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi_v1 (resp, attr))
return FALSE;
/* Write out the modulus */
attr = gp11_attributes_find (attrs, CKA_MODULUS);
g_return_val_if_fail (attr, FALSE);
- if (!gck_ssh_agent_proto_write_mpi_v1 (resp, attr))
+ if (!gkd_ssh_agent_proto_write_mpi_v1 (resp, attr))
return FALSE;
-
+
return TRUE;
}
gboolean
-gck_ssh_agent_proto_write_signature_rsa (EggBuffer *resp, CK_BYTE_PTR signature, CK_ULONG n_signature)
+gkd_ssh_agent_proto_write_signature_rsa (EggBuffer *resp, CK_BYTE_PTR signature, CK_ULONG n_signature)
{
return egg_buffer_add_byte_array (resp, signature, n_signature);
}
gboolean
-gck_ssh_agent_proto_write_signature_dsa (EggBuffer *resp, CK_BYTE_PTR signature, CK_ULONG n_signature)
+gkd_ssh_agent_proto_write_signature_dsa (EggBuffer *resp, CK_BYTE_PTR signature, CK_ULONG n_signature)
{
g_return_val_if_fail (n_signature == 40, FALSE);
return egg_buffer_add_byte_array (resp, signature, n_signature);
}
-
diff --git a/pkcs11/ssh-agent/gck-ssh-agent-standalone.c b/daemon/ssh-agent/gkd-ssh-agent-standalone.c
similarity index 89%
rename from pkcs11/ssh-agent/gck-ssh-agent-standalone.c
rename to daemon/ssh-agent/gkd-ssh-agent-standalone.c
index 16e03d5..acfe3c9 100644
--- a/pkcs11/ssh-agent/gck-ssh-agent-standalone.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-standalone.c
@@ -1,5 +1,5 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-/* gck-ssh-agent-standalone.c - Test standalone SSH agent
+/* gkd-ssh-agent-standalone.c - Test standalone SSH agent
Copyright (C) 2007 Stefan Walter
@@ -7,12 +7,12 @@
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
-
+
Gnome keyring is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
@@ -22,8 +22,8 @@
#include "config.h"
-#include "gck-ssh-agent.h"
-#include "gck-ssh-agent-private.h"
+#include "gkd-ssh-agent.h"
+#include "gkd-ssh-agent-private.h"
#include "egg/egg-secure-memory.h"
@@ -50,11 +50,11 @@ void* egg_memory_fallback (void *p, size_t sz)
static gboolean
accept_client (GIOChannel *channel, GIOCondition cond, gpointer unused)
{
- gck_ssh_agent_accept ();
+ gkd_ssh_agent_accept ();
return TRUE;
}
-static gboolean
+static gboolean
authenticate_slot (GP11Module *module, GP11Slot *slot, gchar *label, gchar **password, gpointer unused)
{
gchar *prompt = g_strdup_printf ("Enter token password (%s): ", label);
@@ -65,7 +65,7 @@ authenticate_slot (GP11Module *module, GP11Slot *slot, gchar *label, gchar **pas
return TRUE;
}
-static gboolean
+static gboolean
authenticate_object (GP11Module *module, GP11Object *object, gchar *label, gchar **password)
{
gchar *prompt = g_strdup_printf ("Enter object password (%s): ", label);
@@ -76,7 +76,7 @@ authenticate_object (GP11Module *module, GP11Object *object, gchar *label, gchar
return TRUE;
}
-int
+int
main(int argc, char *argv[])
{
GP11Module *module;
@@ -85,12 +85,12 @@ main(int argc, char *argv[])
GMainLoop *loop;
gboolean ret;
int sock;
-
+
g_type_init ();
-
+
if (!g_thread_supported ())
g_thread_init (NULL);
-
+
if (argc <= 1) {
g_message ("specify pkcs11 module on the command line");
return 1;
@@ -102,19 +102,19 @@ main(int argc, char *argv[])
g_clear_error (&error);
return 1;
}
-
-
+
+
g_signal_connect (module, "authenticate-slot", G_CALLBACK (authenticate_slot), NULL);
g_signal_connect (module, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS);
- ret = gck_ssh_agent_initialize_with_module (module);
+ ret = gkd_ssh_agent_initialize_with_module (module);
g_object_unref (module);
if (ret == FALSE)
return 1;
- sock = gck_ssh_agent_startup ("/tmp");
+ sock = gkd_ssh_agent_startup ("/tmp");
if (sock == -1)
return 1;
@@ -123,14 +123,14 @@ main(int argc, char *argv[])
g_io_channel_unref (channel);
g_print ("SSH_AUTH_SOCK=%s\n", g_getenv ("SSH_AUTH_SOCK"));
-
+
/* Run a main loop */
loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);
g_main_loop_unref (loop);
- gck_ssh_agent_shutdown ();
- gck_ssh_agent_uninitialize ();
+ gkd_ssh_agent_shutdown ();
+ gkd_ssh_agent_uninitialize ();
return 0;
}
diff --git a/pkcs11/ssh-agent/gck-ssh-agent.c b/daemon/ssh-agent/gkd-ssh-agent.c
similarity index 89%
rename from pkcs11/ssh-agent/gck-ssh-agent.c
rename to daemon/ssh-agent/gkd-ssh-agent.c
index 322f5c8..7e6c801 100644
--- a/pkcs11/ssh-agent/gck-ssh-agent.c
+++ b/daemon/ssh-agent/gkd-ssh-agent.c
@@ -1,5 +1,5 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-/* gck-ssh-agent.c - handles SSH i/o from the clients
+/* gkd-ssh-agent.c - handles SSH i/o from the clients
Copyright (C) 2007 Stefan Walter
@@ -7,12 +7,12 @@
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
-
+
Gnome keyring is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
@@ -33,8 +33,8 @@
#include <string.h>
#include <unistd.h>
-#include "gck-ssh-agent.h"
-#include "gck-ssh-agent-private.h"
+#include "gkd-ssh-agent.h"
+#include "gkd-ssh-agent-private.h"
#include "egg/egg-buffer.h"
#include "egg/egg-secure-memory.h"
@@ -51,16 +51,16 @@ read_all (int fd, guchar *buf, int len)
{
int all = len;
int res;
-
+
while (len > 0) {
-
+
res = read (fd, buf, len);
-
+
if (res <= 0) {
if (errno == EAGAIN && errno == EINTR)
continue;
if (res < 0)
- g_warning ("couldn't read %u bytes from client: %s", all,
+ g_warning ("couldn't read %u bytes from client: %s", all,
g_strerror (errno));
return FALSE;
} else {
@@ -68,7 +68,7 @@ read_all (int fd, guchar *buf, int len)
buf += res;
}
}
-
+
return TRUE;
}
@@ -77,15 +77,15 @@ write_all (int fd, const guchar *buf, int len)
{
int all = len;
int res;
-
+
while (len > 0) {
-
+
res = write (fd, buf, len);
if (res <= 0) {
if (errno == EAGAIN && errno == EINTR)
continue;
- g_warning ("couldn't write %u bytes to client: %s", all,
+ g_warning ("couldn't write %u bytes to client: %s", all,
res < 0 ? g_strerror (errno) : "");
return FALSE;
} else {
@@ -93,25 +93,25 @@ write_all (int fd, const guchar *buf, int len)
buf += res;
}
}
-
+
return TRUE;
}
static gboolean
-read_packet_with_size (GckSshAgentCall *call)
+read_packet_with_size (GkdSshAgentCall *call)
{
int fd;
guint32 packet_size;
fd = call->sock;
-
+
egg_buffer_resize (call->req, 4);
if (!read_all (fd, call->req->buf, 4))
return FALSE;
- if (!egg_buffer_get_uint32 (call->req, 0, NULL, &packet_size) ||
+ if (!egg_buffer_get_uint32 (call->req, 0, NULL, &packet_size) ||
packet_size < 1) {
- g_warning ("invalid packet size from client");
+ g_warning ("invalid packet size from client");
return FALSE;
}
@@ -126,17 +126,17 @@ static gpointer
run_client_thread (gpointer data)
{
gint *socket = data;
- GckSshAgentCall call;
+ GkdSshAgentCall call;
EggBuffer req;
EggBuffer resp;
guchar op;
-
+
g_assert (GP11_IS_MODULE (pkcs11_module));
-
+
memset (&call, 0, sizeof (call));
call.sock = g_atomic_int_get (socket);
g_assert (call.sock != -1);
-
+
egg_buffer_init_full (&req, 128, egg_secure_realloc);
egg_buffer_init_full (&resp, 128, (EggBufferAllocator)g_realloc);
call.req = &req;
@@ -144,24 +144,24 @@ run_client_thread (gpointer data)
call.module = g_object_ref (pkcs11_module);
for (;;) {
-
+
egg_buffer_reset (call.req);
-
+
/* 1. Read in the request */
if (!read_packet_with_size (&call))
break;
/* 2. Now decode the operation */
if (!egg_buffer_get_byte (call.req, 4, NULL, &op))
- break;
- if (op >= GCK_SSH_OP_MAX)
break;
- g_assert (gck_ssh_agent_operations[op]);
-
+ if (op >= GKD_SSH_OP_MAX)
+ break;
+ g_assert (gkd_ssh_agent_operations[op]);
+
/* 3. Execute the right operation */
egg_buffer_reset (call.resp);
egg_buffer_add_uint32 (call.resp, 0);
- if (!(gck_ssh_agent_operations[op]) (&call))
+ if (!(gkd_ssh_agent_operations[op]) (&call))
break;
if (!egg_buffer_set_uint32 (call.resp, 0, call.resp->len - 4))
break;
@@ -170,14 +170,14 @@ run_client_thread (gpointer data)
if (!write_all (call.sock, call.resp->buf, call.resp->len))
break;
}
-
+
egg_buffer_uninit (&req);
egg_buffer_uninit (&resp);
g_object_unref (call.module);
-
+
close (call.sock);
g_atomic_int_set (socket, -1);
-
+
return NULL;
}
@@ -192,37 +192,37 @@ static GMutex *pkcs11_main_mutex = NULL;
static GCond *pkcs11_main_cond = NULL;
GP11Session*
-gck_ssh_agent_checkout_main_session (void)
+gkd_ssh_agent_checkout_main_session (void)
{
GP11Session *result;
-
+
g_mutex_lock (pkcs11_main_mutex);
-
+
g_assert (GP11_IS_SESSION (pkcs11_main_session));
while (pkcs11_main_checked)
g_cond_wait (pkcs11_main_cond, pkcs11_main_mutex);
pkcs11_main_checked = TRUE;
result = g_object_ref (pkcs11_main_session);
-
+
g_mutex_unlock (pkcs11_main_mutex);
-
+
return result;
}
void
-gck_ssh_agent_checkin_main_session (GP11Session *session)
+gkd_ssh_agent_checkin_main_session (GP11Session *session)
{
g_assert (GP11_IS_SESSION (session));
-
+
g_mutex_lock (pkcs11_main_mutex);
-
+
g_assert (session == pkcs11_main_session);
g_assert (pkcs11_main_checked);
-
+
g_object_unref (session);
pkcs11_main_checked = FALSE;
g_cond_signal (pkcs11_main_cond);
-
+
g_mutex_unlock (pkcs11_main_mutex);
}
@@ -236,7 +236,7 @@ typedef struct _Client {
} Client;
/* Each client thread in this list */
-static GList *socket_clients = NULL;
+static GList *socket_clients = NULL;
/* The main socket we listen on */
static int socket_fd = -1;
@@ -245,7 +245,7 @@ static int socket_fd = -1;
static char socket_path[1024] = { 0, };
void
-gck_ssh_agent_accept (void)
+gkd_ssh_agent_accept (void)
{
Client *client;
struct sockaddr_un addr;
@@ -266,61 +266,61 @@ gck_ssh_agent_accept (void)
}
}
socket_clients = g_list_remove_all (socket_clients, NULL);
-
+
addrlen = sizeof (addr);
new_fd = accept (socket_fd, (struct sockaddr*) &addr, &addrlen);
if (socket_fd < 0) {
g_warning ("cannot accept SSH agent connection: %s", strerror (errno));
return;
}
-
+
client = g_slice_new0 (Client);
client->sock = new_fd;
-
+
/* And create a new thread/process */
client->thread = g_thread_create (run_client_thread, &client->sock, TRUE, &error);
if (!client->thread) {
- g_warning ("couldn't create thread SSH agent connection: %s",
+ g_warning ("couldn't create thread SSH agent connection: %s",
error && error->message ? error->message : "");
g_slice_free (Client, client);
return;
}
-
+
socket_clients = g_list_append (socket_clients, client);
}
-void
-gck_ssh_agent_shutdown (void)
+void
+gkd_ssh_agent_shutdown (void)
{
Client *client;
GList *l;
-
+
if (socket_fd != -1)
close (socket_fd);
-
+
if (*socket_path)
unlink (socket_path);
-
+
/* Stop all of the dispatch threads */
for (l = socket_clients; l; l = g_list_next (l)) {
client = l->data;
-
+
/* Forcibly shutdown the connection */
if (client->sock != -1)
shutdown (client->sock, SHUT_RDWR);
g_thread_join (client->thread);
-
+
/* This is always closed by client thread */
g_assert (client->sock == -1);
g_slice_free (Client, client);
}
-
+
g_list_free (socket_clients);
socket_clients = NULL;
}
void
-gck_ssh_agent_uninitialize (void)
+gkd_ssh_agent_uninitialize (void)
{
gboolean ret;
@@ -342,7 +342,7 @@ gck_ssh_agent_uninitialize (void)
}
int
-gck_ssh_agent_initialize (CK_FUNCTION_LIST_PTR funcs)
+gkd_ssh_agent_initialize (CK_FUNCTION_LIST_PTR funcs)
{
GP11Module *module;
gboolean ret;
@@ -352,13 +352,13 @@ gck_ssh_agent_initialize (CK_FUNCTION_LIST_PTR funcs)
module = gp11_module_new (funcs);
gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS);
gp11_module_set_pool_sessions (module, TRUE);
- ret = gck_ssh_agent_initialize_with_module (module);
+ ret = gkd_ssh_agent_initialize_with_module (module);
g_object_unref (module);
return ret;
}
gboolean
-gck_ssh_agent_initialize_with_module (GP11Module *module)
+gkd_ssh_agent_initialize_with_module (GP11Module *module)
{
GP11Session *session = NULL;
GList *slots, *l;
@@ -403,14 +403,14 @@ gck_ssh_agent_initialize_with_module (GP11Module *module)
return TRUE;
}
-int
-gck_ssh_agent_startup (const gchar *prefix)
+int
+gkd_ssh_agent_startup (const gchar *prefix)
{
struct sockaddr_un addr;
int sock;
-
+
g_return_val_if_fail (prefix, -1);
-
+
snprintf (socket_path, sizeof (socket_path), "%s/ssh", prefix);
unlink (socket_path);
@@ -419,7 +419,7 @@ gck_ssh_agent_startup (const gchar *prefix)
g_warning ("couldn't create socket: %s", g_strerror (errno));
return -1;
}
-
+
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strncpy (addr.sun_path, socket_path, sizeof (addr.sun_path));
@@ -428,7 +428,7 @@ gck_ssh_agent_startup (const gchar *prefix)
close (sock);
return -1;
}
-
+
if (listen (sock, 128) < 0) {
g_warning ("couldn't listen on socket: %s", g_strerror (errno));
close (sock);
@@ -436,7 +436,7 @@ gck_ssh_agent_startup (const gchar *prefix)
}
g_setenv ("SSH_AUTH_SOCK", socket_path, TRUE);
-
+
socket_fd = sock;
return sock;
}
diff --git a/daemon/ssh-agent/gkd-ssh-agent.h b/daemon/ssh-agent/gkd-ssh-agent.h
new file mode 100644
index 0000000..03427d2
--- /dev/null
+++ b/daemon/ssh-agent/gkd-ssh-agent.h
@@ -0,0 +1,40 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* gkd-ssh-agent.c - handles SSH i/o from the clients
+
+ Copyright (C) 2007 Stefan Walter
+
+ Gnome keyring is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+
+ Gnome keyring is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ Author: Stef Walter <stef memberwebs com>
+*/
+
+#ifndef GKDSSHAGENT_H_
+#define GKDSSHAGENT_H_
+
+#include <glib.h>
+
+#include "pkcs11/pkcs11.h"
+
+int gkd_ssh_agent_startup (const gchar *prefix);
+
+void gkd_ssh_agent_accept (void);
+
+void gkd_ssh_agent_shutdown (void);
+
+gboolean gkd_ssh_agent_initialize (CK_FUNCTION_LIST_PTR funcs);
+
+void gkd_ssh_agent_uninitialize (void);
+
+#endif /* GKDSSHAGENT_H_ */
diff --git a/pkcs11/Makefile.am b/pkcs11/Makefile.am
index e1b118d..599d038 100644
--- a/pkcs11/Makefile.am
+++ b/pkcs11/Makefile.am
@@ -16,6 +16,5 @@ SUBDIRS = . \
rpc-layer \
plex-layer \
secret-store \
- ssh-agent \
ssh-store \
user-store
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
