[gnome-keyring] [daemon] Remove old code that's now in the wrap-layer
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring] [daemon] Remove old code that's now in the wrap-layer
- Date: Sat, 12 Jun 2010 22:33:41 +0000 (UTC)
commit ec61791ca431ea7040cfa3160a1e86a7c0103db2
Author: Stef Walter <stef memberwebs com>
Date: Sat Jun 12 22:32:46 2010 +0000
[daemon] Remove old code that's now in the wrap-layer
configure.in | 1 -
daemon/Makefile.am | 3 +-
daemon/dbus/gkd-dbus-secrets.c | 2 +-
daemon/gkd-main.c | 3 +-
daemon/{pkcs11 => }/gkd-pkcs11.c | 14 +-
daemon/{pkcs11 => }/gkd-pkcs11.h | 0
daemon/login/gkd-login.c | 319 +--------
daemon/login/gkd-login.h | 19 -
daemon/pkcs11/Makefile.am | 22 -
daemon/pkcs11/gkd-pkcs11-auth.c | 1540 --------------------------------------
daemon/pkcs11/gkd-pkcs11-auth.h | 33 -
daemon/pkcs11/gkd-pkcs11-data.c | 263 -------
daemon/pkcs11/gkd-pkcs11-data.h | 52 --
13 files changed, 13 insertions(+), 2258 deletions(-)
---
diff --git a/configure.in b/configure.in
index 0940e09..e8d4d65 100644
--- a/configure.in
+++ b/configure.in
@@ -587,7 +587,6 @@ daemon/control/tests/Makefile
daemon/data/Makefile
daemon/dbus/Makefile
daemon/login/Makefile
-daemon/pkcs11/Makefile
daemon/ssh-agent/Makefile
docs/Makefile
docs/reference/Makefile
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index d182e55..1a2d3c2 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -2,7 +2,6 @@ SUBDIRS = \
login \
control \
ssh-agent \
- pkcs11 \
dbus \
data
@@ -25,10 +24,10 @@ INCLUDES= \
gnome_keyring_daemon_SOURCES = \
gkd-main.c gkd-main.h \
+ gkd-pkcs11.c gkd-pkcs11.h \
gkd-util.c gkd-util.h
gnome_keyring_daemon_LDADD = \
- $(top_builddir)/daemon/pkcs11/libgkd-pkcs11.la \
$(top_builddir)/daemon/dbus/libgkd-dbus.la \
$(top_builddir)/daemon/login/libgkd-login.la \
$(top_builddir)/daemon/control/libgkd-control.la \
diff --git a/daemon/dbus/gkd-dbus-secrets.c b/daemon/dbus/gkd-dbus-secrets.c
index 76cf0ad..2978d5f 100644
--- a/daemon/dbus/gkd-dbus-secrets.c
+++ b/daemon/dbus/gkd-dbus-secrets.c
@@ -27,7 +27,7 @@
#include "gkd-dbus-private.h"
#include "gkd-secret-service.h"
-#include "daemon/pkcs11/gkd-pkcs11.h"
+#include "daemon/gkd-pkcs11.h"
#include "egg/egg-cleanup.h"
diff --git a/daemon/gkd-main.c b/daemon/gkd-main.c
index f9d9764..c805554 100644
--- a/daemon/gkd-main.c
+++ b/daemon/gkd-main.c
@@ -24,6 +24,7 @@
#include "config.h"
#include "gkd-main.h"
+#include "gkd-pkcs11.h"
#include "gkd-util.h"
#include "control/gkd-control.h"
@@ -38,8 +39,6 @@
#include "login/gkd-login.h"
-#include "pkcs11/gkd-pkcs11.h"
-
#include <errno.h>
#include <fcntl.h>
#include <pthread.h>
diff --git a/daemon/pkcs11/gkd-pkcs11.c b/daemon/gkd-pkcs11.c
similarity index 93%
rename from daemon/pkcs11/gkd-pkcs11.c
rename to daemon/gkd-pkcs11.c
index cc116be..c544f82 100644
--- a/daemon/pkcs11/gkd-pkcs11.c
+++ b/daemon/gkd-pkcs11.c
@@ -22,7 +22,6 @@
#include "config.h"
#include "gkd-util.h"
-#include "gkd-pkcs11-auth.h"
#include "gkd-pkcs11.h"
#include "egg/egg-cleanup.h"
@@ -40,7 +39,6 @@
/* The top level of our internal PKCS#11 module stack */
static CK_FUNCTION_LIST_PTR pkcs11_roof = NULL;
-static CK_FUNCTION_LIST_PTR pkcs11_base = NULL;
static void
pkcs11_daemon_cleanup (gpointer unused)
@@ -90,11 +88,7 @@ gkd_pkcs11_initialize (void)
gkm_wrap_layer_add_module (secret_store);
gkm_wrap_layer_add_module (user_store);
- pkcs11_base = gkm_wrap_layer_get_functions ();
-
- /* The auth component is the top component */
- gkd_pkcs11_auth_chain_functions (pkcs11_base);
- pkcs11_roof = gkd_pkcs11_auth_get_functions ();
+ pkcs11_roof = gkm_wrap_layer_get_functions ();
memset (&init_args, 0, sizeof (init_args));
init_args.flags = CKF_OS_LOCKING_OK;
@@ -207,9 +201,3 @@ gkd_pkcs11_get_functions (void)
{
return pkcs11_roof;
}
-
-CK_FUNCTION_LIST_PTR
-gkd_pkcs11_get_base_functions (void)
-{
- return pkcs11_base;
-}
diff --git a/daemon/pkcs11/gkd-pkcs11.h b/daemon/gkd-pkcs11.h
similarity index 100%
rename from daemon/pkcs11/gkd-pkcs11.h
rename to daemon/gkd-pkcs11.h
diff --git a/daemon/login/gkd-login.c b/daemon/login/gkd-login.c
index 93a6ac9..4fa32a9 100644
--- a/daemon/login/gkd-login.c
+++ b/daemon/login/gkd-login.c
@@ -23,40 +23,22 @@
#include "gkd-login.h"
+#include "daemon/gkd-pkcs11.h"
+
#include "egg/egg-error.h"
#include "egg/egg-secure-memory.h"
-#include "pkcs11/gkd-pkcs11.h"
#include "pkcs11/pkcs11i.h"
+#include "pkcs11/wrap-layer/gkm-wrap-layer.h"
#include <glib/gi18n.h>
#include <string.h>
-static gint unlock_failures = 0;
-
-static void
-note_that_unlock_failed (void)
-{
- g_atomic_int_inc (&unlock_failures);
-}
-
-static void
-note_that_unlock_succeeded (void)
-{
- g_atomic_int_set (&unlock_failures, 0);
-}
-
-gboolean
-gkd_login_did_unlock_fail (void)
-{
- return g_atomic_int_get (&unlock_failures) ? TRUE : FALSE;
-}
-
static GP11Module*
module_instance (void)
{
- GP11Module *module = gp11_module_new (gkd_pkcs11_get_base_functions ());
+ GP11Module *module = gp11_module_new (gkd_pkcs11_get_functions ());
gp11_module_set_pool_sessions (module, FALSE);
gp11_module_set_auto_authenticate (module, FALSE);
g_return_val_if_fail (module, NULL);
@@ -242,7 +224,7 @@ unlock_or_create_login (GP11Module *module, const gchar *master)
/* Failure, bad password? */
if (cred == NULL) {
if (login && g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT))
- note_that_unlock_failed ();
+ gkm_wrap_layer_hint_login_unlock_failure ();
else
g_warning ("couldn't create login credential: %s", egg_error_message (error));
g_clear_error (&error);
@@ -257,7 +239,7 @@ unlock_or_create_login (GP11Module *module, const gchar *master)
/* The unlock succeeded yay */
} else {
- note_that_unlock_succeeded ();
+ gkm_wrap_layer_hint_login_unlock_success ();
}
if (cred)
@@ -358,7 +340,7 @@ change_or_create_login (GP11Module *module, const gchar *original, const gchar *
g_message ("couldn't change login master password, "
"original password was wrong: %s",
egg_error_message (error));
- note_that_unlock_failed ();
+ gkm_wrap_layer_hint_login_unlock_failure ();
} else {
g_warning ("couldn't create original login credential: %s",
egg_error_message (error));
@@ -426,13 +408,8 @@ set_pin_for_any_slots (GP11Module *module, const gchar *original, const gchar *m
if (initialize) {
session = open_and_login_session (l->data, CKU_USER, NULL);
if (session != NULL) {
- if (gp11_session_set_pin (session, (const guchar*)original, strlen (original),
- (const guchar*)master, strlen (master), &error)) {
- gkd_login_attach_secret (info->label, master,
- "manufacturer", info->manufacturer_id,
- "serial-number", info->serial_number,
- NULL);
- } else {
+ if (!gp11_session_set_pin (session, (const guchar*)original, strlen (original),
+ (const guchar*)master, strlen (master), &error)) {
if (!g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT) &&
!g_error_matches (error, GP11_ERROR, CKR_FUNCTION_NOT_SUPPORTED))
g_warning ("couldn't change slot master password: %s",
@@ -470,281 +447,3 @@ gkd_login_change_lock (const gchar *original, const gchar *master)
g_object_unref (module);
return result;
}
-
-gboolean
-gkd_login_is_usable (void)
-{
- GP11Module *module;
- GP11Session *session;
- GP11Object *login;
- gboolean usable = FALSE;
- gpointer data;
- gsize n_data;
-
- module = module_instance ();
- if (!module)
- return FALSE;
-
- session = lookup_login_session (module);
- if (session) {
- login = lookup_login_keyring (session);
- if (login) {
- data = gp11_object_get_data (login, CKA_G_LOCKED, &n_data, NULL);
- usable = (data && n_data == sizeof (CK_BBOOL) && !*((CK_BBOOL*)data));
- g_free (data);
- g_object_unref (login);
- }
- g_object_unref (session);
- }
-
- g_object_unref (module);
- return usable;
-}
-
-static void
-string_attribute_list_va (va_list args, const gchar *name, GP11Attribute *attr)
-{
- GString *fields = g_string_sized_new(128);
- gsize length;
-
- while (name != NULL) {
- g_string_append (fields, name);
- g_string_append_c (fields, '\0');
- g_string_append (fields, va_arg (args, const gchar*));
- g_string_append_c (fields, '\0');
- name = va_arg (args, const gchar*);
- }
-
- length = fields->len;
- gp11_attribute_init (attr, CKA_G_FIELDS, g_string_free (fields, FALSE), length);
-}
-
-static GP11Object*
-find_login_keyring_item (GP11Session *session, GP11Attribute *fields)
-{
- GP11Object *search;
- GP11Object *item = NULL;
- GList *objects;
- GError *error = NULL;
- gpointer data;
- gsize n_data;
-
- g_return_val_if_fail (GP11_IS_SESSION (session), FALSE);
-
- /* Create a search object */
- search = gp11_session_create_object (session, &error,
- CKA_CLASS, GP11_ULONG, CKO_G_SEARCH,
- CKA_G_COLLECTION, (gsize)5, "login",
- CKA_TOKEN, GP11_BOOLEAN, FALSE,
- CKA_G_FIELDS, fields->length, fields->value,
- GP11_INVALID);
-
- if (!search) {
- g_warning ("couldn't create search for login keyring: %s", egg_error_message (error));
- g_clear_error (&error);
- return NULL;
- }
-
- /* Get the data from the search */
- gp11_object_set_session (search, session);
- data = gp11_object_get_data (search, CKA_G_MATCHED, &n_data, &error);
- gp11_object_destroy (search, NULL);
- g_object_unref (search);
-
- if (data == NULL) {
- g_warning ("couldn't read search in login keyring: %s", egg_error_message (error));
- g_clear_error (&error);
- return NULL;
- }
-
- n_data /= sizeof (CK_OBJECT_HANDLE);
- objects = gp11_objects_from_handle_array (gp11_session_get_slot (session), data,
- MIN (sizeof (CK_OBJECT_HANDLE), n_data));
- g_free (data);
-
- if (objects) {
- item = g_object_ref (objects->data);
- gp11_object_set_session (item, session);
- }
-
- gp11_list_unref_free (objects);
- return item;
-}
-
-static GP11Attributes*
-attach_make_attributes_va (GP11Session *session, const gchar *label,
- const gchar *first, va_list va)
-{
- GP11Attributes *attrs;
- GP11Attribute fields;
- gchar *display_name;
- GP11Object* item;
- GError *error = NULL;
- gpointer value;
- gsize n_value;
-
- attrs = gp11_attributes_new ();
-
- gp11_attribute_init_empty (&fields, CKA_G_FIELDS);
- string_attribute_list_va (va, first, &fields);
-
- /*
- * If there already is such an item, then include its identifier.
- * What this does is overwrite that item, rather than creating new.
- */
- item = find_login_keyring_item (session, &fields);
- if (item) {
- value = gp11_object_get_data (item, CKA_ID, &n_value, &error);
- if (value != NULL) {
- gp11_attributes_add_data (attrs, CKA_ID, value, n_value);
- g_free (value);
- } else {
- g_warning ("couldn't retrieve id for previous login item: %s",
- egg_error_message (error));
- g_clear_error (&error);
- }
- g_object_unref (item);
- }
-
- if (label == NULL)
- label = _("Unnamed");
-
- display_name = g_strdup_printf (_("Unlock password for: %s"), label);
- gp11_attributes_add_string (attrs, CKA_LABEL, display_name);
-
- gp11_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
- gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY);
- gp11_attributes_add_data (attrs, CKA_G_COLLECTION, "login", (gsize)5);
- gp11_attributes_add (attrs, &fields);
-
- gp11_attribute_clear (&fields);
- return attrs;
-}
-
-GP11Attributes*
-gkd_login_attach_make_attributes (const gchar *label, const gchar *first, ...)
-{
- GP11Attributes *attrs;
- GP11Session *session;
- GP11Module *module;
- va_list va;
-
- module = module_instance ();
- session = lookup_login_session (module);
-
- va_start (va, first);
- attrs = attach_make_attributes_va (session, label, first, va);
- va_end (va);
-
- g_object_unref (session);
- g_object_unref (module);
-
- return attrs;
-}
-
-void
-gkd_login_attach_secret (const gchar *label, const gchar *secret,
- const gchar *first, ...)
-{
- GError *error = NULL;
- GP11Session *session;
- GP11Module *module;
- GP11Attributes *attrs;
- GP11Object *item;
- va_list va;
-
- if (secret == NULL)
- secret = "";
-
- module = module_instance ();
- session = lookup_login_session (module);
-
- va_start(va, first);
- attrs = attach_make_attributes_va (session, label, first, va);
- va_end(va);
-
- gp11_attributes_add_string (attrs, CKA_VALUE, secret);
- item = gp11_session_create_object_full (session, attrs, NULL, &error);
- if (error != NULL) {
- g_warning ("couldn't store secret in login keyring: %s", egg_error_message (error));
- g_clear_error (&error);
- }
-
- if (item)
- g_object_unref (item);
-
- gp11_attributes_unref (attrs);
- g_object_unref (session);
- g_object_unref (module);
-}
-
-gchar*
-gkd_login_lookup_secret (const gchar *first, ...)
-{
- GP11Attribute fields;
- GP11Session *session;
- GP11Module *module;
- GP11Object* item;
- gpointer data = NULL;
- gsize n_data;
- va_list va;
-
- module = module_instance ();
- session = lookup_login_session (module);
-
- va_start(va, first);
- gp11_attribute_init_empty (&fields, CKA_G_FIELDS);
- string_attribute_list_va (va, first, &fields);
- va_end(va);
-
- item = find_login_keyring_item (session, &fields);
- if (item != NULL) {
- data = gp11_object_get_data_full (item, CKA_VALUE, egg_secure_realloc, NULL, &n_data, NULL);
- if (data && !g_utf8_validate (data, n_data, NULL)) {
- g_warning ("expected string, but found binary secret in login keyring");
- egg_secure_clear (data, n_data);
- egg_secure_free (data);
- data = NULL;
- }
- g_object_unref (item);
- }
-
- g_object_unref (session);
- g_object_unref (module);
-
- /* Memory returned from gp11_object_get_data is null terminated */
- return data;
-}
-
-void
-gkd_login_remove_secret (const gchar *first, ...)
-{
- GError *error = NULL;
- GP11Attribute fields;
- GP11Session *session;
- GP11Module *module;
- GP11Object* item;
- va_list va;
-
- module = module_instance ();
- session = lookup_login_session (module);
-
- va_start(va, first);
- gp11_attribute_init_empty (&fields, CKA_G_FIELDS);
- string_attribute_list_va (va, first, &fields);
- va_end(va);
-
- item = find_login_keyring_item (session, &fields);
- if (item != NULL) {
- if (!gp11_object_destroy (item, &error)) {
- if (!g_error_matches (error, GP11_ERROR, CKR_OBJECT_HANDLE_INVALID))
- g_warning ("couldn't remove stored secret from login keyring: %s",
- egg_error_message (error));
- g_clear_error (&error);
- }
- g_object_unref (item);
- }
-
- g_object_unref (session);
- g_object_unref (module);
-}
diff --git a/daemon/login/gkd-login.h b/daemon/login/gkd-login.h
index 849b9f4..acf9264 100644
--- a/daemon/login/gkd-login.h
+++ b/daemon/login/gkd-login.h
@@ -31,23 +31,4 @@ gboolean gkd_login_unlock (const gchar *master);
gboolean gkd_login_change_lock (const gchar *original,
const gchar *master);
-gboolean gkd_login_did_unlock_fail (void);
-
-gboolean gkd_login_is_usable (void);
-
-void gkd_login_attach_secret (const gchar *label,
- const gchar *secret,
- const gchar *first,
- ...);
-
-GP11Attributes* gkd_login_attach_make_attributes (const gchar *label,
- const gchar *first,
- ...);
-
-gchar* gkd_login_lookup_secret (const gchar *first,
- ...);
-
-void gkd_login_remove_secret (const gchar *first,
- ...);
-
#endif /* __GKD_LOGIN_H__ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
