[gnome-keyring: 6/6] gkm: Add debug tracing for CKA_ATTRIBUTE_TYPE_INVALID
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring: 6/6] gkm: Add debug tracing for CKA_ATTRIBUTE_TYPE_INVALID
- Date: Tue, 19 Jun 2012 11:07:12 +0000 (UTC)
commit 45e76a5fdd139e05308817e75936d8a7dc5e0d84
Author: Stef Walter <stefw gnome org>
Date: Tue Jun 19 13:06:19 2012 +0200
gkm: Add debug tracing for CKA_ATTRIBUTE_TYPE_INVALID
To make it a bit easier to diagnose problems.
pkcs11/gkm/gkm-assertion.c | 6 +++++-
pkcs11/gkm/gkm-debug.c | 1 +
pkcs11/gkm/gkm-debug.h | 1 +
pkcs11/gkm/gkm-dh-private-key.c | 3 +++
pkcs11/gkm/gkm-dh-public-key.c | 3 +++
pkcs11/gkm/gkm-memory-store.c | 11 +++++++++--
pkcs11/gkm/gkm-object.c | 4 ++++
pkcs11/gkm/gkm-private-xsa-key.c | 3 +++
pkcs11/gkm/gkm-public-xsa-key.c | 4 ++++
pkcs11/gkm/gkm-secret-key.c | 6 ++++++
pkcs11/gkm/gkm-sexp-key.c | 4 ++++
pkcs11/gkm/gkm-store.c | 25 ++++++++++++++++++++-----
pkcs11/gnome2-store/gkm-gnome2-storage.c | 6 +++++-
pkcs11/ssh-store/gkm-ssh-private-key.c | 7 ++++++-
pkcs11/xdg-store/gkm-xdg-trust.c | 22 ++++++++++++++++++----
15 files changed, 92 insertions(+), 14 deletions(-)
---
diff --git a/pkcs11/gkm/gkm-assertion.c b/pkcs11/gkm/gkm-assertion.c
index fcda26c..042b44f 100644
--- a/pkcs11/gkm/gkm-assertion.c
+++ b/pkcs11/gkm/gkm-assertion.c
@@ -23,6 +23,8 @@
#include "gkm-assertion.h"
#include "gkm-attributes.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-object.h"
#include "gkm-trust.h"
#include "gkm-util.h"
@@ -78,8 +80,10 @@ gkm_assertion_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
case CKA_X_PURPOSE:
return gkm_attribute_set_string (attr, self->pv->purpose);
case CKA_X_PEER:
- if (!self->pv->peer)
+ if (!self->pv->peer) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_X_PEER on assertion");
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
return gkm_attribute_set_string (attr, self->pv->peer);
/* Certificate reference values */
diff --git a/pkcs11/gkm/gkm-debug.c b/pkcs11/gkm/gkm-debug.c
index 0c45523..54fb64d 100644
--- a/pkcs11/gkm/gkm-debug.c
+++ b/pkcs11/gkm/gkm-debug.c
@@ -34,6 +34,7 @@ static GkmDebugFlags current_flags = 0;
static GDebugKey keys[] = {
{ "storage", GKM_DEBUG_STORAGE },
+ { "object", GKM_DEBUG_OBJECT },
{ 0, }
};
diff --git a/pkcs11/gkm/gkm-debug.h b/pkcs11/gkm/gkm-debug.h
index bab7b7c..eb9757f 100644
--- a/pkcs11/gkm/gkm-debug.h
+++ b/pkcs11/gkm/gkm-debug.h
@@ -31,6 +31,7 @@ G_BEGIN_DECLS
/* Please keep this enum in sync with #keys in gcr-debug.c */
typedef enum {
GKM_DEBUG_STORAGE = 1 << 1,
+ GKM_DEBUG_OBJECT = 1 << 2,
} GkmDebugFlags;
gboolean gkm_debug_flag_is_set (GkmDebugFlags flag);
diff --git a/pkcs11/gkm/gkm-dh-private-key.c b/pkcs11/gkm/gkm-dh-private-key.c
index 2476b1d..b38f384 100644
--- a/pkcs11/gkm/gkm-dh-private-key.c
+++ b/pkcs11/gkm/gkm-dh-private-key.c
@@ -25,6 +25,8 @@
#include "gkm-attributes.h"
#include "gkm-crypto.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-factory.h"
#include "gkm-dh-private-key.h"
#include "gkm-session.h"
@@ -126,6 +128,7 @@ gkm_dh_private_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_
return gkm_attribute_set_bool (attr, FALSE);
case CKA_UNWRAP_TEMPLATE:
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_UNWRAP_TEMPLATE attribute");
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_ALWAYS_AUTHENTICATE:
diff --git a/pkcs11/gkm/gkm-dh-public-key.c b/pkcs11/gkm/gkm-dh-public-key.c
index 0c0ab1f..b54b536 100644
--- a/pkcs11/gkm/gkm-dh-public-key.c
+++ b/pkcs11/gkm/gkm-dh-public-key.c
@@ -25,6 +25,8 @@
#include "gkm-attributes.h"
#include "gkm-crypto.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-factory.h"
#include "gkm-dh-public-key.h"
#include "gkm-session.h"
@@ -111,6 +113,7 @@ gkm_dh_public_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_A
return gkm_attribute_set_bool (attr, FALSE);
case CKA_WRAP_TEMPLATE:
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_WRAP_TEMPLATE attribute");
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_VALUE:
diff --git a/pkcs11/gkm/gkm-memory-store.c b/pkcs11/gkm/gkm-memory-store.c
index 66240ec..e1954d3 100644
--- a/pkcs11/gkm/gkm-memory-store.c
+++ b/pkcs11/gkm/gkm-memory-store.c
@@ -22,6 +22,8 @@
#include "config.h"
#include "gkm-attributes.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-object.h"
#include "gkm-memory-store.h"
#include "gkm-transaction.h"
@@ -123,12 +125,17 @@ gkm_memory_store_real_read_value (GkmStore *base, GkmObject *object, CK_ATTRIBUT
CK_ATTRIBUTE_PTR at;
attributes = g_hash_table_lookup (self->entries, object);
- if (attributes == NULL)
+ if (attributes == NULL) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no object");
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
at = g_hash_table_lookup (attributes, &(attr->type));
- if (at == NULL)
+ if (at == NULL) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no attribute: %s",
+ gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
g_assert (at->type == attr->type);
diff --git a/pkcs11/gkm/gkm-object.c b/pkcs11/gkm/gkm-object.c
index 6c0e2c4..464932c 100644
--- a/pkcs11/gkm/gkm-object.c
+++ b/pkcs11/gkm/gkm-object.c
@@ -26,6 +26,8 @@
#include "gkm-attributes.h"
#include "gkm-credential.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-manager.h"
#include "gkm-object.h"
#include "gkm-transaction.h"
@@ -235,6 +237,7 @@ gkm_object_real_get_attribute (GkmObject *self, GkmSession *session, CK_ATTRIBUT
case CKA_GNOME_UNIQUE:
if (self->pv->unique)
return gkm_attribute_set_string (attr, self->pv->unique);
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_GNOME_UNIQUE on object");
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_GNOME_TRANSIENT:
return gkm_attribute_set_bool (attr, self->pv->transient ? TRUE : FALSE);
@@ -262,6 +265,7 @@ gkm_object_real_get_attribute (GkmObject *self, GkmSession *session, CK_ATTRIBUT
return gkm_attribute_set_data (attr, "", 0);
}
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no %s attribute", gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
}
diff --git a/pkcs11/gkm/gkm-private-xsa-key.c b/pkcs11/gkm/gkm-private-xsa-key.c
index ceed69a..c289d6d 100644
--- a/pkcs11/gkm/gkm-private-xsa-key.c
+++ b/pkcs11/gkm/gkm-private-xsa-key.c
@@ -25,6 +25,8 @@
#include "gkm-attributes.h"
#include "gkm-credential.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-factory.h"
#include "gkm-private-xsa-key.h"
#include "gkm-session.h"
@@ -238,6 +240,7 @@ gkm_private_xsa_key_real_get_attribute (GkmObject *base, GkmSession *session, CK
return gkm_attribute_set_bool (attr, FALSE);
case CKA_UNWRAP_TEMPLATE:
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_UNWRAP_TEMPLATE on key");
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_ALWAYS_AUTHENTICATE:
diff --git a/pkcs11/gkm/gkm-public-xsa-key.c b/pkcs11/gkm/gkm-public-xsa-key.c
index 5c3f256..7968c07 100644
--- a/pkcs11/gkm/gkm-public-xsa-key.c
+++ b/pkcs11/gkm/gkm-public-xsa-key.c
@@ -24,6 +24,8 @@
#include "pkcs11/pkcs11.h"
#include "gkm-attributes.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-factory.h"
#include "gkm-public-xsa-key.h"
#include "gkm-session.h"
@@ -51,6 +53,7 @@ return_modulus_bits (GkmPublicXsaKey *self, CK_ATTRIBUTE_PTR attr)
if (algorithm != GCRY_PK_RSA) {
gcry_sexp_release (numbers);
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: CKA_MODULUS_BITS not valid for non-RSA keys");
return CKR_ATTRIBUTE_TYPE_INVALID;
}
@@ -195,6 +198,7 @@ gkm_public_xsa_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_
return gkm_attribute_set_bool (attr, FALSE);
case CKA_WRAP_TEMPLATE:
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_WRAP_TEMPLATE on key");
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_MODULUS_BITS:
diff --git a/pkcs11/gkm/gkm-secret-key.c b/pkcs11/gkm/gkm-secret-key.c
index 72493ff..2a37c02 100644
--- a/pkcs11/gkm/gkm-secret-key.c
+++ b/pkcs11/gkm/gkm-secret-key.c
@@ -25,6 +25,8 @@
#include "gkm-attributes.h"
#include "gkm-crypto.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-secret-key.h"
#include "gkm-session.h"
#include "gkm-util.h"
@@ -80,7 +82,11 @@ gkm_secret_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTR
return gkm_attribute_set_bool (attr, FALSE);
case CKA_WRAP_TEMPLATE:
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_WRAP_TEMPLATE on key");
+ return CKR_ATTRIBUTE_TYPE_INVALID;
+
case CKA_UNWRAP_TEMPLATE:
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_UNWRAP_TEMPLATE on key");
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_START_DATE:
diff --git a/pkcs11/gkm/gkm-sexp-key.c b/pkcs11/gkm/gkm-sexp-key.c
index 8434d88..8583cea 100644
--- a/pkcs11/gkm/gkm-sexp-key.c
+++ b/pkcs11/gkm/gkm-sexp-key.c
@@ -24,6 +24,8 @@
#include "pkcs11/pkcs11.h"
#include "gkm-attributes.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-dsa-mechanism.h"
#include "gkm-rsa-mechanism.h"
#include "gkm-sexp-key.h"
@@ -240,6 +242,8 @@ gkm_sexp_key_set_part (GkmSexpKey *self, int algo, const char *part, CK_ATTRIBUT
if (algorithm != algo) {
gcry_sexp_release (numbers);
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: attribute %s not valid for key algorithm: %s",
+ gkm_log_attr_type (attr->type), gcry_pk_algo_name (algo));
return CKR_ATTRIBUTE_TYPE_INVALID;
}
diff --git a/pkcs11/gkm/gkm-store.c b/pkcs11/gkm/gkm-store.c
index 06dcdb8..c3b2f3f 100644
--- a/pkcs11/gkm/gkm-store.c
+++ b/pkcs11/gkm/gkm-store.c
@@ -22,6 +22,8 @@
#include "config.h"
#include "gkm-attributes.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm-debug.h"
#include "gkm-object.h"
#include "gkm-store.h"
#include "gkm-transaction.h"
@@ -203,11 +205,17 @@ gkm_store_get_attribute (GkmStore *self, GkmObject *object, CK_ATTRIBUTE_PTR att
g_assert (GKM_STORE_GET_CLASS (self)->read_value);
schema = g_hash_table_lookup (self->pv->schemas, &(attr->type));
- if (schema == NULL)
+ if (schema == NULL) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s not in schema",
+ gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
- if (schema->flags & GKM_STORE_IS_INTERNAL)
+ if (schema->flags & GKM_STORE_IS_INTERNAL) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s is an internal attribute",
+ gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
if (schema->flags & GKM_STORE_IS_SENSITIVE)
return CKR_ATTRIBUTE_SENSITIVE;
@@ -250,6 +258,8 @@ gkm_store_write_value (GkmStore *self, GkmTransaction *transaction,
schema = g_hash_table_lookup (self->pv->schemas, &(attr->type));
if (schema == NULL) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s not in schema",
+ gkm_log_attr_type (attr->type));
gkm_transaction_fail (transaction, CKR_ATTRIBUTE_TYPE_INVALID);
return;
}
@@ -273,12 +283,17 @@ gkm_store_set_attribute (GkmStore *self, GkmTransaction *transaction,
g_assert (GKM_STORE_GET_CLASS (self)->write_value);
schema = g_hash_table_lookup (self->pv->schemas, &(attr->type));
- if (schema == NULL)
+ if (schema == NULL) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s not in schema",
+ gkm_log_attr_type (attr->type));
rv = CKR_ATTRIBUTE_TYPE_INVALID;
- else if (schema->flags & GKM_STORE_IS_INTERNAL)
+ } else if (schema->flags & GKM_STORE_IS_INTERNAL) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s is internal",
+ gkm_log_attr_type (attr->type));
rv = CKR_ATTRIBUTE_TYPE_INVALID;
- else if (schema->validator)
+ } else if (schema->validator) {
rv = (schema->validator) (object, attr);
+ }
if (rv != CKR_OK) {
gkm_transaction_fail (transaction, rv);
diff --git a/pkcs11/gnome2-store/gkm-gnome2-storage.c b/pkcs11/gnome2-store/gkm-gnome2-storage.c
index 27add18..50ca329 100644
--- a/pkcs11/gnome2-store/gkm-gnome2-storage.c
+++ b/pkcs11/gnome2-store/gkm-gnome2-storage.c
@@ -798,14 +798,18 @@ gkm_gnome2_storage_real_read_value (GkmStore *base, GkmObject *object, CK_ATTRIB
}
identifier = g_hash_table_lookup (self->object_to_identifier, object);
- if (!identifier)
+ if (!identifier) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: object not stored in gnome2 storage");
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
res = gkm_gnome2_file_read_value (self->file, identifier, attr->type, &value, &n_value);
switch (res) {
case GKM_DATA_FAILURE:
g_return_val_if_reached (CKR_GENERAL_ERROR);
case GKM_DATA_UNRECOGNIZED:
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: attribute %s not present",
+ gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
case GKM_DATA_LOCKED:
return CKR_USER_NOT_LOGGED_IN;
diff --git a/pkcs11/ssh-store/gkm-ssh-private-key.c b/pkcs11/ssh-store/gkm-ssh-private-key.c
index 4141078..ef2cd76 100644
--- a/pkcs11/ssh-store/gkm-ssh-private-key.c
+++ b/pkcs11/ssh-store/gkm-ssh-private-key.c
@@ -26,6 +26,8 @@
#include "gkm/gkm-attributes.h"
#include "gkm/gkm-credential.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm/gkm-debug.h"
#include "gkm/gkm-manager.h"
#include "gkm/gkm-module.h"
#include "gkm/gkm-object.h"
@@ -148,8 +150,11 @@ gkm_ssh_private_key_get_attribute (GkmObject *base, GkmSession *session, CK_ATTR
/* COMPAT: Previous versions of gnome-keyring used this to save unlock passwords */
case CKA_GNOME_INTERNAL_SHA1:
- if (!self->private_bytes)
+ if (!self->private_bytes) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_GNOME_INTERNAL_SHA1 attribute");
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
+
digest = gkm_ssh_openssh_digest_private_key (self->private_bytes);
rv = gkm_attribute_set_string (attr, digest);
g_free (digest);
diff --git a/pkcs11/xdg-store/gkm-xdg-trust.c b/pkcs11/xdg-store/gkm-xdg-trust.c
index 7c487c0..9d22567 100644
--- a/pkcs11/xdg-store/gkm-xdg-trust.c
+++ b/pkcs11/xdg-store/gkm-xdg-trust.c
@@ -29,6 +29,8 @@
#include "gkm/gkm-assertion.h"
#include "gkm/gkm-attributes.h"
+#define DEBUG_FLAG GKM_DEBUG_OBJECT
+#include "gkm/gkm-debug.h"
#include "gkm/gkm-object.h"
#include "gkm/gkm-oids.h"
#include "gkm/gkm-serializable.h"
@@ -111,8 +113,11 @@ trust_get_der (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
/* If the assertion doesn't contain this info ... */
- if (!egg_asn1x_have (node))
+ if (!egg_asn1x_have (node)) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants %s which is not part of assertion",
+ gkm_log_attr_type (attr->type), part);
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
element = egg_asn1x_get_element_raw (node);
rv = gkm_attribute_set_bytes (attr, element);
@@ -134,8 +139,11 @@ trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
/* If the assertion doesn't contain this info ... */
- if (!egg_asn1x_have (node))
+ if (!egg_asn1x_have (node)) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants %s which is not part of assertion",
+ gkm_log_attr_type (attr->type), part);
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
integer = egg_asn1x_get_integer_as_raw (node);
g_return_val_if_fail (integer, CKR_GENERAL_ERROR);
@@ -157,8 +165,11 @@ trust_get_hash (GkmXdgTrust *self, GChecksumType ctype, CK_ATTRIBUTE_PTR attr)
g_return_val_if_fail (cert, CKR_GENERAL_ERROR);
/* If it's not stored, then this attribute is not present */
- if (!egg_asn1x_have (cert))
+ if (!egg_asn1x_have (cert)) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants certComplete which is not part of assertion",
+ gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
element = egg_asn1x_get_element_raw (cert);
g_return_val_if_fail (element != NULL, CKR_GENERAL_ERROR);
@@ -182,8 +193,11 @@ trust_get_complete (GkmXdgTrust *self, CK_ATTRIBUTE_PTR attr)
g_return_val_if_fail (cert, CKR_GENERAL_ERROR);
/* If it's not stored, then this attribute is not present */
- if (!egg_asn1x_have (cert))
+ if (!egg_asn1x_have (cert)) {
+ gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants certComplete which is not part of assertion",
+ gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
element = egg_asn1x_get_element_raw (cert);
g_return_val_if_fail (element != NULL, CKR_GENERAL_ERROR);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
