[libsecret/nielsdg/extract-get-secret-file-func] file-backend: Extract TPM code into separate function
- From: Niels De Graef <nielsdg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsecret/nielsdg/extract-get-secret-file-func] file-backend: Extract TPM code into separate function
- Date: Sat, 21 May 2022 19:03:31 +0000 (UTC)
commit f2eaed98882d619152014f83fbe56d3a27f9fd49
Author: Niels De Graef <nielsdegraef gmail com>
Date: Sat May 21 20:53:36 2022 +0200
file-backend: Extract TPM code into separate function
That way, we have a function we can also call in case we want to provide
a synchronous constructor.
This also fixes some cases where the `EggTpm2Context` was not properly
cleaned up in case of some error paths.
libsecret/secret-file-backend.c | 153 ++++++++++++++++++++--------------------
1 file changed, 75 insertions(+), 78 deletions(-)
---
diff --git a/libsecret/secret-file-backend.c b/libsecret/secret-file-backend.c
index 9c9dc12..04d0445 100644
--- a/libsecret/secret-file-backend.c
+++ b/libsecret/secret-file-backend.c
@@ -464,6 +464,76 @@ on_bus_get (GObject *source_object,
g_object_unref (fd_list);
}
+#ifdef WITH_TPM
+static GBytes *
+load_password_from_tpm (GFile *file, GCancellable *cancellable, GError **error)
+{
+ EggTpm2Context *context = NULL;
+ char *tpm2_file_path;
+ GFile *tpm2_file = NULL;
+ gboolean status;
+ GBytes *encrypted = NULL;
+ GBytes *decrypted = NULL;
+
+ context = egg_tpm2_initialize (&error);
+ if (!context)
+ return NULL;
+
+ path = g_file_get_path (file);
+ tpm2_file_path = g_strdup_printf ("%s.tpm2", path);
+ g_free (path);
+
+ tpm2_file = g_file_new_for_path (tpm2_file_path);
+ status = g_file_test (tpm2_file_path, G_FILE_TEST_EXISTS);
+ g_free (tpm2_file_path);
+
+ if (!status) {
+ gconstpointer contents;
+ gsize size;
+
+ encrypted = egg_tpm2_generate_master_password (context, error);
+ if (!encrypted)
+ return NULL;
+
+ contents = g_bytes_get_data (encrypted, &size);
+ status = g_file_replace_contents (tpm2_file,
+ contents,
+ size,
+ NULL,
+ FALSE,
+ G_FILE_CREATE_PRIVATE,
+ NULL,
+ cancellable,
+ error);
+ if (!status)
+ goto out;
+ } else {
+ char *contents;
+ gsize length;
+
+ status = g_file_load_contents (tpm2_file,
+ cancellable,
+ &contents,
+ &length,
+ NULL,
+ &error);
+ if (!status)
+ goto out;
+
+ encrypted = g_bytes_new_take (contents, length);
+ }
+
+ decrypted = egg_tpm2_decrypt_master_password (context, encrypted, error);
+
+out:
+ g_clear_object (&tpm2_file);
+ g_clear_pointer (&encrypted, g_bytes_unref);
+ egg_tpm2_finalize (context);
+
+ return decrypted;
+}
+#endif /* WITH_TPM */
+
static void
secret_file_backend_real_init_async (GAsyncInitable *initable,
int io_priority,
@@ -508,90 +578,18 @@ secret_file_backend_real_init_async (GAsyncInitable *initable,
g_bus_get (G_BUS_TYPE_SESSION, cancellable, on_bus_get, task);
} else {
#ifdef WITH_TPM
- EggTpm2Context *context;
- GFile *tpm2_file;
- gchar *tpm2_file_path;
- gboolean status;
- GBytes *encrypted;
- GBytes *decrypted;
-
- context = egg_tpm2_initialize (&error);
- if (!context) {
- g_task_return_error (task, error);
- g_object_unref (task);
- return;
- }
-
- path = g_file_get_path (file);
- tpm2_file_path = g_strdup_printf ("%s.tpm2", path);
- g_free(path);
- tpm2_file = g_file_new_for_path (tpm2_file_path);
- status = g_file_test (tpm2_file_path, G_FILE_TEST_EXISTS);
- g_free (tpm2_file_path);
-
- if (!status) {
- encrypted = egg_tpm2_generate_master_password (
- context,
- &error);
- if (!encrypted) {
- g_task_return_error (task, error);
- g_object_unref (task);
- return;
- }
-
- gconstpointer contents;
- gsize size;
- contents = g_bytes_get_data (encrypted, &size);
- status = g_file_replace_contents (tpm2_file,
- contents,
- size,
- NULL,
- FALSE,
- G_FILE_CREATE_PRIVATE,
- NULL,
- cancellable,
- &error);
- if (!status) {
- g_task_return_error (task, error);
- g_object_unref (task);
- return;
- }
-
- } else {
- char *contents;
- gsize length;
- status = g_file_load_contents (tpm2_file,
- cancellable,
- &contents,
- &length,
- NULL,
- &error);
- if (!status) {
- g_task_return_error (task, error);
- g_object_unref (task);
- return;
- }
-
- encrypted = g_bytes_new_take (contents, length);
- }
+ gconstpointer data;
+ gsize size;
- decrypted = egg_tpm2_decrypt_master_password (context,
- encrypted,
- &error);
- g_bytes_unref (encrypted);
- egg_tpm2_finalize (context);
+ decrypted = load_password_from_tpm (file, cancellable, &error);
if (!decrypted) {
g_task_return_error (task, error);
g_object_unref (task);
return;
}
- gconstpointer data;
- gsize size;
- data = g_bytes_get_data(decrypted, &size);
- password = secret_value_new (data,
- size,
- "text/plain");
+ data = g_bytes_get_data (decrypted, &size);
+ password = secret_value_new (data,size, "text/plain");
g_bytes_unref (decrypted);
g_async_initable_new_async (SECRET_TYPE_FILE_COLLECTION,
io_priority,
@@ -602,7 +600,6 @@ secret_file_backend_real_init_async (GAsyncInitable *initable,
"password", password,
NULL);
- g_object_unref (tpm2_file);
g_object_unref (file);
secret_value_unref (password);
#else
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]