gnome-keyring Review: Give daemon access to collection credentials
- From: Stef Walter <stefw collabora co uk>
- To: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Cc: chrisrossimail gmail com, David Woodhouse <david woodhouse intel com>
- Subject: gnome-keyring Review: Give daemon access to collection credentials
- Date: Tue, 07 Jun 2011 19:35:00 +0000
Till now the master secrets for the various keyrings ('collections' in
Secret Service API parlance) have been hidden away in the secret-store
module. These are held in CKA_VALUE PKCS#11 attiribute on objects of
type CKO_G_CREDENTIAL, and are used to unlock the keyring objects.
Until now any attempt to read out these master secrets has resulted in
the error code CKR_ATTRIBUTE_SENSITIVE.
However, since we'd like to be able to use these master secrets to do
things like NTLM. The daemon needs access to read them.
This patch adds access for the daemon to read them via PKCS#11. If an
application tries to access them, then the app will still get
CKR_ATTRIBUTE_SENSITIVE.
I've added tests to verify this.
Patch (and discussion) here:
https://bugzilla.gnome.org/show_bug.cgi?id=652070
Any review of this code possible is appreciated. I'm available to help
fill in any gaps if something's not clear.
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
