Re: gnome-keyring [PATCH] ssh-module: set CKF_LOGIN_REQUIRED flag

From: Stef Walter <stefw gnome org>
To: gnome-keyring-list gnome org
Subject: Re: gnome-keyring [PATCH] ssh-module: set CKF_LOGIN_REQUIRED flag
Date: Mon, 12 Dec 2016 12:54:46 +0100

This seems right. I've applied it locally and will test it out. If it
works, I'll push to git master.

Stef

On 10.12.2016 05:09, James Bottomley wrote:

The ssh-module token requires a login to access private keys, so it
should have the CKF_LOGIN_REQUIRED flag set.  Absent this, no other
pkcs11 user knows to log in to find the private keys.

Signed-off-by: James Bottomley <James Bottomley HansenPartnership com>
---
 pkcs11/ssh-store/gkm-ssh-module.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkcs11/ssh-store/gkm-ssh-module.c b/pkcs11/ssh-store/gkm-ssh-module.c
index e1be98f..30eb031 100644
--- a/pkcs11/ssh-store/gkm-ssh-module.c
+++ b/pkcs11/ssh-store/gkm-ssh-module.c
@@ -49,7 +49,7 @@ static const CK_TOKEN_INFO gkm_ssh_module_token_info = {
      "Gnome Keyring",
      "1.0",
      "1:SSH:HOME", /* Unique serial number for manufacturer */
-     CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED | CKF_USER_PIN_INITIALIZED,
+     CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED | CKF_USER_PIN_INITIALIZED | CKF_LOGIN_REQUIRED,
      CK_EFFECTIVELY_INFINITE,
      CK_EFFECTIVELY_INFINITE,
      CK_EFFECTIVELY_INFINITE,

References:
- gnome-keyring [PATCH] ssh-module: set CKF_LOGIN_REQUIRED flag
  - From: James Bottomley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]