| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| |
| |
| | |
pkcs11: Expose module to specific programs
See merge request GNOME/gnome-keyring!8
|
|/ |
|
|\
| |
| |
| |
| | |
autogen.sh: Use autoreconf instead deprecated gnome-common
See merge request GNOME/gnome-keyring!10
|
|/
|
|
| |
See https://wiki.gnome.org/Projects/GnomeCommon/Migration
|
|\
| |
| |
| |
| |
| |
| | |
Don't assume iterating a hash table will give items in the same order they were inserted
Closes #21
See merge request GNOME/gnome-keyring!9
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With GLib 2.59, the `test-login-auto` test fails:
Gcr-CRITICAL **: 14:34:24.126: expected prompt property 'choice-label'
to be "Automatically unlock this keyring whenever I\342\200\231m
logged in", but it is instead ""
This is because, in `mock_secret_C_Initialize()` we assign two sets of
fields to the mock module, one with `CKA_G_LOGIN_COLLECTION` → `CK_TRUE`
and one with it pointing to `CK_FALSE`.
This variable is used to decide, via `is_login_keyring()`, whether to call
`setup_unlock_keyring_login()` or `setup_unlock_keyring_other()`. The
first one sets `choice-label` to the empty string. The second one is
what we want, and upgrading GLib made it flip.
The reason is the same as the previous two fixes: the mock-secret-store
expects to be able to insert items into a hash table and then iterate it
and get them out in the same order. That was never guaranteed, and now
doesn't happen.
Let's keep a parallel list which keeps track of the order things were
added. And then instead of iterating the hash table, we iterate this
list.
Closes #21
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The assumption that we'd get values out of a hash table in the same
order we put them in stopped holding with GLib 2.59:
ERROR:…/gnome-keyring/pkcs11/secret-store/test-secret-item.c:379:test_fields_attr:
assertion failed: (memcmp (buffer, "name1\0value1\0name2\0value2", 26)
== 0)
Let's ensure a consistent order by sorting the fields before returning
them.
Closes #21.
|
|/
|
|
|
|
|
|
|
| |
These headers (at least for OpenSSL) must come in this order. We
shouldn't assume that `g_hash_table_foreach` is going to give a
particular ordering - it's not guaranteed, and has changed with GLib
2.59.
Fixes #21
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Revert "pkcs11: Don't install p11-kit module configuration"
Closes #20
See merge request GNOME/gnome-keyring!7
|
|/
|
|
|
|
| |
This reverts commit 5d8326eaf1ebce1cde2ee797c03f261da3159aae.
Fixes #20
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| | |
pam: lookup XDG_RUNTIME_DIR using get_any_env
See merge request GNOME/gnome-keyring!5
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pam_gnome_keyring.so PAM module needs to find the daemon control
file, which is stored in $XDG_RUNTIME_DIR/keyring/control.
Unfortunately when commit 2ca51a0aef5b ("daemon: Stop exporting the
$GNOME_KEYRING_CONTROL env variable", 2014-03-06) switched to using
XDG_RUNTIME_DIR preferentially over GNOME_KEYRING_CONTROL, it was looked
up using getenv().
Unfortunately XDG_RUNTIME_DIR isn't always set in the environment, but
may need to be looked up from pam_getenv. Indeed, the function
get_any_env already exists for this purpose.
Because of the incorrect environment lookup, lookup_daemon will
incorrectly report that the gnome-keyring-daemon is not running, even
though it is. This results in starting the daemon multiple times, and
potentially failing to shut it down, or start it correctly when changing
the password.
To fix this, move the code for determining the control file path from
gkr-pam-client.c into gkr-pam-module.c This will using get_any_env(),
and avoids the need for passing the pam_handle_t variable into
gkr-pam-client.c
It does mean that the control variable must be allocated with space,
since we need to combine the environment value with a different suffix
depending on if we use GNOME_KEYRING_CONTROL or XDG_RUNTIME_DIR.
Add a function get_control_file, so that the logic for determining the
control file path remains in one location.
Signed-off-by: Jacob Keller <jacob.keller@gmail.com>
|
|\
| |
| |
| |
| | |
build: Update tap scripts for Python 3 compat
See merge request GNOME/gnome-keyring!4
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces tap-driver and tap-gtester with fresh versions from Cockpit.
https://github.com/cockpit-project/cockpit/pull/9500
https://wiki.gnome.org/Initiatives/GnomeGoals/Python3Porting
Also returned the following commits that are not included in Cockpit:
* 918ab836fd23f9b2c0bf655c7f4f575bffff3189
* 7e75a62e846551c19b9c875f7b237a07ee3b93e1
* 7120f44ceedd5c10802781d64a5829b3c6d8e13f
Maybe they should be upstreamed.
|
| |
|
|\
| |
| |
| |
| | |
gitlab-ci: Switch to fedora:latest from fedora:rawhide
See merge request GNOME/gnome-keyring!3
|
|/ |
|
|\
| |
| |
| |
| | |
ssh-agent: Make public key parsing even robuster
See merge request GNOME/gnome-keyring!2
|
|/
|
|
|
|
|
| |
This amends commit f3f3cc70 to take into account of the fact that the
key type is prefixed to the decoded blob. Suggested by Mantas
Mikulėnas in:
https://bugzilla.gnome.org/show_bug.cgi?id=795699
|
|\
| |
| |
| |
| | |
build: Enable gitlab-ci
See merge request GNOME/gnome-keyring!1
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
This reverts commit fb0d66553753bdc0d700cb5c0bb2803d0690e9ff.
|
|
|
|
|
| |
Potentially fix the busy loop reported in:
https://bugzilla.gnome.org/show_bug.cgi?id=794848
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, _gkd_ssh_agent_parse_public_key() accepted OpenSSH v1
keys, because the second component of the key line looks like a valid
base64 blob:
2048 65537 2444136...
This patch checks that the component is really base64 encoded, by
checking the length is a multiple of 4.
Note that this solution is not perfect, as there could be a key with a
public exponent whose decimal length is multiple of 4. More thorough
approach would be to call ssh-keygen -l on each public key.
https://bugzilla.gnome.org/show_bug.cgi?id=795699
|
|
|
|
| |
(cherry picked from commit d8b6de0c65c4206bc47942963c285d4ee76cf0c6)
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=794631
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=794500
|
|
|
|
|
|
|
| |
This partially reverts the change in 869b5c6d, so as not to display
duplicate words on the password prompt.
https://bugzilla.gnome.org/show_bug.cgi?id=794500
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=794369
|
|
|
|
|
|
|
|
|
| |
Previously, it keeps only one connection to the inferior ssh-agent
process. That prevented simultaneous access to gnome-keyring's
ssh-agent service. With this patch, it always opens a new connection
to the inferior ssh-agent process when a new client connects.
https://bugzilla.gnome.org/show_bug.cgi?id=794369
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When looking up a secret in the login keyring, do not supply any
schema in the criteria, while using "org.freedesktop.Secret.Generic"
as schema when storing it. This is for backward compatibility with
gnome-keyring 2.29, which used "org.gnome.keyring.EncryptionKey" as
schema.
In addtion, use the same label for the newly stored passwords as
before.
https://bugzilla.gnome.org/show_bug.cgi?id=794368
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=794368
|
|
|
|
|
|
|
|
|
|
|
| |
ssh-add fails in certain occasions, such as when the file permissions
of private key is not unsafe. To help diagnostics, propagate the
stderr output from the command to journal.
As the ssh commands send error message with trailing CR for each line,
we need to scrub it so as not to confuse journald.
https://bugzilla.gnome.org/show_bug.cgi?id=794361
|
| |
|
|
|
|
|
|
| |
Split out mock-interaction.c from libegg.la to libegg-test.la.
https://bugzilla.gnome.org/show_bug.cgi?id=794274
|
| |
|
| |
|