diff options
author | Stef Walter <stef@memberwebs.com> | 2009-12-19 22:37:52 +0000 |
---|---|---|
committer | Stef Walter <stef@memberwebs.com> | 2009-12-19 22:37:52 +0000 |
commit | 087c7b561acd00f93e903fa3b7a9f2f26eddfba7 (patch) | |
tree | 3894defa2cb177e7540efb303022cceb78d1f42c | |
parent | d4dc93486a05de3fbcec2fcb0e46add44c311046 (diff) | |
download | gnome-keyring-087c7b561acd00f93e903fa3b7a9f2f26eddfba7.tar.gz |
[daemon] Refactor the startup.
* Add support for initializing seperate parts of daemon separately.
* Add autostart files for various components.
* Use simpler control protocol.
25 files changed, 428 insertions, 381 deletions
diff --git a/configure.in b/configure.in index a4bc774c..3422cd5e 100644 --- a/configure.in +++ b/configure.in @@ -67,9 +67,6 @@ AC_SUBST(GTK_CFLAGS) AC_SUBST(GTK_LIBS) AM_GCONF_SOURCE_2 -PKG_CHECK_MODULES(GCONF, gconf-2.0) -DAEMON_CFLAGS="$DAEMON_CFLAGS $GCONF_CFLAGS" -DAEMON_LIBS="$DAEMON_LIBS $GCONF_LIBS" GETTEXT_PACKAGE=gnome-keyring AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE,"$GETTEXT_PACKAGE", [The gettext domain name]) @@ -549,7 +546,9 @@ AC_SUBST(BINDIR) AC_OUTPUT([ Makefile daemon/Makefile -daemon/gnome-keyring-daemon.desktop.in +daemon/gnome-keyring-pkcs11.desktop.in +daemon/gnome-keyring-secrets.desktop.in +daemon/gnome-keyring-ssh.desktop.in daemon/control/Makefile daemon/control/tests/Makefile daemon/data/Makefile diff --git a/daemon/.gitignore b/daemon/.gitignore index f6d0066f..1fdb2946 100644 --- a/daemon/.gitignore +++ b/daemon/.gitignore @@ -5,9 +5,16 @@ Makefile.in /gnome-keyring-ask /gnome-keyring-daemon /org.gnome.keyring.service -/gnome-keyring-daemon.desktop -/gnome-keyring-daemon.desktop.in +/gnome-keyring-pkcs11.desktop +/gnome-keyring-pkcs11.desktop.in +/gnome-keyring-secrets.desktop +/gnome-keyring-secrets.desktop.in +/gnome-keyring-ssh.desktop +/gnome-keyring-ssh.desktop.in *-marshal.[ch] gnome-keyring-prompt run-auto-test* +/control/tests/test-control-change +/control/tests/test-control-init +/control/tests/test-control-unlock diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 7ddb1f25..1958193e 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -58,7 +58,7 @@ EXTRA_DIST = \ CLEANFILES = \ org.gnome.keyring.service \ $(desktop_DATA) - + servicedir = $(DBUS_SERVICES_DIR) service_in_files = org.gnome.keyring.service.in service_DATA = $(service_in_files:.service.in=.service) @@ -68,7 +68,10 @@ service_PATH = $(VALGRIND_RUN)$(bindir) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@PATH\@|$(service_PATH)|" $< > $@ -desktop_in_files = gnome-keyring-daemon.desktop.in +desktop_in_files = \ + gnome-keyring-pkcs11.desktop.in \ + gnome-keyring-secrets.desktop.in \ + gnome-keyring-ssh.desktop.in desktopdir = $(sysconfdir)/xdg/autostart desktop_DATA = $(desktop_in_files:.desktop.in=.desktop) diff --git a/daemon/control/gkd-control-client.c b/daemon/control/gkd-control-client.c index 43a7cc42..f7ad97e2 100644 --- a/daemon/control/gkd-control-client.c +++ b/daemon/control/gkd-control-client.c @@ -180,7 +180,8 @@ control_chat (const gchar *directory, EggBuffer *buffer) gchar** -gkd_control_initialize (const gchar *directory, const gchar **envp) +gkd_control_initialize (const gchar *directory, const gchar *components, + const gchar **envp) { gchar **env = NULL; EggBuffer buffer; @@ -190,7 +191,8 @@ gkd_control_initialize (const gchar *directory, const gchar **envp) egg_buffer_init_full (&buffer, 128, g_realloc); egg_buffer_add_uint32 (&buffer, 0); - egg_buffer_add_uint32 (&buffer, GNOME_KEYRING_OP_PREPARE_ENVIRONMENT); + egg_buffer_add_uint32 (&buffer, GKD_CONTROL_OP_INITIALIZE); + egg_buffer_add_string (&buffer, components); egg_buffer_add_stringv (&buffer, (const char**)envp); egg_buffer_set_uint32 (&buffer, 0, buffer.len); @@ -200,12 +202,12 @@ gkd_control_initialize (const gchar *directory, const gchar **envp) if (ret) ret = egg_buffer_get_uint32 (&buffer, offset, &offset, &res); - if (ret && res == GNOME_KEYRING_RESULT_OK) + if (ret && res == GKD_CONTROL_RESULT_OK) ret = egg_buffer_get_stringv (&buffer, offset, &offset, &env, g_realloc); egg_buffer_uninit (&buffer); - if (!ret || res != GNOME_KEYRING_RESULT_OK) { + if (!ret || res != GKD_CONTROL_RESULT_OK) { g_message ("couldn't initialize running daemon"); return NULL; } @@ -223,8 +225,7 @@ gkd_control_unlock (const gchar *directory, const gchar *password) egg_buffer_init_full (&buffer, 128, egg_secure_realloc); egg_buffer_add_uint32 (&buffer, 0); - egg_buffer_add_uint32 (&buffer, GNOME_KEYRING_OP_UNLOCK_KEYRING); - egg_buffer_add_string (&buffer, "login"); + egg_buffer_add_uint32 (&buffer, GKD_CONTROL_OP_UNLOCK); egg_buffer_add_string (&buffer, password); egg_buffer_set_uint32 (&buffer, 0, buffer.len); @@ -237,7 +238,7 @@ gkd_control_unlock (const gchar *directory, const gchar *password) egg_buffer_uninit (&buffer); - if (!ret || res != GNOME_KEYRING_RESULT_OK) { + if (!ret || res != GKD_CONTROL_RESULT_OK) { g_message ("couldn't unlock login keyring"); return FALSE; } @@ -256,8 +257,7 @@ gkd_control_change_lock (const gchar *directory, const gchar *original, egg_buffer_init_full (&buffer, 128, egg_secure_realloc); egg_buffer_add_uint32 (&buffer, 0); - egg_buffer_add_uint32 (&buffer, GNOME_KEYRING_OP_CHANGE_KEYRING_PASSWORD); - egg_buffer_add_string (&buffer, "login"); + egg_buffer_add_uint32 (&buffer, GKD_CONTROL_OP_CHANGE); egg_buffer_add_string (&buffer, original); egg_buffer_add_string (&buffer, password); egg_buffer_set_uint32 (&buffer, 0, buffer.len); @@ -271,7 +271,7 @@ gkd_control_change_lock (const gchar *directory, const gchar *original, egg_buffer_uninit (&buffer); - if (!ret || res != GNOME_KEYRING_RESULT_OK) { + if (!ret || res != GKD_CONTROL_RESULT_OK) { g_message ("couldn't change lock on login keyring"); return FALSE; } diff --git a/daemon/control/gkd-control-codes.h b/daemon/control/gkd-control-codes.h index a982c14c..159ac48d 100644 --- a/daemon/control/gkd-control-codes.h +++ b/daemon/control/gkd-control-codes.h @@ -19,53 +19,19 @@ * 02111-1307, USA. */ -#ifndef __GKD_CONTROL_PRIVATE_H__ -#define __GKD_CONTROL_PRIVATE_H__ +#ifndef __GKD_CONTROL_CODES_H__ +#define __GKD_CONTROL_CODES_H__ -/* All the old op codes, most are no longer used */ enum { - GNOME_KEYRING_OP_LOCK_ALL, - GNOME_KEYRING_OP_SET_DEFAULT_KEYRING, - GNOME_KEYRING_OP_GET_DEFAULT_KEYRING, - GNOME_KEYRING_OP_LIST_KEYRINGS, - GNOME_KEYRING_OP_CREATE_KEYRING, - GNOME_KEYRING_OP_LOCK_KEYRING, - GNOME_KEYRING_OP_UNLOCK_KEYRING, - GNOME_KEYRING_OP_DELETE_KEYRING, - GNOME_KEYRING_OP_GET_KEYRING_INFO, - GNOME_KEYRING_OP_SET_KEYRING_INFO, - GNOME_KEYRING_OP_LIST_ITEMS, - GNOME_KEYRING_OP_FIND, - GNOME_KEYRING_OP_CREATE_ITEM, - GNOME_KEYRING_OP_DELETE_ITEM, - GNOME_KEYRING_OP_GET_ITEM_INFO, - GNOME_KEYRING_OP_SET_ITEM_INFO, - GNOME_KEYRING_OP_GET_ITEM_ATTRIBUTES, - GNOME_KEYRING_OP_SET_ITEM_ATTRIBUTES, - GNOME_KEYRING_OP_GET_ITEM_ACL, - GNOME_KEYRING_OP_SET_ITEM_ACL, - GNOME_KEYRING_OP_CHANGE_KEYRING_PASSWORD, - GNOME_KEYRING_OP_SET_DAEMON_DISPLAY, - GNOME_KEYRING_OP_GET_ITEM_INFO_FULL, - GNOME_KEYRING_OP_PREPARE_ENVIRONMENT, - - /* Add new ops here */ - - GNOME_KEYRING_NUM_OPS + GKD_CONTROL_OP_INITIALIZE, + GKD_CONTROL_OP_UNLOCK, + GKD_CONTROL_OP_CHANGE, }; -/* All the old result codes */ enum { - GNOME_KEYRING_RESULT_OK, - GNOME_KEYRING_RESULT_DENIED, - GNOME_KEYRING_RESULT_NO_KEYRING_DAEMON, - GNOME_KEYRING_RESULT_ALREADY_UNLOCKED, - GNOME_KEYRING_RESULT_NO_SUCH_KEYRING, - GNOME_KEYRING_RESULT_BAD_ARGUMENTS, - GNOME_KEYRING_RESULT_IO_ERROR, - GNOME_KEYRING_RESULT_CANCELLED, - GNOME_KEYRING_RESULT_KEYRING_ALREADY_EXISTS, - GNOME_KEYRING_RESULT_NO_MATCH + GKD_CONTROL_RESULT_OK, + GKD_CONTROL_RESULT_DENIED, + GKD_CONTROL_RESULT_FAILED }; -#endif /* __GKD_CONTROL_PRIVATE_H__ */ +#endif /* __GKD_CONTROL_CODES_H__ */ diff --git a/daemon/control/gkd-control-server.c b/daemon/control/gkd-control-server.c index fcb4daaf..db7ea292 100644 --- a/daemon/control/gkd-control-server.c +++ b/daemon/control/gkd-control-server.c @@ -68,85 +68,67 @@ control_data_free (gpointer data) } static guint32 -control_unlock_keyring (EggBuffer *buffer) +control_unlock_login (EggBuffer *buffer) { - gchar *name; gchar *master; gsize offset = 8; guint32 res; - if (!egg_buffer_get_string (buffer, offset, &offset, &name, g_realloc)) - return GNOME_KEYRING_RESULT_BAD_ARGUMENTS; + if (!egg_buffer_get_string (buffer, offset, &offset, &master, egg_secure_realloc)) + return GKD_CONTROL_RESULT_FAILED; - if (!egg_buffer_get_string (buffer, offset, &offset, &master, egg_secure_realloc)) { - g_free (name); - return GNOME_KEYRING_RESULT_BAD_ARGUMENTS; - } - - if (!name || g_str_equal (name, "login")) { - if (gkd_login_unlock (master)) - res = GNOME_KEYRING_RESULT_OK; - else - res = GNOME_KEYRING_RESULT_DENIED; - } else { - g_message ("keyring request not supported"); - res = GNOME_KEYRING_RESULT_NO_SUCH_KEYRING; - } + if (gkd_login_unlock (master)) + res = GKD_CONTROL_RESULT_OK; + else + res = GKD_CONTROL_RESULT_DENIED; egg_secure_strfree (master); - g_free (name); return res; } static guint32 -control_change_keyring_password (EggBuffer *buffer) +control_change_login (EggBuffer *buffer) { gsize offset = 8; guint32 res; - gchar *name; gchar *master; gchar *original; - if (!egg_buffer_get_string (buffer, offset, &offset, &name, g_realloc)) - return GNOME_KEYRING_RESULT_BAD_ARGUMENTS; - if (!egg_buffer_get_string (buffer, offset, &offset, &original, egg_secure_realloc)) { - g_free (name); - return GNOME_KEYRING_RESULT_BAD_ARGUMENTS; + return GKD_CONTROL_RESULT_FAILED; } if (!egg_buffer_get_string (buffer, offset, &offset, &master, egg_secure_realloc)) { egg_secure_strfree (original); - g_free (name); - return GNOME_KEYRING_RESULT_BAD_ARGUMENTS; + return GKD_CONTROL_RESULT_FAILED; } - if (!name || g_str_equal (name, "login")) { - if (gkd_login_change_lock (original, master)) - res = GNOME_KEYRING_RESULT_OK; - else - res = GNOME_KEYRING_RESULT_DENIED; - } else { - g_message ("keyring request not supported"); - res = GNOME_KEYRING_RESULT_NO_SUCH_KEYRING; - } + if (gkd_login_change_lock (original, master)) + res = GKD_CONTROL_RESULT_OK; + else + res = GKD_CONTROL_RESULT_DENIED; egg_secure_strfree (master); egg_secure_strfree (original); - g_free (name); return res; } static guint32 -control_prepare_environment (EggBuffer *buffer) +control_initialize_components (EggBuffer *buffer) { + gchar *components; gchar **environment, **e; gsize offset = 8; gchar *x; int i; - if (!egg_buffer_get_stringv (buffer, offset, &offset, &environment, g_realloc)) - return GNOME_KEYRING_RESULT_BAD_ARGUMENTS; + if (!egg_buffer_get_string (buffer, offset, &offset, &components, g_realloc)) + return GKD_CONTROL_RESULT_FAILED; + + if (!egg_buffer_get_stringv (buffer, offset, &offset, &environment, g_realloc)) { + g_free (components); + return GKD_CONTROL_RESULT_FAILED; + } /* Accept environment from outside */ for (e = environment; *e; ++e) { @@ -169,8 +151,10 @@ control_prepare_environment (EggBuffer *buffer) * We've now definitely received everything we need to run. Ask * the daemon to complete the initialization. */ - gkd_main_complete_initialization (); - return GNOME_KEYRING_RESULT_OK; + gkd_main_complete_initialization (components); + g_free (components); + + return GKD_CONTROL_RESULT_OK; } static gboolean @@ -213,21 +197,20 @@ control_process (EggBuffer *req, GIOChannel *channel) } switch (op) { - case GNOME_KEYRING_OP_CREATE_KEYRING: - case GNOME_KEYRING_OP_UNLOCK_KEYRING: - res = control_unlock_keyring (req); + case GKD_CONTROL_OP_UNLOCK: + res = control_unlock_login (req); cdata = control_data_new (); egg_buffer_add_uint32 (&cdata->buffer, 0); egg_buffer_add_uint32 (&cdata->buffer, res); break; - case GNOME_KEYRING_OP_CHANGE_KEYRING_PASSWORD: - res = control_change_keyring_password (req); + case GKD_CONTROL_OP_CHANGE: + res = control_change_login (req); cdata = control_data_new (); egg_buffer_add_uint32 (&cdata->buffer, 0); egg_buffer_add_uint32 (&cdata->buffer, res); break; - case GNOME_KEYRING_OP_PREPARE_ENVIRONMENT: - res = control_prepare_environment (req); + case GKD_CONTROL_OP_INITIALIZE: + res = control_initialize_components (req); cdata = control_data_new (); egg_buffer_add_uint32 (&cdata->buffer, 0); egg_buffer_add_uint32 (&cdata->buffer, res); diff --git a/daemon/control/gkd-control.h b/daemon/control/gkd-control.h index 796dd6b5..d7f7e66f 100644 --- a/daemon/control/gkd-control.h +++ b/daemon/control/gkd-control.h @@ -27,6 +27,7 @@ gboolean gkd_control_listen (void); gchar** gkd_control_initialize (const gchar *directory, + const gchar *components, const gchar **env); gboolean gkd_control_unlock (const gchar *directory, diff --git a/daemon/control/tests/Makefile.am b/daemon/control/tests/Makefile.am index 36f9e24e..78f8ae8e 100644 --- a/daemon/control/tests/Makefile.am +++ b/daemon/control/tests/Makefile.am @@ -12,25 +12,35 @@ LIBS = \ $(P11_TESTS_LIBS) noinst_PROGRAMS= \ - test-control-unlock \ - test-control-change + test-control-change \ + test-control-init \ + test-control-unlock # ------------------------------------------------------------------------------ # Test unlocking the login keyring -test_control_unlock_SOURCES = \ - test-control-unlock.c +test_control_change_SOURCES = \ + test-control-change.c -test_control_unlock_LDADD = \ +test_control_change_LDADD = \ $(top_builddir)/daemon/control/libgkd-control-client.la \ $(top_builddir)/egg/libegg-buffer.la \ $(top_builddir)/egg/libegg-creds.la \ $(top_builddir)/egg/libegg-secure.la -test_control_change_SOURCES = \ - test-control-change.c +test_control_init_SOURCES = \ + test-control-init.c -test_control_change_LDADD = \ +test_control_init_LDADD = \ + $(top_builddir)/daemon/control/libgkd-control-client.la \ + $(top_builddir)/egg/libegg-buffer.la \ + $(top_builddir)/egg/libegg-creds.la \ + $(top_builddir)/egg/libegg-secure.la + +test_control_unlock_SOURCES = \ + test-control-unlock.c + +test_control_unlock_LDADD = \ $(top_builddir)/daemon/control/libgkd-control-client.la \ $(top_builddir)/egg/libegg-buffer.la \ $(top_builddir)/egg/libegg-creds.la \ diff --git a/daemon/control/tests/test-control-change b/daemon/control/tests/test-control-change Binary files differdeleted file mode 100755 index 1c781233..00000000 --- a/daemon/control/tests/test-control-change +++ /dev/null diff --git a/daemon/control/tests/test-control-init.c b/daemon/control/tests/test-control-init.c new file mode 100644 index 00000000..c059477a --- /dev/null +++ b/daemon/control/tests/test-control-init.c @@ -0,0 +1,30 @@ + +#include "control/gkd-control.h" +#include "tests/gtest-helpers.h" + +#include <pwd.h> +#include <stdlib.h> +#include <unistd.h> + +static int +run (void) +{ + const char *directory; + const gchar *env[] = { NULL }; + gchar **envp, **e; + + directory = g_getenv ("GNOME_KEYRING_CONTROL"); + g_return_val_if_fail (directory, 1); + + envp = gkd_control_initialize (directory, "pkcs11,ssh,secret", env); + if (envp == NULL) + return 1; + + for (e = envp; *e; ++e) + g_printerr ("%s\n", *e); + g_strfreev (envp); + + return 0; +} + +#include "tests/gtest-helpers.c" diff --git a/daemon/control/tests/test-control-unlock b/daemon/control/tests/test-control-unlock Binary files differdeleted file mode 100755 index 90767609..00000000 --- a/daemon/control/tests/test-control-unlock +++ /dev/null diff --git a/daemon/data/gnome-keyring.schemas.in b/daemon/data/gnome-keyring.schemas.in index 18ee14a9..f0e845f6 100644 --- a/daemon/data/gnome-keyring.schemas.in +++ b/daemon/data/gnome-keyring.schemas.in @@ -1,16 +1,16 @@ <gconfschemafile> <schemalist> <schema> - <key>/schemas/apps/gnome-keyring/daemon-components/ssh</key> - <applyto>/apps/gnome-keyring/daemon-components/ssh</applyto> + <key>/schemas/apps/gnome-keyring/daemon-components/secrets</key> + <applyto>/apps/gnome-keyring/daemon-components/secrets</applyto> <owner>gnome-keyring</owner> <type>bool</type> <default>TRUE</default> <locale name="C"> - <short>Whether the gnome-keyring SSH agent is enabled.</short> - <long>This option enables the SSH agent in the gnome-keyring - daemon. It only takes effect as gnome-keyring-daemon starts, - (ie: when the user logs in). This setting may be overridden + <short>Whether the gnome-keyring secret service is enabled.</short> + <long>This option enables the secret service component in the gnome-keyring + daemon. It only takes effect during startup with gnome-session, + (ie: when the user logs in). This setting may be overridden when certain command line arguments are passed to the daemon.</long> </locale> </schema> @@ -22,9 +22,23 @@ <default>TRUE</default> <locale name="C"> <short>Whether the gnome-keyring PKCS#11 component is enabled.</short> - <long>This option enables the PKCS#11 component in the gnome-keyring - daemon. It only takes effect as gnome-keyring-daemon starts, - (ie: when the user logs in). This setting may be overridden + <long>This option enables the PKCS#11 component in the gnome-keyring + daemon. It only takes effect during startup with gnome-session, + (ie: when the user logs in). This setting may be overridden + when certain command line arguments are passed to the daemon.</long> + </locale> + </schema> + <schema> + <key>/schemas/apps/gnome-keyring/daemon-components/ssh</key> + <applyto>/apps/gnome-keyring/daemon-components/ssh</applyto> + <owner>gnome-keyring</owner> + <type>bool</type> + <default>TRUE</default> + <locale name="C"> + <short>Whether the gnome-keyring SSH agent is enabled.</short> + <long>This option enables the SSH agent in the gnome-keyring + daemon. It only takes effect as gnome-keyring-daemon starts, + (ie: when the user logs in). This setting may be overridden when certain command line arguments are passed to the daemon.</long> </locale> </schema> diff --git a/daemon/dbus/gkd-dbus-environment.c b/daemon/dbus/gkd-dbus-environment.c index 3513e312..b1fa0337 100644 --- a/daemon/dbus/gkd-dbus-environment.c +++ b/daemon/dbus/gkd-dbus-environment.c @@ -58,56 +58,72 @@ on_setenv_reply (DBusPendingCall *pending, void *user_data) dbus_message_unref (reply); } -void -gkd_dbus_environment_init (DBusConnection *conn) +static void +setenv_request (DBusConnection *conn, const gchar *env) { DBusPendingCall *pending = NULL; DBusError derr = DBUS_ERROR_INIT; DBusMessage *msg; - const gchar **envp; const gchar *value; gchar *name; + /* Find the value part of the environment variable */ + value = strchr (env, '='); + if (!value) + return; + + name = g_strndup (env, value - env); + ++value; + + msg = dbus_message_new_method_call (SERVICE_SESSION_MANAGER, + PATH_SESSION_MANAGER, + IFACE_SESSION_MANAGER, + "Setenv"); + g_return_if_fail (msg); + + if (!dbus_message_append_args (msg, DBUS_TYPE_STRING, &name, + DBUS_TYPE_STRING, &value, + DBUS_TYPE_INVALID)) + g_return_if_reached (); + + g_free (name); + value = name = NULL; + + /* Send message and get a handle for a reply */ + dbus_connection_send_with_reply (conn, msg, &pending, -1); + dbus_message_unref (msg); + if (pending) { + dbus_pending_call_set_notify (pending, on_setenv_reply, NULL, NULL); + dbus_pending_call_unref (pending); + } else { + g_warning ("couldn't send dbus message: %s", + derr.message ? derr.message : ""); + dbus_error_free (&derr); + } +} + +static void +on_watch_environment (gpointer data, gpointer user_data) +{ + DBusConnection *conn = user_data; + const gchar *env = data; + setenv_request (conn, env); +} + +void +gkd_dbus_environment_init (DBusConnection *conn) +{ + const gchar **envp; + /* * The list of all environment variables registered by * various components in the daemon. */ envp = gkd_util_get_environment (); - for (; *envp; ++envp) { - - /* Find the value part of the environment variable */ - value = strchr (*envp, '='); - if (!value) - continue; - - name = g_strndup (*envp, value - *envp); - ++value; - - msg = dbus_message_new_method_call (SERVICE_SESSION_MANAGER, - PATH_SESSION_MANAGER, - IFACE_SESSION_MANAGER, - "Setenv"); - g_return_if_fail (msg); - - if (!dbus_message_append_args (msg, DBUS_TYPE_STRING, &name, - DBUS_TYPE_STRING, &value, - DBUS_TYPE_INVALID)) - g_return_if_reached (); - - g_free (name); - value = name = NULL; - - /* Send message and get a handle for a reply */ - dbus_connection_send_with_reply (conn, msg, &pending, -1); - dbus_message_unref (msg); - if (pending) { - dbus_pending_call_set_notify (pending, on_setenv_reply, NULL, NULL); - dbus_pending_call_unref (pending); - } else { - g_warning ("couldn't send dbus message: %s", - derr.message ? derr.message : ""); - dbus_error_free (&derr); - } - } + for (; *envp; ++envp) + setenv_request (conn, *envp); + + gkd_util_watch_environment (on_watch_environment, dbus_connection_ref (conn), + (GDestroyNotify)dbus_connection_unref); } diff --git a/daemon/dbus/gkd-dbus-secrets.c b/daemon/dbus/gkd-dbus-secrets.c index 68ab9f7a..277e9c56 100644 --- a/daemon/dbus/gkd-dbus-secrets.c +++ b/daemon/dbus/gkd-dbus-secrets.c @@ -23,13 +23,17 @@ #include "config.h" +#include "gkd-dbus.h" #include "gkd-dbus-private.h" #include "gkd-secret-service.h" #include "daemon/pkcs11/gkd-pkcs11.h" +#include "egg/egg-cleanup.h" + #include "gp11/gp11.h" +static DBusConnection *dbus_conn = NULL; static GkdSecretService *secrets_service = NULL; static GP11Slot* @@ -62,19 +66,21 @@ calculate_secrets_slot (void) return slot; } -void -gkd_dbus_secrets_init (DBusConnection *conn) +gboolean +gkd_dbus_secrets_startup (void) { DBusError error = DBUS_ERROR_INIT; dbus_uint32_t result = 0; GP11Slot *slot; + g_return_val_if_fail (dbus_conn, FALSE); + /* Figure out which slot to use */ slot = calculate_secrets_slot (); - g_return_if_fail (slot); + g_return_val_if_fail (slot, FALSE); /* Try and grab our name */ - result = dbus_bus_request_name (conn, SECRET_SERVICE, 0, &error); + result = dbus_bus_request_name (dbus_conn, SECRET_SERVICE, 0, &error); if (dbus_error_is_set (&error)) { g_message ("couldn't request name '%s' on session bus: %s", SECRET_SERVICE, error.message); @@ -89,7 +95,7 @@ gkd_dbus_secrets_init (DBusConnection *conn) /* We already acquired the service name. Odd */ case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER: - g_return_if_reached (); + g_return_val_if_reached (FALSE); break; /* Another daemon is running */ @@ -99,16 +105,32 @@ gkd_dbus_secrets_init (DBusConnection *conn) break; default: - g_return_if_reached (); + g_return_val_if_reached (FALSE); break; }; } - g_return_if_fail (!secrets_service); + g_return_val_if_fail (!secrets_service, FALSE); secrets_service = g_object_new (GKD_SECRET_TYPE_SERVICE, - "connection", conn, "pkcs11-slot", slot, NULL); + "connection", dbus_conn, "pkcs11-slot", slot, NULL); g_object_unref (slot); + return TRUE; +} + +static void +cleanup_dbus_conn (gpointer unused) +{ + g_assert (dbus_conn); + dbus_connection_unref (dbus_conn); + dbus_conn = NULL; +} + +void +gkd_dbus_secrets_init (DBusConnection *conn) +{ + dbus_conn = dbus_connection_ref (conn); + egg_cleanup_register (cleanup_dbus_conn, NULL); } void diff --git a/daemon/dbus/gkd-dbus.h b/daemon/dbus/gkd-dbus.h index 77283e29..ed201388 100644 --- a/daemon/dbus/gkd-dbus.h +++ b/daemon/dbus/gkd-dbus.h @@ -24,6 +24,10 @@ #ifndef GKD_DBUS_H #define GKD_DBUS_H -void gkd_dbus_setup (void); +#include <glib.h> + +void gkd_dbus_setup (void); + +gboolean gkd_dbus_secrets_startup (void); #endif /* GKD_DBUS_H */ diff --git a/daemon/gkd-main.c b/daemon/gkd-main.c index f88362f9..e1455b49 100644 --- a/daemon/gkd-main.c +++ b/daemon/gkd-main.c @@ -59,9 +59,6 @@ #include <glib.h> #include <glib/gi18n.h> -#include <gconf/gconf.h> -#include <gconf/gconf-client.h> - #include <gcrypt.h> /* preset file descriptors */ @@ -77,18 +74,22 @@ * COMMAND LINE */ -/* All the components to run on startup if not set in gconf */ +/* All the components to run on startup if not specified on command line */ #ifdef WITH_SSH -#define DEFAULT_COMPONENTS "ssh,pkcs11" +#define DEFAULT_COMPONENTS "pkcs11,secrets,ssh" #else -#define DEFAULT_COMPONENTS "pkcs11" +#define DEFAULT_COMPONENTS "pkcs11,secrets" #endif +static gchar* run_components = DEFAULT_COMPONENTS; +static gboolean pkcs11_started = FALSE; +static gboolean secrets_started = FALSE; +static gboolean ssh_started = FALSE; + static gboolean run_foreground = FALSE; static gboolean run_daemonized = FALSE; static gboolean run_for_login = FALSE; static gboolean run_for_start = FALSE; -static gchar* run_components = NULL; static gchar* login_password = NULL; static const gchar* control_directory = NULL; static gboolean initialization_completed = FALSE; @@ -125,8 +126,9 @@ parse_arguments (int *argc, char** argv[]) g_clear_error (&err); } - /* Take ownership of the string */ - if (run_components) { + if (!run_components || !run_components[0]) { + run_components = DEFAULT_COMPONENTS; + } else { run_components = g_strdup (run_components); egg_cleanup_register (g_free, run_components); } @@ -140,71 +142,6 @@ parse_arguments (int *argc, char** argv[]) g_option_context_free (context); } -static gboolean -check_conf_component (const gchar* component, gboolean *enabled) -{ - GConfClient *client; - GConfValue *value; - GError *err = NULL; - gchar *key; - - *enabled = FALSE; - - client = gconf_client_get_default (); - g_return_val_if_fail (client, FALSE); - - key = g_strdup_printf ("/apps/gnome-keyring/daemon-components/%s", component); - value = gconf_client_get (client, key, &err); - g_free (key); - g_object_unref (client); - - if (err) { - g_printerr ("gnome-keyring-daemon: couldn't lookup %s component setting: %s", - component, err->message ? err->message : ""); - g_clear_error (&err); - return FALSE; - } - - /* Value is unset */ - if (!value) - return FALSE; - - /* Should be a list of type string */ - if (value->type != GCONF_VALUE_BOOL) { - g_printerr ("gnome-keyring-daemon: bad gconf value type for daemon-components"); - g_clear_error (&err); - gconf_value_free (value); - return FALSE; - } - - *enabled = gconf_value_get_bool (value); - gconf_value_free (value); - return TRUE; -} - -static gboolean -check_run_component (const char* component) -{ - const gchar *run = run_components; - gboolean enabled; - - if (run == NULL) { - - /* Use gconf to determine whether the component should be enabled */ - if (check_conf_component (component, &enabled)) - return enabled; - - /* No gconf, error or unset, use built in defaults */ - run = DEFAULT_COMPONENTS; - } - - /* - * Note that this assumes that no components are substrings of - * one another. Which makes things quick, and simple. - */ - return strstr (run, component) ? TRUE : FALSE; -} - /* ----------------------------------------------------------------------------- * MEMORY */ @@ -527,7 +464,8 @@ start_or_initialize_daemon (const gchar *directory) /* Exchange environment variables, and try to initialize daemon */ ourenv = gkd_util_build_environment (GKD_UTIL_IN_ENVIRONMENT); - daemonenv = gkd_control_initialize (directory, (const gchar**)ourenv); + daemonenv = gkd_control_initialize (directory, run_components, + (const gchar**)ourenv); g_strfreev (ourenv); /* Initialization failed, start this process up as a daemon */ @@ -626,63 +564,105 @@ fork_and_print_environment (void) } static gboolean -gkr_daemon_startup_steps (void) +gkr_daemon_startup_steps (const gchar *components) { - /* Startup the appropriate components, creates sockets etc.. */ + g_assert (components); + + /* + * Startup that must run before forking. + * Note that we set initialized flags early so that two + * initializations don't overlap + */ + #ifdef WITH_SSH - if (check_run_component ("ssh")) { - if (!gkd_pkcs11_startup_ssh ()) - return FALSE; + if (strstr (components, "ssh")) { + if (ssh_started) { + g_message ("The SSH agent was already initialized"); + } else { + ssh_started = TRUE; + if (!gkd_pkcs11_startup_ssh ()) { + ssh_started = FALSE; + return FALSE; + } + } } #endif - if (check_run_component ("pkcs11")) { - if (!gkd_pkcs11_startup_pkcs11 ()) - return FALSE; - } - - initialization_completed = TRUE; return TRUE; } static gboolean -gkr_daemon_initialize_steps (void) +gkr_daemon_initialize_steps (const gchar *components) { - /* Initialize new style PKCS#11 components */ - if (!gkd_pkcs11_initialize ()) - return FALSE; + g_assert (components); /* - * Unlock the login keyring if we were given a password on STDIN. - * If it does not exist. We create it. + * Startup that can run after forking. + * Note that we set initialized flags early so that two + * initializations don't overlap */ - if (login_password) { - if (!gkd_login_unlock (login_password)) - g_message ("Failed to unlock login on startup"); - egg_secure_strclear (login_password); + + if (!initialization_completed) { + initialization_completed = TRUE; + + /* Initialize new style PKCS#11 components */ + if (!gkd_pkcs11_initialize ()) + return FALSE; + + /* + * Unlock the login keyring if we were given a password on STDIN. + * If it does not exist. We create it. + */ + if (login_password) { + if (!gkd_login_unlock (login_password)) + g_message ("Failed to unlock login on startup"); + egg_secure_strclear (login_password); + } + + gkd_dbus_setup (); + } + + /* The Secret Service API */ + if (strstr (components, "secret") || strstr (components, "keyring")) { + if (secrets_started) { + g_message ("The Secret Service was already initialized"); + } else { + secrets_started = TRUE; + if (!gkd_dbus_secrets_startup ()) { + secrets_started = FALSE; + return FALSE; + } + } + } + + /* The PKCS#11 remoting */ + if (strstr (components, "pkcs11")) { + if (pkcs11_started) { + g_message ("The PKCS#11 component was already initialized"); + } else { + pkcs11_started = TRUE; + if (!gkd_pkcs11_startup_pkcs11 ()) { + pkcs11_started = FALSE; + return FALSE; + } + } } - gkd_dbus_setup (); return TRUE; } void -gkd_main_complete_initialization (void) +gkd_main_complete_initialization (const gchar *components) { + g_assert (components); + /* * Sometimes we don't initialize the full daemon right on * startup. When run with --login is one such case. */ - if (initialization_completed) { - g_message ("The daemon was already initialized."); - return; - } - - /* Set this early so that two initializations don't overlap */ - initialization_completed = TRUE; - gkr_daemon_startup_steps (); - gkr_daemon_initialize_steps (); + gkr_daemon_startup_steps (components); + gkr_daemon_initialize_steps (components); } int @@ -695,8 +675,8 @@ main (int argc, char *argv[]) * The gnome-keyring startup is not as simple as I wish it could be. * * It's often started in the primidoral stages of a session, where - * there's no DBus, no GConf, and no proper X display. This is the - * strange world of PAM. + * there's no DBus, and no proper X display. This is the strange world + * of PAM. * * When started with the --login option, we do as little initialization * as possible. We expect a login password on the stdin, and unlock @@ -765,7 +745,7 @@ main (int argc, char *argv[]) /* Not a login daemon. Startup stuff now.*/ } else { /* These are things that can run before forking */ - if (!gkr_daemon_startup_steps ()) + if (!gkr_daemon_startup_steps (run_components)) cleanup_and_exit (1); } @@ -779,18 +759,7 @@ main (int argc, char *argv[]) /* Remainder initialization after forking, if initialization not delayed */ if (!run_for_login) { - initialization_completed = TRUE; - gkr_daemon_initialize_steps (); - } - - /* - * Unlock the login keyring if we were given a password on STDIN. - * If it does not exist. We create it. - */ - if (login_password) { - if (!gkd_login_unlock (login_password)) - g_message ("Failed to unlock login on startup"); - egg_secure_strclear (login_password); + gkr_daemon_initialize_steps (run_components); } g_main_loop_run (loop); diff --git a/daemon/gkd-main.h b/daemon/gkd-main.h index 4b14f4db..d3827552 100644 --- a/daemon/gkd-main.h +++ b/daemon/gkd-main.h @@ -24,8 +24,8 @@ #include <glib.h> -void gkd_main_quit (void); +void gkd_main_quit (void); -void gkd_main_complete_initialization (void); +void gkd_main_complete_initialization (const gchar *components); #endif /* GKD_MAIN_H_ */ diff --git a/daemon/gkd-util.c b/daemon/gkd-util.c index 23e61440..83e9ee38 100644 --- a/daemon/gkd-util.c +++ b/daemon/gkd-util.c @@ -72,6 +72,10 @@ const gchar *GKD_UTIL_IN_ENVIRONMENT[] = { static gchar* master_directory = NULL; static GArray* published_environ = NULL; +static GFunc watch_environ = NULL; +static gpointer watch_user_data = NULL; +static GDestroyNotify watch_destroy_notify = NULL; + static void uninit_master_directory (gpointer data) { @@ -148,6 +152,12 @@ uninit_environment (gpointer data) } published_environ = NULL; + + if (watch_destroy_notify && watch_user_data) + (watch_destroy_notify) (watch_user_data); + watch_user_data = NULL; + watch_destroy_notify = NULL; + watch_environ = NULL; } static void @@ -168,6 +178,9 @@ gkd_util_push_environment (const gchar *name, const gchar *value) env = g_strdup_printf ("%s=%s", name, value); g_array_append_val (published_environ, env); + + if (watch_environ) + (watch_environ) (env, watch_user_data); } void @@ -180,6 +193,9 @@ gkd_util_push_environment_full (const gchar *var) env = g_strdup (var); g_array_append_val (published_environ, env); + + if (watch_environ) + (watch_environ) (env, watch_user_data); } const gchar** @@ -189,6 +205,18 @@ gkd_util_get_environment (void) return (const gchar**)published_environ->data; } +void +gkd_util_watch_environment (GFunc func, gpointer user_data, + GDestroyNotify destroy_notify) +{ + g_return_if_fail (func); + g_return_if_fail (!watch_environ); + + watch_environ = func; + watch_user_data = user_data; + watch_destroy_notify = destroy_notify; +} + gchar** gkd_util_build_environment (const gchar **names) { diff --git a/daemon/gkd-util.h b/daemon/gkd-util.h index d17bd2b9..fc88c51f 100644 --- a/daemon/gkd-util.h +++ b/daemon/gkd-util.h @@ -35,10 +35,15 @@ void gkd_util_init_master_directory (const gchar *replace); const gchar* gkd_util_get_master_directory (void); -void gkd_util_push_environment (const gchar *name, const gchar *value); +void gkd_util_push_environment (const gchar *name, + const gchar *value); void gkd_util_push_environment_full (const gchar *env); +void gkd_util_watch_environment (GFunc func, + gpointer user_data, + GDestroyNotify destroy_notify); + const gchar** gkd_util_get_environment (void); gchar** gkd_util_build_environment (const gchar **names); diff --git a/daemon/gnome-keyring-pkcs11.desktop.in.in b/daemon/gnome-keyring-pkcs11.desktop.in.in new file mode 100644 index 00000000..ecc361ff --- /dev/null +++ b/daemon/gnome-keyring-pkcs11.desktop.in.in @@ -0,0 +1,14 @@ +[Desktop Entry] +Type=Application +_Name=Certificate and Key Storage +_Comment=GNOME Keyring: PKCS#11 Component +Exec=@VALGRIND_RUN@ gnome-keyring-daemon --start --components=pkcs11 +OnlyShowIn=GNOME; +AutostartCondition=GNOME /apps/gnome-keyring/daemon-components/pkcs11 +X-GNOME-Autostart-Phase=Initialization +X-GNOME-AutoRestart=false +X-GNOME-Autostart-Notify=true +X-GNOME-Bugzilla-Bugzilla=GNOME +X-GNOME-Bugzilla-Product=gnome-keyring +X-GNOME-Bugzilla-Component=general +X-GNOME-Bugzilla-Version=@VERSION@ diff --git a/daemon/gnome-keyring-secrets.desktop.in.in b/daemon/gnome-keyring-secrets.desktop.in.in new file mode 100644 index 00000000..c81a05f6 --- /dev/null +++ b/daemon/gnome-keyring-secrets.desktop.in.in @@ -0,0 +1,14 @@ +[Desktop Entry] +Type=Application +_Name=Secret Storage Service +_Comment=GNOME Keyring: Secret Service +Exec=@VALGRIND_RUN@ gnome-keyring-daemon --start --components=secrets +OnlyShowIn=GNOME; +AutostartCondition=GNOME /apps/gnome-keyring/daemon-components/secrets +X-GNOME-Autostart-Phase=Initialization +X-GNOME-AutoRestart=false +X-GNOME-Autostart-Notify=true +X-GNOME-Bugzilla-Bugzilla=GNOME +X-GNOME-Bugzilla-Product=gnome-keyring +X-GNOME-Bugzilla-Component=general +X-GNOME-Bugzilla-Version=@VERSION@ diff --git a/daemon/gnome-keyring-daemon.desktop.in.in b/daemon/gnome-keyring-ssh.desktop.in.in index c4a653fc..5f6cb040 100644 --- a/daemon/gnome-keyring-daemon.desktop.in.in +++ b/daemon/gnome-keyring-ssh.desktop.in.in @@ -1,8 +1,10 @@ [Desktop Entry] Type=Application -_Name=GNOME Keyring Daemon -Exec=@VALGRIND_RUN@ gnome-keyring-daemon --start +_Name=SSH Key Agent +_Comment=GNOME Keyring: SSH Agent +Exec=@VALGRIND_RUN@ gnome-keyring-daemon --start --components=ssh OnlyShowIn=GNOME; +AutostartCondition=GNOME /apps/gnome-keyring/daemon-components/ssh X-GNOME-Autostart-Phase=Initialization X-GNOME-AutoRestart=false X-GNOME-Autostart-Notify=true diff --git a/daemon/org.gnome.keyring.service.in b/daemon/org.gnome.keyring.service.in index 84541c6f..04dc017e 100644 --- a/daemon/org.gnome.keyring.service.in +++ b/daemon/org.gnome.keyring.service.in @@ -1,3 +1,3 @@ [D-BUS Service] Name=org.gnome.keyring -Exec=@PATH@/gnome-keyring-daemon --start --foreground --components=keyring +Exec=@PATH@/gnome-keyring-daemon --start --foreground --components=secrets diff --git a/pam/gkr-pam-client.c b/pam/gkr-pam-client.c index 0d441aec..f505c3f3 100644 --- a/pam/gkr-pam-client.c +++ b/pam/gkr-pam-client.c @@ -221,7 +221,7 @@ write_part (int fd, const unsigned char *data, int len, int *res) assert (res); /* Already an error present */ - if (*res != GNOME_KEYRING_RESULT_OK) + if (*res != GKD_CONTROL_RESULT_OK) return; assert (data); @@ -233,7 +233,7 @@ write_part (int fd, const unsigned char *data, int len, int *res) continue; syslog (GKR_LOG_ERR, "couldn't send data to gnome-keyring-daemon: %s", strerror (errno)); - *res = GNOME_KEYRING_RESULT_IO_ERROR; + *res = GKD_CONTROL_RESULT_FAILED; return; } data += r; @@ -272,7 +272,7 @@ read_part (int fd, unsigned char *data, int len) static int keyring_daemon_op (const char *control, int op, int argc, const char* argv[]) { - int ret = GNOME_KEYRING_RESULT_OK; + int ret = GKD_CONTROL_RESULT_OK; unsigned char buf[4]; int i, sock = -1; uint oplen, l; @@ -284,9 +284,7 @@ keyring_daemon_op (const char *control, int op, int argc, const char* argv[]) * and an empty (only result code) return. */ - assert (op == GNOME_KEYRING_OP_UNLOCK_KEYRING || - op == GNOME_KEYRING_OP_CREATE_KEYRING || - op == GNOME_KEYRING_OP_CHANGE_KEYRING_PASSWORD); + assert (op == GKD_CONTROL_OP_CHANGE || op == GKD_CONTROL_OP_UNLOCK); sock = connect_to_daemon (control); if (sock < 0) { @@ -317,12 +315,12 @@ keyring_daemon_op (const char *control, int op, int argc, const char* argv[]) write_part (sock, (unsigned char*)argv[i], l, &ret); } - if (ret != GNOME_KEYRING_RESULT_OK) + if (ret != GKD_CONTROL_RESULT_OK) goto done; /* Read the response length */ if (read_part (sock, buf, 4) != 4) { - ret = GNOME_KEYRING_RESULT_IO_ERROR; + ret = GKD_CONTROL_RESULT_FAILED; goto done; } @@ -330,12 +328,12 @@ keyring_daemon_op (const char *control, int op, int argc, const char* argv[]) l = egg_buffer_decode_uint32 (buf); if (l != 8) { syslog (GKR_LOG_ERR, "invalid length response from gnome-keyring-daemon: %d", l); - ret = GNOME_KEYRING_RESULT_IO_ERROR; + ret = GKD_CONTROL_RESULT_FAILED; goto done; } if (read_part (sock, buf, 4) != 4) { - ret = GNOME_KEYRING_RESULT_IO_ERROR; + ret = GKD_CONTROL_RESULT_FAILED; goto done; } ret = egg_buffer_decode_uint32 (buf); @@ -380,7 +378,7 @@ gkr_pam_client_run_operation (struct passwd *pwd, const char *control, case -1: syslog (GKR_LOG_ERR, "gkr-pam: couldn't fork: %s", strerror (errno)); - res = GNOME_KEYRING_RESULT_IO_ERROR; + res = GKD_CONTROL_RESULT_FAILED; break; case 0: @@ -389,7 +387,7 @@ gkr_pam_client_run_operation (struct passwd *pwd, const char *control, setegid (pwd->pw_gid) < 0 || seteuid (pwd->pw_uid) < 0) { syslog (GKR_LOG_ERR, "gkr-pam: couldn't switch to user: %s: %s", pwd->pw_name, strerror (errno)); - exit (GNOME_KEYRING_RESULT_IO_ERROR); + exit (GKD_CONTROL_RESULT_FAILED); } res = keyring_daemon_op (control, op, argc, argv); @@ -401,7 +399,7 @@ gkr_pam_client_run_operation (struct passwd *pwd, const char *control, if (wait (&status) != pid) { syslog (GKR_LOG_ERR, "gkr-pam: couldn't wait on child process: %s", strerror (errno)); - res = GNOME_KEYRING_RESULT_IO_ERROR; + res = GKD_CONTROL_RESULT_FAILED; } res = WEXITSTATUS (status); diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c index 4e561fd9..bf3c844d 100644 --- a/pam/gkr-pam-module.c +++ b/pam/gkr-pam-module.c @@ -66,8 +66,6 @@ enum { ARG_USE_AUTHTOK = 1 << 2 }; -#define LOGIN_KEYRING "login" - #define ENV_CONTROL "GNOME_KEYRING_CONTROL" #define ENV_PID "GNOME_KEYRING_PID" @@ -644,37 +642,6 @@ done: } static int -create_keyring (pam_handle_t *ph, struct passwd *pwd, const char *password) -{ - const char *control; - int res; - const char *argv[2]; - - assert (pwd); - assert (password); - - control = get_any_env (ph, ENV_CONTROL); - if (!control) { - syslog (GKR_LOG_WARN, "gkr-pam: couldn't create '%s' keyring: %s", - LOGIN_KEYRING, "gnome-keyring-daemon is not running"); - return PAM_SERVICE_ERR; - } - - argv[0] = LOGIN_KEYRING; - argv[1] = password; - - res = gkr_pam_client_run_operation (pwd, control, GNOME_KEYRING_OP_CREATE_KEYRING, 2, argv); - if (res != GNOME_KEYRING_RESULT_OK) { - syslog (GKR_LOG_ERR, "gkr-pam: couldn't create '%s' keyring: %d", LOGIN_KEYRING, res); - return PAM_SERVICE_ERR; - } - - - syslog (GKR_LOG_NOTICE, "gkr-pam: created '%s' keyring", LOGIN_KEYRING); - return PAM_SUCCESS; -} - -static int unlock_keyring (pam_handle_t *ph, struct passwd *pwd, const char *password) { const char *control; @@ -686,27 +653,25 @@ unlock_keyring (pam_handle_t *ph, struct passwd *pwd, const char *password) control = get_any_env (ph, ENV_CONTROL); if (!control) { - syslog (GKR_LOG_WARN, "gkr-pam: couldn't unlock '%s' keyring: %s", - LOGIN_KEYRING, "gnome-keyring-daemon is not running"); + syslog (GKR_LOG_WARN, "gkr-pam: couldn't unlock login keyring: %s", + "gnome-keyring-daemon is not running"); return PAM_SERVICE_ERR; } - argv[0] = LOGIN_KEYRING; - argv[1] = password; - - res = gkr_pam_client_run_operation (pwd, control, GNOME_KEYRING_OP_UNLOCK_KEYRING, 2, argv); + argv[0] = password; - /* 'login' keyring doesn't exist, create it */ - if (res == GNOME_KEYRING_RESULT_NO_SUCH_KEYRING) { - return create_keyring (ph, pwd, password); + res = gkr_pam_client_run_operation (pwd, control, GKD_CONTROL_OP_UNLOCK, 1, argv); /* An error unlocking */ - } else if (res != GNOME_KEYRING_RESULT_OK) { - syslog (GKR_LOG_ERR, "gkr-pam: couldn't unlock '%s' keyring: %d", LOGIN_KEYRING, res); + if (res == GKD_CONTROL_RESULT_DENIED) { + syslog (GKR_LOG_ERR, "gkr-pam: the password for the login keyring was invalid."); return PAM_SERVICE_ERR; - } - - syslog (GKR_LOG_INFO, "gkr-pam: unlocked '%s' keyring", LOGIN_KEYRING); + } else if (res != GKD_CONTROL_RESULT_OK) { + syslog (GKR_LOG_ERR, "gkr-pam: couldn't unlock the login keyring."); + return PAM_SERVICE_ERR; + } + + syslog (GKR_LOG_INFO, "gkr-pam: unlocked login keyring"); return PAM_SUCCESS; } @@ -724,29 +689,26 @@ change_keyring_password (pam_handle_t *ph, struct passwd *pwd, control = get_any_env (ph, ENV_CONTROL); if (!control) { - syslog (GKR_LOG_WARN, "gkr-pam: couldn't change password on '%s' keyring: %s", - LOGIN_KEYRING, "gnome-keyring-daemon is not running"); + syslog (GKR_LOG_WARN, "gkr-pam: couldn't change password on login keyring: %s", + "gnome-keyring-daemon is not running"); return PAM_SERVICE_ERR; } - argv[0] = LOGIN_KEYRING; - argv[1] = original; - argv[2] = password; + argv[0] = original; + argv[1] = password; - res = gkr_pam_client_run_operation (pwd, control, GNOME_KEYRING_OP_CHANGE_KEYRING_PASSWORD, 3, argv); + res = gkr_pam_client_run_operation (pwd, control, GKD_CONTROL_OP_CHANGE, 2, argv); /* No keyring, not an error. Will be created at initial authenticate. */ - if (res == GNOME_KEYRING_RESULT_NO_SUCH_KEYRING) { - syslog (GKR_LOG_INFO, "gkr-pam: '%s' keyring does not exist, not changing password", LOGIN_KEYRING); - return PAM_SUCCESS; - - /* An error occured unlocking */ - } else if (res != GNOME_KEYRING_RESULT_OK) { - syslog (GKR_LOG_ERR, "gkr-pam: couldn't change password for '%s' keyring: %d", LOGIN_KEYRING, res); + if (res == GKD_CONTROL_RESULT_DENIED) { + syslog (GKR_LOG_ERR, "gkr-pam: couldn't change password for the login keyring: the passwords didn't match."); + return PAM_SERVICE_ERR; + } else if (res != GKD_CONTROL_RESULT_OK) { + syslog (GKR_LOG_ERR, "gkr-pam: couldn't change password for the login keyring."); return PAM_SERVICE_ERR; } - - syslog (GKR_LOG_NOTICE, "gkr-pam: changed password for '%s' keyring", LOGIN_KEYRING); + + syslog (GKR_LOG_NOTICE, "gkr-pam: changed password for login keyring"); return PAM_SUCCESS; } @@ -1031,8 +993,8 @@ pam_chauthtok_update (pam_handle_t *ph, struct passwd *pwd, uint args) ret = pam_get_item (ph, PAM_OLDAUTHTOK, (const void**)&original); if (ret != PAM_SUCCESS || original == NULL) { - syslog (GKR_LOG_WARN, "gkr-pam: couldn't update the '%s' keyring password: %s", - LOGIN_KEYRING, "no old password was entered"); + syslog (GKR_LOG_WARN, "gkr-pam: couldn't update the login keyring password: %s", + "no old password was entered"); return PAM_IGNORE; } |