Test storing passwords and fix bugs

This commit is contained in:
Stef Walter 2012-01-30 14:14:39 +01:00
parent 45705b781b
commit 1a86e7152d
6 changed files with 242 additions and 131 deletions

View File

@ -729,7 +729,7 @@ collection_properties_new (const gchar *label)
(GDestroyNotify)g_variant_unref); (GDestroyNotify)g_variant_unref);
value = g_variant_new_string (label); value = g_variant_new_string (label);
g_hash_table_insert (properties, g_hash_table_insert (properties,
GSECRET_COLLECTION_INTERFACE "Label", GSECRET_COLLECTION_INTERFACE ".Label",
g_variant_ref_sink (value)); g_variant_ref_sink (value));
return properties; return properties;

View File

@ -518,17 +518,17 @@ item_properties_new (const gchar *schema_name,
value = g_variant_new_string (label); value = g_variant_new_string (label);
g_hash_table_insert (properties, g_hash_table_insert (properties,
GSECRET_COLLECTION_INTERFACE "Label", GSECRET_ITEM_INTERFACE ".Label",
g_variant_ref_sink (value)); g_variant_ref_sink (value));
value = g_variant_new_string (schema_name); value = g_variant_new_string (schema_name);
g_hash_table_insert (properties, g_hash_table_insert (properties,
GSECRET_COLLECTION_INTERFACE "Schema", GSECRET_ITEM_INTERFACE ".Schema",
g_variant_ref_sink (value)); g_variant_ref_sink (value));
value = _gsecret_util_variant_for_attributes (attributes); value = _gsecret_util_variant_for_attributes (attributes);
g_hash_table_insert (properties, g_hash_table_insert (properties,
GSECRET_COLLECTION_INTERFACE "Attributes", GSECRET_ITEM_INTERFACE ".Attributes",
g_variant_ref_sink (value)); g_variant_ref_sink (value));
return properties; return properties;

View File

@ -1201,25 +1201,6 @@ gsecret_service_unlock_sync (GSecretService *self,
return count; return count;
} }
typedef struct {
gchar *collection_path;
GSecretValue *value;
GCancellable *cancellable;
GSecretPrompt *prompt;
gboolean created;
} StoreClosure;
static void
store_closure_free (gpointer data)
{
StoreClosure *closure = data;
g_free (closure->collection_path);
gsecret_value_unref (closure->value);
g_clear_object (&closure->cancellable);
g_clear_object (&closure->prompt);
g_free (closure);
}
void void
gsecret_service_store (GSecretService *self, gsecret_service_store (GSecretService *self,
const GSecretSchema *schema, const GSecretSchema *schema,
@ -1250,59 +1231,6 @@ gsecret_service_store (GSecretService *self,
g_hash_table_unref (attributes); g_hash_table_unref (attributes);
} }
static void
on_store_prompt (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
StoreClosure *closure = g_simple_async_result_get_op_res_gpointer (res);
GError *error = NULL;
closure->created = gsecret_service_prompt_finish (GSECRET_SERVICE (source), result, &error);
if (error != NULL)
g_simple_async_result_take_error (res, error);
g_simple_async_result_complete (res);
g_object_unref (res);
}
static void
on_store_create (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
StoreClosure *closure = g_simple_async_result_get_op_res_gpointer (res);
GSecretService *self = GSECRET_SERVICE (g_async_result_get_source_object (result));
const gchar *prompt_path = NULL;
const gchar *item_path = NULL;
GError *error = NULL;
GVariant *retval;
retval = g_dbus_connection_call_finish (G_DBUS_CONNECTION (source), result, &error);
if (error == NULL) {
g_variant_get (retval, "(&o&o)", &item_path, &prompt_path);
if (!_gsecret_util_empty_path (prompt_path)) {
closure->prompt = gsecret_prompt_instance (self, prompt_path);
gsecret_service_prompt (self, closure->prompt, closure->cancellable,
on_store_prompt, g_object_ref (res));
} else {
g_simple_async_result_complete (res);
}
g_variant_unref (retval);
} else {
g_simple_async_result_take_error (res, error);
g_simple_async_result_complete (res);
}
g_object_unref (self);
g_object_unref (res);
}
void void
gsecret_service_storev (GSecretService *self, gsecret_service_storev (GSecretService *self,
const GSecretSchema *schema, const GSecretSchema *schema,
@ -1314,13 +1242,8 @@ gsecret_service_storev (GSecretService *self,
GAsyncReadyCallback callback, GAsyncReadyCallback callback,
gpointer user_data) gpointer user_data)
{ {
GSimpleAsyncResult *res; GHashTable *properties;
GSecretSession *session; GVariant *propval;
GVariant *attrs;
StoreClosure *closure;
GVariantBuilder builder;
GVariant *params;
GDBusProxy *proxy;
g_return_if_fail (GSECRET_IS_SERVICE (self)); g_return_if_fail (GSECRET_IS_SERVICE (self));
g_return_if_fail (schema != NULL); g_return_if_fail (schema != NULL);
@ -1330,39 +1253,28 @@ gsecret_service_storev (GSecretService *self,
g_return_if_fail (value != NULL); g_return_if_fail (value != NULL);
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
/* Build up the attributes */ properties = g_hash_table_new_full (g_str_hash, g_str_equal, NULL,
attrs = _gsecret_util_variant_for_attributes (attributes); (GDestroyNotify)g_variant_unref);
/* Build up the various properties */ propval = g_variant_new_string (label);
g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{sv}")); g_hash_table_insert (properties,
g_variant_builder_add (&builder, "{sv}", GSECRET_SERVICE_INTERFACE "Attributes", attrs); GSECRET_ITEM_INTERFACE ".Label",
g_variant_builder_add (&builder, "{sv}", GSECRET_SERVICE_INTERFACE "Label", g_variant_new_string (label)); g_variant_ref_sink (propval));
g_variant_builder_add (&builder, "{sv}", GSECRET_SERVICE_INTERFACE "Schema", g_variant_new_string (schema->schema_name));
res = g_simple_async_result_new (G_OBJECT (self), callback, user_data, propval = g_variant_new_string (schema->schema_name);
gsecret_service_storev); g_hash_table_insert (properties,
closure = g_new0 (StoreClosure, 1); GSECRET_ITEM_INTERFACE ".Schema",
closure->collection_path = g_strdup (collection_path); g_variant_ref_sink (propval));
closure->cancellable = cancellable ? g_object_ref (cancellable) : NULL;
g_simple_async_result_set_op_res_gpointer (res, closure, store_closure_free);
session = _gsecret_service_get_session (self); propval = _gsecret_util_variant_for_attributes (attributes);
params = g_variant_new ("(&a{sv}&(oayays)b)", g_hash_table_insert (properties,
g_variant_builder_end (&builder), GSECRET_ITEM_INTERFACE ".Attributes",
_gsecret_session_encode_secret (session, value), g_variant_ref_sink (propval));
TRUE);
proxy = G_DBUS_PROXY (self); gsecret_service_create_item_path (self, collection_path, properties, value,
g_dbus_connection_call (g_dbus_proxy_get_connection (proxy), TRUE, cancellable, callback, user_data);
g_dbus_proxy_get_name (proxy),
closure->collection_path,
GSECRET_COLLECTION_INTERFACE,
"CreateItem", params, G_VARIANT_TYPE ("(oo)"),
G_DBUS_CALL_FLAGS_NO_AUTO_START, -1,
closure->cancellable, on_store_create,
g_object_ref (res));
g_object_unref (res); g_hash_table_unref (properties);
} }
gboolean gboolean
@ -1370,20 +1282,15 @@ gsecret_service_store_finish (GSecretService *self,
GAsyncResult *result, GAsyncResult *result,
GError **error) GError **error)
{ {
GSimpleAsyncResult *res; gchar *path;
StoreClosure *closure;
g_return_val_if_fail (GSECRET_IS_SERVICE (self), FALSE); g_return_val_if_fail (GSECRET_IS_SERVICE (self), FALSE);
g_return_val_if_fail (error == NULL || *error == NULL, FALSE); g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
gsecret_service_storev), FALSE);
res = G_SIMPLE_ASYNC_RESULT (result); path = gsecret_service_create_item_path_finish (self, result, error);
if (!g_simple_async_result_propagate_error (res, error))
return FALSE;
closure = g_simple_async_result_get_op_res_gpointer (res); g_free (path);
return closure->created; return path != NULL;
} }
gboolean gboolean
@ -2334,7 +2241,7 @@ on_create_item_session (GObject *source,
gsecret_service_ensure_session_finish (self, result, &error); gsecret_service_ensure_session_finish (self, result, &error);
if (error == NULL) { if (error == NULL) {
session = _gsecret_service_get_session (self); session = _gsecret_service_get_session (self);
params = g_variant_new ("@a{sv}@(oayays)b", params = g_variant_new ("(@a{sv}@(oayays)b)",
closure->properties, closure->properties,
_gsecret_session_encode_secret (session, closure->value), _gsecret_session_encode_secret (session, closure->value),
closure->replace); closure->replace);
@ -2377,7 +2284,7 @@ gsecret_service_create_item_path (GSecretService *self,
res = g_simple_async_result_new (G_OBJECT (self), callback, user_data, res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
gsecret_service_create_item_path); gsecret_service_create_item_path);
closure = g_new0 (ItemClosure, 1); closure = g_slice_new0 (ItemClosure);
closure->cancellable = cancellable ? g_object_ref (cancellable) : NULL; closure->cancellable = cancellable ? g_object_ref (cancellable) : NULL;
closure->properties = _gsecret_util_variant_for_properties (properties); closure->properties = _gsecret_util_variant_for_properties (properties);
g_variant_ref_sink (closure->properties); g_variant_ref_sink (closure->properties);
@ -2399,7 +2306,7 @@ gsecret_service_create_item_path_finish (GSecretService *self,
GError **error) GError **error)
{ {
GSimpleAsyncResult *res; GSimpleAsyncResult *res;
CollectionClosure *closure; ItemClosure *closure;
gchar *path; gchar *path;
g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self), g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
@ -2412,8 +2319,8 @@ gsecret_service_create_item_path_finish (GSecretService *self,
return NULL; return NULL;
closure = g_simple_async_result_get_op_res_gpointer (res); closure = g_simple_async_result_get_op_res_gpointer (res);
path = closure->collection_path; path = closure->item_path;
closure->collection_path = NULL; closure->item_path = NULL;
return path; return path;
} }

View File

@ -583,11 +583,9 @@ service_encode_aes_secret (GSecretSession *session,
child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), iv, 16, TRUE, g_free, iv); child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), iv, 16, TRUE, g_free, iv);
g_variant_builder_add_value (builder, child); g_variant_builder_add_value (builder, child);
g_variant_unref (child);
child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), padded, n_padded, TRUE, egg_secure_free, padded); child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), padded, n_padded, TRUE, egg_secure_free, padded);
g_variant_builder_add_value (builder, child); g_variant_builder_add_value (builder, child);
g_variant_unref (child);
g_variant_builder_add (builder, "s", gsecret_value_get_content_type (value)); g_variant_builder_add (builder, "s", gsecret_value_get_content_type (value));
return TRUE; return TRUE;

View File

@ -45,10 +45,10 @@ class IsLocked(dbus.exceptions.DBusException):
dbus.exceptions.DBusException.__init__(self, msg, name="org.freedesktop.Secret.Error.IsLocked") dbus.exceptions.DBusException.__init__(self, msg, name="org.freedesktop.Secret.Error.IsLocked")
unique_identifier = 0 unique_identifier = 0
def next_identifier(): def next_identifier(prefix='x'):
global unique_identifier global unique_identifier
unique_identifier += 1 unique_identifier += 1
return unique_identifier return "%s%d" % (prefix, unique_identifier)
def hex_encode(string): def hex_encode(string):
return "".join([hex(ord(c))[2:].zfill(2) for c in string]) return "".join([hex(ord(c))[2:].zfill(2) for c in string])
@ -64,6 +64,11 @@ class PlainAlgorithm():
def encrypt(self, key, data): def encrypt(self, key, data):
return ("", data) return ("", data)
def decrypt(self, param, data):
if params == "":
raise InvalidArgs("invalid secret plain parameter")
return data
class AesAlgorithm(): class AesAlgorithm():
def negotiate(self, service, sender, param): def negotiate(self, service, sender, param):
@ -91,6 +96,16 @@ class AesAlgorithm():
return ("".join([chr(i) for i in iv]), return ("".join([chr(i) for i in iv]),
"".join([chr(i) for i in ciph])) "".join([chr(i) for i in ciph]))
def decrypt(self, key, param, data):
key = map(ord, key)
keysize = len(key)
iv = map(ord, param[:16])
data = map(ord, data)
moo = aes.AESModeOfOperation()
mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
decr = moo.decrypt(data, None, mode, key, keysize, iv)
return aes.strip_PKCS7_padding(decr)
class SecretPrompt(dbus.service.Object): class SecretPrompt(dbus.service.Object):
def __init__(self, service, sender, prompt_name=None, delay=0, def __init__(self, service, sender, prompt_name=None, delay=0,
@ -106,7 +121,7 @@ class SecretPrompt(dbus.service.Object):
if prompt_name: if prompt_name:
self.path = "/org/freedesktop/secrets/prompts/%s" % prompt_name self.path = "/org/freedesktop/secrets/prompts/%s" % prompt_name
else: else:
self.path = "/org/freedesktop/secrets/prompts/p%d" % next_identifier() self.path = "/org/freedesktop/secrets/prompts/%s" % next_identifier('p')
dbus.service.Object.__init__(self, service.bus_name, self.path) dbus.service.Object.__init__(self, service.bus_name, self.path)
service.add_prompt(self) service.add_prompt(self)
assert self.path not in objects assert self.path not in objects
@ -140,7 +155,7 @@ class SecretSession(dbus.service.Object):
self.service = service self.service = service
self.algorithm = algorithm self.algorithm = algorithm
self.key = key self.key = key
self.path = "/org/freedesktop/secrets/sessions/%d" % next_identifier() self.path = "/org/freedesktop/secrets/sessions/%s" % next_identifier('s')
dbus.service.Object.__init__(self, service.bus_name, self.path) dbus.service.Object.__init__(self, service.bus_name, self.path)
service.add_session(self) service.add_session(self)
objects[self.path] = self objects[self.path] = self
@ -153,6 +168,10 @@ class SecretSession(dbus.service.Object):
dbus.ByteArray(data), dbus.String(content_type)), dbus.ByteArray(data), dbus.String(content_type)),
signature="oayays") signature="oayays")
def decode_secret(self, value):
plain = self.algorithm.decrypt(self.key, value[1], value[2])
return (plain, value[3])
@dbus.service.method('org.freedesktop.Secret.Session') @dbus.service.method('org.freedesktop.Secret.Session')
def Close(self): def Close(self):
self.remove_from_connection() self.remove_from_connection()
@ -282,6 +301,33 @@ class SecretCollection(dbus.service.Object):
del objects[self.path] del objects[self.path]
self.remove_from_connection() self.remove_from_connection()
@dbus.service.method('org.freedesktop.Secret.Collection', byte_arrays=True, sender_keyword='sender')
def CreateItem(self, properties, value, replace, sender=None):
session_path = value[0]
session = objects.get(session_path, None)
if not session or session.sender != sender:
raise InvalidArgs("session invalid: %s" % session_path)
attributes = properties.get("org.freedesktop.Secret.Item.Attributes", None)
label = properties.get("org.freedesktop.Secret.Item.Label", None)
schema = properties.get("org.freedesktop.Secret.Item.Schema", None)
(secret, content_type) = session.decode_secret(value)
item = None
if replace and attributes:
items = self.search_items(attributes)
if items:
item = items[0]
if item is None:
item = SecretItem(self, next_identifier('i'), label, attributes,
secret=secret, confirm=False, content_type=content_type)
else:
item.label = label
item.secret = secret
item.attributes = attributes
item.content_type = content_type
return (dbus.ObjectPath(item.path), dbus.ObjectPath("/"))
@dbus.service.method('org.freedesktop.Secret.Collection', sender_keyword='sender') @dbus.service.method('org.freedesktop.Secret.Collection', sender_keyword='sender')
def Delete(self, sender=None): def Delete(self, sender=None):
if self.confirm: if self.confirm:

View File

@ -1467,6 +1467,162 @@ test_lookup_no_match (Test *test,
g_assert (value == NULL); g_assert (value == NULL);
} }
static void
test_store_sync (Test *test,
gconstpointer used)
{
const gchar *collection_path = "/org/freedesktop/secrets/collection/english";
GSecretValue *value = gsecret_value_new ("apassword", -1, "text/plain");
GHashTable *attributes;
GError *error = NULL;
gchar **paths;
gboolean ret;
gsize length;
ret = gsecret_service_store_sync (test->service, &STORE_SCHEMA, collection_path,
"New Item Label", value, NULL, &error,
"even", FALSE,
"string", "seventeen",
"number", 17,
NULL);
g_assert_no_error (error);
gsecret_value_unref (value);
attributes = g_hash_table_new (g_str_hash, g_str_equal);
g_hash_table_insert (attributes, "even", "false");
g_hash_table_insert (attributes, "string", "seventeen");
g_hash_table_insert (attributes, "number", "17");
ret = gsecret_service_search_for_paths_sync (test->service, attributes, NULL,
&paths, NULL, &error);
g_hash_table_unref (attributes);
g_assert (ret == TRUE);
g_assert (paths != NULL);
g_assert (paths[0] != NULL);
g_assert (paths[1] == NULL);
value = gsecret_service_get_secret_for_path_sync (test->service, paths[0],
NULL, &error);
g_assert_no_error (error);
g_assert (value != NULL);
g_assert_cmpstr (gsecret_value_get (value, &length), ==, "apassword");
g_assert_cmpuint (length, ==, 9);
gsecret_value_unref (value);
g_strfreev (paths);
}
static void
test_store_replace (Test *test,
gconstpointer used)
{
const gchar *collection_path = "/org/freedesktop/secrets/collection/english";
GSecretValue *value = gsecret_value_new ("apassword", -1, "text/plain");
GHashTable *attributes;
GError *error = NULL;
gchar **paths;
gboolean ret;
gsize length;
ret = gsecret_service_store_sync (test->service, &STORE_SCHEMA, collection_path,
"New Item Label", value, NULL, &error,
"even", FALSE,
"string", "seventeen",
"number", 17,
NULL);
g_assert_no_error (error);
ret = gsecret_service_store_sync (test->service, &STORE_SCHEMA, collection_path,
"Another Label", value, NULL, &error,
"even", FALSE,
"string", "seventeen",
"number", 17,
NULL);
g_assert_no_error (error);
gsecret_value_unref (value);
attributes = g_hash_table_new (g_str_hash, g_str_equal);
g_hash_table_insert (attributes, "even", "false");
g_hash_table_insert (attributes, "string", "seventeen");
g_hash_table_insert (attributes, "number", "17");
ret = gsecret_service_search_for_paths_sync (test->service, attributes, NULL,
&paths, NULL, &error);
g_hash_table_unref (attributes);
g_assert (ret == TRUE);
g_assert (paths != NULL);
g_assert (paths[0] != NULL);
g_assert (paths[1] == NULL);
value = gsecret_service_get_secret_for_path_sync (test->service, paths[0],
NULL, &error);
g_assert_no_error (error);
g_assert (value != NULL);
g_assert_cmpstr (gsecret_value_get (value, &length), ==, "apassword");
g_assert_cmpuint (length, ==, 9);
gsecret_value_unref (value);
g_strfreev (paths);
}
static void
test_store_async (Test *test,
gconstpointer used)
{
const gchar *collection_path = "/org/freedesktop/secrets/collection/english";
GSecretValue *value = gsecret_value_new ("apassword", -1, "text/plain");
GAsyncResult *result = NULL;
GHashTable *attributes;
GError *error = NULL;
gchar **paths;
gboolean ret;
gsize length;
gsecret_service_store (test->service, &STORE_SCHEMA, collection_path,
"New Item Label", value, NULL, on_complete_get_result, &result,
"even", FALSE,
"string", "seventeen",
"number", 17,
NULL);
g_assert (result == NULL);
gsecret_value_unref (value);
egg_test_wait ();
ret = gsecret_service_store_finish (test->service, result, &error);
g_assert_no_error (error);
g_object_unref (result);
attributes = g_hash_table_new (g_str_hash, g_str_equal);
g_hash_table_insert (attributes, "even", "false");
g_hash_table_insert (attributes, "string", "seventeen");
g_hash_table_insert (attributes, "number", "17");
ret = gsecret_service_search_for_paths_sync (test->service, attributes, NULL,
&paths, NULL, &error);
g_hash_table_unref (attributes);
g_assert (ret == TRUE);
g_assert (paths != NULL);
g_assert (paths[0] != NULL);
g_assert (paths[1] == NULL);
value = gsecret_service_get_secret_for_path_sync (test->service, paths[0],
NULL, &error);
g_assert_no_error (error);
g_assert (value != NULL);
g_assert_cmpstr (gsecret_value_get (value, &length), ==, "apassword");
g_assert_cmpuint (length, ==, 9);
gsecret_value_unref (value);
g_strfreev (paths);
}
int int
main (int argc, char **argv) main (int argc, char **argv)
{ {
@ -1525,5 +1681,9 @@ main (int argc, char **argv)
g_test_add ("/service/remove-locked", Test, "mock-service-delete.py", setup, test_remove_locked, teardown); g_test_add ("/service/remove-locked", Test, "mock-service-delete.py", setup, test_remove_locked, teardown);
g_test_add ("/service/remove-no-match", Test, "mock-service-delete.py", setup, test_remove_no_match, teardown); g_test_add ("/service/remove-no-match", Test, "mock-service-delete.py", setup, test_remove_no_match, teardown);
g_test_add ("/service/store-sync", Test, "mock-service-normal.py", setup, test_store_sync, teardown);
g_test_add ("/service/store-async", Test, "mock-service-normal.py", setup, test_store_async, teardown);
g_test_add ("/service/store-replace", Test, "mock-service-normal.py", setup, test_store_replace, teardown);
return egg_tests_run_with_loop (); return egg_tests_run_with_loop ();
} }