There were several issues in `secret_tool_action_lock()`:
- `g_autolist (GList)` isn't a correct type, as the list elements are
`SecretCollection`s, not `GList`s
- Separately from that, the list didn't take ownership of the elements
either in all cases
- We were leaking the `locked` and `context` variables
This commits just does away with all the g_auto* usage as it's the only
place in the code we're using it anyway, and just does all the freeing
at the end of the function.
Fixes: 015ea119 ("secret-tool: Add locking capabilities to secret tool")
Fixes: https://gitlab.gnome.org/GNOME/libsecret/-/issues/89
These changes port the PAM module from gnome-keyring/pam to libsecret/pam.
Removed `start_daemon` and the dependent code altogether. Because,
gnome-keyring-daemon is launched by systemd.
Replaced calls to `pam_get_item` to retrieve authentication tokens with
`pam_get_authtok`.
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
This change is a part of the port PAM module from gnome-keyring
patch set.
These changes port gnome-keyring/egg/egg-unix-credentials.c to
libsecret/egg
Furthermore ports gnome-keyring/egg/egg-buffer.c to libsecret/egg
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
Note that gnutls 3.8.2 packages is still under testing, so we
tentatively pull in the build directly from koji.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This turns the `-Dgcrypt` build time option into a more generic
`-Dcrypto` option, which enables user to choose which cryptographic
library to link with. It currently supports libgcrypt (`libgcrypt`)
and GnuTLS (`gnutls`); for the latter, GnuTLS 3.8.2 is the minimum
required version.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
When compiled without libgcrypt, some of the tests in test-session
fails as they expect the session algorithm to be
"dh-ietf1024-sha256-aes128-cbc-pkcs7". This adds a build-time
conditional to guard against it.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This moves low-level cryptographic functions into egg/egg-keyring1.c,
to make it easy to support multiple crypto backend libraries.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
The original code tries to encrypt the file format using AES-256-CBC,
though actually AES-128-CBC was used because the key size is shorter
and libgcrypt automatically degrades to AES-128-CBC based on the key
size. Reported by Sophie Herold in:
https://github.com/bilelmoussaoui/oo7/issues/46#issuecomment-1816286494
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This wraps gcry_mpi_t usage in the API with opaque strucs, so it would
be easier to port egg-dh to other crypto libraries.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This makes the internal logic of _secret_attributes_validate public,
so applications can check and recover when an invalid attributes table
is passed to other libsecret API, such as secret_service_clear.
This resets self->etag only after successful load of the contents, by
using a temporary variable and checking error of
g_file_replace_contents_finish, etc.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
As the GVariant returned in secret_service_real_prompt_finish should
be already sunk by secret_prompt_perform_finish, calling
g_variant_ref_sink actually increases the refcount and causes a leak.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
The GVariant returned in
secret_service_get_secret{,s}_for_dbus_path{,s}_finish should be
unref'ed after use.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
A GPtrArray allocated to temporarily hold (un)locked item paths was
not freed when the collection has a non-empty D-Bus path.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
In gnome-keyring, the secret items attributes are not visible until the keyring
is unlocked. But in libsecret, the synchronous secret search function unlocks
the keyring after and not before the attributes dbus pull.
So when the keyring is locked and you run secret_service_search_sync(), you get
hashed or empty attributes because the keyring was locked at the time these
attributes were pulled. If you run this function when the keyring is already
unlocked, there is no problem.
This commit moves the unlock routine before the attributes pull to make the
synchronous search function working correctly when the keyring is locked
initially.
Issues #6 gnome-shell#4780
