Commit Graph

795 Commits

Author SHA1 Message Date
Niels De Graef
a1ceaeed2a secret-tool: Fix memory issues in lock command
There were several issues in `secret_tool_action_lock()`:

- `g_autolist (GList)` isn't a correct type, as the list elements are
  `SecretCollection`s, not `GList`s
- Separately from that, the list didn't take ownership of the elements
  either in all cases
- We were leaking the `locked` and `context` variables

This commits just does away with all the g_auto* usage as it's the only
place in the code we're using it anyway, and just does all the freeing
at the end of the function.

Fixes: 015ea119 ("secret-tool: Add locking capabilities to secret tool")
Fixes: https://gitlab.gnome.org/GNOME/libsecret/-/issues/89
2023-12-12 12:27:12 +01:00
Dhanuka Warusadura
8e8000d404 Merge branch 'wip/dueno/crypto-backend-followup' into 'master'
tests: Remove unnecessary inclusion of <gcrypt.h>

See merge request GNOME/libsecret!133
2023-12-11 06:21:50 +00:00
Daiki Ueno
7f31c83230 tests: Remove unnecessary inclusion of <gcrypt.h>
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-11 08:39:58 +09:00
Dhanuka Warusadura
fa5ac29856 Merge branch 'port_pam_from_gnome_keyring' into 'master'
Port PAM module from gnome-keyring

See merge request GNOME/libsecret!128
2023-12-10 17:07:27 +00:00
Dhanuka Warusadura
b399f5f631 pam: add tests for the ported PAM module
These changes add PAM tests based on pam_wrapper and libpamtest.

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
9a37dc839a pam: port PAM module from gnome-keyring
These changes port the PAM module from gnome-keyring/pam to libsecret/pam.

Removed `start_daemon` and the dependent code altogether. Because,
gnome-keyring-daemon is launched by systemd.

Replaced calls to `pam_get_item` to retrieve authentication tokens with
`pam_get_authtok`.

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
9cfa77f967 pam: port PAM module egg helper functions from gnome-keyring
This change is a part of the port PAM module from gnome-keyring
patch set.
These changes port gnome-keyring/egg/egg-unix-credentials.c to
libsecret/egg
Furthermore ports gnome-keyring/egg/egg-buffer.c to libsecret/egg

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
175514244f ci: install packages required for the PAM module
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
39a3d14169
Release 0.21.2
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-08 15:48:34 +05:30
Dhanuka Warusadura
cc309e255a Merge branch 'wip/dueno/crypto-backend' into 'master'
Support GnuTLS as an alternative crypto backend

See merge request GNOME/libsecret!122
2023-12-04 08:04:41 +00:00
Daiki Ueno
b3f5823d12 .gitlab-ci.yml: Exercise both libgcrypt and gnutls crypto backends
Note that gnutls 3.8.2 packages is still under testing, so we
tentatively pull in the build directly from koji.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:50 +09:00
Daiki Ueno
28486191b2 Support GnuTLS as an alternative crypto backend
This turns the `-Dgcrypt` build time option into a more generic
`-Dcrypto` option, which enables user to choose which cryptographic
library to link with.  It currently supports libgcrypt (`libgcrypt`)
and GnuTLS (`gnutls`); for the latter, GnuTLS 3.8.2 is the minimum
required version.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:49 +09:00
Daiki Ueno
0f49b34fa2 tests: Conditionalize session algorithm check in test-session
When compiled without libgcrypt, some of the tests in test-session
fails as they expect the session algorithm to be
"dh-ietf1024-sha256-aes128-cbc-pkcs7".  This adds a build-time
conditional to guard against it.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:11 +09:00
Daiki Ueno
564874beb0 file-collection: Move low-level crypto functions to egg
This moves low-level cryptographic functions into egg/egg-keyring1.c,
to make it easy to support multiple crypto backend libraries.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:10 +09:00
Daiki Ueno
0b4769f871 file-collection: Make it consistent about block cipher algorithm
The original code tries to encrypt the file format using AES-256-CBC,
though actually AES-128-CBC was used because the key size is shorter
and libgcrypt automatically degrades to AES-128-CBC based on the key
size.  Reported by Sophie Herold in:
https://github.com/bilelmoussaoui/oo7/issues/46#issuecomment-1816286494

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-11-28 14:56:19 +09:00
Daiki Ueno
47f524e2df egg-dh: Hide gcry_mpi_t from the internal API
This wraps gcry_mpi_t usage in the API with opaque strucs, so it would
be easier to port egg-dh to other crypto libraries.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-11-28 14:51:23 +09:00
Dhanuka Warusadura
39055f245e Merge branch 'vala-attributes-validate-test-fix' into 'master'
Fix Vala test for attributes_validate

See merge request GNOME/libsecret!132
2023-11-27 04:18:41 +00:00
Henry Rovner
79d3d403e8 Add missing equals sign to check equality instead of assignment 2023-11-25 10:44:05 -08:00
Dhanuka Warusadura
b2d1e56df1 Merge branch 'schema-doc-markup-fix' into 'master'
Fix markup syntax for SecretSchema

Closes #81

See merge request GNOME/libsecret!131
2023-11-14 17:06:01 +00:00
Henry Rovner
6308682e8f Update markup syntax 2023-11-12 05:20:54 +00:00
Daiki Ueno
e134b0ad77 Merge branch 'public-secret-attributes-validate' into 'master'
Public secret_attributes_validate method

See merge request GNOME/libsecret!129
2023-11-11 22:44:17 +00:00
Henry Rovner
f610c44a92 Public secret_attributes_validate method
This makes the internal logic of _secret_attributes_validate public,
so applications can check and recover when an invalid attributes table
is passed to other libsecret API, such as secret_service_clear.
2023-11-11 22:44:17 +00:00
Niels De Graef
4c5941505e Merge branch 'secret-tool-stdin-check-utf8' into 'master'
secret-tool: Verify that the parsed stdin password is vaild UTF-8

See merge request GNOME/libsecret!130
2023-11-06 20:32:25 +00:00
Henry Rovner
b6716c4d30 secret-tool: Verify that the parsed stdin password is vaild UTF-8 2023-11-06 11:17:24 -08:00
Daiki Ueno
abfc291568 Merge branch 'wip/dueno/asan-fixes' into 'master'
ci: Fix LeakSanitizer issues

See merge request GNOME/libsecret!126
2023-10-19 22:54:41 +00:00
Daiki Ueno
8efde50455 .gitlab-ci: Update CI base image to Fedora 38
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 17:24:40 +09:00
Daiki Ueno
7f97e5e0fa .gitlab-ci.yml: Add LSan suppressions file
This adds a suppression file for Leak Sanitizer to ignore known leaks
in libgio-2.0.so.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 17:24:40 +09:00
Daiki Ueno
3c97587608 secret-file-collection: Improve etag tracking
This resets self->etag only after successful load of the contents, by
using a temporary variable and checking error of
g_file_replace_contents_finish, etc.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 17:23:38 +09:00
Daiki Ueno
f83cd26858 secret-service: Don't unnecessary increase refcount
As the GVariant returned in secret_service_real_prompt_finish should
be already sunk by secret_prompt_perform_finish, calling
g_variant_ref_sink actually increases the refcount and causes a leak.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 13:52:59 +09:00
Daiki Ueno
92705b58a3 secret-paths: Make sure to unref GVariant
The GVariant returned in
secret_service_get_secret{,s}_for_dbus_path{,s}_finish should be
unref'ed after use.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 13:52:59 +09:00
Daiki Ueno
e9818571e3 secret-paths: Fix memleak when unlocking a path
A GPtrArray allocated to temporarily hold (un)locked item paths was
not freed when the collection has a non-empty D-Bus path.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-18 16:06:23 +09:00
Kristjan SCHMIDT
115474aa67 Update Esperanto translation 2023-09-27 20:06:24 +00:00
Niels De Graef
79722e8c67
Release stable version 0.21.1 2023-09-19 23:11:26 +02:00
Dhanuka Warusadura
28a29bc2a5 Merge branch 'wip/ci_print_errorlogs' into 'master'
CI: Print error logs on test failure

See merge request GNOME/libsecret!125
2023-09-18 12:17:07 +00:00
Milan Crha
64cf3ff4b3 CI: Print error logs on test failure
It'll help to check what precisely failed with the test, instead of
getting only passed/failed states.
2023-09-18 12:14:45 +00:00
Niels De Graef
97d5c139ee Merge branch '62-flatpak-libsecret-fails-to-read-credentials-saved-by-other-process' into 'master'
Resolve "Flatpak: libsecret fails to read credentials saved by other process"

Closes #62

See merge request GNOME/libsecret!99
2023-09-18 11:42:54 +00:00
Milan Crha
1f44c81ca4 secret-file-collection: Check for file changes and reload when needed
When some other process changes the underlying file, the collection
should reload its in-memory content, to reflect the changes.

Closes https://gitlab.gnome.org/GNOME/libsecret/-/issues/62
2023-09-18 13:25:38 +02:00
Efstathios Iosifidis
ae7c52bd9c Update Greek translation 2023-09-08 23:21:55 +00:00
Amn Alam
8bbdfa3644 Update Punjabi translation 2023-08-31 02:04:46 +00:00
Dhanuka Warusadura
1374b09e61 Merge branch 'fix_depricated' into 'master'
TPM2: fix `g_memdup` deprecated warning

See merge request GNOME/libsecret!121
2023-08-24 13:31:15 +00:00
Dhanuka Warusadura
bf0ddf7ff3 TPM2: fix g_memdup deprecated warning 2023-08-24 13:31:15 +00:00
Anders Jonsson
2f00bf3a3f Update Swedish translation 2023-08-17 12:05:59 +00:00
Niels De Graef
6678c87fed Release 0.21.0 2023-08-10 14:05:27 +02:00
Sabri Ünal
28b379e39f Update Turkish translation 2023-08-08 10:47:08 +00:00
Niels De Graef
1b6ac89c0a README: replace ninja with meson commands
Meson provides wrappers for the ninja build commands, so let's make use
of those.
2023-07-09 20:23:02 +02:00
Niels De Graef
da60df0e77 Merge branch 'unlock-before-attrs-pull' into 'master'
Unlock the keyring before getting secret attributes

See merge request GNOME/libsecret!105
2023-05-24 07:05:50 +00:00
panoplie
7387774263 sync-search: unlock keyring before getting secret attributes
In gnome-keyring, the secret items attributes are not visible until the keyring
is unlocked. But in libsecret, the synchronous secret search function unlocks
the keyring after and not before the attributes dbus pull.

So when the keyring is locked and you run secret_service_search_sync(), you get
hashed or empty attributes because the keyring was locked at the time these
attributes were pulled. If you run this function when the keyring is already
unlocked, there is no problem.

This commit moves the unlock routine before the attributes pull to make the
synchronous search function working correctly when the keyring is locked
initially.

Issues #6 gnome-shell#4780
2023-05-24 07:04:14 +00:00
panoplie
31ea8cb41d Rename secret_search_unlock_load_or_complete()
This function does not unlock the keyring anymore so we remove the "unlock"
term from its name.
2023-05-24 07:04:14 +00:00
panoplie
701a312eb7 async-search: unlock keyring before getting secret attributes
In gnome-keyring, the secret items attributes are not visible until the keyring
is unlocked. But in libsecret, the asynchronous secret search function unlocks
the keyring after and not before the attributes dbus pull.

So when the keyring is locked and you run secret_service_search(), you get
hashed or empty attributes because the keyring was locked at the time these
attributes were pulled. If you run this function when the keyring is already
unlocked, there is no problem.

This commit moves the unlock routine before the attributes pull to make the
asynchronous search function working correctly when the keyring is locked
initially.

The secret_search_unlock_load_or_complete function should be renamed to
secret_service_load_or_complete. To keep this commit readable, it is done in
the next commit.

Issues #6 gnome-shell#4780
2023-05-24 07:04:14 +00:00
Niels De Graef
e3ac5f762b Merge branch 'mcatanzaro/cancellable-regression' into 'master'
file-backend: avoid critical when cancellable is unset

See merge request GNOME/libsecret!120
2023-05-16 21:12:42 +00:00