Commit Graph

834 Commits

Author SHA1 Message Date
Daiki Ueno
28486191b2 Support GnuTLS as an alternative crypto backend
This turns the `-Dgcrypt` build time option into a more generic
`-Dcrypto` option, which enables user to choose which cryptographic
library to link with.  It currently supports libgcrypt (`libgcrypt`)
and GnuTLS (`gnutls`); for the latter, GnuTLS 3.8.2 is the minimum
required version.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:49 +09:00
Daiki Ueno
0f49b34fa2 tests: Conditionalize session algorithm check in test-session
When compiled without libgcrypt, some of the tests in test-session
fails as they expect the session algorithm to be
"dh-ietf1024-sha256-aes128-cbc-pkcs7".  This adds a build-time
conditional to guard against it.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:11 +09:00
Daiki Ueno
564874beb0 file-collection: Move low-level crypto functions to egg
This moves low-level cryptographic functions into egg/egg-keyring1.c,
to make it easy to support multiple crypto backend libraries.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:10 +09:00
Daiki Ueno
0b4769f871 file-collection: Make it consistent about block cipher algorithm
The original code tries to encrypt the file format using AES-256-CBC,
though actually AES-128-CBC was used because the key size is shorter
and libgcrypt automatically degrades to AES-128-CBC based on the key
size.  Reported by Sophie Herold in:
https://github.com/bilelmoussaoui/oo7/issues/46#issuecomment-1816286494

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-11-28 14:56:19 +09:00
Daiki Ueno
47f524e2df egg-dh: Hide gcry_mpi_t from the internal API
This wraps gcry_mpi_t usage in the API with opaque strucs, so it would
be easier to port egg-dh to other crypto libraries.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-11-28 14:51:23 +09:00
Dhanuka Warusadura
39055f245e Merge branch 'vala-attributes-validate-test-fix' into 'master'
Fix Vala test for attributes_validate

See merge request GNOME/libsecret!132
2023-11-27 04:18:41 +00:00
Henry Rovner
79d3d403e8 Add missing equals sign to check equality instead of assignment 2023-11-25 10:44:05 -08:00
Dhanuka Warusadura
b2d1e56df1 Merge branch 'schema-doc-markup-fix' into 'master'
Fix markup syntax for SecretSchema

Closes #81

See merge request GNOME/libsecret!131
2023-11-14 17:06:01 +00:00
Henry Rovner
6308682e8f Update markup syntax 2023-11-12 05:20:54 +00:00
Daiki Ueno
e134b0ad77 Merge branch 'public-secret-attributes-validate' into 'master'
Public secret_attributes_validate method

See merge request GNOME/libsecret!129
2023-11-11 22:44:17 +00:00
Henry Rovner
f610c44a92 Public secret_attributes_validate method
This makes the internal logic of _secret_attributes_validate public,
so applications can check and recover when an invalid attributes table
is passed to other libsecret API, such as secret_service_clear.
2023-11-11 22:44:17 +00:00
Niels De Graef
4c5941505e Merge branch 'secret-tool-stdin-check-utf8' into 'master'
secret-tool: Verify that the parsed stdin password is vaild UTF-8

See merge request GNOME/libsecret!130
2023-11-06 20:32:25 +00:00
Henry Rovner
b6716c4d30 secret-tool: Verify that the parsed stdin password is vaild UTF-8 2023-11-06 11:17:24 -08:00
Daiki Ueno
abfc291568 Merge branch 'wip/dueno/asan-fixes' into 'master'
ci: Fix LeakSanitizer issues

See merge request GNOME/libsecret!126
2023-10-19 22:54:41 +00:00
Daiki Ueno
8efde50455 .gitlab-ci: Update CI base image to Fedora 38
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 17:24:40 +09:00
Daiki Ueno
7f97e5e0fa .gitlab-ci.yml: Add LSan suppressions file
This adds a suppression file for Leak Sanitizer to ignore known leaks
in libgio-2.0.so.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 17:24:40 +09:00
Daiki Ueno
3c97587608 secret-file-collection: Improve etag tracking
This resets self->etag only after successful load of the contents, by
using a temporary variable and checking error of
g_file_replace_contents_finish, etc.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 17:23:38 +09:00
Daiki Ueno
f83cd26858 secret-service: Don't unnecessary increase refcount
As the GVariant returned in secret_service_real_prompt_finish should
be already sunk by secret_prompt_perform_finish, calling
g_variant_ref_sink actually increases the refcount and causes a leak.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 13:52:59 +09:00
Daiki Ueno
92705b58a3 secret-paths: Make sure to unref GVariant
The GVariant returned in
secret_service_get_secret{,s}_for_dbus_path{,s}_finish should be
unref'ed after use.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-19 13:52:59 +09:00
Daiki Ueno
e9818571e3 secret-paths: Fix memleak when unlocking a path
A GPtrArray allocated to temporarily hold (un)locked item paths was
not freed when the collection has a non-empty D-Bus path.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-10-18 16:06:23 +09:00
Kristjan SCHMIDT
115474aa67 Update Esperanto translation 2023-09-27 20:06:24 +00:00
Niels De Graef
79722e8c67
Release stable version 0.21.1 2023-09-19 23:11:26 +02:00
Dhanuka Warusadura
28a29bc2a5 Merge branch 'wip/ci_print_errorlogs' into 'master'
CI: Print error logs on test failure

See merge request GNOME/libsecret!125
2023-09-18 12:17:07 +00:00
Milan Crha
64cf3ff4b3 CI: Print error logs on test failure
It'll help to check what precisely failed with the test, instead of
getting only passed/failed states.
2023-09-18 12:14:45 +00:00
Niels De Graef
97d5c139ee Merge branch '62-flatpak-libsecret-fails-to-read-credentials-saved-by-other-process' into 'master'
Resolve "Flatpak: libsecret fails to read credentials saved by other process"

Closes #62

See merge request GNOME/libsecret!99
2023-09-18 11:42:54 +00:00
Milan Crha
1f44c81ca4 secret-file-collection: Check for file changes and reload when needed
When some other process changes the underlying file, the collection
should reload its in-memory content, to reflect the changes.

Closes https://gitlab.gnome.org/GNOME/libsecret/-/issues/62
2023-09-18 13:25:38 +02:00
Efstathios Iosifidis
ae7c52bd9c Update Greek translation 2023-09-08 23:21:55 +00:00
Amn Alam
8bbdfa3644 Update Punjabi translation 2023-08-31 02:04:46 +00:00
Dhanuka Warusadura
1374b09e61 Merge branch 'fix_depricated' into 'master'
TPM2: fix `g_memdup` deprecated warning

See merge request GNOME/libsecret!121
2023-08-24 13:31:15 +00:00
Dhanuka Warusadura
bf0ddf7ff3 TPM2: fix g_memdup deprecated warning 2023-08-24 13:31:15 +00:00
Anders Jonsson
2f00bf3a3f Update Swedish translation 2023-08-17 12:05:59 +00:00
Niels De Graef
6678c87fed Release 0.21.0 2023-08-10 14:05:27 +02:00
Sabri Ünal
28b379e39f Update Turkish translation 2023-08-08 10:47:08 +00:00
Niels De Graef
1b6ac89c0a README: replace ninja with meson commands
Meson provides wrappers for the ninja build commands, so let's make use
of those.
2023-07-09 20:23:02 +02:00
Niels De Graef
da60df0e77 Merge branch 'unlock-before-attrs-pull' into 'master'
Unlock the keyring before getting secret attributes

See merge request GNOME/libsecret!105
2023-05-24 07:05:50 +00:00
panoplie
7387774263 sync-search: unlock keyring before getting secret attributes
In gnome-keyring, the secret items attributes are not visible until the keyring
is unlocked. But in libsecret, the synchronous secret search function unlocks
the keyring after and not before the attributes dbus pull.

So when the keyring is locked and you run secret_service_search_sync(), you get
hashed or empty attributes because the keyring was locked at the time these
attributes were pulled. If you run this function when the keyring is already
unlocked, there is no problem.

This commit moves the unlock routine before the attributes pull to make the
synchronous search function working correctly when the keyring is locked
initially.

Issues #6 gnome-shell#4780
2023-05-24 07:04:14 +00:00
panoplie
31ea8cb41d Rename secret_search_unlock_load_or_complete()
This function does not unlock the keyring anymore so we remove the "unlock"
term from its name.
2023-05-24 07:04:14 +00:00
panoplie
701a312eb7 async-search: unlock keyring before getting secret attributes
In gnome-keyring, the secret items attributes are not visible until the keyring
is unlocked. But in libsecret, the asynchronous secret search function unlocks
the keyring after and not before the attributes dbus pull.

So when the keyring is locked and you run secret_service_search(), you get
hashed or empty attributes because the keyring was locked at the time these
attributes were pulled. If you run this function when the keyring is already
unlocked, there is no problem.

This commit moves the unlock routine before the attributes pull to make the
asynchronous search function working correctly when the keyring is locked
initially.

The secret_search_unlock_load_or_complete function should be renamed to
secret_service_load_or_complete. To keep this commit readable, it is done in
the next commit.

Issues #6 gnome-shell#4780
2023-05-24 07:04:14 +00:00
Niels De Graef
e3ac5f762b Merge branch 'mcatanzaro/cancellable-regression' into 'master'
file-backend: avoid critical when cancellable is unset

See merge request GNOME/libsecret!120
2023-05-16 21:12:42 +00:00
Michael Catanzaro
25e1e11c81 file-backend: avoid critical when cancellable is unset
In 0e205fce5f I improperly assumed that
the cancellable would always be valid. Avoid criticals when it is NULL.
2023-05-16 08:14:39 -05:00
Dhanuka Warusadura
b814e464f6 Merge branch 'issue#87' into 'master'
doap: remove stefw as a maintainer

See merge request GNOME/libsecret!119
2023-04-28 09:42:10 +00:00
Dhanuka Warusadura
676ef41db5 doap: remove stefw as a maintainer
With the approval of Daiki Ueno and Niels De Graef.
2023-04-28 15:02:59 +05:30
Dhanuka Warusadura
e5ec8c4e24 Merge branch 'mcatanzaro/cancellable-deadlock' into 'master'
file-backend: avoid deadlock when portal op is canceled

Closes #86

See merge request GNOME/libsecret!118
2023-04-27 15:44:24 +00:00
Michael Catanzaro
0e205fce5f file-backend: avoid deadlock when portal op is canceled
Calling g_cancellable_disconnect() inside a cancelled handler is a
guaranteed deadlock. Cancellables should only be canceled once, so we
don't need to worry about a second cancellation occurring. I think it's
sufficent to disconnect when the InitClosure is freed.

Fixes #86
2023-04-27 09:20:48 -05:00
Niels De Graef
ecb788d44e Merge branch 'master' into 'master'
Fix example in usage docs

See merge request GNOME/libsecret!117
2023-02-04 09:08:41 +00:00
Jonathan Wakely
abad8802ae Fix example in usage docs 2023-02-03 15:59:53 +00:00
Niels De Graef
5934c30491 Merge branch 'nielsdg/no-more-g-slice' into 'master'
Stop using GSlice

See merge request GNOME/libsecret!116
2023-01-16 18:21:47 +00:00
Niels De Graef
0f04e5d371 Stop using GSlice
GLib is discussing deprecating/removing it upstream [1] since it has
only limited uses. Next to that, it seems to bork stack traces here when
using ASAN (for which you also have to specify `G_SLICE=always-malloc`
and some other envvars too).

In other words, let's just get rid of using `GSlice` and call the
allocation APIs directly.

[1]: https://gitlab.gnome.org/GNOME/glib/-/issues/1079
2023-01-16 19:17:59 +01:00
Niels De Graef
33a4de59a2 Merge branch 'nielsdg/extract-get-secret-file-func' into 'master'
file-backend: Extract functions from the initializer code

See merge request GNOME/libsecret!107
2023-01-15 10:16:50 +00:00
Niels De Graef
7d7c1b3430 file-backend: Extract TPM code into separate function
That way, we have a function we can also call in case we want to provide
a synchronous constructor.

This also fixes some cases where the `EggTpm2Context` was not properly
cleaned up in case of some error paths.
2023-01-15 10:12:59 +00:00