After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 652070 - Give daemon access to collection credentials secrets
Give daemon access to collection credentials secrets
Status: RESOLVED FIXED
Product: gnome-keyring
Classification: Core
Component: pkcs11
unspecified
Other Linux
: Normal normal
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on:
Blocks: 652074
 
 
Reported: 2011-06-07 17:30 UTC by Stef Walter
Modified: 2011-09-12 05:57 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch of implementation branch (11.87 KB, patch)
2011-06-07 17:35 UTC, Stef Walter 		none Details | Review

Description Stef Walter 2011-06-07 17:30:15 UTC 
Till now the master secrets for the various keyrings ('collections' in Secret Service API parlance) have been hidden away in the secret-store module. These are held in CKA_VALUE PKCS#11 attiribute on objects of type CKO_G_CREDENTIAL, and are used to unlock the keyring objects.

Until now any attempt to read out these master secrets has resulted in the error code CKR_ATTRIBUTE_SENSITIVE.

However, since we'd like to be able to use these master secrets to do things like NTLM. The daemon needs access to read them.

This patch adds access for the daemon to read them via PKCS#11. If an application tries to access them, then the app will still get CKR_ATTRIBUTE_SENSITIVE.

I've added tests to verify this.
Comment 1 Stef Walter 2011-06-07 17:35:09 UTC 
Created attachment 189423 [details] [review]
Patch of implementation branch

The branch which this patch is based off of is here: http://cgit.collabora.com/git/user/stefw/gnome-keyring.git/log/?h=daemon-access-credentials
Comment 2 Stef Walter 2011-09-12 05:57:09 UTC 
Merged into gnome-keyring master.