250 lines
12 KiB
Diff
250 lines
12 KiB
Diff
|
From 9a271ef0518949f06fb5132ecad1ed93bcf4f72c Mon Sep 17 00:00:00 2001
|
||
|
From: Stef Walter <stef@memberwebs.com>
|
||
|
Date: Sat, 13 Feb 2010 23:43:35 +0000
|
||
|
Subject: [pkcs11] Fix problem with not storing secret value properly.
|
||
|
|
||
|
If a new object was not created, such as when unwrapping a
|
||
|
secret item, then the attributes set were not stored properly.
|
||
|
---
|
||
|
diff --git a/pkcs11/gck/gck-aes-key.c b/pkcs11/gck/gck-aes-key.c
|
||
|
index 6274703..14d11e5 100644
|
||
|
--- a/pkcs11/gck/gck-aes-key.c
|
||
|
+++ b/pkcs11/gck/gck-aes-key.c
|
||
|
@@ -129,7 +129,8 @@ factory_create_aes_key (GckSession *session, GckTransaction *transaction,
|
||
|
|
||
|
gck_attribute_consume (value);
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (key);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/gck/gck-certificate.c b/pkcs11/gck/gck-certificate.c
|
||
|
index 4761731..d547b26 100644
|
||
|
--- a/pkcs11/gck/gck-certificate.c
|
||
|
+++ b/pkcs11/gck/gck-certificate.c
|
||
|
@@ -275,7 +275,8 @@ factory_create_certificate (GckSession *session, GckTransaction *transaction,
|
||
|
/* Note that we ignore the subject */
|
||
|
gck_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG);
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (cert);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/gck/gck-credential.c b/pkcs11/gck/gck-credential.c
|
||
|
index 74ce3e6..e3a6d58 100644
|
||
|
--- a/pkcs11/gck/gck-credential.c
|
||
|
+++ b/pkcs11/gck/gck-credential.c
|
||
|
@@ -93,7 +93,8 @@ factory_create_credential (GckSession *session, GckTransaction *transaction,
|
||
|
attr ? attr->ulValueLen : 0, &cred);
|
||
|
|
||
|
if (rv == CKR_OK) {
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (cred);
|
||
|
} else {
|
||
|
gck_transaction_fail (transaction, rv);
|
||
|
diff --git a/pkcs11/gck/gck-dh-private-key.c b/pkcs11/gck/gck-dh-private-key.c
|
||
|
index 72af177..278dea0 100644
|
||
|
--- a/pkcs11/gck/gck-dh-private-key.c
|
||
|
+++ b/pkcs11/gck/gck-dh-private-key.c
|
||
|
@@ -72,7 +72,8 @@ factory_create_dh_private_key (GckSession *session, GckTransaction *transaction,
|
||
|
idattr ? idattr->ulValueLen : 0));
|
||
|
gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG);
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, object,
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return object;
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/gck/gck-dh-public-key.c b/pkcs11/gck/gck-dh-public-key.c
|
||
|
index d6f5284..be0bb25 100644
|
||
|
--- a/pkcs11/gck/gck-dh-public-key.c
|
||
|
+++ b/pkcs11/gck/gck-dh-public-key.c
|
||
|
@@ -72,7 +72,8 @@ factory_create_dh_public_key (GckSession *session, GckTransaction *transaction,
|
||
|
idattr ? idattr->ulValueLen : 0));
|
||
|
gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG);
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, object,
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return object;
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/gck/gck-null-key.c b/pkcs11/gck/gck-null-key.c
|
||
|
index 7bb912d..75d8b76 100644
|
||
|
--- a/pkcs11/gck/gck-null-key.c
|
||
|
+++ b/pkcs11/gck/gck-null-key.c
|
||
|
@@ -53,7 +53,8 @@ factory_create_null_key (GckSession *session, GckTransaction *transaction,
|
||
|
"manager", manager,
|
||
|
NULL);
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (key);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/gck/gck-private-xsa-key.c b/pkcs11/gck/gck-private-xsa-key.c
|
||
|
index 5940309..4c2704a 100644
|
||
|
--- a/pkcs11/gck/gck-private-xsa-key.c
|
||
|
+++ b/pkcs11/gck/gck-private-xsa-key.c
|
||
|
@@ -163,7 +163,8 @@ factory_create_private_xsa_key (GckSession *session, GckTransaction *transaction
|
||
|
NULL);
|
||
|
key->pv->sexp = sexp;
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (key);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/gck/gck-public-xsa-key.c b/pkcs11/gck/gck-public-xsa-key.c
|
||
|
index e6f3eb9..f28d56a 100644
|
||
|
--- a/pkcs11/gck/gck-public-xsa-key.c
|
||
|
+++ b/pkcs11/gck/gck-public-xsa-key.c
|
||
|
@@ -155,7 +155,8 @@ factory_create_public_xsa_key (GckSession *session, GckTransaction *transaction,
|
||
|
"manager", gck_manager_for_template (attrs, n_attrs, session),
|
||
|
NULL);
|
||
|
gck_sexp_unref (sexp);
|
||
|
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, object,
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
}
|
||
|
|
||
|
return object;
|
||
|
diff --git a/pkcs11/gck/gck-session.c b/pkcs11/gck/gck-session.c
|
||
|
index 1389d7d..d2f0ae4 100644
|
||
|
--- a/pkcs11/gck/gck-session.c
|
||
|
+++ b/pkcs11/gck/gck-session.c
|
||
|
@@ -836,8 +836,8 @@ gck_session_create_object_for_attributes (GckSession *self, GckTransaction *tran
|
||
|
}
|
||
|
|
||
|
void
|
||
|
-gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction,
|
||
|
- GckObject *object, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
|
||
|
+gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, GckObject *object,
|
||
|
+ gboolean add, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
|
||
|
{
|
||
|
gboolean is_private;
|
||
|
gulong i;
|
||
|
@@ -873,7 +873,7 @@ gck_session_complete_object_creation (GckSession *self, GckTransaction *transact
|
||
|
}
|
||
|
|
||
|
/* Add the object to session or token */
|
||
|
- if (!gck_transaction_get_failed (transaction)) {
|
||
|
+ if (add && !gck_transaction_get_failed (transaction)) {
|
||
|
if (gck_object_is_token (object))
|
||
|
gck_module_add_token_object (self->pv->module, transaction, object);
|
||
|
else
|
||
|
diff --git a/pkcs11/gck/gck-session.h b/pkcs11/gck/gck-session.h
|
||
|
index 290443d..fa4cb01 100644
|
||
|
--- a/pkcs11/gck/gck-session.h
|
||
|
+++ b/pkcs11/gck/gck-session.h
|
||
|
@@ -117,6 +117,7 @@ GckObject* gck_session_create_object_for_attributes (GckSess
|
||
|
void gck_session_complete_object_creation (GckSession *self,
|
||
|
GckTransaction *transaction,
|
||
|
GckObject *object,
|
||
|
+ gboolean add,
|
||
|
CK_ATTRIBUTE_PTR attrs,
|
||
|
CK_ULONG n_attrs);
|
||
|
|
||
|
diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c
|
||
|
index 4be98dc..613c1ae 100644
|
||
|
--- a/pkcs11/secret-store/gck-secret-collection.c
|
||
|
+++ b/pkcs11/secret-store/gck-secret-collection.c
|
||
|
@@ -297,7 +297,8 @@ factory_create_collection (GckSession *session, GckTransaction *transaction,
|
||
|
g_object_unref (sdata);
|
||
|
|
||
|
gck_attributes_consume (attrs, n_attrs, CKA_G_CREDENTIAL, G_MAXULONG);
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (collection);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c
|
||
|
index 5c77723..0c7636d 100644
|
||
|
--- a/pkcs11/secret-store/gck-secret-item.c
|
||
|
+++ b/pkcs11/secret-store/gck-secret-item.c
|
||
|
@@ -141,7 +141,6 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
|
||
|
CK_ATTRIBUTE *attr;
|
||
|
gboolean is_token;
|
||
|
gchar *identifier;
|
||
|
- CK_ULONG i;
|
||
|
|
||
|
g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL);
|
||
|
g_return_val_if_fail (attrs || !n_attrs, NULL);
|
||
|
@@ -176,18 +175,16 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
|
||
|
gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
|
||
|
return NULL;
|
||
|
} else {
|
||
|
- gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG);
|
||
|
- for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) {
|
||
|
- if (!gck_attribute_consumed (&attrs[i]))
|
||
|
- gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]);
|
||
|
- }
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item),
|
||
|
+ FALSE, attrs, n_attrs);
|
||
|
return g_object_ref (item);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* Create a new collection which will own the item */
|
||
|
item = gck_secret_collection_create_item (collection, transaction);
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return g_object_ref (item);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c
|
||
|
index 1315687..07bcd5f 100644
|
||
|
--- a/pkcs11/secret-store/gck-secret-search.c
|
||
|
+++ b/pkcs11/secret-store/gck-secret-search.c
|
||
|
@@ -240,7 +240,8 @@ factory_create_search (GckSession *session, GckTransaction *transaction,
|
||
|
populate_search_from_manager (search, s_manager);
|
||
|
populate_search_from_manager (search, m_manager);
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (search);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/user-store/gck-user-private-key.c b/pkcs11/user-store/gck-user-private-key.c
|
||
|
index 7577c72..5ee57a3 100644
|
||
|
--- a/pkcs11/user-store/gck-user-private-key.c
|
||
|
+++ b/pkcs11/user-store/gck-user-private-key.c
|
||
|
@@ -83,7 +83,8 @@ factory_create_private_key (GckSession *session, GckTransaction *transaction,
|
||
|
|
||
|
gck_sexp_unref (sexp);
|
||
|
|
||
|
- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
return GCK_OBJECT (key);
|
||
|
}
|
||
|
|
||
|
diff --git a/pkcs11/user-store/gck-user-public-key.c b/pkcs11/user-store/gck-user-public-key.c
|
||
|
index 6b2d69c..ce20d1d 100644
|
||
|
--- a/pkcs11/user-store/gck-user-public-key.c
|
||
|
+++ b/pkcs11/user-store/gck-user-public-key.c
|
||
|
@@ -62,7 +62,8 @@ factory_create_public_key (GckSession *session, GckTransaction *transaction,
|
||
|
"manager", gck_manager_for_template (attrs, n_attrs, session),
|
||
|
NULL);
|
||
|
gck_sexp_unref (sexp);
|
||
|
- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
|
||
|
+ gck_session_complete_object_creation (session, transaction, object,
|
||
|
+ TRUE, attrs, n_attrs);
|
||
|
}
|
||
|
|
||
|
return object;
|
||
|
--
|
||
|
cgit v0.8.3.1
|