From 9a271ef0518949f06fb5132ecad1ed93bcf4f72c Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Sat, 13 Feb 2010 23:43:35 +0000 Subject: [pkcs11] Fix problem with not storing secret value properly. If a new object was not created, such as when unwrapping a secret item, then the attributes set were not stored properly. --- diff --git a/pkcs11/gck/gck-aes-key.c b/pkcs11/gck/gck-aes-key.c index 6274703..14d11e5 100644 --- a/pkcs11/gck/gck-aes-key.c +++ b/pkcs11/gck/gck-aes-key.c @@ -129,7 +129,8 @@ factory_create_aes_key (GckSession *session, GckTransaction *transaction, gck_attribute_consume (value); - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), + TRUE, attrs, n_attrs); return GCK_OBJECT (key); } diff --git a/pkcs11/gck/gck-certificate.c b/pkcs11/gck/gck-certificate.c index 4761731..d547b26 100644 --- a/pkcs11/gck/gck-certificate.c +++ b/pkcs11/gck/gck-certificate.c @@ -275,7 +275,8 @@ factory_create_certificate (GckSession *session, GckTransaction *transaction, /* Note that we ignore the subject */ gck_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG); - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert), + TRUE, attrs, n_attrs); return GCK_OBJECT (cert); } diff --git a/pkcs11/gck/gck-credential.c b/pkcs11/gck/gck-credential.c index 74ce3e6..e3a6d58 100644 --- a/pkcs11/gck/gck-credential.c +++ b/pkcs11/gck/gck-credential.c @@ -93,7 +93,8 @@ factory_create_credential (GckSession *session, GckTransaction *transaction, attr ? attr->ulValueLen : 0, &cred); if (rv == CKR_OK) { - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred), + TRUE, attrs, n_attrs); return GCK_OBJECT (cred); } else { gck_transaction_fail (transaction, rv); diff --git a/pkcs11/gck/gck-dh-private-key.c b/pkcs11/gck/gck-dh-private-key.c index 72af177..278dea0 100644 --- a/pkcs11/gck/gck-dh-private-key.c +++ b/pkcs11/gck/gck-dh-private-key.c @@ -72,7 +72,8 @@ factory_create_dh_private_key (GckSession *session, GckTransaction *transaction, idattr ? idattr->ulValueLen : 0)); gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG); - gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, object, + TRUE, attrs, n_attrs); return object; } diff --git a/pkcs11/gck/gck-dh-public-key.c b/pkcs11/gck/gck-dh-public-key.c index d6f5284..be0bb25 100644 --- a/pkcs11/gck/gck-dh-public-key.c +++ b/pkcs11/gck/gck-dh-public-key.c @@ -72,7 +72,8 @@ factory_create_dh_public_key (GckSession *session, GckTransaction *transaction, idattr ? idattr->ulValueLen : 0)); gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG); - gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, object, + TRUE, attrs, n_attrs); return object; } diff --git a/pkcs11/gck/gck-null-key.c b/pkcs11/gck/gck-null-key.c index 7bb912d..75d8b76 100644 --- a/pkcs11/gck/gck-null-key.c +++ b/pkcs11/gck/gck-null-key.c @@ -53,7 +53,8 @@ factory_create_null_key (GckSession *session, GckTransaction *transaction, "manager", manager, NULL); - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), + TRUE, attrs, n_attrs); return GCK_OBJECT (key); } diff --git a/pkcs11/gck/gck-private-xsa-key.c b/pkcs11/gck/gck-private-xsa-key.c index 5940309..4c2704a 100644 --- a/pkcs11/gck/gck-private-xsa-key.c +++ b/pkcs11/gck/gck-private-xsa-key.c @@ -163,7 +163,8 @@ factory_create_private_xsa_key (GckSession *session, GckTransaction *transaction NULL); key->pv->sexp = sexp; - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), + TRUE, attrs, n_attrs); return GCK_OBJECT (key); } diff --git a/pkcs11/gck/gck-public-xsa-key.c b/pkcs11/gck/gck-public-xsa-key.c index e6f3eb9..f28d56a 100644 --- a/pkcs11/gck/gck-public-xsa-key.c +++ b/pkcs11/gck/gck-public-xsa-key.c @@ -155,7 +155,8 @@ factory_create_public_xsa_key (GckSession *session, GckTransaction *transaction, "manager", gck_manager_for_template (attrs, n_attrs, session), NULL); gck_sexp_unref (sexp); - gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, object, + TRUE, attrs, n_attrs); } return object; diff --git a/pkcs11/gck/gck-session.c b/pkcs11/gck/gck-session.c index 1389d7d..d2f0ae4 100644 --- a/pkcs11/gck/gck-session.c +++ b/pkcs11/gck/gck-session.c @@ -836,8 +836,8 @@ gck_session_create_object_for_attributes (GckSession *self, GckTransaction *tran } void -gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, - GckObject *object, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) +gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, GckObject *object, + gboolean add, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { gboolean is_private; gulong i; @@ -873,7 +873,7 @@ gck_session_complete_object_creation (GckSession *self, GckTransaction *transact } /* Add the object to session or token */ - if (!gck_transaction_get_failed (transaction)) { + if (add && !gck_transaction_get_failed (transaction)) { if (gck_object_is_token (object)) gck_module_add_token_object (self->pv->module, transaction, object); else diff --git a/pkcs11/gck/gck-session.h b/pkcs11/gck/gck-session.h index 290443d..fa4cb01 100644 --- a/pkcs11/gck/gck-session.h +++ b/pkcs11/gck/gck-session.h @@ -117,6 +117,7 @@ GckObject* gck_session_create_object_for_attributes (GckSess void gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, GckObject *object, + gboolean add, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs); diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c index 4be98dc..613c1ae 100644 --- a/pkcs11/secret-store/gck-secret-collection.c +++ b/pkcs11/secret-store/gck-secret-collection.c @@ -297,7 +297,8 @@ factory_create_collection (GckSession *session, GckTransaction *transaction, g_object_unref (sdata); gck_attributes_consume (attrs, n_attrs, CKA_G_CREDENTIAL, G_MAXULONG); - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection), + TRUE, attrs, n_attrs); return GCK_OBJECT (collection); } diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c index 5c77723..0c7636d 100644 --- a/pkcs11/secret-store/gck-secret-item.c +++ b/pkcs11/secret-store/gck-secret-item.c @@ -141,7 +141,6 @@ factory_create_item (GckSession *session, GckTransaction *transaction, CK_ATTRIBUTE *attr; gboolean is_token; gchar *identifier; - CK_ULONG i; g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL); g_return_val_if_fail (attrs || !n_attrs, NULL); @@ -176,18 +175,16 @@ factory_create_item (GckSession *session, GckTransaction *transaction, gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return NULL; } else { - gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG); - for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) { - if (!gck_attribute_consumed (&attrs[i])) - gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]); - } + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), + FALSE, attrs, n_attrs); return g_object_ref (item); } } /* Create a new collection which will own the item */ item = gck_secret_collection_create_item (collection, transaction); - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), + TRUE, attrs, n_attrs); return g_object_ref (item); } diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c index 1315687..07bcd5f 100644 --- a/pkcs11/secret-store/gck-secret-search.c +++ b/pkcs11/secret-store/gck-secret-search.c @@ -240,7 +240,8 @@ factory_create_search (GckSession *session, GckTransaction *transaction, populate_search_from_manager (search, s_manager); populate_search_from_manager (search, m_manager); - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search), + TRUE, attrs, n_attrs); return GCK_OBJECT (search); } diff --git a/pkcs11/user-store/gck-user-private-key.c b/pkcs11/user-store/gck-user-private-key.c index 7577c72..5ee57a3 100644 --- a/pkcs11/user-store/gck-user-private-key.c +++ b/pkcs11/user-store/gck-user-private-key.c @@ -83,7 +83,8 @@ factory_create_private_key (GckSession *session, GckTransaction *transaction, gck_sexp_unref (sexp); - gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), + TRUE, attrs, n_attrs); return GCK_OBJECT (key); } diff --git a/pkcs11/user-store/gck-user-public-key.c b/pkcs11/user-store/gck-user-public-key.c index 6b2d69c..ce20d1d 100644 --- a/pkcs11/user-store/gck-user-public-key.c +++ b/pkcs11/user-store/gck-user-public-key.c @@ -62,7 +62,8 @@ factory_create_public_key (GckSession *session, GckTransaction *transaction, "manager", gck_manager_for_template (attrs, n_attrs, session), NULL); gck_sexp_unref (sexp); - gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); + gck_session_complete_object_creation (session, transaction, object, + TRUE, attrs, n_attrs); } return object; -- cgit v0.8.3.1