head 1.11; access; symbols pkgsrc-2013Q2:1.11.0.10 pkgsrc-2013Q2-base:1.11 pkgsrc-2012Q4:1.11.0.8 pkgsrc-2012Q4-base:1.11 pkgsrc-2011Q4:1.11.0.6 pkgsrc-2011Q4-base:1.11 pkgsrc-2011Q2:1.11.0.4 pkgsrc-2011Q2-base:1.11 pkgsrc-2009Q4:1.11.0.2 pkgsrc-2009Q4-base:1.11 pkgsrc-2009Q2:1.10.0.2 pkgsrc-2009Q2-base:1.10 pkgsrc-2009Q1:1.9.0.2 pkgsrc-2009Q1-base:1.9 pkgsrc-2008Q4:1.8.0.2 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.7.0.8 pkgsrc-2008Q3-base:1.7 cube-native-xorg:1.7.0.6 cube-native-xorg-base:1.7 pkgsrc-2008Q2:1.7.0.4 pkgsrc-2008Q2-base:1.7 cwrapper:1.7.0.2 pkgsrc-2008Q1:1.6.0.4 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.2 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.5.0.6 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.4 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.2 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.4.0.4 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.2 pkgsrc-2006Q3-base:1.4; locks; strict; comment @# @; 1.11 date 2009.07.09.17.59.25; author drochner; state dead; branches; next 1.10; 1.10 date 2009.04.16.19.35.29; author drochner; state Exp; branches; next 1.9; 1.9 date 2009.03.15.18.14.24; author jmcneill; state Exp; branches; next 1.8; 1.8 date 2008.10.16.13.45.38; author drochner; state Exp; branches; next 1.7; 1.7 date 2008.04.10.16.53.44; author drochner; state Exp; branches; next 1.6; 1.6 date 2007.10.31.20.20.30; author drochner; state Exp; branches; next 1.5; 1.5 date 2007.03.21.12.04.58; author wiz; state dead; branches; next 1.4; 1.4 date 2006.09.17.14.43.00; author joerg; state Exp; branches; next 1.3; 1.3 date 2006.09.15.15.08.52; author jmmv; state dead; branches; next 1.2; 1.2 date 2006.08.28.08.30.12; author jmmv; state Exp; branches; next 1.1; 1.1 date 2006.08.27.16.10.21; author jmmv; state Exp; branches; next ; desc @@ 1.11 log @update to 2.26.3 changes: -Build fixes -Fix problem with RSA key sizes that are not a multiple of 8. This affected use of SSH keys in particular -Fix crash related to secure memory @ text @$NetBSD: patch-aa,v 1.10 2009/04/16 19:35:29 drochner Exp $ --- configure.orig 2009-04-12 16:12:49.000000000 +0200 +++ configure @@@@ -19198,7 +19198,7 @@@@ fi { $as_echo "$as_me:$LINENO: checking build test tools, unit tests, and -Werror" >&5 $as_echo_n "checking build test tools, unit tests, and -Werror... " >&6; } -if test "$enable_tests" == "yes"; then +if test "$enable_tests" = "yes"; then cat >>confdefs.h <<_ACEOF #define WITH_TESTS 1 @@@@ -19214,7 +19214,7 @@@@ $as_echo "no" >&6; } tests_status="no" fi - if test "$enable_tests" == "yes"; then + if test "$enable_tests" = "yes"; then WITH_TESTS_TRUE= WITH_TESTS_FALSE='#' else @@@@ -19229,7 +19229,7 @@@@ if test "${enable_coverage+set}" = set; fi -if test "$enable_coverage" == "yes"; then +if test "$enable_coverage" = "yes"; then CFLAGS="$CFLAGS -fprofile-arcs -ftest-coverage" LDFLAGS="$LDFLAGS -fprofile-arcs -ftest-coverage" fi @@@@ -19247,7 +19247,7 @@@@ fi $as_echo_n "checking valgrind... " >&6; } valgrind_status="yes" - if test "$enable_valgrind" == "run"; then + if test "$enable_valgrind" = "run"; then WITH_VALGRIND_TRUE= WITH_VALGRIND_FALSE='#' else @@@@ -19257,7 +19257,7 @@@@ fi # Run gnome-keyring-daemon under valgrind as default -if test "$enable_valgrind" == "run"; then +if test "$enable_valgrind" = "run"; then # Extract the first word of "valgrind", so it can be a program name with args. set dummy valgrind; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 @@@@ -19328,7 +19328,7 @@@@ fi # Build valgrind support into code -if test "$enable_valgrind" == "yes"; then +if test "$enable_valgrind" = "yes"; then if test "${ac_cv_header_valgrind_valgrind_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for valgrind/valgrind.h" >&5 $as_echo_n "checking for valgrind/valgrind.h... " >&6; } @@@@ -19463,7 +19463,7 @@@@ else fi - if test "$have_valgrind" == "no"; then + if test "$have_valgrind" = "no"; then { { $as_echo "$as_me:$LINENO: error: The valgrind headers are missing" >&5 $as_echo "$as_me: error: The valgrind headers are missing" >&2;} { (exit 1); exit 1; }; } @ 1.10 log @update to 2.26.1 changes: -DBus now automatically starts the gnome-keyring service properly -Initialize daemon with LOGNAME and USERNAME environment variables -Add DBus method for getting the gnome-keyring environment variables -misc fixes @ text @d1 1 a1 1 $NetBSD$ @ 1.9 log @Update gnome-keyring to 2.26.0. Changes between 2.24.0 and 2.26.0: ================================== * Refactor PKI code to make it modular, loosely coupled and easier to hack and test. * Add standard widgets for display of certificates. * If login keyring doesn't exist when changing a PAM password, don't create it automatically. * Overhaul the secure memory allocator to have memory guards, be valgrind compatible, and also be sparing with secure memory. * When importing keys, prompt to initialize new PKCS#11 tokens. * Fix export of RSA keys to be more interoperable. * Make the gp11 library multi-thread safe. * Rework initialization of daemon, and the way that it integrates with the new session manager. * Close open file descriptors before starting daemon from PAM. * Don't leave keyring daemon running if PAM just started it for a password change. * Register environment variables with session properly. * Remove usage of deprecated glib/gtk stuff. * Hundreds of other smaller changes and fixes. @ text @d3 1 a3 1 --- configure.orig 2009-03-14 14:57:51.000000000 -0400 d5 1 a5 1 @@@@ -18124,7 +18124,7 @@@@ fi d7 2 a8 2 { echo "$as_me:$LINENO: checking build test tools, unit tests, and -Werror" >&5 echo $ECHO_N "checking build test tools, unit tests, and -Werror... $ECHO_C" >&6; } d14 1 a14 1 @@@@ -18140,7 +18140,7 @@@@ echo "${ECHO_T}no" >&6; } d23 1 a23 1 @@@@ -18155,7 +18155,7 @@@@ if test "${enable_coverage+set}" = set; d32 2 a33 2 @@@@ -18173,7 +18173,7 @@@@ fi echo $ECHO_N "checking valgrind... $ECHO_C" >&6; } d41 1 a41 1 @@@@ -18183,7 +18183,7 @@@@ fi d49 2 a50 2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 @@@@ -18254,7 +18254,7 @@@@ fi d57 3 a59 3 { echo "$as_me:$LINENO: checking for valgrind/valgrind.h" >&5 echo $ECHO_N "checking for valgrind/valgrind.h... $ECHO_C" >&6; } @@@@ -18387,7 +18387,7 @@@@ else d65 2 a66 2 { { echo "$as_me:$LINENO: error: The valgrind headers are missing" >&5 echo "$as_me: error: The valgrind headers are missing" >&2;} @ 1.8 log @update to 2.24.0 This switches to the gnome-2.24 release branch. @ text @d3 1 a3 1 --- configure.orig 2008-09-21 00:18:31.000000000 +0200 d5 1 a5 12 @@@@ -17119,7 +17119,7 @@@@ fi dbus_status=$DBUS_VERSION fi - if test "$enable_dbus" == "yes"; then + if test "$enable_dbus" = "yes"; then WITH_DBUS_TRUE= WITH_DBUS_FALSE='#' else @@@@ -18160,7 +18160,7 @@@@ if test "${enable_tests+set}" = set; the fi d7 2 a10 1 echo "building tests and unit tests" d13 2 a14 1 @@@@ -18173,7 +18173,7 @@@@ else d23 1 a23 1 @@@@ -18188,7 +18188,7 @@@@ if test "${enable_coverage+set}" = set; d32 36 @ 1.7 log @update to 2.22.1 This switches to the gnome-2.22 release branch. @ text @d3 1 a3 1 --- configure.orig 2008-03-09 15:25:49.000000000 +0100 d5 20 a24 2 @@@@ -23793,7 +23793,7 @@@@ else tests_status="no" d32 2 a33 1 @@@@ -25228,7 +25228,7 @@@@ fi d35 5 a39 1 dbus_status=$DBUS_VERSION a40 5 - if test "$enable_dbus" == "yes"; then + if test "$enable_dbus" = "yes"; then WITH_DBUS_TRUE= WITH_DBUS_FALSE='#' else @ 1.6 log @update to 2.20.1 This switches to the new gnome-2.20 branch. (While this is not part of the "platform" subset formally, it is used by platform -- this looks like an inconsistency in gnome packaging.) @ text @d3 1 a3 1 --- configure.orig 2007-09-27 20:36:29.000000000 +0200 d5 2 a6 2 @@@@ -23462,7 +23462,7 @@@@ else echo "not building tests and unit tests" d14 9 @ 1.5 log @Update to 0.8. Bump ABI depends for new dbus dependency. Changes in version 0.8 are: * Translations Changes in version 0.7.92 are: * Fix build by including sys/types.h * In gnome_keyring_free() don't crash on NULL parameter. Changes in version 0.7.91 are: * Add method for library to discover daemon via DBus. Adds soft DBus dependency. * Fixes for building on kFreeBSD. Changes in version 0.7.3 are: * Fix endless loop when creating a keyring and a file by that name already exists. * Fix crasher when deleting session keyring. * Fix crasher when doing find operation with NULL attribute string. * Sync files to disk after writing to keyring. Changes in version 0.7.2 are: * Don't have multiple password dialogs presented for the same keyring Changes in version 0.7.1 are: * Added GNOME_KEYRING_ITEM_APPLICATION_SECRET which allows an item to be for a single application only with strict access controls. * New function gnome_keyring_item_get_info_full(_sync) which allow retrieval of item meta data without the secret, thus not incurring an ACL prompt. * Translation updates @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.4 2006/09/17 14:43:00 joerg Exp $ d3 5 a7 13 --- gnome-keyring.c.orig 2006-09-17 16:32:22.000000000 +0000 +++ gnome-keyring.c @@@@ -275,9 +275,9 @@@@ write_credentials_byte_sync (int socket) msg.msg_control = (caddr_t) &cmsg; msg.msg_controllen = CMSG_SPACE (sizeof (struct cmsgcred)); memset (&cmsg, 0, sizeof (cmsg)); - cmsg->cmsg_len = CMSG_LEN (sizeof (struct cmsgcred)); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_CREDS; + cmsg.hdr.cmsg_len = CMSG_LEN (sizeof (struct cmsgcred)); + cmsg.hdr.cmsg_level = SOL_SOCKET; + cmsg.hdr.cmsg_type = SCM_CREDS; #endif d9 5 a13 16 again: @@@@ -324,10 +324,10 @@@@ write_credentials_byte (GnomeKeyringOper msg.msg_control = (caddr_t) &cmsg; msg.msg_controllen = CMSG_SPACE (sizeof (struct cmsgcred)); - memset (cmsg, 0, sizeof (cmsg)); - cmsg->cmsg_len = CMSG_LEN (sizeof (struct cmsgcred)); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_CREDS; + memset (&cmsg, 0, sizeof (cmsg)); + cmsg.hdr.cmsg_len = CMSG_LEN (sizeof (struct cmsgcred)); + cmsg.hdr.cmsg_level = SOL_SOCKET; + cmsg.hdr.cmsg_type = SCM_CREDS; #endif again: @ 1.4 log @Fix build on DragonFly and other platforms without LOCAL_CREDS. No idea how this code was ever tested, it can't compile for obvious reaons. @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Changes in version 0.6.0 are: * NetBSD fixes * Crash fix * Typo fix * Translations Changes in version 0.5.2 are: * Translation updates * Better title in docs * Fixed crashes * New function: gnome_keyring_item_grant_access_rights_sync Changes in version 0.5.1 are: * Support changing password of a keyring * Create ~/.gnome2 if needed * Save keyring when an ACL is added * Add password strength meter * Small bugfixes @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.2 2006/08/28 08:30:12 jmmv Exp $ d3 13 a15 5 http://bugzilla.gnome.org/show_bug.cgi?id=353105 --- gnome-keyring-daemon-io.c.orig 2005-05-04 09:17:18.000000000 +0200 +++ gnome-keyring-daemon-io.c @@@@ -91,6 +91,24 @@@@ static void gnome_keyring_client_state_m d17 2 d20 10 a29 29 static gboolean +set_local_creds (int fd, gboolean on) +{ + gboolean retval = TRUE; + +#if defined(LOCAL_CREDS) && !defined(HAVE_CMSGCRED) + int val = on ? 1 : 0; + if (setsockopt (fd, 0, LOCAL_CREDS, &val, sizeof (val)) < 0) + { + g_warning ("Unable to set LOCAL_CREDS socket option on fd %d\n", fd); + retval = FALSE; + } +#endif + + return retval; +} + + +static gboolean read_unix_socket_credentials (int fd, pid_t *pid, uid_t *uid) @@@@ -102,22 +120,14 @@@@ read_unix_socket_credentials (int fd, #ifdef HAVE_CMSGCRED char cmsgmem[CMSG_SPACE (sizeof (struct cmsgcred))]; struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem; +#elif defined(LOCAL_CREDS) + char cmsgmem[CMSG_SPACE (sizeof (struct sockcred))]; + struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem; a30 54 *pid = 0; *uid = 0; -#if defined(LOCAL_CREDS) && defined(HAVE_CMSGCRED) - /* Set the socket to receive credentials on the next message */ - { - int on = 1; - if (setsockopt (fd, 0, LOCAL_CREDS, &on, sizeof (on)) < 0) { - g_warning ("Unable to set LOCAL_CREDS socket option\n"); - return FALSE; - } - } -#endif - iov.iov_base = &buf; iov.iov_len = 1; @@@@ -125,7 +135,7 @@@@ read_unix_socket_credentials (int fd, msg.msg_iov = &iov; msg.msg_iovlen = 1; -#ifdef HAVE_CMSGCRED +#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) memset (cmsgmem, 0, sizeof (cmsgmem)); msg.msg_control = cmsgmem; msg.msg_controllen = sizeof (cmsgmem); @@@@ -146,7 +156,7 @@@@ read_unix_socket_credentials (int fd, return FALSE; } -#ifdef HAVE_CMSGCRED +#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) if (cmsg->cmsg_len < sizeof (cmsgmem) || cmsg->cmsg_type != SCM_CREDS) { g_warning ("Message from recvmsg() was not SCM_CREDS\n"); return FALSE; @@@@ -174,6 +184,14 @@@@ read_unix_socket_credentials (int fd, *pid = cred->cmcred_pid; *uid = cred->cmcred_euid; +#elif defined(LOCAL_CREDS) + struct sockcred *cred; + + cred = (struct sockcred *) CMSG_DATA (cmsg); + + *pid = -1; + *uid = cred->sc_euid; + set_local_creds(fd, FALSE); #else /* !SO_PEERCRED && !HAVE_CMSGCRED */ g_warning ("Socket credentials not supported on this OS\n"); return FALSE; @@@@ -625,6 +643,12 @@@@ create_master_socket (const char **path) return FALSE; } d32 1 a32 9 + if (!set_local_creds (sock, TRUE)) { + close (sock); + cleanup_socket_dir (); + return FALSE; + } + g_free (tmp_tmp_dir); channel = g_io_channel_unix_new (sock); g_io_add_watch (channel, G_IO_IN | G_IO_HUP, new_client, NULL); @ 1.2 log @Redo LOCAL_CREDS support in a way that does not change the communication protocol (it's more likely to be accepted and is much easier on the code). Bump PKGREVISION to 3. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1 2006/08/27 16:10:21 jmmv Exp $ @ 1.1 log @Implement support for LOCAL_CREDS socket credentials. Bump PKGREVISION to 2. This fixes gnome-keyring under NetBSD which, AFAICT, didn't work at all. There are still some problems remaining in gnome-keyring-manager, but I think these are not related to this issue. @ text @d1 1 a1 1 $NetBSD$ d7 1 a7 9 @@@@ -45,6 +45,7 @@@@ #endif typedef enum { + GNOME_CLIENT_STATE_INIT, GNOME_CLIENT_STATE_CREDENTIALS, GNOME_CLIENT_STATE_READ_DISPLAYNAME, GNOME_CLIENT_STATE_READ_PACKET, @@@@ -91,6 +92,38 @@@@ static void gnome_keyring_client_state_m d11 1 a11 1 +init_connection (int fd) d13 1 a13 2 + char buf = '\0'; + ssize_t len; d16 6 a21 12 + /* Set the socket to receive credentials on the next message, + * which must be the nul-byte credentials message expected by + * read_unix_socket_credentials(). + * CMSGCRED is preferred over LOCAL_CREDS because it provides + * the remote PID. */ + { + int on = 1; + if (setsockopt (fd, 0, LOCAL_CREDS, &on, sizeof (on)) < 0) { + g_warning ("Unable to set LOCAL_CREDS socket option\n"); + return FALSE; + } + } d24 1 a24 8 + len = write (fd, &buf, sizeof (buf)); + if (len != sizeof (buf)) { + g_warning ("Failed to write initialization byte: %s", + len == 0 ? "No data written" : strerror (errno)); + return FALSE; + } + + return TRUE; d32 1 a32 1 @@@@ -102,22 +135,14 @@@@ read_unix_socket_credentials (int fd, d58 1 a58 1 @@@@ -125,7 +150,7 @@@@ read_unix_socket_credentials (int fd, d67 1 a67 1 @@@@ -146,7 +171,7 @@@@ read_unix_socket_credentials (int fd, d76 1 a76 1 @@@@ -174,6 +199,13 @@@@ read_unix_socket_credentials (int fd, d87 1 d91 3 a93 16 @@@@ -345,6 +377,12 @@@@ gnome_keyring_client_state_machine (Gnom new_state: switch (client->state) { + case GNOME_CLIENT_STATE_INIT: + debug_print (("GNOME_CLIENT_STATE_INIT %p\n", client)); + if (init_connection (client->sock)) + client->state = GNOME_CLIENT_STATE_CREDENTIALS; + break; + case GNOME_CLIENT_STATE_CREDENTIALS: debug_print (("GNOME_CLIENT_STATE_CREDENTIALS %p\n", client)); if (!read_unix_socket_credentials (client->sock, &pid, &uid)) { @@@@ -536,13 +574,15 @@@@ gnome_keyring_client_new (int fd) gnome_keyring_client_hup, client); g_io_channel_unref (channel); d95 5 a99 8 - client->state = GNOME_CLIENT_STATE_CREDENTIALS; + client->state = GNOME_CLIENT_STATE_INIT; client->sock = fd; client->input_channel = channel; client->input_buffer = g_string_new (NULL); client->input_pos = 0; clients = g_list_prepend (clients, client); d101 3 a103 4 + gnome_keyring_client_state_machine (client); } @