Commit 9a7d0f35 authored by Tomasz Miąsko's avatar Tomasz Miąsko

Unlock collections and items in secret storage before use.

Both items and collections accessed through secret service API might be
locked. Secrets of locked items cannot be accessed. Locked collection
cannot be modified.

Implement unlocking as recommended by secret service API specification:

* The client application should act as if it must unlock each item
  individually.
* A client application should always be ready to unlock the items for
  the secrets it needs, or objects it must modify.
* It must not assume that an item is already unlocked for whatever
  reason.

Fixes issue #175.
parent cb7f911c
......@@ -46,6 +46,7 @@ mod ss_storage {
.iter()
.filter(|x| x.get_label().unwrap_or_default() == key);
for p in passwds {
p.unlock()?;
p.delete()?;
}
......@@ -61,6 +62,7 @@ mod ss_storage {
delete_pass(key)?;
// create new item
collection.unlock()?;
collection.create_item(
key, // label
vec![("uid", &uid)], // properties
......@@ -87,6 +89,7 @@ mod ss_storage {
}
let p = passwd.unwrap();
p.unlock()?;
let attrs = p.get_attributes()?;
let secret = p.get_secret()?;
let token = String::from_utf8(secret).unwrap();
......@@ -109,6 +112,7 @@ mod ss_storage {
delete_pass(key)?;
// create new item
collection.unlock()?;
collection.create_item(
key, // label
vec![("username", &username), ("server", &server)], // properties
......@@ -135,6 +139,7 @@ mod ss_storage {
}
let p = passwd.unwrap();
p.unlock()?;
let attrs = p.get_attributes()?;
let secret = p.get_secret()?;
......@@ -177,6 +182,7 @@ mod ss_storage {
}
let p = passwd.unwrap();
p.unlock()?;
let attrs = p.get_attributes()?;
let secret = p.get_secret()?;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment