Commit Graph

45205 Commits

Author SHA1 Message Date
Michael Lotz
ee83472042 Accumulate the app access flags instead of replacing them.
Before, each permanently granted access flag would overwrite the
previously granted flag, causing the dialog to come up whenever the
operation was changed.
2013-03-05 11:04:45 -05:00
Michael Lotz
a2f279870c Add strings that explain an access operation.
May be used in the app access request dialog later on to show what
privilege is actually requested.
2013-03-05 11:04:44 -05:00
Michael Lotz
0e4f2804b5 Remove the leftover checkbox in the key request dialog. 2013-03-05 11:04:42 -05:00
Michael Lotz
7306e9e4d5 Add an explanatory message to the key request dialog. 2013-03-05 11:04:41 -05:00
Michael Lotz
f1f719c433 Make the keyring label and name StringViews. 2013-03-05 11:04:39 -05:00
Michael Lotz
7b437e50eb Reflect "access" -> "unlock" change in key request dialog. 2013-03-05 11:04:38 -05:00
Michael Lotz
82b425a59f Reword the label from "Always Allow" to "Allow Always". 2013-03-05 11:04:36 -05:00
Michael Lotz
03a84249b5 Add app enumeration and removal to the keystore cli tool. 2013-03-05 11:04:35 -05:00
Michael Lotz
f8ccc32326 Remove the API part of the concept of apps per key.
The application access concept is on the keyring level only for now.
Generally it probably would get pretty complicated and therefore harder
to use when application access needs to be granted on a per key basis.
2013-03-05 11:04:33 -05:00
Michael Lotz
a5a5f4ca70 Rename "default" to "master" keyring as that's what it is.
Also add a well defined name ("Master") for the master keyring so it is
easier to understand what this keyring does instead of displaying an
empty string.
2013-03-05 11:04:32 -05:00
Michael Lotz
c8ae843f3d Rename keyring "access/revoke" to "unlock/lock".
The unlock/lock concept just seems easier to grasp and is used in
various similar tools as well.
2013-03-05 11:04:30 -05:00
Michael Lotz
f17ddab827 Initialize the BKey to default values and set fCreationTime.
* Using Unset() initializes the BKey to default values.
* Also set fCreationTime to 0 for now. It is still unused but needs to
  have a stable value for the exact matches when comparing keys.
2013-03-05 11:04:29 -05:00
Michael Lotz
b31a707a95 Implement the application enumeration and removal commands. 2013-03-05 11:04:27 -05:00
Michael Lotz
67a4644454 Allow for all entries of an application to be removed. 2013-03-05 11:04:26 -05:00
Michael Lotz
0778e1477d Add application iteration method. 2013-03-05 11:04:24 -05:00
Michael Lotz
cfa8131526 Resolve/validate the calling application, request if needed.
The application is resolved and then looked up in the keyring. If the
keyring doesn't provide a matching entry, an application access request
is triggered. The mechanism doesn't yet do any actual checksums, but
has provisions for differentiating between new and changed/updated
applications.
2013-03-05 11:04:23 -05:00
Michael Lotz
f32874e611 Add an application access request dialog. 2013-03-05 11:04:21 -05:00
Michael Lotz
76df966ee6 Add a preliminary way to resolve the calling application.
This will have to be reworked though, as by using the roster only
BApplications can be resolved, as plain cli apps aren't registered with
the registrar.
2013-03-05 11:04:20 -05:00
Michael Lotz
aef629f200 Only clear the keystore database when prepartion worked. 2013-03-05 11:04:19 -05:00
Michael Lotz
d389650a7a Add application info handling into the Keyring class. 2013-03-05 11:04:17 -05:00
Michael Lotz
6ef5917d45 Only write and encrypt the flat buffer when modified. 2013-03-05 11:04:16 -05:00
Michael Lotz
1b3bb46aed Restructure how keyrings are stored/restored.
* Pass them through a flat buffer that can later be encrypted and
  decrypted in a central place.
* Remove the data argument from the constructor as keyrings are
  now reading their data on their own.
* Prepare for additional application info storage in the keyring.
2013-03-05 11:04:14 -05:00
Michael Lotz
97b3abf162 Add access flags to fine tune application access.
Not sure if these will actually be used, as they might just be a little
overkill and not easily usable.
2013-03-05 11:04:13 -05:00
Michael Lotz
a5a2a2754e Make the keystore cli app a BApplication.
We need the app to be registered so that the app info can be retrieved.
2013-03-05 11:04:11 -05:00
Michael Lotz
64ca113fe0 Add keyring specific versions of the *Application() methods. 2013-03-05 11:04:10 -05:00
Michael Lotz
51ab46a83c Remove the purpose argument from all GetKey() variants.
The type is relevant and required as it determines the type of the
handed in key. The purpose however isn't actually needed and rather
inconvenient to get by depending on the situation.
2013-03-05 11:04:08 -05:00
Michael Lotz
90013c82e8 Let the KeyRequestWindow return a flattened BPasswordKey.
Also provide the keyring string separately instead of abusing the
output key message.
2013-03-05 11:04:07 -05:00
Michael Lotz
f16fef70be Implement adding/removing keyrings from/to master. 2013-03-05 11:04:05 -05:00
Michael Lotz
1dd765c92c Store the key message from access/creation.
* Allow creating a Keyring with a key message.
* Store the key message when accessing.
* Add a few missing consts.
2013-03-05 11:04:04 -05:00
Michael Lotz
94f897deea Make Flatten/Unflatten public and remove IsRegistered().
The BKey doesn't know anything about the keyring concept, so the
registered info isn't really useful. May be re-added later with
keyring info as well.
2013-03-05 11:04:02 -05:00
Michael Lotz
6fb7a4569b Add commands for adding/removig keyrings from/to the master.
Also adds missing revoke usage string.
2013-03-05 11:04:01 -05:00
Michael Lotz
40516a14f9 Add the keystore_server and the keystore command to the image. 2013-03-05 11:03:59 -05:00
Michael Lotz
f17ed51165 Add access revokation to the keystore command line util. 2013-03-05 11:00:06 -05:00
Michael Lotz
ac9b28f058 Implement basic keyring access logic and key request dialog.
* The keyring needs to be made accessible before allowing any
  operation.
* Before executing commands the keyring is made accessible if
  possible (the command is aborted as needed).
* Accessing a keyring opens up a preliminary key request dialog.
* If the default keyring is accessible and a keyring key for the
  requested keyring is found, that key will be used to automatically
  make the requested keyring accessible.
2013-03-05 11:00:04 -05:00
Michael Lotz
5d4a0da455 Remove unneeded master access revoke command.
Revoking master access currently simply means to revoke access
to the default keyring.
2013-03-05 11:00:03 -05:00
Michael Lotz
f3f13a2fc9 Make the keystore_server a background app. 2013-03-05 11:00:01 -05:00
Michael Lotz
687164ffa9 Flesh out the keystore command line tool.
* Implement adding/removing passwords and keyrings.
* Implement enumerating passwords and keyrings.
* Implement preliminary accessibility status check for keyrings.
2013-03-05 11:00:00 -05:00
Michael Lotz
95eee1a363 Make the keystore_server keyring aware.
* Move the *Key() functions into a Keyring class.
* Retrieve and select the right keyring for various commands.
* Implement adding/removing/enumerating keyrings.
* Rework the keystore database read/write to work with keyrings.
* Sync BKeyStore::IsKeyringAccessible() with the changed message.
* Remove leftover template code from registrar.
2013-03-05 10:59:58 -05:00
Michael Lotz
d962e21058 Add B_KEY_PURPOSE_KEYRING for keyring keys. 2013-03-05 10:59:57 -05:00
Michael Lotz
0dfaf59dbb Implement basic storage and lookup functions.
* Add reading/writing a yet unprotected flat BMessage as the storage
  backend for the keys.
* Factor out the identifier based lookup logic into _FindKey() and use
  that from _AddKey() to detect duplicates.
* Add _FindKey() variant that does the lookup based on given type and
  purpose constraints.
2013-03-05 10:59:55 -05:00
Michael Lotz
37ac7cb2de Update the cookie from the reply message. 2013-03-05 10:59:53 -05:00
Michael Lotz
05480477ff Add a simple command line tool to interact with the keystore.
The app is yet almost empty but will gradually grow to include
enumeration and possibly modification functions for the keystore.
2013-03-05 10:59:52 -05:00
Michael Lotz
c494c06109 Add B*Key::PrintToStream() method for debugging convenience. 2013-03-05 10:59:51 -05:00
Michael Lotz
8d9bc9e0ee Add a skeleton keystore_server.
It will handle the BKeyStore messages but is yet relatively empty. It
only returns an error to two messages right now.
2013-03-05 10:59:49 -05:00
Michael Lotz
005a15bbcd Move keystore message constants and use a messenger.
* The keystore backend will (at least for the time being) reside in a
  separate server. This one can be reached via normal messaging, so use
  a BMessenger for sending key messages.
* Move the message constants from RegistrarDefs.h into a new
  KeyStoreDefs.h that also contains the server signature.
* Update the message constants to reflect the new situation.
2013-03-05 10:59:47 -05:00
Michael Lotz
1c3996496b Implement all KeyStore methods except for password generation.
* Add all relevant message constants.
* Implement the messaging to send/retrieve key info.
* Implement _Flatten/_Unflatten for sending flat BKey objects.
* Remove application list from BKey, the key can't only differ by
  allowed applications as the identifiers would still collide, so the
  comparison isn't needed to uniquely identify the key. The applications
  can be enumerated via the BKeyStore instead.
2013-03-05 10:59:46 -05:00
Michael Lotz
b73982892d Rename [Un]Register* functions to Add/Remove*. 2013-03-05 10:59:44 -05:00
Michael Lotz
dc1acef865 Flesh out the API and implement stubs.
* Modified the API greatly to be based on BKey* instead of BPassword*.
* Added BKeyPurpose and used it instead of BKeyType. It is supposed to
  indicate the purpose of a key so that an app can look up keys on a
  more granular level. The BKeyType on the other hand actually
  identifies the type (i.e. subclass of BKey) so an app knows how to
  handle a given key or may only enumerate/use keys it is compatible
  with.
* Made everything based on a raw data buffer for now, only BPasswordKey
  is implemented yet which stores the (0 terminated) string into that
  data buffer.
* Removed the additional data BMessage as I don't yet see where it fits
  in. While I could imagine adding meta data to a key may be nice it
  might be an interoperability concern when keys are shared by
  different apps.
* Moved the app functions to the keystore as per the TODO, but not sure
  how to actually implement them.
2013-03-05 10:59:43 -05:00
Michael Lotz
3b3884d9ee KeyStore and Key interface/stubs draft per Axel Dörfler.
A draft API and (mostly) stubs to back it up. Initial import of yet
unmodified sources.
2013-03-05 10:59:41 -05:00
Ryan Leavengood
fa392c2a24 Remove unused ShowImage Undo code. 2013-03-05 08:59:54 -05:00