Commit Graph

45214 Commits

Author SHA1 Message Date
Michael Lotz
ae542b141d Add setting/removal of keyring unlock keys to the cli app. 2013-03-05 11:04:59 -05:00
Michael Lotz
4a0460a9bc Add generic unlock key setting and removal.
* Replace {Set|Remove}MasterKey() by generic {Set|Remove}UnlockKey()
  that works on a keyring.
* Implement {Set|Remove}MasterUnlockKey() on top of that.
* Rename the commands and constants accrodingly.
* Implement setting and removing keyring unlock keys.
2013-03-05 11:04:57 -05:00
Michael Lotz
a82011ff96 Introduce keyring unlock key concept.
* Rename fKeyMessage to fUnlockKey and the KeyMessage() getter to
  UnlockKey().
* Keep track of whether the keyring has an unlock key set.
* Store and restore that info separately.
* En- and decryption will depend on unlock key presence later.
* Add functions to set and remove an unlock key and query for it.
2013-03-05 11:04:56 -05:00
Michael Lotz
bec02d0c2f Store each keyring in a message under a common keyrings field.
* Each keyring is now stored in a proper message which allows it to
  contain additional meta data along side the flat data.
* Adding all keyring messages under a common field also allows to add
  meta data to the keystore, as the keyrings don't use up random field
  names anymore.
* Treat the master keyring as any other keyring and just add it to the
  list. This allows to write/read the keystore database without special
  casing the master keyring.
2013-03-05 11:04:54 -05:00
Michael Lotz
d4d6d12393 Don't require a key when creating a new keyring.
There will be key setting/removal functions so the step of adding the
keyring and setting a key on it can be done individually.
2013-03-05 11:04:53 -05:00
Michael Lotz
8775bd129d Remove old TODO as we don't support multiple instances for now.
As there aren't any more generic meta data containers inside BKey,
there's no real way to distinguish different instances with the same
identifiers. This may be added later, for example the same index system
as used in BMessage could apply.
2013-03-05 11:04:51 -05:00
Michael Lotz
112af58652 Focus the password field in the key request dialog. 2013-03-05 11:04:50 -05:00
Michael Lotz
a59169de6f Add the access string to the app access request dialog.
This way the user can see what operation the application tries to do.
2013-03-05 11:04:48 -05:00
Michael Lotz
cbdd5aff17 Restyle the app access request dialog to make it less horrible. 2013-03-05 11:04:47 -05:00
Michael Lotz
ee83472042 Accumulate the app access flags instead of replacing them.
Before, each permanently granted access flag would overwrite the
previously granted flag, causing the dialog to come up whenever the
operation was changed.
2013-03-05 11:04:45 -05:00
Michael Lotz
a2f279870c Add strings that explain an access operation.
May be used in the app access request dialog later on to show what
privilege is actually requested.
2013-03-05 11:04:44 -05:00
Michael Lotz
0e4f2804b5 Remove the leftover checkbox in the key request dialog. 2013-03-05 11:04:42 -05:00
Michael Lotz
7306e9e4d5 Add an explanatory message to the key request dialog. 2013-03-05 11:04:41 -05:00
Michael Lotz
f1f719c433 Make the keyring label and name StringViews. 2013-03-05 11:04:39 -05:00
Michael Lotz
7b437e50eb Reflect "access" -> "unlock" change in key request dialog. 2013-03-05 11:04:38 -05:00
Michael Lotz
82b425a59f Reword the label from "Always Allow" to "Allow Always". 2013-03-05 11:04:36 -05:00
Michael Lotz
03a84249b5 Add app enumeration and removal to the keystore cli tool. 2013-03-05 11:04:35 -05:00
Michael Lotz
f8ccc32326 Remove the API part of the concept of apps per key.
The application access concept is on the keyring level only for now.
Generally it probably would get pretty complicated and therefore harder
to use when application access needs to be granted on a per key basis.
2013-03-05 11:04:33 -05:00
Michael Lotz
a5a5f4ca70 Rename "default" to "master" keyring as that's what it is.
Also add a well defined name ("Master") for the master keyring so it is
easier to understand what this keyring does instead of displaying an
empty string.
2013-03-05 11:04:32 -05:00
Michael Lotz
c8ae843f3d Rename keyring "access/revoke" to "unlock/lock".
The unlock/lock concept just seems easier to grasp and is used in
various similar tools as well.
2013-03-05 11:04:30 -05:00
Michael Lotz
f17ddab827 Initialize the BKey to default values and set fCreationTime.
* Using Unset() initializes the BKey to default values.
* Also set fCreationTime to 0 for now. It is still unused but needs to
  have a stable value for the exact matches when comparing keys.
2013-03-05 11:04:29 -05:00
Michael Lotz
b31a707a95 Implement the application enumeration and removal commands. 2013-03-05 11:04:27 -05:00
Michael Lotz
67a4644454 Allow for all entries of an application to be removed. 2013-03-05 11:04:26 -05:00
Michael Lotz
0778e1477d Add application iteration method. 2013-03-05 11:04:24 -05:00
Michael Lotz
cfa8131526 Resolve/validate the calling application, request if needed.
The application is resolved and then looked up in the keyring. If the
keyring doesn't provide a matching entry, an application access request
is triggered. The mechanism doesn't yet do any actual checksums, but
has provisions for differentiating between new and changed/updated
applications.
2013-03-05 11:04:23 -05:00
Michael Lotz
f32874e611 Add an application access request dialog. 2013-03-05 11:04:21 -05:00
Michael Lotz
76df966ee6 Add a preliminary way to resolve the calling application.
This will have to be reworked though, as by using the roster only
BApplications can be resolved, as plain cli apps aren't registered with
the registrar.
2013-03-05 11:04:20 -05:00
Michael Lotz
aef629f200 Only clear the keystore database when prepartion worked. 2013-03-05 11:04:19 -05:00
Michael Lotz
d389650a7a Add application info handling into the Keyring class. 2013-03-05 11:04:17 -05:00
Michael Lotz
6ef5917d45 Only write and encrypt the flat buffer when modified. 2013-03-05 11:04:16 -05:00
Michael Lotz
1b3bb46aed Restructure how keyrings are stored/restored.
* Pass them through a flat buffer that can later be encrypted and
  decrypted in a central place.
* Remove the data argument from the constructor as keyrings are
  now reading their data on their own.
* Prepare for additional application info storage in the keyring.
2013-03-05 11:04:14 -05:00
Michael Lotz
97b3abf162 Add access flags to fine tune application access.
Not sure if these will actually be used, as they might just be a little
overkill and not easily usable.
2013-03-05 11:04:13 -05:00
Michael Lotz
a5a2a2754e Make the keystore cli app a BApplication.
We need the app to be registered so that the app info can be retrieved.
2013-03-05 11:04:11 -05:00
Michael Lotz
64ca113fe0 Add keyring specific versions of the *Application() methods. 2013-03-05 11:04:10 -05:00
Michael Lotz
51ab46a83c Remove the purpose argument from all GetKey() variants.
The type is relevant and required as it determines the type of the
handed in key. The purpose however isn't actually needed and rather
inconvenient to get by depending on the situation.
2013-03-05 11:04:08 -05:00
Michael Lotz
90013c82e8 Let the KeyRequestWindow return a flattened BPasswordKey.
Also provide the keyring string separately instead of abusing the
output key message.
2013-03-05 11:04:07 -05:00
Michael Lotz
f16fef70be Implement adding/removing keyrings from/to master. 2013-03-05 11:04:05 -05:00
Michael Lotz
1dd765c92c Store the key message from access/creation.
* Allow creating a Keyring with a key message.
* Store the key message when accessing.
* Add a few missing consts.
2013-03-05 11:04:04 -05:00
Michael Lotz
94f897deea Make Flatten/Unflatten public and remove IsRegistered().
The BKey doesn't know anything about the keyring concept, so the
registered info isn't really useful. May be re-added later with
keyring info as well.
2013-03-05 11:04:02 -05:00
Michael Lotz
6fb7a4569b Add commands for adding/removig keyrings from/to the master.
Also adds missing revoke usage string.
2013-03-05 11:04:01 -05:00
Michael Lotz
40516a14f9 Add the keystore_server and the keystore command to the image. 2013-03-05 11:03:59 -05:00
Michael Lotz
f17ed51165 Add access revokation to the keystore command line util. 2013-03-05 11:00:06 -05:00
Michael Lotz
ac9b28f058 Implement basic keyring access logic and key request dialog.
* The keyring needs to be made accessible before allowing any
  operation.
* Before executing commands the keyring is made accessible if
  possible (the command is aborted as needed).
* Accessing a keyring opens up a preliminary key request dialog.
* If the default keyring is accessible and a keyring key for the
  requested keyring is found, that key will be used to automatically
  make the requested keyring accessible.
2013-03-05 11:00:04 -05:00
Michael Lotz
5d4a0da455 Remove unneeded master access revoke command.
Revoking master access currently simply means to revoke access
to the default keyring.
2013-03-05 11:00:03 -05:00
Michael Lotz
f3f13a2fc9 Make the keystore_server a background app. 2013-03-05 11:00:01 -05:00
Michael Lotz
687164ffa9 Flesh out the keystore command line tool.
* Implement adding/removing passwords and keyrings.
* Implement enumerating passwords and keyrings.
* Implement preliminary accessibility status check for keyrings.
2013-03-05 11:00:00 -05:00
Michael Lotz
95eee1a363 Make the keystore_server keyring aware.
* Move the *Key() functions into a Keyring class.
* Retrieve and select the right keyring for various commands.
* Implement adding/removing/enumerating keyrings.
* Rework the keystore database read/write to work with keyrings.
* Sync BKeyStore::IsKeyringAccessible() with the changed message.
* Remove leftover template code from registrar.
2013-03-05 10:59:58 -05:00
Michael Lotz
d962e21058 Add B_KEY_PURPOSE_KEYRING for keyring keys. 2013-03-05 10:59:57 -05:00
Michael Lotz
0dfaf59dbb Implement basic storage and lookup functions.
* Add reading/writing a yet unprotected flat BMessage as the storage
  backend for the keys.
* Factor out the identifier based lookup logic into _FindKey() and use
  that from _AddKey() to detect duplicates.
* Add _FindKey() variant that does the lookup based on given type and
  purpose constraints.
2013-03-05 10:59:55 -05:00
Michael Lotz
37ac7cb2de Update the cookie from the reply message. 2013-03-05 10:59:53 -05:00