diff options
author | Jeff Johnston | 2018-09-14 18:15:41 +0000 |
---|---|---|
committer | Alexander Kurtakov | 2018-11-06 09:57:57 +0000 |
commit | a3b437260d647922e5c6a599487b1ada357d4c29 (patch) | |
tree | c34fb57f33aa9595057ddfb31875adb912e723e0 | |
parent | 4ec8b7059a110ee43f668ce88ae172451fea16f1 (diff) | |
download | rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.tar.gz rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.tar.xz rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.zip |
Bug 537833 - Default Linux Secure settings can cause error
- Linux password provider mechanism does not currently work on certain
Linux setups
- add new canUnlock() jni method to the o.e.e.security.linux.x86_64
native c code
- add new IValidatingPasswordProvider interface so a validation
step can be requested by a password provider
- have LinuxPasswordProvider implement IValidatingPasswordProvider
and add new isValid() method which calls canUnlock() and
returns true or false accordingly
- change org.eclipse.equinox.security MANIFEST.MF to allow
Linux password provider to use IValidatingPasswordProvider interface
- in PasswordProviderSelector.findAvailableModules() validate any
provider that implements IValidatingPasswordProvider
- replace libkeystorelinuxnative.so
Change-Id: I9812390b863f5dcb0df452a371e40945c0de2bf8
Signed-off-by: Jeff Johnston <jjohnstn@redhat.com>
9 files changed, 74 insertions, 4 deletions
diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF index f8d37757d..5ae9f66d8 100644 --- a/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF +++ b/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF @@ -2,7 +2,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: %fragmentName Bundle-SymbolicName: org.eclipse.equinox.security.linux.x86_64;singleton:=true -Bundle-Version: 1.1.100.qualifier +Bundle-Version: 1.1.200.qualifier Bundle-Vendor: %providerName Fragment-Host: org.eclipse.equinox.security;bundle-version="[1.0.0,2.0.0)" Bundle-RequiredExecutionEnvironment: JavaSE-1.8 diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c index bffd336ec..eac55fe04 100644 --- a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c +++ b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c @@ -90,6 +90,15 @@ static void unlock_secret_service(JNIEnv *env) return; } +JNIEXPORT jboolean JNICALL Java_org_eclipse_equinox_internal_security_linux_LinuxPasswordProvider_canUnlock(JNIEnv *env, jobject this) { + + unlock_secret_service(env); + if ((*env)->ExceptionOccurred(env)) { + return JNI_FALSE; + } + return JNI_TRUE; +} + JNIEXPORT jstring JNICALL Java_org_eclipse_equinox_internal_security_linux_LinuxPasswordProvider_getMasterPassword(JNIEnv *env, jobject this) { GError *error = NULL; jstring result; diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h index 73a7c1b3c..4d725c483 100644 --- a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h +++ b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h @@ -31,6 +31,14 @@ JNIEXPORT jstring JNICALL Java_org_eclipse_equinox_internal_security_linux_Linux /* * Class: LinuxPasswordProvider + * Method: canUnlock + * Signature: ()Ljava/lang/boolean; + */ +JNIEXPORT jboolean JNICALL Java_org_eclipse_equinox_internal_security_linux_LinuxPasswordProvider_canUnlock + (JNIEnv *, jobject); + +/* + * Class: LinuxPasswordProvider * Method: saveMasterPassword * Signature: (Ljava/lang/String;)V */ diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so b/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so Binary files differindex 7b96879d7..3b4fb490b 100755 --- a/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so +++ b/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml b/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml index a60f96789..8de7163a4 100644 --- a/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml +++ b/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml @@ -19,7 +19,7 @@ </parent> <groupId>org.eclipse.equinox</groupId> <artifactId>org.eclipse.equinox.security.linux.x86_64</artifactId> - <version>1.1.100-SNAPSHOT</version> + <version>1.1.200-SNAPSHOT</version> <packaging>eclipse-plugin</packaging> <build> diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java b/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java index 0b4d8b22f..ab79aac8c 100644 --- a/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java +++ b/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2017 IBM Corporation and others. + * Copyright (c) 2017, 2018 IBM Corporation and others. * * This program and the accompanying materials * are made available under the terms of the Eclipse Public License 2.0 @@ -10,18 +10,22 @@ * * Contributors: * Julien HENRY - Linux implementation + * Red Hat Inc. - add validation method to handle KDE failures *******************************************************************************/ package org.eclipse.equinox.internal.security.linux; import java.security.SecureRandom; + import javax.crypto.spec.PBEKeySpec; + import org.eclipse.equinox.internal.security.auth.AuthPlugin; import org.eclipse.equinox.internal.security.linux.nls.LinuxPasswordProviderMessages; import org.eclipse.equinox.internal.security.storage.Base64; +import org.eclipse.equinox.internal.security.storage.provider.IValidatingPasswordProvider; import org.eclipse.equinox.security.storage.provider.IPreferencesContainer; import org.eclipse.equinox.security.storage.provider.PasswordProvider; -public class LinuxPasswordProvider extends PasswordProvider { +public class LinuxPasswordProvider extends PasswordProvider implements IValidatingPasswordProvider { /** * The length of the randomly generated password in bytes @@ -31,6 +35,8 @@ public class LinuxPasswordProvider extends PasswordProvider { private native String getMasterPassword() throws SecurityException; private native void saveMasterPassword(String password) throws SecurityException; + + private native boolean canUnlock() throws SecurityException; static { System.loadLibrary("keystorelinuxnative"); //$NON-NLS-1$ @@ -69,4 +75,14 @@ public class LinuxPasswordProvider extends PasswordProvider { } } + + @Override + public boolean isValid() { + try { + return canUnlock(); + } catch (SecurityException e) { + return false; + } + } + } diff --git a/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF index d43f4ec28..e44a38df6 100644 --- a/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF +++ b/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF @@ -13,6 +13,7 @@ Export-Package: org.eclipse.equinox.internal.security.auth;x-internal:=true, org.eclipse.equinox.internal.security.credentials;x-internal:=true, org.eclipse.equinox.internal.security.storage;x-internal:=true, org.eclipse.equinox.internal.security.storage.friends;version="1.0.0";x-friends:="org.eclipse.equinox.security.ui", + org.eclipse.equinox.internal.security.storage.provider;x-friends:="org.eclipse.equinox.security.linux.x86_64", org.eclipse.equinox.security.auth;version="1.0.0", org.eclipse.equinox.security.auth.credentials;version="1.0.0", org.eclipse.equinox.security.auth.module;version="1.0.0", diff --git a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java index 6763b179f..a76676d81 100644 --- a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java +++ b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java @@ -19,6 +19,7 @@ import org.eclipse.core.runtime.preferences.*; import org.eclipse.equinox.internal.security.auth.AuthPlugin; import org.eclipse.equinox.internal.security.auth.nls.SecAuthMessages; import org.eclipse.equinox.internal.security.storage.friends.IStorageConstants; +import org.eclipse.equinox.internal.security.storage.provider.IValidatingPasswordProvider; import org.eclipse.equinox.security.storage.StorageException; import org.eclipse.equinox.security.storage.provider.PasswordProvider; import org.eclipse.osgi.util.NLS; @@ -132,6 +133,17 @@ public class PasswordProviderSelector implements IRegistryEventListener { } } + Object clazz; + try { + clazz = element.createExecutableExtension(CLASS_NAME); + // Bug 537833 - on some systems, the password provider does not work (e.g. Linux with KDE desktop) so these + // providers will request validation + if (clazz instanceof IValidatingPasswordProvider && !((IValidatingPasswordProvider) clazz).isValid()) + continue; + } catch (CoreException e) { + continue; + } + allAvailableModules.add(new ExtStorageModule(moduleID, element, priority, name, description, suppliedHints)); } diff --git a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/provider/IValidatingPasswordProvider.java b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/provider/IValidatingPasswordProvider.java new file mode 100644 index 000000000..675559684 --- /dev/null +++ b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/provider/IValidatingPasswordProvider.java @@ -0,0 +1,24 @@ +/******************************************************************************* + * Copyright (c) 2018 Red Hat Inc. and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Red Hat Inc. - initial API and implementation + *******************************************************************************/ +package org.eclipse.equinox.internal.security.storage.provider; + +public interface IValidatingPasswordProvider { + + /** + * Return if password provider is valid for current system + * @return true if valid, false otherwise + */ + public boolean isValid(); + +} |