Bug 537833 - Default Linux Secure settings can cause error

- Linux password provider mechanism does not currently work on certain Linux setups - add new canUnlock() jni method to the o.e.e.security.linux.x86_64 native c code - add new IValidatingPasswordProvider interface so a validation step can be requested by a password provider - have LinuxPasswordProvider implement IValidatingPasswordProvider and add new isValid() method which calls canUnlock() and returns true or false accordingly - change org.eclipse.equinox.security MANIFEST.MF to allow Linux password provider to use IValidatingPasswordProvider interface - in PasswordProviderSelector.findAvailableModules() validate any provider that implements IValidatingPasswordProvider - replace libkeystorelinuxnative.so Change-Id: I9812390b863f5dcb0df452a371e40945c0de2bf8 Signed-off-by: Jeff Johnston <jjohnstn@redhat.com>
author: Jeff Johnston 2018-09-14 18:15:41 +0000
committer: Alexander Kurtakov 2018-11-06 09:57:57 +0000
commit: a3b437260d647922e5c6a599487b1ada357d4c29 (patch)
tree: c34fb57f33aa9595057ddfb31875adb912e723e0
parent: 4ec8b7059a110ee43f668ce88ae172451fea16f1 (diff)
download: rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.tar.gz
rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.tar.xz
rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.zip
9 files changed, 74 insertions, 4 deletions
diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF
index f8d37757d..5ae9f66d8 100644
--- a/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.equinox.security.linux.x86_64/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@ Manifest-Version: 1.0
 Bundle-ManifestVersion: 2
 Bundle-Name: %fragmentName
 Bundle-SymbolicName: org.eclipse.equinox.security.linux.x86_64;singleton:=true
-Bundle-Version: 1.1.100.qualifier
+Bundle-Version: 1.1.200.qualifier
 Bundle-Vendor: %providerName
 Fragment-Host: org.eclipse.equinox.security;bundle-version="[1.0.0,2.0.0)"
 Bundle-RequiredExecutionEnvironment: JavaSE-1.8
diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c
index bffd336ec..eac55fe04 100644
--- a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c
+++ b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.c
@@ -90,6 +90,15 @@ static void unlock_secret_service(JNIEnv *env)
 	return;
 }
 
+JNIEXPORT jboolean JNICALL Java_org_eclipse_equinox_internal_security_linux_LinuxPasswordProvider_canUnlock(JNIEnv *env, jobject this) {  
+
+  unlock_secret_service(env);
+  if ((*env)->ExceptionOccurred(env)) {
+    return JNI_FALSE;
+  }
+  return JNI_TRUE;
+}
+
 JNIEXPORT jstring JNICALL Java_org_eclipse_equinox_internal_security_linux_LinuxPasswordProvider_getMasterPassword(JNIEnv *env, jobject this) {
   GError *error = NULL;
   jstring result;
diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h
index 73a7c1b3c..4d725c483 100644
--- a/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h
+++ b/bundles/org.eclipse.equinox.security.linux.x86_64/keystorelinuxnative/keystoreLinuxNative.h
@@ -31,6 +31,14 @@ JNIEXPORT jstring JNICALL Java_org_eclipse_equinox_internal_security_linux_Linux
 
 /*
  * Class:     LinuxPasswordProvider
+ * Method:    canUnlock
+ * Signature: ()Ljava/lang/boolean;
+ */
+JNIEXPORT jboolean JNICALL Java_org_eclipse_equinox_internal_security_linux_LinuxPasswordProvider_canUnlock
+  (JNIEnv *, jobject);
+
+/*
+ * Class:     LinuxPasswordProvider
  * Method:    saveMasterPassword
  * Signature: (Ljava/lang/String;)V
  */
diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so b/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so
index 7b96879d7..3b4fb490b 100755
--- a/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so
+++ b/bundles/org.eclipse.equinox.security.linux.x86_64/libkeystorelinuxnative.so
diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml b/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml
index a60f96789..8de7163a4 100644
--- a/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml
+++ b/bundles/org.eclipse.equinox.security.linux.x86_64/pom.xml
@@ -19,7 +19,7 @@
   </parent>
   <groupId>org.eclipse.equinox</groupId>
   <artifactId>org.eclipse.equinox.security.linux.x86_64</artifactId>
-  <version>1.1.100-SNAPSHOT</version>
+  <version>1.1.200-SNAPSHOT</version>
   <packaging>eclipse-plugin</packaging>
 
   <build>
diff --git a/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java b/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java
index 0b4d8b22f..ab79aac8c 100644
--- a/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java
+++ b/bundles/org.eclipse.equinox.security.linux.x86_64/src/org/eclipse/equinox/internal/security/linux/LinuxPasswordProvider.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2017 IBM Corporation and others.
+ * Copyright (c) 2017, 2018 IBM Corporation and others.
  *
  * This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
@@ -10,18 +10,22 @@
  * 
  * Contributors:
  *     Julien HENRY - Linux implementation
+ *     Red Hat Inc. - add validation method to handle KDE failures
  *******************************************************************************/
 package org.eclipse.equinox.internal.security.linux;
 
 import java.security.SecureRandom;
+
 import javax.crypto.spec.PBEKeySpec;
+
 import org.eclipse.equinox.internal.security.auth.AuthPlugin;
 import org.eclipse.equinox.internal.security.linux.nls.LinuxPasswordProviderMessages;
 import org.eclipse.equinox.internal.security.storage.Base64;
+import org.eclipse.equinox.internal.security.storage.provider.IValidatingPasswordProvider;
 import org.eclipse.equinox.security.storage.provider.IPreferencesContainer;
 import org.eclipse.equinox.security.storage.provider.PasswordProvider;
 
-public class LinuxPasswordProvider extends PasswordProvider {
+public class LinuxPasswordProvider extends PasswordProvider implements IValidatingPasswordProvider {
 
   /**
    * The length of the randomly generated password in bytes
@@ -31,6 +35,8 @@ public class LinuxPasswordProvider extends PasswordProvider {
   private native String getMasterPassword() throws SecurityException;
 
   private native void saveMasterPassword(String password) throws SecurityException;
+  
+  private native boolean canUnlock() throws SecurityException;
 
   static {
     System.loadLibrary("keystorelinuxnative"); //$NON-NLS-1$
@@ -69,4 +75,14 @@ public class LinuxPasswordProvider extends PasswordProvider {
     }
   }
 
+
+  @Override
+  public boolean isValid() {
+    try {
+	  return canUnlock();
+	} catch (SecurityException e) {
+      return false; 
+	}
+  }
+
 }
diff --git a/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF
index d43f4ec28..e44a38df6 100644
--- a/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.equinox.security/META-INF/MANIFEST.MF
@@ -13,6 +13,7 @@ Export-Package: org.eclipse.equinox.internal.security.auth;x-internal:=true,
  org.eclipse.equinox.internal.security.credentials;x-internal:=true,
  org.eclipse.equinox.internal.security.storage;x-internal:=true,
  org.eclipse.equinox.internal.security.storage.friends;version="1.0.0";x-friends:="org.eclipse.equinox.security.ui",
+ org.eclipse.equinox.internal.security.storage.provider;x-friends:="org.eclipse.equinox.security.linux.x86_64",
  org.eclipse.equinox.security.auth;version="1.0.0",
  org.eclipse.equinox.security.auth.credentials;version="1.0.0",
  org.eclipse.equinox.security.auth.module;version="1.0.0",
diff --git a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java
index 6763b179f..a76676d81 100644
--- a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java
+++ b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java
@@ -19,6 +19,7 @@ import org.eclipse.core.runtime.preferences.*;
 import org.eclipse.equinox.internal.security.auth.AuthPlugin;
 import org.eclipse.equinox.internal.security.auth.nls.SecAuthMessages;
 import org.eclipse.equinox.internal.security.storage.friends.IStorageConstants;
+import org.eclipse.equinox.internal.security.storage.provider.IValidatingPasswordProvider;
 import org.eclipse.equinox.security.storage.StorageException;
 import org.eclipse.equinox.security.storage.provider.PasswordProvider;
 import org.eclipse.osgi.util.NLS;
@@ -132,6 +133,17 @@ public class PasswordProviderSelector implements IRegistryEventListener {
 				}
 			}
 
+			Object clazz;
+			try {
+				clazz = element.createExecutableExtension(CLASS_NAME);
+				// Bug 537833 - on some systems, the password provider does not work (e.g. Linux with KDE desktop) so these
+				// providers will request validation
+				if (clazz instanceof IValidatingPasswordProvider && !((IValidatingPasswordProvider) clazz).isValid())
+					continue;
+			} catch (CoreException e) {
+				continue;
+			}
+
 			allAvailableModules.add(new ExtStorageModule(moduleID, element, priority, name, description, suppliedHints));
 		}
 
diff --git a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/provider/IValidatingPasswordProvider.java b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/provider/IValidatingPasswordProvider.java
new file mode 100644
index 000000000..675559684
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/provider/IValidatingPasswordProvider.java
@@ -0,0 +1,24 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc. and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ * 
+ * Contributors:
+ *     Red Hat Inc. - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.equinox.internal.security.storage.provider;
+
+public interface IValidatingPasswordProvider {
+
+	/**
+	 * Return if password provider is valid for current system
+	 * @return true if valid, false otherwise
+	 */
+	public boolean isValid();
+
+}
author	Jeff Johnston	2018-09-14 18:15:41 +0000
committer	Alexander Kurtakov	2018-11-06 09:57:57 +0000
commit	a3b437260d647922e5c6a599487b1ada357d4c29 (patch)
tree	c34fb57f33aa9595057ddfb31875adb912e723e0
parent	4ec8b7059a110ee43f668ce88ae172451fea16f1 (diff)
download	rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.tar.gz rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.tar.xz rt.equinox.bundles-a3b437260d647922e5c6a599487b1ada357d4c29.zip