Git commit 02a9d8fb79f78e9f5c06942d2468520653ba198e by Valentin Rusu. Committed on 13/08/2015 at 10:43. Pushed by vrusu into branch 'master'. API adjustements M +1 -9 src/runtime/ksecrets_store/ksecrets_store.cpp M +25 -29 src/runtime/ksecrets_store/ksecrets_store.h M +2 -1 src/runtime/ksecrets_store/ksecrets_store_p.h http://commits.kde.org/ksecrets/02a9d8fb79f78e9f5c06942d2468520653ba198e diff --git a/src/runtime/ksecrets_store/ksecrets_store.cpp b/src/runtime/ks= ecrets_store/ksecrets_store.cpp index 8da20a4..c3bf0d1 100644 --- a/src/runtime/ksecrets_store/ksecrets_store.cpp +++ b/src/runtime/ksecrets_store/ksecrets_store.cpp @@ -150,7 +150,7 @@ int KSecretsStorePrivate::createFile(const std::string&= path) = FileHeadStruct emptyFileData; memcpy(emptyFileData.magic, fileMagic, fileMagicLen); - gcry_randomize(emptyFileData.salt, KSecretsStore::SALT_SIZE, GCRY_STRO= NG_RANDOM); + gcry_randomize(emptyFileData.salt, SALT_SIZE, GCRY_STRONG_RANDOM); gcry_randomize(emptyFileData.iv, IV_SIZE, GCRY_STRONG_RANDOM); = int res =3D 0; @@ -163,14 +163,6 @@ int KSecretsStorePrivate::createFile(const std::string= & path) = bool KSecretsStore::isGood() const noexcept { return d->status_ =3D=3D Sto= reStatus::Good; } = -const char* KSecretsStore::salt() const -{ - if (isGood()) - return d->salt(); - else - return nullptr; -} - const char* KSecretsStorePrivate::salt() const { return fileHead_.salt; } = KSecretsStore::SetupResult KSecretsStorePrivate::open(bool lockFile) diff --git a/src/runtime/ksecrets_store/ksecrets_store.h b/src/runtime/ksec= rets_store/ksecrets_store.h index 4d3e5b2..bf5296d 100644 --- a/src/runtime/ksecrets_store/ksecrets_store.h +++ b/src/runtime/ksecrets_store/ksecrets_store.h @@ -50,13 +50,15 @@ class KSecretsStorePrivate; * The Item class holds, sure enough, the secret value but also let applic= ations associate * the secret value with metadata, such as the label or other custom prope= rties. * - * Before using a collection, the application should open it. - * Upon opening, it's possible to indicate if readonly mode is possible. + * Before using a collection, the application should setup it. + * It's possible to indicate if readonly mode is possible. That would be t= he prefered way of + * accessing the store, as usually applications only need some previously = entered password. + * The setup operation fails if the readonly flag is given and if the secr= ets file is not found. * - * When opening without readonly flag, then the file is exclusively locked= . The lock is + * When setting-up without readonly flag, the file is created if not found= , then the file is exclusively locked. The lock is * released when the class is destroyed. You should keep the file locked a= s shortly as * possible, in order to avoid deadlocks between applications that also ne= ed to read the - * secrets. For more information @see open(). + * secrets. For more information @see setup(). * * The data are encrypted using libgcypt and the algorythm Twofish which i= s the fasted for this library. * @@ -154,7 +156,7 @@ public: * it. */ ItemPtr createItem(const char*, AttributesMap&&, ItemValue&&) noex= cept; - /* + /** * Convenience method for creating items without supplemental * attributes. * @@ -164,6 +166,8 @@ public: */ ItemPtr createItem(const char *label, ItemValue&&) noexcept; = + bool deleteItem(ItemPtr) noexcept; + protected: Collection(); friend class KSecretsStore; @@ -173,12 +177,13 @@ public: }; using CollectionPtr =3D std::shared_ptr; = - /* + /** * Default constructor. * * This constructor only initializes the store class. You should call - * the open() method right after the initialization and before any oth= er - * methods of this API. + * the setup() method right after the initialization and before any ot= her + * methods of this API. If the password was not set by the pam_ksecret= s module + * then you have to also call setCredentials() * * @see open() */ @@ -204,21 +209,22 @@ public: SystemError }; = + /** + * @brief Small structure returned by KSecretsStore API calls + * + * It introduces a bool() operator client applications could use to ch= eck the correct + * issue of the respective API call. + */ template - struct OpResult { + struct CallResult { StoreStatus status_; int errno_; operator bool() const { return status_ =3D=3D G; } }; = - using SetupResult =3D OpResult; - // struct SetupResult { - // StoreStatus status_; - // int errno_; - // operator bool() const { return status_ =3D=3D StoreStatus::Good= ; } - // }; + using SetupResult =3D CallResult; = - /* + /** * Before usage, the store must be setup, that is, it must know its fi= le path. * This call creates the file if it's not found and the readOnly flag = is set to false. * The file is not created when the readOnly flag is set to false in o= rder to prevent @@ -229,12 +235,8 @@ public: */ std::future setup(const char* path, bool readOnly =3Dtrue= ); = - using CredentialsResult =3D OpResult; - // struct CredentialsResult { - // StoreStatus status_; - // int errno_; - // operator bool() const { return status_ =3D=3D StoreStatus::Good= ; } - // }; + using CredentialsResult =3D CallResult; + /** * Set the system-wide credentials for the secrets store * @@ -246,18 +248,12 @@ public: = bool isGood() const noexcept; = - constexpr static auto SALT_SIZE =3D 56; - /** - * @return pointer to the salt structure inside the internal structure= of this object. The buffer has SALT_SIZE length. - */ - const char* salt() const; - using CollectionNames =3D std::vector; CollectionNames dirCollections() const noexcept; /* * @return CollectionPtr which can empty if the call did not succeed. * Please check that with operator bool(). - * If it fails, have you already called open()? + * If it fails, have you already called setup()? */ CollectionPtr createCollection(const char*) noexcept; /* diff --git a/src/runtime/ksecrets_store/ksecrets_store_p.h b/src/runtime/ks= ecrets_store/ksecrets_store_p.h index 270763d..8a8fa1a 100644 --- a/src/runtime/ksecrets_store/ksecrets_store_p.h +++ b/src/runtime/ksecrets_store/ksecrets_store_p.h @@ -65,9 +65,10 @@ public: const char* salt() const; = constexpr static auto IV_SIZE =3D 32; + constexpr static auto SALT_SIZE =3D 56; struct FileHeadStruct { char magic[9]; - char salt[KSecretsStore::SALT_SIZE]; + char salt[SALT_SIZE]; char iv[IV_SIZE]; }; =