static GckObject*
lookup_login_keyring (GckSession *session)
{
GckAttributes *atts;
GError *error = NULL;
GckObject *login = NULL;
GList *objects;
guint length;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION);
gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE);
gck_attributes_add_string (atts, CKA_ID, "login");
objects = gck_session_find_objects (session, atts, NULL, &error);
gck_attributes_unref (atts);
if (error) {
g_warning ("couldn't search for login keyring: %s", egg_error_message (error));
g_clear_error (&error);
return NULL;
}
length = g_list_length (objects);
if (length == 1)
login = g_object_ref (objects->data);
else if (length > 1)
g_warning ("more than one login keyring exists");
gck_list_unref_free (objects);
return login;
}
void
gkd_gpg_agent_uninitialize (void)
{
gboolean ret;
g_assert (pkcs11_main_mutex);
ret = g_mutex_trylock (pkcs11_main_mutex);
g_assert (ret);
g_assert (GCK_IS_SESSION (pkcs11_main_session));
g_assert (!pkcs11_main_checked);
g_object_unref (pkcs11_main_session);
pkcs11_main_session = NULL;
g_mutex_unlock (pkcs11_main_mutex);
g_mutex_free (pkcs11_main_mutex);
g_cond_free (pkcs11_main_cond);
g_assert (pkcs11_module);
g_object_unref (pkcs11_module);
pkcs11_module = NULL;
g_assert (cache_settings);
g_object_unref (cache_settings);
cache_settings = NULL;
}
static GckObject*
create_credential (GckSession *session, GckObject *object,
const gchar *secret, GError **error)
{
GckAttributes *attrs;
GckObject *cred;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
g_return_val_if_fail (!object || GCK_IS_OBJECT (object), NULL);
if (!secret)
secret = "";
attrs = gck_attributes_new ();
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL);
gck_attributes_add_string (attrs, CKA_VALUE, secret);
gck_attributes_add_boolean (attrs, CKA_MATE_TRANSIENT, TRUE);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
if (object)
gck_attributes_add_ulong (attrs, CKA_G_OBJECT,
gck_object_get_handle (object));
cred = gck_session_create_object (session, attrs, NULL, error);
gck_attributes_unref (attrs);
return cred;
}
static GcrPrompt *
open_password_prompt (GckSession *session,
const gchar *keyid,
const gchar *errmsg,
const gchar *prompt_text,
const gchar *description,
gboolean confirm)
{
GcrPrompt *prompt;
GError *error = NULL;
gboolean auto_unlock;
const gchar *choice;
g_assert (GCK_IS_SESSION (session));
prompt = GCR_PROMPT (gcr_system_prompt_open (-1, NULL, &error));
if (prompt == NULL) {
g_warning ("couldn't create prompt for gnupg passphrase: %s", egg_error_message (error));
g_error_free (error);
return NULL;
}
gcr_prompt_set_title (prompt, _("Enter Passphrase"));
gcr_prompt_set_message (prompt, prompt_text ? prompt_text : _("Enter Passphrase"));
gcr_prompt_set_description (prompt, description);
gcr_prompt_set_password_new (prompt, confirm);
gcr_prompt_set_continue_label (prompt, _("Unlock"));
if (errmsg)
gcr_prompt_set_warning (prompt, errmsg);
if (keyid == NULL) {
gcr_prompt_set_choice_label (prompt, NULL);
} else {
auto_unlock = gkd_login_available (session);
choice = NULL;
if (auto_unlock)
choice = _("Automatically unlock this key, whenever I'm logged in");
gcr_prompt_set_choice_label (prompt, choice);
load_unlock_options (prompt);
}
return prompt;
}
void
gkd_gpg_agent_checkin_main_session (GckSession *session)
{
g_assert (GCK_IS_SESSION (session));
g_mutex_lock (pkcs11_main_mutex);
g_assert (session == pkcs11_main_session);
g_assert (pkcs11_main_checked);
g_object_unref (session);
pkcs11_main_checked = FALSE;
g_cond_signal (pkcs11_main_cond);
g_mutex_unlock (pkcs11_main_mutex);
}
GckSession*
gkd_gpg_agent_checkout_main_session (void)
{
GckSession *result;
g_mutex_lock (pkcs11_main_mutex);
g_assert (GCK_IS_SESSION (pkcs11_main_session));
while (pkcs11_main_checked)
g_cond_wait (pkcs11_main_cond, pkcs11_main_mutex);
pkcs11_main_checked = TRUE;
result = g_object_ref (pkcs11_main_session);
g_mutex_unlock (pkcs11_main_mutex);
return result;
}
void
gkd_ssh_agent_uninitialize (void)
{
gboolean ret;
g_assert (pkcs11_main_mutex);
ret = g_mutex_trylock (pkcs11_main_mutex);
g_assert (ret);
g_assert (GCK_IS_SESSION (pkcs11_main_session));
g_assert (!pkcs11_main_checked);
g_object_unref (pkcs11_main_session);
pkcs11_main_session = NULL;
g_mutex_unlock (pkcs11_main_mutex);
g_mutex_clear (pkcs11_main_mutex);
g_free (pkcs11_main_mutex);
g_cond_clear (pkcs11_main_cond);
g_free (pkcs11_main_cond);
gck_list_unref_free (pkcs11_modules);
pkcs11_modules = NULL;
}
static GckObject*
create_login_keyring (GckSession *session, GckObject *cred, GError **error)
{
GckObject *login;
GckAttributes *atts;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
g_return_val_if_fail (GCK_IS_OBJECT (cred), NULL);
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION);
gck_attributes_add_string (atts, CKA_ID, "login");
gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred));
gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE);
/* TRANSLATORS: This is the display label for the login keyring */
gck_attributes_add_string (atts, CKA_LABEL, _("Login"));
login = gck_session_create_object (session, atts, NULL, error);
gck_attributes_unref (atts);
return login;
}
static gchar*
do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg,
const gchar *prompt_text, const gchar *description, gboolean confirm)
{
GSettings *settings;
gchar *password = NULL;
GcrPrompt *prompt;
gboolean chosen;
GError *error = NULL;
gint lifetime;
gchar *method;
gchar *label;
gchar *text;
g_assert (GCK_IS_SESSION (session));
/* Do we have the keyid? */
password = gkd_login_lookup_password (session, "keyid", keyid,
"source", "gnome-keyring:gpg-agent", NULL);
if (password != NULL)
return password;
prompt = open_password_prompt (session, keyid, errmsg, prompt_text,
description, confirm);
if (prompt != NULL) {
password = egg_secure_strdup (gcr_prompt_password (prompt, NULL, &error));
if (password == NULL) {
if (error && !g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
g_warning ("couldn't prompt for password: %s", egg_error_message (error));
g_clear_error (&error);
}
}
if (password != NULL && keyid != NULL) {
settings = gkd_gpg_agent_settings ();
/* Load up the save options */
chosen = gcr_prompt_get_choice_chosen (prompt);
if (chosen) {
method = g_strdup (GCR_UNLOCK_OPTION_ALWAYS);
lifetime = -1;
} else {
method = g_settings_get_string (settings, "gpg-cache-method");
lifetime = g_settings_get_int (settings, "gpg-cache-ttl");
if (g_str_equal (method, GCR_UNLOCK_OPTION_ALWAYS)) {
g_free (method);
method = NULL;
}
}
/* Now actually save the password */
text = calculate_label_for_key (keyid, description);
label = g_strdup_printf (_("PGP Key: %s"), text);
gkd_login_store_password (session, password, label, method, lifetime,
"keyid", keyid, "source", "gnome-keyring:gpg-agent", NULL);
g_free (label);
g_free (method);
g_free (text);
}
g_clear_object (&prompt);
return password;
}
