gboolean
gkd_pkcs11_startup_ssh (void)
{
GIOChannel *channel;
const gchar *base_dir;
int sock;
base_dir = gkd_util_get_master_directory ();
g_return_val_if_fail (base_dir, FALSE);
sock = gkd_ssh_agent_startup (base_dir);
if (sock == -1)
return FALSE;
channel = g_io_channel_unix_new (sock);
g_io_add_watch (channel, G_IO_IN | G_IO_HUP, accept_ssh_client, NULL);
g_io_channel_unref (channel);
/* gkm-ssh-agent sets the environment variable */
gkd_util_push_environment ("SSH_AUTH_SOCK", g_getenv ("SSH_AUTH_SOCK"));
egg_cleanup_register (pkcs11_ssh_cleanup, NULL);
return TRUE;
}
gboolean
gkd_daemon_startup_ssh (void)
{
const gchar *base_dir;
GTlsInteraction *interaction;
GkdSshAgentPreload *preload;
GkdSshAgentService *service;
base_dir = gkd_util_get_master_directory ();
g_return_val_if_fail (base_dir, FALSE);
interaction = gkd_ssh_agent_interaction_new (NULL);
preload = gkd_ssh_agent_preload_new ("~/.ssh");
service = gkd_ssh_agent_service_new (base_dir, interaction, preload);
g_object_unref (interaction);
g_object_unref (preload);
if (!gkd_ssh_agent_service_start (service))
return FALSE;
/* ssh-agent sets the environment variable */
gkd_util_push_environment ("SSH_AUTH_SOCK", g_getenv ("SSH_AUTH_SOCK"));
egg_cleanup_register (pkcs11_ssh_cleanup, service);
return TRUE;
}
static void
parse_arguments (int *argc, char** argv[])
{
GError *err = NULL;
GOptionContext *context;
context = g_option_context_new ("- The Gnome Keyring Daemon");
g_option_context_add_main_entries (context, option_entries, GETTEXT_PACKAGE);
if (!g_option_context_parse (context, argc, argv, &err)) {
g_printerr ("gnome-keyring-daemon: %s\n", egg_error_message (err));
g_clear_error (&err);
}
if (!run_components || !run_components[0]) {
run_components = DEFAULT_COMPONENTS;
} else {
run_components = g_strdup (run_components);
egg_cleanup_register (g_free, run_components);
}
/* Check the arguments */
if (run_for_login && run_for_start) {
g_printerr ("gnome-keyring-daemon: The --start option is incompatible with --login\n");
run_for_login = FALSE;
}
if (run_for_login && run_for_replace) {
g_printerr ("gnome-keyring-daemon: The --replace option is incompatible with --login\n");
run_for_login = FALSE;
}
if (run_for_start && run_for_replace) {
g_printerr ("gnome-keyring-daemon: The --replace option is incompatible with --start\n");
run_for_start = FALSE;
}
if (run_for_start && perform_unlock) {
g_printerr ("gnome-keyring-daemon: The --start option is incompatible with --unlock");
perform_unlock = FALSE;
}
if (run_for_login)
perform_unlock = TRUE;
g_option_context_free (context);
}
static gboolean
connect_to_session_bus (void)
{
GError *error = NULL;
if (dbus_conn)
return TRUE;
dbus_conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, &error);
if (!dbus_conn) {
g_message ("couldn't connect to dbus session bus: %s", error->message);
g_error_free (error);
return FALSE;
}
g_signal_connect (dbus_conn, "closed",
G_CALLBACK (on_connection_close), NULL);
egg_cleanup_register (cleanup_session_bus, NULL);
return TRUE;
}
gboolean
gkd_dbus_setup (void)
{
gboolean unused;
if (!connect_to_session_bus ())
return FALSE;
/* Our singleton, and internal service API */
gkd_dbus_singleton_acquire (&unused);
/* Session stuff */
gkd_dbus_environment_init (dbus_conn);
gkd_dbus_session_init (dbus_conn);
/* Secrets API */
gkd_dbus_secrets_init (dbus_conn);
egg_cleanup_register (dbus_cleanup, NULL);
return TRUE;
}
gboolean
gkd_pkcs11_startup_pkcs11 (void)
{
GIOChannel *channel;
const gchar *base_dir;
int sock;
base_dir = gkd_util_get_master_directory ();
g_return_val_if_fail (base_dir, FALSE);
sock = gkm_rpc_layer_startup (base_dir);
if (sock == -1)
return FALSE;
channel = g_io_channel_unix_new (sock);
g_io_add_watch (channel, G_IO_IN | G_IO_HUP, accept_rpc_client, NULL);
g_io_channel_unref (channel);
egg_cleanup_register (pkcs11_rpc_cleanup, NULL);
return TRUE;
}
static gboolean
connect_to_session_bus (void)
{
DBusError derr = { 0 };
if (dbus_conn)
return TRUE;
dbus_error_init (&derr);
/* Get the dbus bus and hook up */
dbus_conn = dbus_bus_get (DBUS_BUS_SESSION, &derr);
if (!dbus_conn) {
g_message ("couldn't connect to dbus session bus: %s", derr.message);
dbus_error_free (&derr);
return FALSE;
}
egg_dbus_connect_with_mainloop (dbus_conn, NULL, on_connection_close);
dbus_connection_set_exit_on_disconnect (dbus_conn, FALSE);
egg_cleanup_register (cleanup_session_bus, NULL);
return TRUE;
}
void
gkd_dbus_secrets_init (DBusConnection *conn)
{
dbus_conn = dbus_connection_ref (conn);
egg_cleanup_register (cleanup_dbus_conn, NULL);
}
gboolean
gkd_dbus_singleton_acquire (gboolean *acquired)
{
DBusError derr = DBUS_ERROR_INIT;
dbus_uint32_t res = 0;
const gchar *service = NULL;
unsigned int flags = 0;
g_assert (acquired);
if (!connect_to_session_bus ())
return FALSE;
/* First register the object */
if (!object_registered) {
if (dbus_connection_register_object_path (dbus_conn, GNOME_KEYRING_DAEMON_PATH,
&object_vtable, NULL)) {
object_registered = TRUE;
egg_cleanup_register (cleanup_singleton, NULL);
} else {
g_message ("couldn't register dbus object path");
}
}
/* Try and grab our name */
if (!acquired_asked) {
#ifdef WITH_DEBUG
service = g_getenv ("GNOME_KEYRING_TEST_SERVICE");
if (service && service[0])
flags = DBUS_NAME_FLAG_ALLOW_REPLACEMENT | DBUS_NAME_FLAG_REPLACE_EXISTING;
else
#endif
service = GNOME_KEYRING_DAEMON_SERVICE;
res = dbus_bus_request_name (dbus_conn, service, flags, &derr);
if (dbus_error_is_set (&derr)) {
g_message ("couldn't request name '%s' on session bus: %s", service, derr.message);
dbus_error_free (&derr);
return FALSE;
}
acquired_asked = TRUE;
switch (res) {
/* We acquired the service name */
case DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER:
case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER:
acquired_service = TRUE;
break;
/* Another daemon is running */
case DBUS_REQUEST_NAME_REPLY_IN_QUEUE:
case DBUS_REQUEST_NAME_REPLY_EXISTS:
acquired_service = FALSE;
break;
default:
acquired_service = FALSE;
g_return_val_if_reached (FALSE);
break;
};
}
*acquired = acquired_service;
return TRUE;
}
gboolean
gkd_pkcs11_initialize (void)
{
CK_FUNCTION_LIST_PTR roots_store;
CK_FUNCTION_LIST_PTR secret_store;
CK_FUNCTION_LIST_PTR ssh_store;
CK_FUNCTION_LIST_PTR mate2_store;
CK_FUNCTION_LIST_PTR xdg_store;
CK_C_INITIALIZE_ARGS init_args;
gboolean ret;
CK_RV rv;
/* Secrets */
secret_store = gkm_secret_store_get_functions ();
/* SSH storage */
ssh_store = gkm_ssh_store_get_functions ();
/* Root certificates */
roots_store = gkm_roots_store_get_functions ();
/* Old User certificates */
mate2_store = gkm_mate2_store_get_functions ();
/* User certificates */
xdg_store = gkm_xdg_store_get_functions ();
/* Add all of those into the wrapper layer */
gkm_wrap_layer_add_module (ssh_store);
#ifdef ROOT_CERTIFICATES
gkm_wrap_layer_add_module (roots_store);
#endif
gkm_wrap_layer_add_module (secret_store);
gkm_wrap_layer_add_module (mate2_store);
gkm_wrap_layer_add_module (xdg_store);
pkcs11_roof = gkm_wrap_layer_get_functions ();
pkcs11_base = gkm_wrap_layer_get_functions_no_prompts ();
memset (&init_args, 0, sizeof (init_args));
init_args.flags = CKF_OS_LOCKING_OK;
#if WITH_TESTS
{
const gchar *path = g_getenv ("MATE_KEYRING_TEST_PATH");
if (path && path[0])
init_args.pReserved = g_strdup_printf ("directory=\"%s\"", path);
}
#endif
/* Initialize the whole caboodle */
rv = (pkcs11_roof->C_Initialize) (&init_args);
g_free (init_args.pReserved);
if (rv != CKR_OK) {
g_warning ("couldn't initialize internal PKCS#11 stack (code: %d)", (gint)rv);
return FALSE;
}
egg_cleanup_register (pkcs11_daemon_cleanup, NULL);
ret = gkd_gpg_agent_initialize (pkcs11_roof) &&
gkd_ssh_agent_initialize (pkcs11_roof) &&
gkm_rpc_layer_initialize (pkcs11_roof);
return ret;
}
gboolean
gkd_dbus_singleton_acquire (gboolean *acquired)
{
const gchar *service = NULL;
GBusNameOwnerFlags flags = G_BUS_NAME_OWNER_FLAGS_NONE;
GVariant *acquire_variant;
guint res;
GError *error = NULL;
GkdExportedDaemon *skeleton;
g_assert (acquired);
if (!connect_to_session_bus ())
return FALSE;
/* First register the object */
if (!object_registered) {
skeleton = gkd_exported_daemon_skeleton_new ();
g_signal_connect (skeleton, "handle-get-control-directory",
G_CALLBACK (handle_get_control_directory), NULL);
g_signal_connect (skeleton, "handle-get-environment",
G_CALLBACK (handle_get_environment), NULL);
g_dbus_interface_skeleton_export (G_DBUS_INTERFACE_SKELETON (skeleton), dbus_conn,
GNOME_KEYRING_DAEMON_PATH, &error);
if (error == NULL) {
object_registered = TRUE;
egg_cleanup_register (cleanup_singleton, skeleton);
} else {
g_message ("couldn't register dbus object path: %s", error->message);
g_clear_error (&error);
}
}
/* Try and grab our name */
if (!acquired_asked) {
#ifdef WITH_DEBUG
service = g_getenv ("GNOME_KEYRING_TEST_SERVICE");
if (service && service[0])
flags = G_BUS_NAME_OWNER_FLAGS_ALLOW_REPLACEMENT | G_BUS_NAME_OWNER_FLAGS_REPLACE;
else
#endif
service = GNOME_KEYRING_DAEMON_SERVICE;
/* attempt to acquire the name */
acquire_variant = g_dbus_connection_call_sync (dbus_conn,
"org.freedesktop.DBus", /* bus name */
"/org/freedesktop/DBus", /* object path */
"org.freedesktop.DBus", /* interface name */
"RequestName", /* method name */
g_variant_new ("(su)",
service,
flags),
G_VARIANT_TYPE ("(u)"),
G_DBUS_CALL_FLAGS_NONE,
-1, NULL, &error);
if (error != NULL) {
g_message ("couldn't request name '%s' on session bus: %s", service, error->message);
g_error_free (error);
return FALSE;
}
acquired_asked = TRUE;
g_variant_get (acquire_variant, "(u)", &res);
g_variant_unref (acquire_variant);
switch (res) {
/* We acquired the service name */
case 1: /* DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER */
case 4: /* DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER */
acquired_service = TRUE;
break;
/* Another daemon is running */
case 2: /* DBUS_REQUEST_NAME_REPLY_IN_QUEUE */
case 3: /* DBUS_REQUEST_NAME_REPLY_EXISTS */
acquired_service = FALSE;
break;
default:
acquired_service = FALSE;
g_return_val_if_reached (FALSE);
break;
};
}
*acquired = acquired_service;
return TRUE;
}
