static CK_RV
gkm_user_module_real_login_change (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR old_pin,
CK_ULONG n_old_pin, CK_UTF8CHAR_PTR new_pin, CK_ULONG n_new_pin)
{
GkmUserModule *self = GKM_USER_MODULE (base);
GkmSecret *old_login, *new_login;
GkmTransaction *transaction;
CK_RV rv;
/*
* Remember this doesn't affect the currently logged in user. Logged in
* sessions will remain logged in, and vice versa.
*/
old_login = gkm_secret_new_from_login (old_pin, n_old_pin);
new_login = gkm_secret_new_from_login (new_pin, n_new_pin);
transaction = gkm_transaction_new ();
gkm_user_storage_relock (self->storage, transaction, old_login, new_login);
g_object_unref (old_login);
g_object_unref (new_login);
gkm_transaction_complete (transaction);
rv = gkm_transaction_get_result (transaction);
g_object_unref (transaction);
return rv;
}
static CK_RV
gkm_user_module_real_login_user (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin, CK_ULONG n_pin)
{
GkmUserModule *self = GKM_USER_MODULE (base);
GkmSecret *login;
CK_RV rv;
/* See if this application has logged in */
if (g_hash_table_lookup (self->unlocked_apps, &slot_id))
return CKR_USER_ALREADY_LOGGED_IN;
login = gkm_user_storage_get_login (self->storage);
/* No application is logged in */
if (g_hash_table_size (self->unlocked_apps) == 0) {
g_return_val_if_fail (login == NULL, CKR_GENERAL_ERROR);
/* So actually unlock the store */
login = gkm_secret_new_from_login (pin, n_pin);
rv = gkm_user_storage_unlock (self->storage, login);
g_object_unref (login);
/* An application is already logged in */
} else {
g_return_val_if_fail (login != NULL, CKR_GENERAL_ERROR);
/* Compare our pin to the one used originally */
if (!gkm_secret_equals (login, pin, n_pin))
rv = CKR_PIN_INCORRECT;
else
rv = CKR_OK;
}
/* Note that this application logged in */
if (rv == CKR_OK) {
g_hash_table_insert (self->unlocked_apps, gkm_util_ulong_alloc (slot_id), UNUSED_VALUE);
rv = GKM_MODULE_CLASS (gkm_user_module_parent_class)->login_user (base, slot_id, pin, n_pin);
}
return rv;
}
CK_RV
gkm_credential_create (GkmModule *module, GkmManager *manager, GkmObject *object,
CK_UTF8CHAR_PTR pin, CK_ULONG n_pin, GkmCredential **result)
{
GkmCredential *cred;
GkmSecret *secret = NULL;
CK_RV rv;
g_return_val_if_fail (GKM_IS_MODULE (module), CKR_GENERAL_ERROR);
g_return_val_if_fail (!object || GKM_IS_OBJECT (object), CKR_GENERAL_ERROR);
g_return_val_if_fail (!manager || GKM_IS_MANAGER (manager), CKR_GENERAL_ERROR);
g_return_val_if_fail (result, CKR_GENERAL_ERROR);
secret = gkm_secret_new_from_login (pin, n_pin);
cred = g_object_new (GKM_TYPE_CREDENTIAL,
"module", module,
"manager", manager,
"secret", secret,
"object", object,
NULL);
g_object_unref (secret);
/* If we have an object, the unlock must work */
if (object) {
rv = gkm_object_unlock (object, cred);
if (rv == CKR_OK)
*result = cred;
else
g_object_unref (cred);
/* Created credentials without object */
} else {
*result = cred;
rv = CKR_OK;
}
return rv;
}