static CK_RV
gkm_user_module_real_login_change (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR old_pin,
                                   CK_ULONG n_old_pin, CK_UTF8CHAR_PTR new_pin, CK_ULONG n_new_pin)
{
	GkmUserModule *self = GKM_USER_MODULE (base);
	GkmSecret *old_login, *new_login;
	GkmTransaction *transaction;
	CK_RV rv;

	/*
	 * Remember this doesn't affect the currently logged in user. Logged in
	 * sessions will remain logged in, and vice versa.
	 */

	old_login = gkm_secret_new_from_login (old_pin, n_old_pin);
	new_login = gkm_secret_new_from_login (new_pin, n_new_pin);

	transaction = gkm_transaction_new ();

	gkm_user_storage_relock (self->storage, transaction, old_login, new_login);

	g_object_unref (old_login);
	g_object_unref (new_login);

	gkm_transaction_complete (transaction);
	rv = gkm_transaction_get_result (transaction);
	g_object_unref (transaction);

	return rv;
}
static CK_RV
gkm_user_module_real_login_user (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin, CK_ULONG n_pin)
{
	GkmUserModule *self = GKM_USER_MODULE (base);
	GkmSecret *login;
	CK_RV rv;

	/* See if this application has logged in */
	if (g_hash_table_lookup (self->unlocked_apps, &slot_id))
		return CKR_USER_ALREADY_LOGGED_IN;

	login = gkm_user_storage_get_login (self->storage);

	/* No application is logged in */
	if (g_hash_table_size (self->unlocked_apps) == 0) {

		g_return_val_if_fail (login == NULL, CKR_GENERAL_ERROR);

		/* So actually unlock the store */
		login = gkm_secret_new_from_login (pin, n_pin);
		rv = gkm_user_storage_unlock (self->storage, login);
		g_object_unref (login);

	/* An application is already logged in */
	} else {

		g_return_val_if_fail (login != NULL, CKR_GENERAL_ERROR);

		/* Compare our pin to the one used originally */
		if (!gkm_secret_equals (login, pin, n_pin))
			rv = CKR_PIN_INCORRECT;
		else
			rv = CKR_OK;
	}

	/* Note that this application logged in */
	if (rv == CKR_OK) {
		g_hash_table_insert (self->unlocked_apps, gkm_util_ulong_alloc (slot_id), UNUSED_VALUE);
		rv = GKM_MODULE_CLASS (gkm_user_module_parent_class)->login_user (base, slot_id, pin, n_pin);
	}

	return rv;
}
Ejemplo n.º 3
0
CK_RV
gkm_credential_create (GkmModule *module, GkmManager *manager, GkmObject *object,
                       CK_UTF8CHAR_PTR pin, CK_ULONG n_pin, GkmCredential **result)
{
	GkmCredential *cred;
	GkmSecret *secret = NULL;
	CK_RV rv;

	g_return_val_if_fail (GKM_IS_MODULE (module), CKR_GENERAL_ERROR);
	g_return_val_if_fail (!object || GKM_IS_OBJECT (object), CKR_GENERAL_ERROR);
	g_return_val_if_fail (!manager || GKM_IS_MANAGER (manager), CKR_GENERAL_ERROR);
	g_return_val_if_fail (result, CKR_GENERAL_ERROR);

	secret = gkm_secret_new_from_login (pin, n_pin);
	cred = g_object_new (GKM_TYPE_CREDENTIAL,
	                     "module", module,
	                     "manager", manager,
	                     "secret", secret,
	                     "object", object,
	                     NULL);
	g_object_unref (secret);

	/* If we have an object, the unlock must work */
	if (object) {
		rv = gkm_object_unlock (object, cred);
		if (rv == CKR_OK)
			*result = cred;
		else
			g_object_unref (cred);

	/* Created credentials without object */
	} else {
		*result = cred;
		rv = CKR_OK;
	}

	return rv;
}