GckSession* gkd_secret_service_internal_pkcs11_session (GkdSecretService *self) { GError *error = NULL; GckSlot *slot; g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL); if (self->internal_session) return self->internal_session; slot = gkd_secret_service_get_pkcs11_slot (self); self->internal_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE, 0, NULL, NULL, NULL, &error); if (!self->internal_session) { g_warning ("couldn't open pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); return NULL; } if (!log_into_pkcs11_session (self->internal_session, &error)) { g_warning ("couldn't log in to pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); g_object_unref (self->internal_session); self->internal_session = NULL; return NULL; } return self->internal_session; }
GckSession* gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller) { ServiceClient *client; GError *error = NULL; GckTokenInfo *info; GckSlot *slot; gboolean login; g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL); g_return_val_if_fail (caller, NULL); client = g_hash_table_lookup (self->clients, caller); g_return_val_if_fail (client, NULL); /* Open a new session if necessary */ if (!client->pkcs11_session) { slot = gkd_secret_service_get_pkcs11_slot (self); client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE, CKF_G_APPLICATION_SESSION, &client->app, NULL, NULL, &error); if (!client->pkcs11_session) { g_warning ("couldn't open pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); return NULL; } /* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */ info = gck_slot_get_token_info (slot); login = info && (info->flags & CKF_LOGIN_REQUIRED); gck_token_info_free (info); if (login && !gck_session_login (client->pkcs11_session, CKU_USER, NULL, 0, NULL, &error)) { g_warning ("couldn't log in to pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); g_object_unref (client->pkcs11_session); client->pkcs11_session = NULL; return NULL; } } return client->pkcs11_session; }
GckSession* gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller) { ServiceClient *client; GError *error = NULL; GckSlot *slot; g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL); g_return_val_if_fail (caller, NULL); client = g_hash_table_lookup (self->clients, caller); g_return_val_if_fail (client, NULL); /* Open a new session if necessary */ if (!client->pkcs11_session) { slot = gkd_secret_service_get_pkcs11_slot (self); client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE, CKF_G_APPLICATION_SESSION, &client->app, NULL, NULL, &error); if (!client->pkcs11_session) { g_warning ("couldn't open pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); return NULL; } if (!log_into_pkcs11_session (client->pkcs11_session, &error)) { g_warning ("couldn't log in to pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); g_object_unref (client->pkcs11_session); client->pkcs11_session = NULL; return NULL; } } return client->pkcs11_session; }
/** * gck_slot_open_session: * @self: The slot ot open a session on. * @flags: The flags to open a session with. * @err: A location to return an error, or NULL. * * Open a session on the slot. If the 'auto reuse' setting is set, * then this may be a recycled session with the same flags. * * This call may block for an indefinite period. * * Return value: A new session or NULL if an error occurs. **/ GckSession* gck_slot_open_session (GckSlot *self, guint options, GCancellable *cancellable, GError **err) { return gck_slot_open_session_full (self, options, 0, NULL, NULL, cancellable, err); }