GckSession*
gkd_secret_service_internal_pkcs11_session (GkdSecretService *self)
{
GError *error = NULL;
GckSlot *slot;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
if (self->internal_session)
return self->internal_session;
slot = gkd_secret_service_get_pkcs11_slot (self);
self->internal_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
0, NULL, NULL, NULL, &error);
if (!self->internal_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
return NULL;
}
if (!log_into_pkcs11_session (self->internal_session, &error)) {
g_warning ("couldn't log in to pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
g_object_unref (self->internal_session);
self->internal_session = NULL;
return NULL;
}
return self->internal_session;
}
GckSession*
gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller)
{
ServiceClient *client;
GError *error = NULL;
GckTokenInfo *info;
GckSlot *slot;
gboolean login;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
g_return_val_if_fail (caller, NULL);
client = g_hash_table_lookup (self->clients, caller);
g_return_val_if_fail (client, NULL);
/* Open a new session if necessary */
if (!client->pkcs11_session) {
slot = gkd_secret_service_get_pkcs11_slot (self);
client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
CKF_G_APPLICATION_SESSION, &client->app,
NULL, NULL, &error);
if (!client->pkcs11_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
return NULL;
}
/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
info = gck_slot_get_token_info (slot);
login = info && (info->flags & CKF_LOGIN_REQUIRED);
gck_token_info_free (info);
if (login && !gck_session_login (client->pkcs11_session, CKU_USER, NULL, 0, NULL, &error)) {
g_warning ("couldn't log in to pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
g_object_unref (client->pkcs11_session);
client->pkcs11_session = NULL;
return NULL;
}
}
return client->pkcs11_session;
}
GckSession*
gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller)
{
ServiceClient *client;
GError *error = NULL;
GckSlot *slot;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
g_return_val_if_fail (caller, NULL);
client = g_hash_table_lookup (self->clients, caller);
g_return_val_if_fail (client, NULL);
/* Open a new session if necessary */
if (!client->pkcs11_session) {
slot = gkd_secret_service_get_pkcs11_slot (self);
client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
CKF_G_APPLICATION_SESSION, &client->app,
NULL, NULL, &error);
if (!client->pkcs11_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
return NULL;
}
if (!log_into_pkcs11_session (client->pkcs11_session, &error)) {
g_warning ("couldn't log in to pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
g_object_unref (client->pkcs11_session);
client->pkcs11_session = NULL;
return NULL;
}
}
return client->pkcs11_session;
}
/**
* gck_slot_open_session:
* @self: The slot ot open a session on.
* @flags: The flags to open a session with.
* @err: A location to return an error, or NULL.
*
* Open a session on the slot. If the 'auto reuse' setting is set,
* then this may be a recycled session with the same flags.
*
* This call may block for an indefinite period.
*
* Return value: A new session or NULL if an error occurs.
**/
GckSession*
gck_slot_open_session (GckSlot *self, guint options, GCancellable *cancellable, GError **err)
{
return gck_slot_open_session_full (self, options, 0, NULL, NULL, cancellable, err);
}
