static GckObject *
secret_objects_lookup_gck_object_for_path (GkdSecretObjects *self,
const gchar *sender,
const gchar *path,
GError **error_out)
{
GckBuilder builder = GCK_BUILDER_INIT;
GList *objects;
GckSession *session;
gchar *c_ident;
gchar *i_ident;
GckObject *object = NULL;
GError *error = NULL;
g_return_val_if_fail (path, FALSE);
if (!gkd_secret_util_parse_path (path, &c_ident, &i_ident) || !c_ident)
goto out;
/* The session we're using to access the object */
session = gkd_secret_service_get_pkcs11_session (self->service, sender);
g_return_val_if_fail (session, FALSE);
if (i_ident) {
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
gck_builder_add_string (&builder, CKA_G_COLLECTION, c_ident);
gck_builder_add_string (&builder, CKA_ID, i_ident);
} else {
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION);
gck_builder_add_string (&builder, CKA_ID, c_ident);
}
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
g_free (c_ident);
g_free (i_ident);
if (error != NULL) {
g_warning ("couldn't lookup object: %s: %s", path, egg_error_message (error));
g_clear_error (&error);
}
if (!objects)
goto out;
object = g_object_ref (objects->data);
gck_list_unref_free (objects);
out:
if (!object)
g_set_error (error_out, GKD_SECRET_ERROR,
GKD_SECRET_ERROR_NO_SUCH_OBJECT,
"The '%s' object does not exist",
path);
return object;
}
void
gkd_secret_objects_foreach_collection (GkdSecretObjects *self,
const gchar *caller,
GkdSecretObjectsForeach callback,
gpointer user_data)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckSession *session;
GError *error = NULL;
GList *collections, *l;
gpointer identifier;
gsize n_identifier;
gchar *path;
g_return_if_fail (GKD_SECRET_IS_OBJECTS (self));
g_return_if_fail (callback);
/* The session we're using to access the object */
if (caller == NULL) {
session = gkd_secret_service_internal_pkcs11_session (self->service);
} else {
session = gkd_secret_service_get_pkcs11_session (self->service, caller);
}
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION);
collections = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
if (error != NULL) {
g_warning ("couldn't lookup collections: %s", egg_error_message (error));
g_clear_error (&error);
return;
}
for (l = collections; l; l = g_list_next (l)) {
identifier = gck_object_get_data (l->data, CKA_ID, NULL, &n_identifier, &error);
if (identifier == NULL) {
g_warning ("couldn't get collection identifier: %s", egg_error_message (error));
g_clear_error (&error);
continue;
}
path = gkd_secret_util_build_path (SECRET_COLLECTION_PREFIX, identifier, n_identifier);
g_free (identifier);
(callback) (self, path, l->data, user_data);
g_free (path);
}
gck_list_unref_free (collections);
}
void
gkd_secret_objects_foreach_item (GkdSecretObjects *self,
const gchar *caller,
const gchar *base,
GkdSecretObjectsForeach callback,
gpointer user_data)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckSession *session;
GError *error = NULL;
gchar *identifier;
GList *items;
g_return_if_fail (GKD_SECRET_IS_OBJECTS (self));
g_return_if_fail (base != NULL);
g_return_if_fail (callback != NULL);
/* The session we're using to access the object */
if (caller == NULL) {
session = gkd_secret_service_internal_pkcs11_session (self->service);
} else {
session = gkd_secret_service_get_pkcs11_session (self->service, caller);
}
if (!gkd_secret_util_parse_path (base, &identifier, NULL))
g_return_if_reached ();
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
gck_builder_add_string (&builder, CKA_G_COLLECTION, identifier);
items = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
if (error == NULL) {
objects_foreach_item (self, items, base, callback, user_data);
} else {
g_warning ("couldn't lookup items in '%s' collection: %s", identifier, egg_error_message (error));
g_clear_error (&error);
}
gck_list_unref_free (items);
g_free (identifier);
}
GckObject*
gkd_secret_objects_lookup_item (GkdSecretObjects *self, const gchar *caller,
const gchar *path)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckObject *object = NULL;
GError *error = NULL;
GList *objects;
GckSession *session;
gchar *collection;
gchar *identifier;
g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL);
g_return_val_if_fail (caller, NULL);
g_return_val_if_fail (path, NULL);
if (!gkd_secret_util_parse_path (path, &collection, &identifier))
return NULL;
/* The session we're using to access the object */
session = gkd_secret_service_get_pkcs11_session (self->service, caller);
g_return_val_if_fail (session, NULL);
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
gck_builder_add_string (&builder, CKA_ID, identifier);
gck_builder_add_string (&builder, CKA_G_COLLECTION, collection);
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
g_free (identifier);
g_free (collection);
if (error != NULL) {
g_warning ("couldn't lookup item: %s: %s", path, egg_error_message (error));
g_clear_error (&error);
}
if (objects)
object = g_object_ref (objects->data);
gck_list_unref_free (objects);
return object;
}
static DBusMessage*
service_method_lock_service (GkdSecretService *self, DBusMessage *message)
{
DBusError derr = DBUS_ERROR_INIT;
GckSession *session;
const char *caller;
if (!dbus_message_get_args (message, NULL, DBUS_TYPE_INVALID))
return NULL;
caller = dbus_message_get_sender (message);
session = gkd_secret_service_get_pkcs11_session (self, caller);
g_return_val_if_fail (session != NULL, NULL);
if (!gkd_secret_lock_all (session, &derr))
return gkd_secret_error_to_reply (message, &derr);
return dbus_message_new_method_return (message);
}
static gboolean
service_method_lock_service (GkdExportedService *skeleton,
GDBusMethodInvocation *invocation,
GkdSecretService *self)
{
GError *error = NULL;
GckSession *session;
const char *caller;
caller = g_dbus_method_invocation_get_sender (invocation);
session = gkd_secret_service_get_pkcs11_session (self, caller);
g_return_val_if_fail (session != NULL, FALSE);
if (!gkd_secret_lock_all (session, &error))
g_dbus_method_invocation_take_error (invocation, error);
else
gkd_exported_service_complete_lock_service (skeleton, invocation);
return TRUE;
}
gboolean
gkd_secret_objects_handle_search_items (GkdSecretObjects *self,
GDBusMethodInvocation *invocation,
GVariant *attributes,
const gchar *base,
gboolean separate_locked)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckObject *search;
GckSession *session;
GError *error = NULL;
gchar *identifier;
gpointer data;
gsize n_data;
GList *locked, *unlocked;
GList *items;
GVariantBuilder result;
if (!gkd_secret_property_parse_fields (attributes, &builder)) {
gck_builder_clear (&builder);
g_dbus_method_invocation_return_error_literal (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_FAILED,
"Invalid data in attributes argument");
return TRUE;
}
if (base != NULL) {
if (!gkd_secret_util_parse_path (base, &identifier, NULL))
g_return_val_if_reached (FALSE);
gck_builder_add_string (&builder, CKA_G_COLLECTION, identifier);
g_free (identifier);
}
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_SEARCH);
gck_builder_add_boolean (&builder, CKA_TOKEN, FALSE);
/* The session we're using to access the object */
session = gkd_secret_service_get_pkcs11_session (self->service, g_dbus_method_invocation_get_sender (invocation));
g_return_val_if_fail (session, FALSE);
/* Create the search object */
search = gck_session_create_object (session, gck_builder_end (&builder), NULL, &error);
if (error != NULL) {
g_dbus_method_invocation_return_error (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_FAILED,
"Couldn't search for items: %s",
egg_error_message (error));
g_clear_error (&error);
return TRUE;
}
/* Get the matched item handles, and delete the search object */
data = gck_object_get_data (search, CKA_G_MATCHED, NULL, &n_data, &error);
gck_object_destroy (search, NULL, NULL);
g_object_unref (search);
if (error != NULL) {
g_dbus_method_invocation_return_error (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_FAILED,
"Couldn't retrieve matched items: %s",
egg_error_message (error));
g_clear_error (&error);
return TRUE;
}
/* Build a list of object handles */
items = gck_objects_from_handle_array (session, data, n_data / sizeof (CK_OBJECT_HANDLE));
g_free (data);
/* Filter out the locked items */
if (separate_locked) {
GVariant *unlocked_variant, *locked_variant;
item_cleanup_search_results (session, items, &locked, &unlocked);
g_variant_builder_init (&result, G_VARIANT_TYPE ("ao"));
objects_foreach_item (self, unlocked, NULL, on_object_path_append_to_builder, &result);
unlocked_variant = g_variant_builder_end (&result);
g_variant_builder_init (&result, G_VARIANT_TYPE ("ao"));
objects_foreach_item (self, locked, NULL, on_object_path_append_to_builder, &result);
locked_variant = g_variant_builder_end (&result);
g_list_free (locked);
g_list_free (unlocked);
g_dbus_method_invocation_return_value (invocation,
g_variant_new ("(@ao@ao)",
unlocked_variant,
locked_variant));
} else {
g_variant_builder_init (&result, G_VARIANT_TYPE ("ao"));
objects_foreach_item (self, items, NULL, on_object_path_append_to_builder, &result);
g_dbus_method_invocation_return_value (invocation,
g_variant_new ("(@ao)", g_variant_builder_end (&result)));
}
gck_list_unref_free (items);
return TRUE;
}
