GckSession*
gkd_secret_service_internal_pkcs11_session (GkdSecretService *self)
{
GError *error = NULL;
GckSlot *slot;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
if (self->internal_session)
return self->internal_session;
slot = gkd_secret_service_get_pkcs11_slot (self);
self->internal_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
0, NULL, NULL, NULL, &error);
if (!self->internal_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
return NULL;
}
if (!log_into_pkcs11_session (self->internal_session, &error)) {
g_warning ("couldn't log in to pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
g_object_unref (self->internal_session);
self->internal_session = NULL;
return NULL;
}
return self->internal_session;
}
GP11Session*
gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller)
{
ServiceClient *client;
GError *error = NULL;
GP11TokenInfo *info;
GP11Slot *slot;
gulong flags;
gboolean login;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
g_return_val_if_fail (caller, NULL);
client = g_hash_table_lookup (self->clients, caller);
g_return_val_if_fail (client, NULL);
/* Open a new session if necessary */
if (!client->pkcs11_session) {
flags = CKF_RW_SESSION | CKF_G_APPLICATION_SESSION;
slot = gkd_secret_service_get_pkcs11_slot (self);
client->pkcs11_session = gp11_slot_open_session_full (slot, flags, &client->app,
NULL, NULL, &error);
if (!client->pkcs11_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
return NULL;
}
/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
info = gp11_slot_get_token_info (slot);
login = info && (info->flags & CKF_LOGIN_REQUIRED);
gp11_token_info_free (info);
if (login && !gp11_session_login (client->pkcs11_session, CKU_USER, NULL, 0, &error)) {
g_warning ("couldn't log in to pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
g_object_unref (client->pkcs11_session);
client->pkcs11_session = NULL;
return NULL;
}
}
return client->pkcs11_session;
}
static void
gkd_secret_service_get_property (GObject *obj, guint prop_id, GValue *value,
GParamSpec *pspec)
{
GkdSecretService *self = GKD_SECRET_SERVICE (obj);
switch (prop_id) {
case PROP_CONNECTION:
g_value_set_object (value, gkd_secret_service_get_connection (self));
break;
case PROP_PKCS11_SLOT:
g_value_set_object (value, gkd_secret_service_get_pkcs11_slot (self));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
}
}
GckSession*
gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller)
{
ServiceClient *client;
GError *error = NULL;
GckSlot *slot;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
g_return_val_if_fail (caller, NULL);
client = g_hash_table_lookup (self->clients, caller);
g_return_val_if_fail (client, NULL);
/* Open a new session if necessary */
if (!client->pkcs11_session) {
slot = gkd_secret_service_get_pkcs11_slot (self);
client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
CKF_G_APPLICATION_SESSION, &client->app,
NULL, NULL, &error);
if (!client->pkcs11_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
return NULL;
}
if (!log_into_pkcs11_session (client->pkcs11_session, &error)) {
g_warning ("couldn't log in to pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
g_object_unref (client->pkcs11_session);
client->pkcs11_session = NULL;
return NULL;
}
}
return client->pkcs11_session;
}
