static CK_RV gkm_user_module_real_login_change (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR old_pin, CK_ULONG n_old_pin, CK_UTF8CHAR_PTR new_pin, CK_ULONG n_new_pin) { GkmUserModule *self = GKM_USER_MODULE (base); GkmSecret *old_login, *new_login; GkmTransaction *transaction; CK_RV rv; /* * Remember this doesn't affect the currently logged in user. Logged in * sessions will remain logged in, and vice versa. */ old_login = gkm_secret_new_from_login (old_pin, n_old_pin); new_login = gkm_secret_new_from_login (new_pin, n_new_pin); transaction = gkm_transaction_new (); gkm_user_storage_relock (self->storage, transaction, old_login, new_login); g_object_unref (old_login); g_object_unref (new_login); gkm_transaction_complete (transaction); rv = gkm_transaction_get_result (transaction); g_object_unref (transaction); return rv; }
static CK_RV gkm_user_module_real_login_user (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin, CK_ULONG n_pin) { GkmUserModule *self = GKM_USER_MODULE (base); GkmSecret *login; CK_RV rv; /* See if this application has logged in */ if (g_hash_table_lookup (self->unlocked_apps, &slot_id)) return CKR_USER_ALREADY_LOGGED_IN; login = gkm_user_storage_get_login (self->storage); /* No application is logged in */ if (g_hash_table_size (self->unlocked_apps) == 0) { g_return_val_if_fail (login == NULL, CKR_GENERAL_ERROR); /* So actually unlock the store */ login = gkm_secret_new_from_login (pin, n_pin); rv = gkm_user_storage_unlock (self->storage, login); g_object_unref (login); /* An application is already logged in */ } else { g_return_val_if_fail (login != NULL, CKR_GENERAL_ERROR); /* Compare our pin to the one used originally */ if (!gkm_secret_equals (login, pin, n_pin)) rv = CKR_PIN_INCORRECT; else rv = CKR_OK; } /* Note that this application logged in */ if (rv == CKR_OK) { g_hash_table_insert (self->unlocked_apps, gkm_util_ulong_alloc (slot_id), UNUSED_VALUE); rv = GKM_MODULE_CLASS (gkm_user_module_parent_class)->login_user (base, slot_id, pin, n_pin); } return rv; }
CK_RV gkm_credential_create (GkmModule *module, GkmManager *manager, GkmObject *object, CK_UTF8CHAR_PTR pin, CK_ULONG n_pin, GkmCredential **result) { GkmCredential *cred; GkmSecret *secret = NULL; CK_RV rv; g_return_val_if_fail (GKM_IS_MODULE (module), CKR_GENERAL_ERROR); g_return_val_if_fail (!object || GKM_IS_OBJECT (object), CKR_GENERAL_ERROR); g_return_val_if_fail (!manager || GKM_IS_MANAGER (manager), CKR_GENERAL_ERROR); g_return_val_if_fail (result, CKR_GENERAL_ERROR); secret = gkm_secret_new_from_login (pin, n_pin); cred = g_object_new (GKM_TYPE_CREDENTIAL, "module", module, "manager", manager, "secret", secret, "object", object, NULL); g_object_unref (secret); /* If we have an object, the unlock must work */ if (object) { rv = gkm_object_unlock (object, cred); if (rv == CKR_OK) *result = cred; else g_object_unref (cred); /* Created credentials without object */ } else { *result = cred; rv = CKR_OK; } return rv; }