gboolean
gkd_secret_lock_all (GckSession *session,
DBusError *derr)
{
GckBuilder builder = GCK_BUILDER_INIT;
GError *error = NULL;
GList *objects, *l;
/* Lock all the main collections */
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_CREDENTIAL);
gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
if (error != NULL) {
g_warning ("couldn't search for credential objects: %s", egg_error_message (error));
dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock service");
g_clear_error (&error);
return FALSE;
}
for (l = objects; l; l = g_list_next (l)) {
if (!gck_object_destroy (l->data, NULL, &error)) {
g_warning ("couldn't destroy credential object: %s", egg_error_message (error));
g_clear_error (&error);
}
}
/* Now delete all session objects */
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
gck_builder_add_string (&builder, CKA_G_COLLECTION, "session");
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
if (error != NULL) {
g_warning ("couldn't search for session items: %s", egg_error_message (error));
dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock service");
g_clear_error (&error);
return FALSE;
}
for (l = objects; l; l = g_list_next (l)) {
if (!gck_object_destroy (l->data, NULL, &error)) {
g_warning ("couldn't destroy session item: %s", egg_error_message (error));
g_clear_error (&error);
}
}
gck_list_unref_free (objects);
return TRUE;
}
gboolean
gkd_secret_lock (GckObject *collection, DBusError *derr)
{
GckBuilder builder = GCK_BUILDER_INIT;
GError *error = NULL;
GList *objects, *l;
GckSession *session;
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_CREDENTIAL);
gck_builder_add_ulong (&builder, CKA_G_OBJECT, gck_object_get_handle (collection));
session = gck_object_get_session (collection);
g_return_val_if_fail (session, FALSE);
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
g_object_unref (session);
if (error != NULL) {
g_warning ("couldn't search for credential objects: %s", egg_error_message (error));
dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock collection");
g_clear_error (&error);
return FALSE;
}
for (l = objects; l; l = g_list_next (l)) {
if (!gck_object_destroy (l->data, NULL, &error)) {
g_warning ("couldn't destroy credential object: %s", egg_error_message (error));
g_clear_error (&error);
}
}
gck_list_unref_free (objects);
return TRUE;
}
static GckObject*
lookup_login_keyring (GckSession *session)
{
GckAttributes *atts;
GError *error = NULL;
GckObject *login = NULL;
GList *objects;
guint length;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION);
gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE);
gck_attributes_add_string (atts, CKA_ID, "login");
objects = gck_session_find_objects (session, atts, NULL, &error);
gck_attributes_unref (atts);
if (error) {
g_warning ("couldn't search for login keyring: %s", egg_error_message (error));
g_clear_error (&error);
return NULL;
}
length = g_list_length (objects);
if (length == 1)
login = g_object_ref (objects->data);
else if (length > 1)
g_warning ("more than one login keyring exists");
gck_list_unref_free (objects);
return login;
}
static GckObject *
secret_objects_lookup_gck_object_for_path (GkdSecretObjects *self,
const gchar *sender,
const gchar *path,
GError **error_out)
{
GckBuilder builder = GCK_BUILDER_INIT;
GList *objects;
GckSession *session;
gchar *c_ident;
gchar *i_ident;
GckObject *object = NULL;
GError *error = NULL;
g_return_val_if_fail (path, FALSE);
if (!gkd_secret_util_parse_path (path, &c_ident, &i_ident) || !c_ident)
goto out;
/* The session we're using to access the object */
session = gkd_secret_service_get_pkcs11_session (self->service, sender);
g_return_val_if_fail (session, FALSE);
if (i_ident) {
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
gck_builder_add_string (&builder, CKA_G_COLLECTION, c_ident);
gck_builder_add_string (&builder, CKA_ID, i_ident);
} else {
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION);
gck_builder_add_string (&builder, CKA_ID, c_ident);
}
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
g_free (c_ident);
g_free (i_ident);
if (error != NULL) {
g_warning ("couldn't lookup object: %s: %s", path, egg_error_message (error));
g_clear_error (&error);
}
if (!objects)
goto out;
object = g_object_ref (objects->data);
gck_list_unref_free (objects);
out:
if (!object)
g_set_error (error_out, GKD_SECRET_ERROR,
GKD_SECRET_ERROR_NO_SUCH_OBJECT,
"The '%s' object does not exist",
path);
return object;
}
static GckObject *
lookup_public_key (GckObject *object,
GCancellable *cancellable,
GError **lerror)
{
GckBuilder builder = GCK_BUILDER_INIT;
gulong attr_types[] = { CKA_ID };
GckAttributes *attrs;
GError *error = NULL;
GckSession *session;
GckObject *result;
const GckAttribute *id;
GList *objects;
attrs = gck_object_cache_lookup (object, attr_types, G_N_ELEMENTS (attr_types),
cancellable, &error);
if (error != NULL) {
_gcr_debug ("couldn't load private key id: %s", error->message);
g_propagate_error (lerror, error);
return NULL;
}
id = gck_attributes_find (attrs, CKA_ID);
if (id == NULL || gck_attribute_is_invalid (id)) {
gck_attributes_unref (attrs);
_gcr_debug ("couldn't load private key id");
g_set_error_literal (lerror, GCK_ERROR, CKR_ATTRIBUTE_TYPE_INVALID,
gck_message_from_rv (CKR_ATTRIBUTE_TYPE_INVALID));
return NULL;
}
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_PUBLIC_KEY);
gck_builder_add_attribute (&builder, id);
gck_attributes_unref (attrs);
session = gck_object_get_session (object);
objects = gck_session_find_objects (session, gck_builder_end (&builder), cancellable, &error);
g_object_unref (session);
if (error != NULL) {
_gcr_debug ("couldn't lookup public key: %s", error->message);
g_propagate_error (lerror, error);
return NULL;
}
if (!objects)
return NULL;
result = g_object_ref (objects->data);
gck_list_unref_free (objects);
return result;
}
void
gkd_secret_objects_foreach_collection (GkdSecretObjects *self,
const gchar *caller,
GkdSecretObjectsForeach callback,
gpointer user_data)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckSession *session;
GError *error = NULL;
GList *collections, *l;
gpointer identifier;
gsize n_identifier;
gchar *path;
g_return_if_fail (GKD_SECRET_IS_OBJECTS (self));
g_return_if_fail (callback);
/* The session we're using to access the object */
if (caller == NULL) {
session = gkd_secret_service_internal_pkcs11_session (self->service);
} else {
session = gkd_secret_service_get_pkcs11_session (self->service, caller);
}
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION);
collections = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
if (error != NULL) {
g_warning ("couldn't lookup collections: %s", egg_error_message (error));
g_clear_error (&error);
return;
}
for (l = collections; l; l = g_list_next (l)) {
identifier = gck_object_get_data (l->data, CKA_ID, NULL, &n_identifier, &error);
if (identifier == NULL) {
g_warning ("couldn't get collection identifier: %s", egg_error_message (error));
g_clear_error (&error);
continue;
}
path = gkd_secret_util_build_path (SECRET_COLLECTION_PREFIX, identifier, n_identifier);
g_free (identifier);
(callback) (self, path, l->data, user_data);
g_free (path);
}
gck_list_unref_free (collections);
}
void
gkd_secret_objects_foreach_item (GkdSecretObjects *self,
const gchar *caller,
const gchar *base,
GkdSecretObjectsForeach callback,
gpointer user_data)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckSession *session;
GError *error = NULL;
gchar *identifier;
GList *items;
g_return_if_fail (GKD_SECRET_IS_OBJECTS (self));
g_return_if_fail (base != NULL);
g_return_if_fail (callback != NULL);
/* The session we're using to access the object */
if (caller == NULL) {
session = gkd_secret_service_internal_pkcs11_session (self->service);
} else {
session = gkd_secret_service_get_pkcs11_session (self->service, caller);
}
if (!gkd_secret_util_parse_path (base, &identifier, NULL))
g_return_if_reached ();
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
gck_builder_add_string (&builder, CKA_G_COLLECTION, identifier);
items = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
if (error == NULL) {
objects_foreach_item (self, items, base, callback, user_data);
} else {
g_warning ("couldn't lookup items in '%s' collection: %s", identifier, egg_error_message (error));
g_clear_error (&error);
}
gck_list_unref_free (items);
g_free (identifier);
}
GckObject*
gkd_secret_objects_lookup_item (GkdSecretObjects *self, const gchar *caller,
const gchar *path)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckObject *object = NULL;
GError *error = NULL;
GList *objects;
GckSession *session;
gchar *collection;
gchar *identifier;
g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL);
g_return_val_if_fail (caller, NULL);
g_return_val_if_fail (path, NULL);
if (!gkd_secret_util_parse_path (path, &collection, &identifier))
return NULL;
/* The session we're using to access the object */
session = gkd_secret_service_get_pkcs11_session (self->service, caller);
g_return_val_if_fail (session, NULL);
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
gck_builder_add_string (&builder, CKA_ID, identifier);
gck_builder_add_string (&builder, CKA_G_COLLECTION, collection);
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
g_free (identifier);
g_free (collection);
if (error != NULL) {
g_warning ("couldn't lookup item: %s: %s", path, egg_error_message (error));
g_clear_error (&error);
}
if (objects)
object = g_object_ref (objects->data);
gck_list_unref_free (objects);
return object;
}
