gboolean gkd_secret_lock_all (GckSession *session, DBusError *derr) { GckBuilder builder = GCK_BUILDER_INIT; GError *error = NULL; GList *objects, *l; /* Lock all the main collections */ gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_CREDENTIAL); gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE); objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); if (error != NULL) { g_warning ("couldn't search for credential objects: %s", egg_error_message (error)); dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock service"); g_clear_error (&error); return FALSE; } for (l = objects; l; l = g_list_next (l)) { if (!gck_object_destroy (l->data, NULL, &error)) { g_warning ("couldn't destroy credential object: %s", egg_error_message (error)); g_clear_error (&error); } } /* Now delete all session objects */ gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY); gck_builder_add_string (&builder, CKA_G_COLLECTION, "session"); objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); if (error != NULL) { g_warning ("couldn't search for session items: %s", egg_error_message (error)); dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock service"); g_clear_error (&error); return FALSE; } for (l = objects; l; l = g_list_next (l)) { if (!gck_object_destroy (l->data, NULL, &error)) { g_warning ("couldn't destroy session item: %s", egg_error_message (error)); g_clear_error (&error); } } gck_list_unref_free (objects); return TRUE; }
gboolean gkd_secret_lock (GckObject *collection, DBusError *derr) { GckBuilder builder = GCK_BUILDER_INIT; GError *error = NULL; GList *objects, *l; GckSession *session; gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_CREDENTIAL); gck_builder_add_ulong (&builder, CKA_G_OBJECT, gck_object_get_handle (collection)); session = gck_object_get_session (collection); g_return_val_if_fail (session, FALSE); objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); g_object_unref (session); if (error != NULL) { g_warning ("couldn't search for credential objects: %s", egg_error_message (error)); dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock collection"); g_clear_error (&error); return FALSE; } for (l = objects; l; l = g_list_next (l)) { if (!gck_object_destroy (l->data, NULL, &error)) { g_warning ("couldn't destroy credential object: %s", egg_error_message (error)); g_clear_error (&error); } } gck_list_unref_free (objects); return TRUE; }
static GckObject* lookup_login_keyring (GckSession *session) { GckAttributes *atts; GError *error = NULL; GckObject *login = NULL; GList *objects; guint length; g_return_val_if_fail (GCK_IS_SESSION (session), NULL); atts = gck_attributes_new (); gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION); gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE); gck_attributes_add_string (atts, CKA_ID, "login"); objects = gck_session_find_objects (session, atts, NULL, &error); gck_attributes_unref (atts); if (error) { g_warning ("couldn't search for login keyring: %s", egg_error_message (error)); g_clear_error (&error); return NULL; } length = g_list_length (objects); if (length == 1) login = g_object_ref (objects->data); else if (length > 1) g_warning ("more than one login keyring exists"); gck_list_unref_free (objects); return login; }
static GckObject * secret_objects_lookup_gck_object_for_path (GkdSecretObjects *self, const gchar *sender, const gchar *path, GError **error_out) { GckBuilder builder = GCK_BUILDER_INIT; GList *objects; GckSession *session; gchar *c_ident; gchar *i_ident; GckObject *object = NULL; GError *error = NULL; g_return_val_if_fail (path, FALSE); if (!gkd_secret_util_parse_path (path, &c_ident, &i_ident) || !c_ident) goto out; /* The session we're using to access the object */ session = gkd_secret_service_get_pkcs11_session (self->service, sender); g_return_val_if_fail (session, FALSE); if (i_ident) { gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY); gck_builder_add_string (&builder, CKA_G_COLLECTION, c_ident); gck_builder_add_string (&builder, CKA_ID, i_ident); } else { gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION); gck_builder_add_string (&builder, CKA_ID, c_ident); } objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); g_free (c_ident); g_free (i_ident); if (error != NULL) { g_warning ("couldn't lookup object: %s: %s", path, egg_error_message (error)); g_clear_error (&error); } if (!objects) goto out; object = g_object_ref (objects->data); gck_list_unref_free (objects); out: if (!object) g_set_error (error_out, GKD_SECRET_ERROR, GKD_SECRET_ERROR_NO_SUCH_OBJECT, "The '%s' object does not exist", path); return object; }
static GckObject * lookup_public_key (GckObject *object, GCancellable *cancellable, GError **lerror) { GckBuilder builder = GCK_BUILDER_INIT; gulong attr_types[] = { CKA_ID }; GckAttributes *attrs; GError *error = NULL; GckSession *session; GckObject *result; const GckAttribute *id; GList *objects; attrs = gck_object_cache_lookup (object, attr_types, G_N_ELEMENTS (attr_types), cancellable, &error); if (error != NULL) { _gcr_debug ("couldn't load private key id: %s", error->message); g_propagate_error (lerror, error); return NULL; } id = gck_attributes_find (attrs, CKA_ID); if (id == NULL || gck_attribute_is_invalid (id)) { gck_attributes_unref (attrs); _gcr_debug ("couldn't load private key id"); g_set_error_literal (lerror, GCK_ERROR, CKR_ATTRIBUTE_TYPE_INVALID, gck_message_from_rv (CKR_ATTRIBUTE_TYPE_INVALID)); return NULL; } gck_builder_add_ulong (&builder, CKA_CLASS, CKO_PUBLIC_KEY); gck_builder_add_attribute (&builder, id); gck_attributes_unref (attrs); session = gck_object_get_session (object); objects = gck_session_find_objects (session, gck_builder_end (&builder), cancellable, &error); g_object_unref (session); if (error != NULL) { _gcr_debug ("couldn't lookup public key: %s", error->message); g_propagate_error (lerror, error); return NULL; } if (!objects) return NULL; result = g_object_ref (objects->data); gck_list_unref_free (objects); return result; }
void gkd_secret_objects_foreach_collection (GkdSecretObjects *self, const gchar *caller, GkdSecretObjectsForeach callback, gpointer user_data) { GckBuilder builder = GCK_BUILDER_INIT; GckSession *session; GError *error = NULL; GList *collections, *l; gpointer identifier; gsize n_identifier; gchar *path; g_return_if_fail (GKD_SECRET_IS_OBJECTS (self)); g_return_if_fail (callback); /* The session we're using to access the object */ if (caller == NULL) { session = gkd_secret_service_internal_pkcs11_session (self->service); } else { session = gkd_secret_service_get_pkcs11_session (self->service, caller); } gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION); collections = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); if (error != NULL) { g_warning ("couldn't lookup collections: %s", egg_error_message (error)); g_clear_error (&error); return; } for (l = collections; l; l = g_list_next (l)) { identifier = gck_object_get_data (l->data, CKA_ID, NULL, &n_identifier, &error); if (identifier == NULL) { g_warning ("couldn't get collection identifier: %s", egg_error_message (error)); g_clear_error (&error); continue; } path = gkd_secret_util_build_path (SECRET_COLLECTION_PREFIX, identifier, n_identifier); g_free (identifier); (callback) (self, path, l->data, user_data); g_free (path); } gck_list_unref_free (collections); }
void gkd_secret_objects_foreach_item (GkdSecretObjects *self, const gchar *caller, const gchar *base, GkdSecretObjectsForeach callback, gpointer user_data) { GckBuilder builder = GCK_BUILDER_INIT; GckSession *session; GError *error = NULL; gchar *identifier; GList *items; g_return_if_fail (GKD_SECRET_IS_OBJECTS (self)); g_return_if_fail (base != NULL); g_return_if_fail (callback != NULL); /* The session we're using to access the object */ if (caller == NULL) { session = gkd_secret_service_internal_pkcs11_session (self->service); } else { session = gkd_secret_service_get_pkcs11_session (self->service, caller); } if (!gkd_secret_util_parse_path (base, &identifier, NULL)) g_return_if_reached (); gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY); gck_builder_add_string (&builder, CKA_G_COLLECTION, identifier); items = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); if (error == NULL) { objects_foreach_item (self, items, base, callback, user_data); } else { g_warning ("couldn't lookup items in '%s' collection: %s", identifier, egg_error_message (error)); g_clear_error (&error); } gck_list_unref_free (items); g_free (identifier); }
GckObject* gkd_secret_objects_lookup_item (GkdSecretObjects *self, const gchar *caller, const gchar *path) { GckBuilder builder = GCK_BUILDER_INIT; GckObject *object = NULL; GError *error = NULL; GList *objects; GckSession *session; gchar *collection; gchar *identifier; g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL); g_return_val_if_fail (caller, NULL); g_return_val_if_fail (path, NULL); if (!gkd_secret_util_parse_path (path, &collection, &identifier)) return NULL; /* The session we're using to access the object */ session = gkd_secret_service_get_pkcs11_session (self->service, caller); g_return_val_if_fail (session, NULL); gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY); gck_builder_add_string (&builder, CKA_ID, identifier); gck_builder_add_string (&builder, CKA_G_COLLECTION, collection); objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); g_free (identifier); g_free (collection); if (error != NULL) { g_warning ("couldn't lookup item: %s: %s", path, egg_error_message (error)); g_clear_error (&error); } if (objects) object = g_object_ref (objects->data); gck_list_unref_free (objects); return object; }