static gboolean
log_into_pkcs11_session (GckSession *session, GError **error)
{
GckSessionInfo *sess;
GckTokenInfo *info;
GckSlot *slot;
gboolean login;
/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
slot = gck_session_get_slot (session);
info = gck_slot_get_token_info (slot);
login = info && (info->flags & CKF_LOGIN_REQUIRED);
gck_token_info_free (info);
g_object_unref (slot);
if (login) {
sess = gck_session_get_info (session);
if (sess->state == CKS_RO_USER_FUNCTIONS ||
sess->state == CKS_RW_USER_FUNCTIONS)
login = FALSE;
gck_session_info_free (sess);
}
if (login && !gck_session_login (session, CKU_USER, NULL, 0, NULL, error))
return FALSE;
return TRUE;
}
static GckSession*
open_and_login_session (GckSlot *slot, CK_USER_TYPE user_type, GError **error)
{
GckSession *session;
GError *err = NULL;
g_return_val_if_fail (GCK_IS_SLOT (slot), NULL);
if (!error)
error = &err;
session = gck_slot_open_session (slot, GCK_SESSION_READ_WRITE, NULL, error);
if (session != NULL) {
if (!gck_session_login (session, user_type, NULL, 0, NULL, error)) {
if (g_error_matches (*error, GCK_ERROR, CKR_USER_ALREADY_LOGGED_IN)) {
g_clear_error (error);
} else {
g_object_unref (session);
session = NULL;
}
}
}
return session;
}
GckSession*
gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller)
{
ServiceClient *client;
GError *error = NULL;
GckTokenInfo *info;
GckSlot *slot;
gboolean login;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
g_return_val_if_fail (caller, NULL);
client = g_hash_table_lookup (self->clients, caller);
g_return_val_if_fail (client, NULL);
/* Open a new session if necessary */
if (!client->pkcs11_session) {
slot = gkd_secret_service_get_pkcs11_slot (self);
client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
CKF_G_APPLICATION_SESSION, &client->app,
NULL, NULL, &error);
if (!client->pkcs11_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
return NULL;
}
/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
info = gck_slot_get_token_info (slot);
login = info && (info->flags & CKF_LOGIN_REQUIRED);
gck_token_info_free (info);
if (login && !gck_session_login (client->pkcs11_session, CKU_USER, NULL, 0, NULL, &error)) {
g_warning ("couldn't log in to pkcs11 session for secret service: %s",
egg_error_message (error));
g_clear_error (&error);
g_object_unref (client->pkcs11_session);
client->pkcs11_session = NULL;
return NULL;
}
}
return client->pkcs11_session;
}
