static gboolean
unlock_or_create_login (GP11Module *module, const gchar *master)
{
GError *error = NULL;
GP11Session *session;
GP11Object *login;
GP11Object *cred;
g_return_val_if_fail (GP11_IS_MODULE (module), FALSE);
g_return_val_if_fail (master, FALSE);
/* Find the login object */
session = lookup_login_session (module);
login = lookup_login_keyring (session);
/* Create credentials for login object */
cred = create_credential (session, login, master, &error);
/* Failure, bad password? */
if (cred == NULL) {
if (login && g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT))
gkm_wrap_layer_hint_login_unlock_failure ();
else
g_warning ("couldn't create login credential: %s", egg_error_message (error));
g_clear_error (&error);
/* Non login keyring, create it */
} else if (!login) {
login = create_login_keyring (session, cred, &error);
if (login == NULL && error) {
g_warning ("couldn't create login keyring: %s", egg_error_message (error));
g_clear_error (&error);
}
/* The unlock succeeded yay */
} else {
gkm_wrap_layer_hint_login_unlock_success ();
}
if (cred)
g_object_unref (cred);
if (login)
g_object_unref (login);
if (session)
g_object_unref (session);
return cred && login;
}
static gboolean
change_or_create_login (GP11Module *module, const gchar *original, const gchar *master)
{
GError *error = NULL;
GP11Session *session;
GP11Object *login = NULL;
GP11Object *ocred = NULL;
GP11Object *mcred = NULL;
gboolean success = FALSE;
g_return_val_if_fail (GP11_IS_MODULE (module), FALSE);
g_return_val_if_fail (original, FALSE);
g_return_val_if_fail (master, FALSE);
/* Find the login object */
session = lookup_login_session (module);
login = lookup_login_keyring (session);
/* Create the new credential we'll be changing to */
mcred = create_credential (session, NULL, master, &error);
if (mcred == NULL) {
g_warning ("couldn't create new login credential: %s", egg_error_message (error));
g_clear_error (&error);
/* Create original credentials */
} else if (login) {
ocred = create_credential (session, login, original, &error);
if (ocred == NULL) {
if (g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT)) {
g_message ("couldn't change login master password, "
"original password was wrong: %s",
egg_error_message (error));
gkm_wrap_layer_hint_login_unlock_failure ();
} else {
g_warning ("couldn't create original login credential: %s",
egg_error_message (error));
}
g_clear_error (&error);
}
}
/* No keyring? try to create */
if (!login && mcred) {
login = create_login_keyring (session, mcred, &error);
if (login == NULL) {
g_warning ("couldn't create login keyring: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
/* Change the master password */
} else if (login && ocred && mcred) {
if (!gp11_object_set (login, &error,
CKA_G_CREDENTIAL, GP11_ULONG, gp11_object_get_handle (mcred),
GP11_INVALID)) {
g_warning ("couldn't change login master password: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
}
if (ocred) {
gp11_object_destroy (ocred, NULL);
g_object_unref (ocred);
}
if (mcred)
g_object_unref (mcred);
if (login)
g_object_unref (login);
if (session)
g_object_unref (session);
return success;
}
static gboolean
change_or_create_login (GList *modules, const gchar *original, const gchar *master)
{
GError *error = NULL;
GckSession *session;
GckObject *login = NULL;
GckObject *ocred = NULL;
GckObject *mcred = NULL;
gboolean success = FALSE;
GckAttributes *atts;
g_return_val_if_fail (original, FALSE);
g_return_val_if_fail (master, FALSE);
/* Find the login object */
session = lookup_login_session (modules);
login = lookup_login_keyring (session);
/* Create the new credential we'll be changing to */
mcred = create_credential (session, NULL, master, &error);
if (mcred == NULL) {
g_warning ("couldn't create new login credential: %s", egg_error_message (error));
g_clear_error (&error);
/* Create original credentials */
} else if (login) {
ocred = create_credential (session, login, original, &error);
if (ocred == NULL) {
if (g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) {
g_message ("couldn't change login master password, "
"original password was wrong: %s",
egg_error_message (error));
} else {
g_warning ("couldn't create original login credential: %s",
egg_error_message (error));
}
g_clear_error (&error);
}
}
/* No keyring? try to create */
if (!login && mcred) {
login = create_login_keyring (session, mcred, &error);
if (login == NULL) {
g_warning ("couldn't create login keyring: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
/* Change the master password */
} else if (login && ocred && mcred) {
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (mcred));
if (!gck_object_set (login, atts, NULL, &error)) {
g_warning ("couldn't change login master password: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
gck_attributes_unref (atts);
}
if (ocred) {
gck_object_destroy (ocred, NULL, NULL);
g_object_unref (ocred);
}
if (mcred)
g_object_unref (mcred);
if (login)
g_object_unref (login);
if (session)
g_object_unref (session);
return success;
}
