gboolean
gkd_secret_lock (GckObject *collection, DBusError *derr)
{
GckBuilder builder = GCK_BUILDER_INIT;
GError *error = NULL;
GList *objects, *l;
GckSession *session;
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_CREDENTIAL);
gck_builder_add_ulong (&builder, CKA_G_OBJECT, gck_object_get_handle (collection));
session = gck_object_get_session (collection);
g_return_val_if_fail (session, FALSE);
objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
g_object_unref (session);
if (error != NULL) {
g_warning ("couldn't search for credential objects: %s", egg_error_message (error));
dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock collection");
g_clear_error (&error);
return FALSE;
}
for (l = objects; l; l = g_list_next (l)) {
if (!gck_object_destroy (l->data, NULL, &error)) {
g_warning ("couldn't destroy credential object: %s", egg_error_message (error));
g_clear_error (&error);
}
}
gck_list_unref_free (objects);
return TRUE;
}
GckObject*
gkd_secret_create_with_credential (GckSession *session, GckAttributes *attrs,
GckObject *cred, GError **error)
{
GckAttributes *atts;
GckAttribute *attr;
GckObject *collection;
gboolean token;
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred));
gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION);
attr = gck_attributes_find (attrs, CKA_LABEL);
if (attr != NULL)
gck_attributes_add (atts, attr);
if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token))
token = FALSE;
gck_attributes_add_boolean (atts, CKA_TOKEN, token);
collection = gck_session_create_object (session, atts, NULL, error);
gck_attributes_unref (atts);
return collection;
}
static GckObject*
create_credential (GckSession *session, GckObject *object,
const gchar *secret, GError **error)
{
GckAttributes *attrs;
GckObject *cred;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
g_return_val_if_fail (!object || GCK_IS_OBJECT (object), NULL);
if (!secret)
secret = "";
attrs = gck_attributes_new ();
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL);
gck_attributes_add_string (attrs, CKA_VALUE, secret);
gck_attributes_add_boolean (attrs, CKA_MATE_TRANSIENT, TRUE);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
if (object)
gck_attributes_add_ulong (attrs, CKA_G_OBJECT,
gck_object_get_handle (object));
cred = gck_session_create_object (session, attrs, NULL, error);
gck_attributes_unref (attrs);
return cred;
}
GckObject*
gkd_secret_create_with_credential (GckSession *session, GckAttributes *attrs,
GckObject *cred, GError **error)
{
GckBuilder builder = GCK_BUILDER_INIT;
const GckAttribute *attr;
gboolean token;
gck_builder_add_ulong (&builder, CKA_G_CREDENTIAL, gck_object_get_handle (cred));
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION);
attr = gck_attributes_find (attrs, CKA_LABEL);
if (attr != NULL)
gck_builder_add_attribute (&builder, attr);
if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token))
token = FALSE;
gck_builder_add_boolean (&builder, CKA_TOKEN, token);
return gck_session_create_object (session, gck_builder_end (&builder), NULL, error);
}
static GckObject*
create_login_keyring (GckSession *session, GckObject *cred, GError **error)
{
GckObject *login;
GckAttributes *atts;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
g_return_val_if_fail (GCK_IS_OBJECT (cred), NULL);
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION);
gck_attributes_add_string (atts, CKA_ID, "login");
gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred));
gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE);
/* TRANSLATORS: This is the display label for the login keyring */
gck_attributes_add_string (atts, CKA_LABEL, _("Login"));
login = gck_session_create_object (session, atts, NULL, error);
gck_attributes_unref (atts);
return login;
}
static gboolean
change_or_create_login (GList *modules, const gchar *original, const gchar *master)
{
GError *error = NULL;
GckSession *session;
GckObject *login = NULL;
GckObject *ocred = NULL;
GckObject *mcred = NULL;
gboolean success = FALSE;
GckAttributes *atts;
g_return_val_if_fail (original, FALSE);
g_return_val_if_fail (master, FALSE);
/* Find the login object */
session = lookup_login_session (modules);
login = lookup_login_keyring (session);
/* Create the new credential we'll be changing to */
mcred = create_credential (session, NULL, master, &error);
if (mcred == NULL) {
g_warning ("couldn't create new login credential: %s", egg_error_message (error));
g_clear_error (&error);
/* Create original credentials */
} else if (login) {
ocred = create_credential (session, login, original, &error);
if (ocred == NULL) {
if (g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) {
g_message ("couldn't change login master password, "
"original password was wrong: %s",
egg_error_message (error));
} else {
g_warning ("couldn't create original login credential: %s",
egg_error_message (error));
}
g_clear_error (&error);
}
}
/* No keyring? try to create */
if (!login && mcred) {
login = create_login_keyring (session, mcred, &error);
if (login == NULL) {
g_warning ("couldn't create login keyring: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
/* Change the master password */
} else if (login && ocred && mcred) {
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (mcred));
if (!gck_object_set (login, atts, NULL, &error)) {
g_warning ("couldn't change login master password: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
gck_attributes_unref (atts);
}
if (ocred) {
gck_object_destroy (ocred, NULL, NULL);
g_object_unref (ocred);
}
if (mcred)
g_object_unref (mcred);
if (login)
g_object_unref (login);
if (session)
g_object_unref (session);
return success;
}
