gboolean gkd_secret_lock (GckObject *collection, DBusError *derr) { GckBuilder builder = GCK_BUILDER_INIT; GError *error = NULL; GList *objects, *l; GckSession *session; gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_CREDENTIAL); gck_builder_add_ulong (&builder, CKA_G_OBJECT, gck_object_get_handle (collection)); session = gck_object_get_session (collection); g_return_val_if_fail (session, FALSE); objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error); g_object_unref (session); if (error != NULL) { g_warning ("couldn't search for credential objects: %s", egg_error_message (error)); dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock collection"); g_clear_error (&error); return FALSE; } for (l = objects; l; l = g_list_next (l)) { if (!gck_object_destroy (l->data, NULL, &error)) { g_warning ("couldn't destroy credential object: %s", egg_error_message (error)); g_clear_error (&error); } } gck_list_unref_free (objects); return TRUE; }
GckObject* gkd_secret_create_with_credential (GckSession *session, GckAttributes *attrs, GckObject *cred, GError **error) { GckAttributes *atts; GckAttribute *attr; GckObject *collection; gboolean token; atts = gck_attributes_new (); gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred)); gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION); attr = gck_attributes_find (attrs, CKA_LABEL); if (attr != NULL) gck_attributes_add (atts, attr); if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token)) token = FALSE; gck_attributes_add_boolean (atts, CKA_TOKEN, token); collection = gck_session_create_object (session, atts, NULL, error); gck_attributes_unref (atts); return collection; }
static GckObject* create_credential (GckSession *session, GckObject *object, const gchar *secret, GError **error) { GckAttributes *attrs; GckObject *cred; g_return_val_if_fail (GCK_IS_SESSION (session), NULL); g_return_val_if_fail (!object || GCK_IS_OBJECT (object), NULL); if (!secret) secret = ""; attrs = gck_attributes_new (); gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL); gck_attributes_add_string (attrs, CKA_VALUE, secret); gck_attributes_add_boolean (attrs, CKA_MATE_TRANSIENT, TRUE); gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); if (object) gck_attributes_add_ulong (attrs, CKA_G_OBJECT, gck_object_get_handle (object)); cred = gck_session_create_object (session, attrs, NULL, error); gck_attributes_unref (attrs); return cred; }
GckObject* gkd_secret_create_with_credential (GckSession *session, GckAttributes *attrs, GckObject *cred, GError **error) { GckBuilder builder = GCK_BUILDER_INIT; const GckAttribute *attr; gboolean token; gck_builder_add_ulong (&builder, CKA_G_CREDENTIAL, gck_object_get_handle (cred)); gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION); attr = gck_attributes_find (attrs, CKA_LABEL); if (attr != NULL) gck_builder_add_attribute (&builder, attr); if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token)) token = FALSE; gck_builder_add_boolean (&builder, CKA_TOKEN, token); return gck_session_create_object (session, gck_builder_end (&builder), NULL, error); }
static GckObject* create_login_keyring (GckSession *session, GckObject *cred, GError **error) { GckObject *login; GckAttributes *atts; g_return_val_if_fail (GCK_IS_SESSION (session), NULL); g_return_val_if_fail (GCK_IS_OBJECT (cred), NULL); atts = gck_attributes_new (); gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION); gck_attributes_add_string (atts, CKA_ID, "login"); gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred)); gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE); /* TRANSLATORS: This is the display label for the login keyring */ gck_attributes_add_string (atts, CKA_LABEL, _("Login")); login = gck_session_create_object (session, atts, NULL, error); gck_attributes_unref (atts); return login; }
static gboolean change_or_create_login (GList *modules, const gchar *original, const gchar *master) { GError *error = NULL; GckSession *session; GckObject *login = NULL; GckObject *ocred = NULL; GckObject *mcred = NULL; gboolean success = FALSE; GckAttributes *atts; g_return_val_if_fail (original, FALSE); g_return_val_if_fail (master, FALSE); /* Find the login object */ session = lookup_login_session (modules); login = lookup_login_keyring (session); /* Create the new credential we'll be changing to */ mcred = create_credential (session, NULL, master, &error); if (mcred == NULL) { g_warning ("couldn't create new login credential: %s", egg_error_message (error)); g_clear_error (&error); /* Create original credentials */ } else if (login) { ocred = create_credential (session, login, original, &error); if (ocred == NULL) { if (g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) { g_message ("couldn't change login master password, " "original password was wrong: %s", egg_error_message (error)); } else { g_warning ("couldn't create original login credential: %s", egg_error_message (error)); } g_clear_error (&error); } } /* No keyring? try to create */ if (!login && mcred) { login = create_login_keyring (session, mcred, &error); if (login == NULL) { g_warning ("couldn't create login keyring: %s", egg_error_message (error)); g_clear_error (&error); } else { success = TRUE; } /* Change the master password */ } else if (login && ocred && mcred) { atts = gck_attributes_new (); gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (mcred)); if (!gck_object_set (login, atts, NULL, &error)) { g_warning ("couldn't change login master password: %s", egg_error_message (error)); g_clear_error (&error); } else { success = TRUE; } gck_attributes_unref (atts); } if (ocred) { gck_object_destroy (ocred, NULL, NULL); g_object_unref (ocred); } if (mcred) g_object_unref (mcred); if (login) g_object_unref (login); if (session) g_object_unref (session); return success; }