static void
set_unlock_options_on_prompt (GkmWrapPrompt *self, CK_ATTRIBUTE_PTR options, CK_ULONG n_options)
{
const gchar *choice;
gboolean have_ttl = FALSE;
gboolean bval;
gulong uval;
guint ttl = 0;
g_assert (GKM_WRAP_IS_PROMPT (self));
g_assert (options || !n_options);
if (gkm_attributes_find_boolean (options, n_options, CKA_MATE_TRANSIENT, &bval)) {
choice = bval ? GCR_UNLOCK_OPTION_SESSION : GCR_UNLOCK_OPTION_ALWAYS;
}
if (gkm_attributes_find_ulong (options, n_options, CKA_G_DESTRUCT_IDLE, &uval) && uval) {
choice = GCR_UNLOCK_OPTION_IDLE;
have_ttl = TRUE;
ttl = uval;
}
if (gkm_attributes_find_ulong (options, n_options, CKA_G_DESTRUCT_AFTER, &uval) && uval) {
choice = GCR_UNLOCK_OPTION_TIMEOUT;
have_ttl = TRUE;
ttl = uval;
}
gku_prompt_set_unlock_choice (GKU_PROMPT (self), choice);
if (have_ttl)
gku_prompt_set_unlock_ttl (GKU_PROMPT (self), ttl);
}
static void
gkm_object_real_create_attributes (GkmObject *self, GkmSession *session,
GkmTransaction *transaction, CK_ATTRIBUTE *attrs, CK_ULONG n_attrs)
{
CK_ATTRIBUTE_PTR transient_attr;
gboolean transient = FALSE;
gulong after = 0;
gulong idle = 0;
CK_RV rv;
/* Parse the transient attribute */
transient_attr = gkm_attributes_find (attrs, n_attrs, CKA_MATE_TRANSIENT);
if (transient_attr) {
rv = gkm_attribute_get_bool (transient_attr, &transient);
if (rv != CKR_OK) {
gkm_transaction_fail (transaction, rv);
return;
}
}
/* Parse the auto destruct attribute */
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_DESTRUCT_AFTER, &after))
after = 0;
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_DESTRUCT_IDLE, &idle))
idle = 0;
/* Default for the transient attribute */
if (!transient_attr && (idle || after))
transient = TRUE;
/* Used up these attributes */
gkm_attributes_consume (attrs, n_attrs, CKA_G_DESTRUCT_AFTER,
CKA_G_DESTRUCT_IDLE, CKA_MATE_TRANSIENT, G_MAXULONG);
if (transient) {
mark_object_transient (self);
self->pv->transient->timed_after = after;
self->pv->transient->timed_idle = idle;
}
if (after || idle) {
if (!self->pv->transient) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
return;
}
gkm_transaction_add (transaction, self, start_callback, NULL);
}
}
static void
auto_unlock_remove_object (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
CK_OBJECT_CLASS klass;
gchar *value;
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_CLASS, &klass))
return;
if (klass == CKO_G_COLLECTION) {
auto_unlock_remove_keyring (attrs, n_attrs);
return;
}
value = auto_unlock_object_unique (attrs, n_attrs);
if (value != NULL) {
gkm_wrap_login_remove_secret ("unique", value, NULL);
g_free (value);
}
/* COMPAT: Clear old method of storing secrets for objects in login keyring */
value = auto_unlock_object_digest (attrs, n_attrs);
if (value != NULL) {
gkm_wrap_login_remove_secret ("object-digest", value, NULL);
g_free (value);
}
}
static void
auto_unlock_attach_object (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, const gchar *password)
{
CK_OBJECT_CLASS klass;
gchar *label;
gchar *unique;
if (!password)
return;
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_CLASS, &klass))
return;
if (klass == CKO_G_COLLECTION) {
auto_unlock_attach_keyring (attrs, n_attrs, password);
return;
}
unique = auto_unlock_object_unique (attrs, n_attrs);
if (unique == NULL)
return;
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_LABEL, &label))
label = g_strdup (unique);
gkm_wrap_login_attach_secret (label, password, "unique", unique, NULL);
g_free (unique);
g_free (label);
}
static gchar*
auto_unlock_lookup_object (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
CK_OBJECT_CLASS klass;
gchar *value;
gchar *password;
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_CLASS, &klass))
return NULL;
if (klass == CKO_G_COLLECTION)
return auto_unlock_lookup_keyring (attrs, n_attrs);
value = auto_unlock_object_unique (attrs, n_attrs);
if (value != NULL) {
password = gkm_wrap_login_lookup_secret ("unique", value, NULL);
g_free (value);
if (password)
return password;
}
/* COMPAT: Check old method of storing secrets for objects in login keyring */
value = auto_unlock_object_digest (attrs, n_attrs);
if (value != NULL) {
password = gkm_wrap_login_lookup_secret ("object-digest", value, NULL);
g_free (value);
if (password)
return password;
}
return NULL;
}
static GkmObject*
factory_create_credential (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
CK_OBJECT_HANDLE handle;
GkmCredential *cred;
CK_ATTRIBUTE *attr;
GkmManager *manager;
GkmModule *module;
GkmObject *object = NULL;
CK_RV rv;
g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL);
g_return_val_if_fail (attrs || !n_attrs, NULL);
/* The handle is optional */
if (gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_OBJECT, &handle)) {
rv = gkm_session_lookup_readable_object (session, handle, &object);
if (rv != CKR_OK) {
gkm_transaction_fail (transaction, rv);
return NULL;
}
} else {
object = NULL;
}
/* The value is optional */
attr = gkm_attributes_find (attrs, n_attrs, CKA_VALUE);
gkm_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_G_OBJECT, G_MAXULONG);
module = gkm_session_get_module (session);
manager = gkm_manager_for_template (attrs, n_attrs, session);
rv = gkm_credential_create (module, manager, object,
attr ? attr->pValue : NULL,
attr ? attr->ulValueLen : 0, &cred);
if (rv == CKR_OK) {
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (cred),
TRUE, attrs, n_attrs);
return GKM_OBJECT (cred);
} else {
gkm_transaction_fail (transaction, rv);
return NULL;
}
}
static void
prepare_unlock_prompt (GkmWrapPrompt *self, CK_ATTRIBUTE_PTR attrs,
CK_ULONG n_attrs, gboolean first)
{
CK_ATTRIBUTE_PTR attr;
GkuPrompt *prompt;
const gchar *label = NULL;
CK_OBJECT_CLASS klass;
g_assert (GKM_WRAP_IS_PROMPT (self));
prompt = GKU_PROMPT (self);
/* Hard reset on first prompt, soft on later */
gku_prompt_reset (GKU_PROMPT (prompt), first);
/* Load up the object class */
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_CLASS, &klass))
klass = (CK_ULONG)-1;
/* Load up its label */
attr = gkm_attributes_find (attrs, n_attrs, CKA_LABEL);
if (attr != NULL)
label = attr->pValue;
/* Load up the identifier */
attr = gkm_attributes_find (attrs, n_attrs, CKA_ID);
if (attr != NULL && !label)
label = attr->pValue;
if (!label)
label = _("Unnamed");
if (klass == CKO_G_COLLECTION) {
if (is_login_keyring (attrs, n_attrs))
prepare_unlock_keyring_login (self);
else
prepare_unlock_keyring_other (self, label);
} else {
prepare_unlock_object (self, label, klass);
}
if (!first)
gku_prompt_set_warning (GKU_PROMPT (self), _("The unlock password was incorrect"));
}
static void
setup_unlock_prompt (GkmWrapPrompt *self,
CK_ATTRIBUTE_PTR attrs,
CK_ULONG n_attrs,
gboolean first)
{
CK_ATTRIBUTE_PTR attr;
GcrPrompt *prompt;
const gchar *label = NULL;
CK_OBJECT_CLASS klass;
g_assert (GKM_IS_WRAP_PROMPT (self));
prompt = GCR_PROMPT (self);
/* Load up the object class */
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_CLASS, &klass))
klass = (CK_ULONG)-1;
/* Load up its label */
attr = gkm_attributes_find (attrs, n_attrs, CKA_LABEL);
if (attr != NULL)
label = attr->pValue;
/* Load up the identifier */
attr = gkm_attributes_find (attrs, n_attrs, CKA_ID);
if (attr != NULL && !label)
label = attr->pValue;
if (!label)
label = _("Unnamed");
if (klass == CKO_G_COLLECTION) {
if (is_login_keyring (attrs, n_attrs))
setup_unlock_keyring_login (self);
else
setup_unlock_keyring_other (self, label);
} else {
setup_unlock_object (self, label, klass);
}
if (!first)
gcr_prompt_set_warning (prompt, _("The unlock password was incorrect"));
gcr_prompt_set_continue_label (prompt, _("Unlock"));
}
static GkmObject*
factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmAssertion *assertion;
CK_X_ASSERTION_TYPE type;
GkmManager *manager;
gboolean created = FALSE;
GkmXdgTrust *trust;
gchar *purpose;
gchar *peer;
g_return_val_if_fail (attrs || !n_attrs, NULL);
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_X_ASSERTION_TYPE, &type)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PURPOSE, &purpose)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PEER, &peer))
peer = NULL;
/* Try to find or create an appropriate trust object for this assertion */
manager = gkm_manager_for_template (attrs, n_attrs, session);
trust = lookup_or_create_trust_object (session, manager, transaction,
type, attrs, n_attrs, &created);
/* Creating the trust object failed */
if (trust == NULL) {
g_return_val_if_fail (gkm_transaction_get_failed (transaction), NULL);
g_free (purpose);
g_free (peer);
return NULL;
}
assertion = g_object_new (GKM_XDG_TYPE_ASSERTION,
"module", gkm_session_get_module (session),
"manager", manager,
"trust", trust,
"type", type,
"purpose", purpose,
"peer", peer,
NULL);
g_free (purpose);
g_free (peer);
/* Add the assertion to the trust object */
if (!gkm_transaction_get_failed (transaction)) {
gkm_xdg_trust_replace_assertion (trust, GKM_ASSERTION (assertion), transaction);
if (gkm_transaction_get_failed (transaction)) {
gkm_transaction_fail (transaction, CKR_GENERAL_ERROR);
/* A new trust assertion */
} else {
gkm_attributes_consume (attrs, n_attrs, CKA_X_ASSERTION_TYPE, CKA_X_PURPOSE, G_MAXULONG);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (assertion),
TRUE, attrs, n_attrs);
}
}
g_object_unref (trust);
return GKM_OBJECT (assertion);
}