static void
fix_login_keyring_if_unlock_failed (GkmWrapPrompt *self, const gchar *password)
{
CK_OBJECT_CLASS klass = CKO_G_CREDENTIAL;
CK_OBJECT_HANDLE cred;
CK_BBOOL tval = CK_TRUE;
CK_ATTRIBUTE attrs[4];
gchar *failed;
CK_RV rv;
failed = gkm_wrap_login_steal_failed_password ();
/* Do we have a failed unlock password? */
if (!failed || !failed[0]) {
egg_secure_strfree (failed);
return;
}
attrs[0].type = CKA_CLASS;
attrs[0].pValue = &klass;
attrs[0].ulValueLen = sizeof (klass);
attrs[1].type = CKA_VALUE;
attrs[1].pValue = failed;
attrs[1].ulValueLen = strlen (failed);
attrs[2].type = CKA_MATE_TRANSIENT;
attrs[2].pValue = &tval;
attrs[2].ulValueLen = sizeof (tval);
attrs[3].type = CKA_TOKEN;
attrs[3].pValue = &tval;
attrs[3].ulValueLen = sizeof (tval);
/* Create a credential object for the failed password */
rv = (self->module->C_CreateObject) (self->session, attrs, G_N_ELEMENTS (attrs), &cred);
egg_secure_strfree (failed);
if (rv != CKR_OK) {
g_warning ("couldn't create credential to fix login password: %s",
gkm_util_rv_to_string (rv));
return;
}
attrs[0].type = CKA_G_CREDENTIAL;
attrs[0].pValue = &cred;
attrs[0].ulValueLen = sizeof (cred);
/* Set the credential on the object */
rv = (self->module->C_SetAttributeValue) (self->session, self->object, attrs, 1);
if (rv != CKR_OK) {
g_warning ("couldn't change credential to fix login keyring password: %s",
gkm_util_rv_to_string (rv));
return;
}
g_message ("fixed login keyring password to match login password");
}
gboolean
gkd_gpg_agent_ops_getpass (GkdGpgAgentCall *call, gchar *args)
{
gchar *id;
gchar *errmsg;
gchar *prompt;
gchar *description;
GckSession *session;
gchar *password;
gchar *encoded;
guint32 flags;
/* We don't answer this unless it's from the right terminal */
if (!call->terminal_ok) {
g_message ("received passphrase request from wrong terminal");
return gkd_gpg_agent_send_reply (call, FALSE, "113 Server Resource Problem");
}
split_arguments (args, &flags, &id, &errmsg, &prompt, &description, NULL);
if (!id || !errmsg || !prompt || !description) {
g_message ("received invalid passphrase request");
return gkd_gpg_agent_send_reply (call, FALSE, "105 parameter error");
}
if (is_null_argument (id))
id = NULL;
if (is_null_argument (errmsg))
errmsg = NULL;
if (is_null_argument (prompt))
prompt = NULL;
if (is_null_argument (description))
description = NULL;
session = gkd_gpg_agent_checkout_main_session ();
g_return_val_if_fail (session, FALSE);
password = do_get_password (session, id, errmsg, prompt, description,
flags & GKD_GPG_AGENT_REPEAT);
gkd_gpg_agent_checkin_main_session (session);
if (password == NULL) {
gkd_gpg_agent_send_reply (call, FALSE, "111 cancelled");
} else if (flags & GKD_GPG_AGENT_PASS_AS_DATA) {
encoded = uri_encode_password (password);
gkd_gpg_agent_send_data (call, encoded);
gkd_gpg_agent_send_reply (call, TRUE, NULL);
egg_secure_strfree (encoded);
} else {
encoded = hex_encode_password (password);
gkd_gpg_agent_send_reply (call, TRUE, encoded);
egg_secure_strfree (encoded);
}
egg_secure_strfree (password);
return TRUE;
}
static void
clear_login_password (void)
{
if(login_password)
egg_secure_strfree (login_password);
login_password = NULL;
}
