static void
on_find_objects(GP11Session *session, GAsyncResult *result, SeahorsePkcs11Refresher *self)
{
GList *objects, *l;
GError *err = NULL;
gulong handle;
g_assert (SEAHORSE_IS_PKCS11_REFRESHER (self));
objects = gp11_session_find_objects_finish (session, result, &err);
if (err != NULL) {
seahorse_pkcs11_mark_complete (SEAHORSE_OPERATION (self), err);
return;
}
/* Remove all objects that were found, from the check table */
for (l = objects; l; l = g_list_next (l)) {
seahorse_pkcs11_source_receive_object (self->source, l->data);
handle = gp11_object_get_handle (l->data);
g_hash_table_remove (self->checks, &handle);
}
/* Remove everything not found from the context */
g_hash_table_foreach_remove (self->checks, remove_each_object, NULL);
seahorse_pkcs11_mark_complete (SEAHORSE_OPERATION (self), NULL);
}
static GP11Object*
create_credential (GP11Session *session, GP11Object *object,
const gchar *secret, GError **error)
{
GP11Attributes *attrs;
GP11Object *cred;
g_return_val_if_fail (GP11_IS_SESSION (session), NULL);
g_return_val_if_fail (!object || GP11_IS_OBJECT (object), NULL);
if (!secret)
secret = "";
attrs = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL,
CKA_VALUE, strlen (secret), secret,
CKA_MATE_TRANSIENT, GP11_BOOLEAN, TRUE,
CKA_TOKEN, GP11_BOOLEAN, TRUE,
GP11_INVALID);
if (object)
gp11_attributes_add_ulong (attrs, CKA_G_OBJECT,
gp11_object_get_handle (object));
cred = gp11_session_create_object_full (session, attrs, NULL, error);
gp11_attributes_unref (attrs);
if (cred != NULL)
gp11_object_set_session (cred, session);
return cred;
}
static GP11Object*
create_login_keyring (GP11Session *session, GP11Object *cred, GError **error)
{
GP11Object *login;
const gchar *label;
g_return_val_if_fail (GP11_IS_SESSION (session), NULL);
g_return_val_if_fail (GP11_IS_OBJECT (cred), NULL);
/* TRANSLATORS: This is the display label for the login keyring */
label = _("Login");
login = gp11_session_create_object (session, error,
CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION,
CKA_ID, (gsize)5, "login",
CKA_LABEL, strlen (label), label,
CKA_G_CREDENTIAL, GP11_ULONG, gp11_object_get_handle (cred),
CKA_TOKEN, GP11_BOOLEAN, TRUE,
GP11_INVALID);
if (login != NULL)
gp11_object_set_session (login, session);
return login;
}
static void
gp11_object_get_property (GObject *obj, guint prop_id, GValue *value,
GParamSpec *pspec)
{
GP11Object *self = GP11_OBJECT (obj);
switch (prop_id) {
case PROP_MODULE:
g_value_take_object (value, gp11_object_get_module (self));
break;
case PROP_SLOT:
g_value_take_object (value, gp11_object_get_slot (self));
break;
case PROP_SESSION:
g_value_take_object (value, gp11_object_get_session (self));
break;
case PROP_HANDLE:
g_value_set_ulong (value, gp11_object_get_handle (self));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
}
}
static gboolean
change_or_create_login (GP11Module *module, const gchar *original, const gchar *master)
{
GError *error = NULL;
GP11Session *session;
GP11Object *login = NULL;
GP11Object *ocred = NULL;
GP11Object *mcred = NULL;
gboolean success = FALSE;
g_return_val_if_fail (GP11_IS_MODULE (module), FALSE);
g_return_val_if_fail (original, FALSE);
g_return_val_if_fail (master, FALSE);
/* Find the login object */
session = lookup_login_session (module);
login = lookup_login_keyring (session);
/* Create the new credential we'll be changing to */
mcred = create_credential (session, NULL, master, &error);
if (mcred == NULL) {
g_warning ("couldn't create new login credential: %s", egg_error_message (error));
g_clear_error (&error);
/* Create original credentials */
} else if (login) {
ocred = create_credential (session, login, original, &error);
if (ocred == NULL) {
if (g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT)) {
g_message ("couldn't change login master password, "
"original password was wrong: %s",
egg_error_message (error));
gkm_wrap_layer_hint_login_unlock_failure ();
} else {
g_warning ("couldn't create original login credential: %s",
egg_error_message (error));
}
g_clear_error (&error);
}
}
/* No keyring? try to create */
if (!login && mcred) {
login = create_login_keyring (session, mcred, &error);
if (login == NULL) {
g_warning ("couldn't create login keyring: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
/* Change the master password */
} else if (login && ocred && mcred) {
if (!gp11_object_set (login, &error,
CKA_G_CREDENTIAL, GP11_ULONG, gp11_object_get_handle (mcred),
GP11_INVALID)) {
g_warning ("couldn't change login master password: %s", egg_error_message (error));
g_clear_error (&error);
} else {
success = TRUE;
}
}
if (ocred) {
gp11_object_destroy (ocred, NULL);
g_object_unref (ocred);
}
if (mcred)
g_object_unref (mcred);
if (login)
g_object_unref (login);
if (session)
g_object_unref (session);
return success;
}
