gboolean _gck_module_fire_authenticate_object (GckModule *self, GckObject *object, gchar *label, gchar **password) { GckTokenInfo *info; GckSession *session; GckSlot *slot; gboolean ret; g_assert (GCK_IS_MODULE (self)); g_assert (GCK_IS_OBJECT (object)); g_assert (password); session = gck_object_get_session (object); slot = gck_session_get_slot (session); g_object_unref (session); info = gck_slot_get_token_info (slot); g_object_unref (slot); if (info != NULL) { if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) { gck_token_info_free (info); *password = NULL; return TRUE; } gck_token_info_free (info); } g_signal_emit (self, signals[AUTHENTICATE_OBJECT], 0, object, label, password, &ret); return ret; }
static gboolean log_into_pkcs11_session (GckSession *session, GError **error) { GckSessionInfo *sess; GckTokenInfo *info; GckSlot *slot; gboolean login; /* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */ slot = gck_session_get_slot (session); info = gck_slot_get_token_info (slot); login = info && (info->flags & CKF_LOGIN_REQUIRED); gck_token_info_free (info); g_object_unref (slot); if (login) { sess = gck_session_get_info (session); if (sess->state == CKS_RO_USER_FUNCTIONS || sess->state == CKS_RW_USER_FUNCTIONS) login = FALSE; gck_session_info_free (sess); } if (login && !gck_session_login (session, CKU_USER, NULL, 0, NULL, error)) return FALSE; return TRUE; }
gboolean _gck_module_fire_authenticate_slot (GckModule *self, GckSlot *slot, gchar *label, gchar **password) { GckTokenInfo *info; gchar *allocated = NULL; gboolean ret; g_assert (GCK_IS_MODULE (self)); info = gck_slot_get_token_info (slot); if (info != NULL) { /* * We'll have tried to login at least once at this point, * with NULL password. This means that CKF_PROTECTED_AUTHENTICATION_PATH * tokens have had their chance and we don't need to prompt for it. */ if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) return FALSE; if (label == NULL) label = allocated = g_strdup (info->label); gck_token_info_free (info); } g_signal_emit (self, signals[AUTHENTICATE_SLOT], 0, slot, label, password, &ret); g_free (allocated); return ret; }
static gboolean init_pin_for_uninitialized_slots (GList *modules, const gchar *master) { GError *error = NULL; GList *slots, *l; gboolean initialize; GckTokenInfo *info; GckSession *session; g_return_val_if_fail (master, FALSE); slots = gck_modules_get_slots (modules, TRUE); for (l = slots; l; l = g_list_next (l)) { info = gck_slot_get_token_info (l->data); initialize = (info && !(info->flags & CKF_USER_PIN_INITIALIZED)); if (initialize) { session = open_and_login_session (l->data, CKU_SO, NULL); if (session != NULL) { if (!gck_session_init_pin (session, (const guchar*)master, strlen (master), NULL, &error)) { if (!g_error_matches (error, GCK_ERROR, CKR_FUNCTION_NOT_SUPPORTED)) g_warning ("couldn't initialize slot with master password: %s", egg_error_message (error)); g_clear_error (&error); } g_object_unref (session); } } gck_token_info_free (info); } gck_list_unref_free (slots); return TRUE; }
GckSession* gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller) { ServiceClient *client; GError *error = NULL; GckTokenInfo *info; GckSlot *slot; gboolean login; g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL); g_return_val_if_fail (caller, NULL); client = g_hash_table_lookup (self->clients, caller); g_return_val_if_fail (client, NULL); /* Open a new session if necessary */ if (!client->pkcs11_session) { slot = gkd_secret_service_get_pkcs11_slot (self); client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE, CKF_G_APPLICATION_SESSION, &client->app, NULL, NULL, &error); if (!client->pkcs11_session) { g_warning ("couldn't open pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); return NULL; } /* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */ info = gck_slot_get_token_info (slot); login = info && (info->flags & CKF_LOGIN_REQUIRED); gck_token_info_free (info); if (login && !gck_session_login (client->pkcs11_session, CKU_USER, NULL, 0, NULL, &error)) { g_warning ("couldn't log in to pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); g_object_unref (client->pkcs11_session); client->pkcs11_session = NULL; return NULL; } } return client->pkcs11_session; }