예제 #1
0
gboolean
_gck_module_fire_authenticate_object (GckModule *self, GckObject *object,
                                      gchar *label, gchar **password)
{
	GckTokenInfo *info;
	GckSession *session;
	GckSlot *slot;
	gboolean ret;

	g_assert (GCK_IS_MODULE (self));
	g_assert (GCK_IS_OBJECT (object));
	g_assert (password);

	session = gck_object_get_session (object);
	slot = gck_session_get_slot (session);
	g_object_unref (session);

	info = gck_slot_get_token_info (slot);
	g_object_unref (slot);

	if (info != NULL) {
		if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
			gck_token_info_free (info);
			*password = NULL;
			return TRUE;
		}

		gck_token_info_free (info);
	}

	g_signal_emit (self, signals[AUTHENTICATE_OBJECT], 0, object, label, password, &ret);
	return ret;
}
예제 #2
0
static gboolean
log_into_pkcs11_session (GckSession *session, GError **error)
{
	GckSessionInfo *sess;
	GckTokenInfo *info;
	GckSlot *slot;
	gboolean login;

	/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
	slot = gck_session_get_slot (session);
	info = gck_slot_get_token_info (slot);
	login = info && (info->flags & CKF_LOGIN_REQUIRED);
	gck_token_info_free (info);
	g_object_unref (slot);

	if (login) {
		sess = gck_session_get_info (session);
		if (sess->state == CKS_RO_USER_FUNCTIONS ||
		    sess->state == CKS_RW_USER_FUNCTIONS)
			login = FALSE;
		gck_session_info_free (sess);
	}

	if (login && !gck_session_login (session, CKU_USER, NULL, 0, NULL, error))
		return FALSE;

	return TRUE;
}
예제 #3
0
gboolean
_gck_module_fire_authenticate_slot (GckModule *self, GckSlot *slot, gchar *label, gchar **password)
{
	GckTokenInfo *info;
	gchar *allocated = NULL;
	gboolean ret;

	g_assert (GCK_IS_MODULE (self));

	info = gck_slot_get_token_info (slot);
	if (info != NULL) {

		/*
		 * We'll have tried to login at least once at this point,
		 * with NULL password. This means that CKF_PROTECTED_AUTHENTICATION_PATH
		 * tokens have had their chance and we don't need to prompt for it.
		 */

		if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH)
			return FALSE;

		if (label == NULL)
			label = allocated = g_strdup (info->label);

		gck_token_info_free (info);
	}

	g_signal_emit (self, signals[AUTHENTICATE_SLOT], 0, slot, label, password, &ret);
	g_free (allocated);
	return ret;
}
예제 #4
0
static gboolean
init_pin_for_uninitialized_slots (GList *modules, const gchar *master)
{
	GError *error = NULL;
	GList *slots, *l;
	gboolean initialize;
	GckTokenInfo *info;
	GckSession *session;

	g_return_val_if_fail (master, FALSE);

	slots = gck_modules_get_slots (modules, TRUE);
	for (l = slots; l; l = g_list_next (l)) {
		info = gck_slot_get_token_info (l->data);
		initialize = (info && !(info->flags & CKF_USER_PIN_INITIALIZED));

		if (initialize) {
			session = open_and_login_session (l->data, CKU_SO, NULL);
			if (session != NULL) {
				if (!gck_session_init_pin (session, (const guchar*)master, strlen (master), NULL, &error)) {
					if (!g_error_matches (error, GCK_ERROR, CKR_FUNCTION_NOT_SUPPORTED))
						g_warning ("couldn't initialize slot with master password: %s",
						           egg_error_message (error));
					g_clear_error (&error);
				}
				g_object_unref (session);
			}
		}

		gck_token_info_free (info);
	}
	gck_list_unref_free (slots);
	return TRUE;
}
예제 #5
0
GckSession*
gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller)
{
	ServiceClient *client;
	GError *error = NULL;
	GckTokenInfo *info;
	GckSlot *slot;
	gboolean login;

	g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
	g_return_val_if_fail (caller, NULL);

	client = g_hash_table_lookup (self->clients, caller);
	g_return_val_if_fail (client, NULL);

	/* Open a new session if necessary */
	if (!client->pkcs11_session) {
		slot = gkd_secret_service_get_pkcs11_slot (self);
		client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
		                                                     CKF_G_APPLICATION_SESSION, &client->app,
		                                                     NULL, NULL, &error);
		if (!client->pkcs11_session) {
			g_warning ("couldn't open pkcs11 session for secret service: %s",
			           egg_error_message (error));
			g_clear_error (&error);
			return NULL;
		}

		/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
		info = gck_slot_get_token_info (slot);
		login = info && (info->flags & CKF_LOGIN_REQUIRED);
		gck_token_info_free (info);
		if (login && !gck_session_login (client->pkcs11_session, CKU_USER, NULL, 0, NULL, &error)) {
			g_warning ("couldn't log in to pkcs11 session for secret service: %s",
			           egg_error_message (error));
			g_clear_error (&error);
			g_object_unref (client->pkcs11_session);
			client->pkcs11_session = NULL;
			return NULL;
		}
	}

	return client->pkcs11_session;
}