gnome-keyring r1431 - in trunk: . gp11 gp11/tests
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1431 - in trunk: . gp11 gp11/tests
- Date: Mon, 5 Jan 2009 03:59:24 +0000 (UTC)
Author: nnielsen
Date: Mon Jan 5 03:59:24 2009
New Revision: 1431
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1431&view=rev
Log:
* gp11/gp11.h:
* gp11/gp11-call.c:
* gp11/gp11-module.c:
* gp11/gp11-private.h:
* gp11/gp11-session.c:
* gp11/gp11-slot.c:
* gp11/tests/unit-test-gp11-crypto.c:
* gp11/tests/unit-test-gp11-module.c:
* gp11/tests/unit-test-gp11-session.c: Add gp11_module_enumerate_objects
set of functions which enumerates all objects of a given type on a token.
Move 'auto-authenticate' and session pool to the module level.
Modified:
trunk/ChangeLog
trunk/gp11/gp11-call.c
trunk/gp11/gp11-module.c
trunk/gp11/gp11-private.h
trunk/gp11/gp11-session.c
trunk/gp11/gp11-slot.c
trunk/gp11/gp11.h
trunk/gp11/tests/unit-test-gp11-crypto.c
trunk/gp11/tests/unit-test-gp11-module.c
trunk/gp11/tests/unit-test-gp11-session.c
Modified: trunk/gp11/gp11-call.c
==============================================================================
--- trunk/gp11/gp11-call.c (original)
+++ trunk/gp11/gp11-call.c Mon Jan 5 03:59:24 2009
@@ -393,7 +393,7 @@
g_assert (GP11_IS_MODULE (module));
/* We now hold a reference to module until below */
- args->pkcs11 = gp11_module_get_function_list (module);
+ args->pkcs11 = gp11_module_get_functions (module);
g_assert (args->pkcs11);
do {
@@ -460,7 +460,7 @@
g_object_get (object, "module", &call->module, "handle", &call->args->handle, NULL);
g_assert (GP11_IS_MODULE (call->module));
- call->args->pkcs11 = gp11_module_get_function_list (call->module);
+ call->args->pkcs11 = gp11_module_get_functions (call->module);
/* We now hold a reference on module until finalize */
}
Modified: trunk/gp11/gp11-module.c
==============================================================================
--- trunk/gp11/gp11-module.c (original)
+++ trunk/gp11/gp11-module.c Mon Jan 5 03:59:24 2009
@@ -24,6 +24,8 @@
#include "config.h"
#include "gp11.h"
+#include "gp11-private.h"
+#include "gp11-marshal.h"
#include <string.h>
@@ -38,20 +40,32 @@
enum {
PROP_0,
PROP_PATH,
- PROP_FUNCTION_LIST
+ PROP_FUNCTIONS,
+ PROP_POOL_SESSIONS,
+ PROP_AUTO_AUTHENTICATE
+};
+
+enum {
+ AUTHENTICATE_SLOT,
+ AUTHENTICATE_OBJECT,
+ LAST_SIGNAL
};
typedef struct _GP11ModuleData {
GModule *module;
gchar *path;
- gint finalized;
+ gboolean initialized;
CK_FUNCTION_LIST_PTR funcs;
CK_C_INITIALIZE_ARGS init_args;
} GP11ModuleData;
typedef struct _GP11ModulePrivate {
GP11ModuleData data;
- /* Add future mutex and non-MT-safe data here */
+ GStaticMutex mutex;
+ gboolean finalized;
+ GHashTable *open_sessions;
+ gboolean auto_authenticate;
+ GP11TokenInfo *token_info;
} GP11ModulePrivate;
#define GP11_MODULE_GET_DATA(o) \
@@ -59,10 +73,37 @@
G_DEFINE_TYPE (GP11Module, gp11_module, G_TYPE_OBJECT);
+static guint signals[LAST_SIGNAL] = { 0 };
+
+typedef struct _SessionPool {
+ CK_SLOT_ID slot;
+ CK_FUNCTION_LIST_PTR funcs;
+ GArray *ro_sessions; /* array of CK_SESSION_HANDLE */
+ GArray *rw_sessions; /* array of CK_SESSION_HANDLE */
+} SessionPool;
+
/* ----------------------------------------------------------------------------
* HELPERS
*/
+static guint
+ulong_hash (gconstpointer v)
+{
+ const signed char *p = v;
+ guint32 i, h = *p;
+
+ for(i = 0; i < sizeof (gulong); ++i)
+ h = (h << 5) - h + *(p++);
+
+ return h;
+}
+
+static gboolean
+ulong_equal (gconstpointer v1, gconstpointer v2)
+{
+ return *((const gulong*)v1) == *((const gulong*)v2);
+}
+
static CK_RV
create_mutex (void **mutex)
{
@@ -106,14 +147,296 @@
return CKR_OK;
}
+static void
+close_session (CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE handle)
+{
+ CK_RV rv;
+
+ g_return_if_fail (funcs);
+
+ rv = (funcs->C_CloseSession) (handle);
+ if (rv != CKR_OK) {
+ g_warning ("couldn't close session properly: %s",
+ gp11_message_from_rv (rv));
+ }
+}
+
+/* ----------------------------------------------------------------------------
+ * INTERNAL
+ */
+
+static GP11ModulePrivate*
+lock_private (gpointer obj)
+{
+ GP11ModulePrivate *pv;
+ GP11Module *self;
+
+ g_assert (GP11_IS_MODULE (obj));
+ self = GP11_MODULE (obj);
+
+ g_object_ref (self);
+
+ pv = G_TYPE_INSTANCE_GET_PRIVATE (self, GP11_TYPE_MODULE, GP11ModulePrivate);
+ g_static_mutex_lock (&pv->mutex);
+
+ return pv;
+}
+
+static void
+unlock_private (gpointer obj, GP11ModulePrivate *pv)
+{
+ GP11Module *self;
+
+ g_assert (pv);
+ g_assert (GP11_IS_MODULE (obj));
+
+ self = GP11_MODULE (obj);
+
+ g_assert (G_TYPE_INSTANCE_GET_PRIVATE (self, GP11_TYPE_MODULE, GP11ModulePrivate) == pv);
+
+ g_static_mutex_unlock (&pv->mutex);
+ g_object_unref (self);
+}
+
+static void
+free_session_pool (gpointer p)
+{
+ SessionPool *pool = p;
+ guint i;
+
+ if (pool->ro_sessions) {
+ for(i = 0; i < pool->ro_sessions->len; ++i)
+ close_session (pool->funcs, g_array_index (pool->ro_sessions, CK_SESSION_HANDLE, i));
+ g_array_free (pool->ro_sessions, TRUE);
+ }
+
+ if (pool->rw_sessions) {
+ for(i = 0; i < pool->rw_sessions->len; ++i)
+ close_session (pool->funcs, g_array_index (pool->rw_sessions, CK_SESSION_HANDLE, i));
+ g_array_free (pool->rw_sessions, TRUE);
+ }
+
+ g_free (pool);
+}
+
+static gboolean
+push_session_table (GP11ModulePrivate *pv, CK_SLOT_ID slot, gulong flags, CK_SESSION_HANDLE handle)
+{
+ SessionPool *pool;
+ GArray *array;
+
+ g_assert (handle);
+
+ if (pv->open_sessions == NULL)
+ return FALSE;
+
+ pool = g_hash_table_lookup (pv->open_sessions, &slot);
+ if (!pool) {
+ pool = g_new0 (SessionPool, 1);
+ pool->funcs = pv->data.funcs;
+ g_hash_table_insert (pv->open_sessions, g_memdup (&slot, sizeof (slot)), pool);
+ }
+
+ if (flags & CKF_RW_SESSION) {
+ if (!pool->rw_sessions)
+ pool->rw_sessions = g_array_new (FALSE, TRUE, sizeof (CK_SESSION_HANDLE));
+ array = pool->rw_sessions;
+ } else {
+ if (!pool->ro_sessions)
+ pool->ro_sessions = g_array_new (FALSE, TRUE, sizeof (CK_SESSION_HANDLE));
+ array = pool->ro_sessions;
+ }
+
+ g_array_append_val (array, handle);
+ return TRUE;
+}
+
+static CK_SESSION_HANDLE
+pop_session_table (GP11ModulePrivate *pv, CK_SLOT_ID slot, gulong flags)
+{
+ CK_SESSION_HANDLE result = 0;
+ SessionPool *pool;
+ GArray **array;
+
+ g_return_val_if_fail (pv, 0);
+
+ if (!pv->open_sessions)
+ return 0;
+
+ pool = g_hash_table_lookup (pv->open_sessions, &slot);
+ if (pool == NULL)
+ return 0;
+
+ if (flags & CKF_RW_SESSION)
+ array = &pool->rw_sessions;
+ else
+ array = &pool->ro_sessions;
+
+ if (*array == NULL)
+ return 0;
+
+ g_assert ((*array)->len > 0);
+ result = g_array_index (*array, CK_SESSION_HANDLE, (*array)->len - 1);
+ g_assert (result != 0);
+ g_array_remove_index_fast (*array, (*array)->len - 1);
+
+ if (!(*array)->len) {
+ g_array_free (*array, TRUE);
+ *array = NULL;
+ if (!pool->rw_sessions && !pool->ro_sessions)
+ g_hash_table_remove (pv->open_sessions, &slot);
+ }
+
+ return result;
+}
+
+static void
+destroy_session_table (GP11ModulePrivate *pv)
+{
+ if (pv->open_sessions)
+ g_hash_table_unref (pv->open_sessions);
+ pv->open_sessions = NULL;
+}
+
+static void
+create_session_table (GP11ModulePrivate *pv)
+{
+ if (!pv->open_sessions)
+ pv->open_sessions = g_hash_table_new_full (ulong_hash, ulong_equal, g_free, free_session_pool);
+}
+
+CK_SESSION_HANDLE
+_gp11_module_pooled_session_handle (GP11Module *self, CK_SLOT_ID slot, gulong flags)
+{
+ GP11ModulePrivate *pv = lock_private (self);
+ CK_SESSION_HANDLE handle;
+
+ g_return_val_if_fail (GP11_IS_MODULE (self), 0);
+
+ {
+ handle = pop_session_table (pv, slot, flags);
+ }
+
+ unlock_private (self, pv);
+
+ return handle;
+}
+
+gboolean
+_gp11_module_pool_session_handle (GP11Session *session, CK_SESSION_HANDLE handle, GP11Module *self)
+{
+ GP11ModuleData *data = GP11_MODULE_GET_DATA (self);
+ GP11ModulePrivate *pv;
+ CK_SESSION_INFO info;
+ gboolean handled = FALSE;
+ CK_RV rv;
+
+ g_return_val_if_fail (GP11_IS_SESSION (session), FALSE);
+ g_return_val_if_fail (GP11_IS_MODULE (self), FALSE);
+
+ /* Get the session info so we know where to categorize this */
+ rv = (data->funcs->C_GetSessionInfo) (handle, &info);
+
+ if (rv == CKR_OK) {
+
+ pv = lock_private (self);
+
+ {
+ /* Keep this one around for later use */
+ handled = push_session_table (pv, info.slotID, info.flags, handle);
+ }
+
+ unlock_private (self, pv);
+
+ } else {
+
+ /* An already closed session, we don't want to bother with */
+ if (rv == CKR_SESSION_CLOSED || rv == CKR_SESSION_HANDLE_INVALID)
+ handled = TRUE;
+ }
+
+ return handled;
+}
+
+gboolean
+_gp11_module_fire_authenticate_slot (GP11Module *self, GP11Slot *slot, gchar *label, gchar **password)
+{
+ GP11TokenInfo *info;
+ gchar *allocated = NULL;
+ gboolean ret;
+
+ g_assert (GP11_IS_MODULE (self));
+
+ info = gp11_slot_get_token_info (slot);
+ if (info != NULL) {
+ if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
+ gp11_token_info_free (info);
+ *password = NULL;
+ return TRUE;
+ }
+
+ if (label == NULL)
+ label = allocated = g_strdup (info->label);
+
+ gp11_token_info_free (info);
+ }
+
+ g_signal_emit (self, signals[AUTHENTICATE_SLOT], 0, slot, label, password, &ret);
+ g_free (allocated);
+ return ret;
+}
+
+gboolean
+_gp11_module_fire_authenticate_object (GP11Module *self, GP11Object *object,
+ gchar *label, gchar **password)
+{
+ GP11TokenInfo *info;
+ GP11Slot *slot;
+ gboolean ret;
+
+ g_assert (GP11_IS_MODULE (self));
+ g_assert (GP11_IS_OBJECT (object));
+ g_assert (password);
+
+ slot = gp11_object_get_slot (object);
+ info = gp11_slot_get_token_info (slot);
+ g_object_unref (slot);
+
+ if (info != NULL) {
+ if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
+ gp11_token_info_free (info);
+ *password = NULL;
+ return TRUE;
+ }
+
+ gp11_token_info_free (info);
+ }
+
+ g_signal_emit (self, signals[AUTHENTICATE_OBJECT], 0, object, label, password, &ret);
+ return ret;
+}
+
/* ----------------------------------------------------------------------------
* OBJECT
*/
+static gboolean
+gp11_module_real_authenticate_slot (GP11Module *module, GP11Slot *self, gchar *label, gchar **password)
+{
+ return FALSE;
+}
+
+static gboolean
+gp11_module_real_authenticate_object (GP11Module *module, GP11Object *object, gchar *label, gchar **password)
+{
+ return FALSE;
+}
+
static void
gp11_module_init (GP11Module *self)
{
-
+ GP11ModulePrivate *pv = G_TYPE_INSTANCE_GET_PRIVATE (self, GP11_TYPE_MODULE, GP11ModulePrivate);
+ g_static_mutex_init (&pv->mutex);
}
static void
@@ -126,8 +449,14 @@
case PROP_PATH:
g_value_set_string (value, gp11_module_get_path (self));
break;
- case PROP_FUNCTION_LIST:
- g_value_set_pointer (value, gp11_module_get_function_list (self));
+ case PROP_FUNCTIONS:
+ g_value_set_pointer (value, gp11_module_get_functions (self));
+ break;
+ case PROP_AUTO_AUTHENTICATE:
+ g_value_set_boolean (value, gp11_module_get_auto_authenticate (self));
+ break;
+ case PROP_POOL_SESSIONS:
+ g_value_set_boolean (value, gp11_module_get_pool_sessions (self));
break;
}
}
@@ -136,6 +465,7 @@
gp11_module_set_property (GObject *obj, guint prop_id, const GValue *value,
GParamSpec *pspec)
{
+ GP11Module *self = GP11_MODULE (obj);
GP11ModuleData *data = GP11_MODULE_GET_DATA (obj);
/* Only allowed during initialization */
@@ -144,6 +474,16 @@
g_return_if_fail (!data->path);
data->path = g_value_dup_string (value);
break;
+ case PROP_FUNCTIONS:
+ g_return_if_fail (!data->funcs);
+ data->funcs = g_value_get_pointer (value);
+ break;
+ case PROP_AUTO_AUTHENTICATE:
+ gp11_module_set_auto_authenticate (self, g_value_get_boolean (value));
+ break;
+ case PROP_POOL_SESSIONS:
+ gp11_module_set_pool_sessions (self, g_value_get_boolean (value));
+ break;
}
}
@@ -151,12 +491,23 @@
gp11_module_dispose (GObject *obj)
{
GP11ModuleData *data = GP11_MODULE_GET_DATA (obj);
- gint finalized = g_atomic_int_get (&data->finalized);
+ GP11ModulePrivate *pv = lock_private (obj);
+ gboolean finalize = FALSE;
CK_RV rv;
+
+ {
+ destroy_session_table (pv);
+
+ if (!pv->finalized && data->initialized && data->funcs) {
+ finalize = TRUE;
+ pv->finalized = TRUE;
+ }
+ }
+
+ unlock_private (obj, pv);
/* Must be careful when accessing funcs */
- if (data->funcs && !finalized &&
- g_atomic_int_compare_and_exchange (&data->finalized, finalized, 1)) {
+ if (finalize) {
rv = (data->funcs->C_Finalize) (NULL);
if (rv != CKR_OK) {
g_warning ("C_Finalize on module '%s' failed: %s",
@@ -170,8 +521,11 @@
static void
gp11_module_finalize (GObject *obj)
{
+ GP11ModulePrivate *pv = G_TYPE_INSTANCE_GET_PRIVATE (obj, GP11_TYPE_MODULE, GP11ModulePrivate);
GP11ModuleData *data = GP11_MODULE_GET_DATA (obj);
+ g_assert (!pv->open_sessions);
+
data->funcs = NULL;
if (data->module) {
@@ -180,10 +534,12 @@
g_module_error ());
data->module = NULL;
}
-
+
g_free (data->path);
data->path = NULL;
+ g_static_mutex_free (&pv->mutex);
+
G_OBJECT_CLASS (gp11_module_parent_class)->finalize (obj);
}
@@ -199,13 +555,34 @@
gobject_class->dispose = gp11_module_dispose;
gobject_class->finalize = gp11_module_finalize;
+ klass->authenticate_object = gp11_module_real_authenticate_object;
+ klass->authenticate_slot = gp11_module_real_authenticate_slot;
+
g_object_class_install_property (gobject_class, PROP_PATH,
g_param_spec_string ("path", "Module Path", "Path to the PKCS11 Module",
NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
- g_object_class_install_property (gobject_class, PROP_FUNCTION_LIST,
- g_param_spec_pointer ("function-list", "Function List", "PKCS11 Function List",
- G_PARAM_READABLE));
+ g_object_class_install_property (gobject_class, PROP_FUNCTIONS,
+ g_param_spec_pointer ("functions", "Function List", "PKCS11 Function List",
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+
+ g_object_class_install_property (gobject_class, PROP_AUTO_AUTHENTICATE,
+ g_param_spec_boolean ("auto-authenticate", "Auto Authenticate", "Auto Login to Token when necessary",
+ FALSE, G_PARAM_READWRITE));
+
+ g_object_class_install_property (gobject_class, PROP_POOL_SESSIONS,
+ g_param_spec_boolean ("pool-sessions", "Pool Sessions", "Pool sessions?",
+ FALSE, G_PARAM_READWRITE));
+
+ signals[AUTHENTICATE_SLOT] = g_signal_new ("authenticate-slot", GP11_TYPE_MODULE,
+ G_SIGNAL_RUN_LAST, G_STRUCT_OFFSET (GP11ModuleClass, authenticate_slot),
+ g_signal_accumulator_true_handled, NULL, _gp11_marshal_BOOLEAN__OBJECT_STRING_POINTER,
+ G_TYPE_BOOLEAN, 3, GP11_TYPE_SLOT, G_TYPE_STRING, G_TYPE_POINTER);
+
+ signals[AUTHENTICATE_OBJECT] = g_signal_new ("authenticate-object", GP11_TYPE_MODULE,
+ G_SIGNAL_RUN_LAST, G_STRUCT_OFFSET (GP11ModuleClass, authenticate_object),
+ g_signal_accumulator_true_handled, NULL, _gp11_marshal_BOOLEAN__OBJECT_STRING_POINTER,
+ G_TYPE_BOOLEAN, 3, GP11_TYPE_OBJECT, G_TYPE_STRING, G_TYPE_POINTER);
g_type_class_add_private (gobject_class, sizeof (GP11ModulePrivate));
}
@@ -278,44 +655,9 @@
return NULL;
}
- mod = gp11_module_initialize_with_functions (funcs, reserved, err);
- if (mod == NULL) {
- g_module_close (module);
- return NULL;
- }
-
+ mod = g_object_new (GP11_TYPE_MODULE, "functions", funcs, "path", path, NULL);
data = GP11_MODULE_GET_DATA (mod);
- data->path = g_strdup (path);
data->module = module;
-
- return mod;
-}
-
-/**
- * gp11_module_initialize_with_functions:
- * @funcs: Initialized PKCS#11 function list pointer
- * @reserved: Extra arguments for the PKCS#11 module, should usually be NULL.
- * @err: A location to store an error resulting from a failed load.
- *
- * Initialize a PKCS#11 module represented by a GP11Module object.
- *
- * Return value: The loaded PKCS#11 module or NULL if failed.
- **/
-GP11Module*
-gp11_module_initialize_with_functions (CK_FUNCTION_LIST_PTR funcs, gpointer reserved,
- GError **err)
-{
- GP11ModuleData *data;
- GP11Module *mod;
- CK_RV rv;
-
- g_return_val_if_fail (funcs, NULL);
- g_return_val_if_fail (!err || !*err, NULL);
-
- mod = g_object_new (GP11_TYPE_MODULE, NULL);
- data = GP11_MODULE_GET_DATA (mod);
-
- data->funcs = funcs;
memset (&data->init_args, 0, sizeof (data->init_args));
data->init_args.flags = CKF_OS_LOCKING_OK;
@@ -333,11 +675,30 @@
g_object_unref (mod);
return NULL;
}
-
+
+ data->initialized = TRUE;
return mod;
}
/**
+ * gp11_module_new:
+ * @funcs: Initialized PKCS#11 function list pointer
+ * @reserved: Extra arguments for the PKCS#11 module, should usually be NULL.
+ * @err: A location to store an error resulting from a failed load.
+ *
+ * Create a GP11Module representing a PKCS#11 module. It is assumed that
+ * this the module is already initialized. In addition it will not be
+ * finalized when complete.
+ *
+ * Return value: The new PKCS#11 module.
+ **/
+GP11Module*
+gp11_module_new (CK_FUNCTION_LIST_PTR funcs)
+{
+ return g_object_new (GP11_TYPE_MODULE, "functions", funcs, NULL);
+}
+
+/**
* gp11_module_get_info:
* @self: The module to get info for.
*
@@ -444,7 +805,7 @@
}
/**
- * gp11_module_get_function_list:
+ * gp11_module_get_functions:
* @self: The module for which to get the function list.
*
* Get the PKCS#11 function list for the module.
@@ -452,9 +813,239 @@
* Return value: The function list, do not modify this structure.
**/
CK_FUNCTION_LIST_PTR
-gp11_module_get_function_list (GP11Module *self)
+gp11_module_get_functions (GP11Module *self)
{
GP11ModuleData *data = GP11_MODULE_GET_DATA (self);
g_return_val_if_fail (GP11_IS_MODULE (self), NULL);
return data->funcs;
}
+
+
+/**
+ * gp11_module_get_pool_sessions:
+ * @self: The module to get setting from.
+ *
+ * Get the reuse sessions setting. When this is set, sessions
+ * will be pooled and reused if their flags match when
+ * gp11_slot_open_session() is called.
+ *
+ * Return value: Whether reusing sessions or not.
+ **/
+gboolean
+gp11_module_get_pool_sessions (GP11Module *self)
+{
+ GP11ModulePrivate *pv = lock_private (self);
+ gboolean ret;
+
+ g_return_val_if_fail (pv, FALSE);
+
+ {
+ ret = pv->open_sessions != NULL;
+ }
+
+ unlock_private (self, pv);
+
+ return ret;
+}
+
+/**
+ * gp11_module_set_pool_sessions:
+ * @self: The module to set the setting on.
+ * @reuse: Whether to reuse sessions or not.
+ *
+ * When this is set, sessions will be pooled and reused
+ * if their flags match when gp11_slot_open_session() is called.
+ **/
+void
+gp11_module_set_pool_sessions (GP11Module *self, gboolean pool)
+{
+ GP11ModulePrivate *pv = lock_private (self);
+
+ g_return_if_fail (pv);
+
+ {
+ if (pool)
+ create_session_table (pv);
+ else
+ destroy_session_table (pv);
+ }
+
+ unlock_private (self, pv);
+ g_object_notify (G_OBJECT (self), "pool-sessions");
+}
+
+/**
+ * gp11_module_get_auto_authenticate:
+ * @self: The module to get setting from.
+ *
+ * Get the auto login setting. When this is set, this slot
+ * will emit the 'authenticate-slot' signal when a session
+ * requires authentication, and the 'authenticate-object'
+ * signal when an object requires authintication.
+ *
+ * Return value: Whether auto login or not.
+ **/
+gboolean
+gp11_module_get_auto_authenticate (GP11Module *self)
+{
+ GP11ModulePrivate *pv = lock_private (self);
+ gboolean ret;
+
+ g_return_val_if_fail (pv, FALSE);
+
+ {
+ ret = pv->auto_authenticate;
+ }
+
+ unlock_private (self, pv);
+
+ return ret;
+}
+
+/**
+ * gp11_module_set_auto_authenticate:
+ * @self: The module to set the setting on.
+ * @auto_login: Whether auto login or not.
+ *
+ * When this is set, this slot
+ * will emit the 'authenticate-slot' signal when a session
+ * requires authentication, and the 'authenticate-object'
+ * signal when an object requires authintication.
+ **/
+void
+gp11_module_set_auto_authenticate (GP11Module *self, gboolean auto_login)
+{
+ GP11ModulePrivate *pv = lock_private (self);
+
+ g_return_if_fail (pv);
+
+ {
+ pv->auto_authenticate = auto_login;
+ }
+
+ unlock_private (self, pv);
+ g_object_notify (G_OBJECT (self), "auto-authenticate");
+}
+
+/**
+ * gp11_module_enumerate_objects:
+ * @self: The module to enumerate objects.
+ * @attrs: Attributes that the objects must have, or empty for all objects.
+ * @func: Function to call for each object.
+ * @user_data: Data to pass to the function.
+ *
+ * Call a function for every matching object on the module. This call may
+ * block for an indefinite period.
+ *
+ * The arguments must be triples of: attribute type, data type, value
+ *
+ * <para>The variable argument list should contain:
+ * <variablelist>
+ * <varlistentry>
+ * <term>a)</term>
+ * <listitem><para>The gulong attribute type (ie: CKA_LABEL). </para></listitem>
+ * </varlistentry>
+ * <varlistentry>
+ * <term>b)</term>
+ * <listitem><para>The attribute data type (one of GP11_BOOLEAN, GP11_ULONG,
+ * GP11_STRING, GP11_DATE) orthe raw attribute value length.</para></listitem>
+ * </varlistentry>
+ * <varlistentry>
+ * <term>c)</term>
+ * <listitem><para>The attribute value, either a gboolean, gulong, gchar*, GDate* or
+ * a pointer to a raw attribute value.</para></listitem>
+ * </varlistentry>
+ * </variablelist>
+ * The variable argument list should be terminated with GP11_INVALID.</para>
+ *
+ * This function will open a session per slot. It's recommended that you
+ * set the 'reuse-sessions' property on each slot if you'll be calling
+ * it a lot.
+ *
+ * You can access the session in which the object was found, by using the
+ * gp11_object_get_session() function on the resulting objects.
+ *
+ * The function can return FALSE to stop the enumeration.
+ **/
+void
+gp11_module_enumerate_objects (GP11Module *self, GP11ObjectForeachFunc func,
+ gpointer user_data, ...)
+{
+ GP11Attributes *attrs;
+ va_list va;
+
+ va_start (va, user_data);
+ attrs = gp11_attributes_new_valist (g_realloc, va);
+ va_end (va);
+
+ gp11_module_enumerate_objects_full (self, attrs, NULL, func, user_data);
+ gp11_attributes_unref (attrs);
+}
+
+/**
+ * gp11_module_enumerate_objects_full:
+ * @self: The module to enumerate objects.
+ * @attrs: Attributes that the objects must have, or empty for all objects.
+ * @cancellable: Optional cancellation object, or NULL.
+ * @func: Function to call for each object.
+ * @user_data: Data to pass to the function.
+ *
+ * Call a function for every matching object on the module. This call may
+ * block for an indefinite period.
+ *
+ * This function will open a session per slot. It's recommended that you
+ * set the 'reuse-sessions' property on each slot if you'll be calling
+ * it a lot.
+ *
+ * You can access the session in which the object was found, by using the
+ * gp11_object_get_session() function on the resulting objects.
+ *
+ * The function can return FALSE to stop the enumeration.
+ **/
+void
+gp11_module_enumerate_objects_full (GP11Module *self, GP11Attributes *attrs,
+ GCancellable *cancellable, GP11ObjectForeachFunc func,
+ gpointer user_data)
+{
+ gboolean stop = FALSE;
+ GList *objects, *o;
+ GList *slots, *l;
+ GError *error = NULL;
+ GP11Session *session;
+
+ g_return_if_fail (GP11_IS_MODULE (self));
+ g_return_if_fail (attrs);
+ g_return_if_fail (func);
+
+ gp11_attributes_ref (attrs);
+ slots = gp11_module_get_slots (self, TRUE);
+
+ for (l = slots; !stop && l; l = g_list_next (l)) {
+ session = gp11_slot_open_session (l->data, CKF_SERIAL_SESSION, &error);
+ if (error) {
+ g_warning ("couldn't open session on slot: %s", error->message);
+ g_clear_error (&error);
+ }
+
+ objects = gp11_session_find_objects_full (session, attrs, cancellable, &error);
+ if (error) {
+ g_warning ("couldn't find objects on slot: %s", error->message);
+ g_clear_error (&error);
+ }
+
+ for (o = objects; !stop && o; o = g_list_next (o)) {
+ gp11_object_set_session (o->data, session);
+ if (!(func)(o->data, user_data)) {
+ stop = TRUE;
+ break;
+ }
+ }
+
+ g_object_unref (session);
+ gp11_list_unref_free (objects);
+ }
+
+ gp11_list_unref_free (slots);
+ gp11_attributes_unref (attrs);
+}
+
Modified: trunk/gp11/gp11-private.h
==============================================================================
--- trunk/gp11/gp11-private.h (original)
+++ trunk/gp11/gp11-private.h Mon Jan 5 03:59:24 2009
@@ -50,19 +50,32 @@
CK_ULONG_PTR n_attrs);
/* ----------------------------------------------------------------------------
- * SLOT
+ * MODULE
*/
-gboolean _gp11_slot_fire_authenticate_token (GP11Slot *slot,
- gchar *label,
- gchar **password);
-
-gboolean _gp11_slot_fire_authenticate_object (GP11Slot *slot,
- GP11Object *object,
- gchar *label,
- gchar **password);
+gboolean _gp11_module_fire_authenticate_slot (GP11Module *module,
+ GP11Slot *slot,
+ gchar *label,
+ gchar **password);
+
+gboolean _gp11_module_fire_authenticate_object (GP11Module *module,
+ GP11Object *object,
+ gchar *label,
+ gchar **password);
+
+gboolean _gp11_module_pool_session_handle (GP11Session *session,
+ CK_SESSION_HANDLE handle,
+ GP11Module *self);
+
+CK_SESSION_HANDLE _gp11_module_pooled_session_handle (GP11Module *module,
+ CK_SLOT_ID slot,
+ gulong flags);
+
+/* ----------------------------------------------------------------------------
+ * SLOT
+ */
-gboolean _gp11_slot_is_protected_auth_path (GP11Slot *slot);
+gboolean _gp11_slot_is_protected_auth_path (GP11Slot *slot);
/* ----------------------------------------------------------------------------
* CALL
Modified: trunk/gp11/gp11-session.c
==============================================================================
--- trunk/gp11/gp11-session.c (original)
+++ trunk/gp11/gp11-session.c Mon Jan 5 03:59:24 2009
@@ -120,7 +120,7 @@
g_return_val_if_fail (data->module, FALSE);
g_object_ref (data->module);
- funcs = gp11_module_get_function_list (data->module);
+ funcs = gp11_module_get_functions (data->module);
g_return_val_if_fail (funcs, FALSE);
rv = (funcs->C_CloseSession) (handle);
@@ -386,7 +386,7 @@
g_object_ref (data->module);
- funcs = gp11_module_get_function_list (data->module);
+ funcs = gp11_module_get_functions (data->module);
g_return_val_if_fail (funcs, NULL);
memset (&info, 0, sizeof (info));
@@ -989,7 +989,7 @@
typedef struct _Authenticate {
AuthenticateState state;
gboolean protected_auth;
- GP11Slot *slot;
+ GP11Module *module;
GP11Object *object;
gchar *label;
gchar *password;
@@ -1106,21 +1106,21 @@
/* We're done here if not in this state */
if (auth->state == AUTHENTICATE_WANT) {
- g_assert (GP11_IS_SLOT (auth->slot));
+ g_assert (GP11_IS_MODULE (auth->module));
g_assert (GP11_IS_OBJECT (auth->object));
g_free (auth->password);
auth->password = NULL;
- if (_gp11_slot_fire_authenticate_object (auth->slot, auth->object, auth->label, &auth->password)) {
+ if (_gp11_module_fire_authenticate_object (auth->module, auth->object, auth->label, &auth->password)) {
auth->state = AUTHENTICATE_PERFORM;
return FALSE; /* Want to continue processing this call */
}
}
/* Free up various memory */
- if (auth->slot)
- g_object_unref (auth->slot);
+ if (auth->module)
+ g_object_unref (auth->module);
if (auth->object)
g_object_unref (auth->object);
g_free (auth->label);
@@ -1133,16 +1133,20 @@
static void
authenticate_init (Authenticate *auth, GP11Slot *slot, GP11Object *object)
{
+ GP11Module *module;
+
g_assert (GP11_IS_SLOT (slot));
g_assert (GP11_IS_OBJECT (object));
- if (gp11_slot_get_auto_login (slot)) {
+ module = gp11_slot_get_module (slot);
+ if (gp11_module_get_auto_authenticate (module)) {
auth->state = AUTHENTICATE_CAN;
auth->protected_auth = _gp11_slot_is_protected_auth_path (slot);
- auth->slot = g_object_ref (slot);
+ auth->module = module;
auth->object = g_object_ref (object);
} else {
auth->state = AUTHENTICATE_NONE;
+ g_object_unref (module);
}
}
@@ -1339,7 +1343,7 @@
g_object_get (self, "module", &module, NULL);
g_return_val_if_fail (module != NULL, NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_val_if_fail (module != NULL, NULL);
ret = crypt_sync (self, key, mech_args, input, n_input, n_result, cancellable, err,
@@ -1360,7 +1364,7 @@
g_object_get (self, "module", &module, NULL);
g_return_if_fail (module != NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_if_fail (module != NULL);
crypt_async (self, key, mech_args, input, n_input, cancellable, callback, user_data,
@@ -1400,7 +1404,7 @@
g_object_get (self, "module", &module, NULL);
g_return_val_if_fail (module != NULL, NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_val_if_fail (module != NULL, NULL);
ret = crypt_sync (self, key, mech_args, input, n_input, n_result, cancellable, err,
@@ -1420,7 +1424,7 @@
g_object_get (self, "module", &module, NULL);
g_return_if_fail (module != NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_if_fail (module != NULL);
crypt_async (self, key, mech_args, input, n_input, cancellable, callback, user_data,
@@ -1459,7 +1463,7 @@
g_object_get (self, "module", &module, NULL);
g_return_val_if_fail (module != NULL, NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_val_if_fail (module != NULL, NULL);
ret = crypt_sync (self, key, mech_args, input, n_input, n_result, cancellable, err,
@@ -1479,7 +1483,7 @@
g_object_get (self, "module", &module, NULL);
g_return_if_fail (module != NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_if_fail (module != NULL);
crypt_async (self, key, mech_args, input, n_input, cancellable, callback, user_data,
Modified: trunk/gp11/gp11-slot.c
==============================================================================
--- trunk/gp11/gp11-slot.c (original)
+++ trunk/gp11/gp11-slot.c Mon Jan 5 03:59:24 2009
@@ -25,22 +25,13 @@
#include "gp11.h"
#include "gp11-private.h"
-#include "gp11-marshal.h"
#include <string.h>
enum {
PROP_0,
PROP_MODULE,
- PROP_HANDLE,
- PROP_REUSE_SESSIONS,
- PROP_AUTO_LOGIN
-};
-
-enum {
- AUTHENTICATE_TOKEN,
- AUTHENTICATE_OBJECT,
- LAST_SIGNAL
+ PROP_HANDLE
};
typedef struct _GP11SlotData {
@@ -50,10 +41,6 @@
typedef struct _GP11SlotPrivate {
GP11SlotData data;
- GStaticMutex mutex;
- gboolean auto_login;
- GHashTable *open_sessions;
- GP11TokenInfo *token_info;
} GP11SlotPrivate;
G_DEFINE_TYPE (GP11Slot, gp11_slot, G_TYPE_OBJECT);
@@ -61,14 +48,6 @@
#define GP11_SLOT_GET_DATA(o) \
(G_TYPE_INSTANCE_GET_PRIVATE((o), GP11_TYPE_SLOT, GP11SlotData))
-typedef struct _SessionPool {
- gulong flags;
- GP11Module *module; /* weak */
- GArray *sessions; /* array of CK_SESSION_HANDLE */
-} SessionPool;
-
-static guint signals[LAST_SIGNAL] = { 0 };
-
#ifndef HAVE_TIMEGM
time_t
@@ -106,213 +85,24 @@
* HELPERS
*/
-static guint
-ulong_hash (gconstpointer v)
-{
- const signed char *p = v;
- guint32 i, h = *p;
-
- for(i = 0; i < sizeof (gulong); ++i)
- h = (h << 5) - h + *(p++);
-
- return h;
-}
-
-static gboolean
-ulong_equal (gconstpointer v1, gconstpointer v2)
-{
- return *((const gulong*)v1) == *((const gulong*)v2);
-}
-
-static void
-close_session (GP11Module *module, CK_SESSION_HANDLE handle)
-{
- CK_FUNCTION_LIST_PTR funcs;
- CK_RV rv;
-
- g_return_if_fail (GP11_IS_MODULE (module));
-
- g_object_ref (module);
-
- funcs = gp11_module_get_function_list (module);
- g_return_if_fail (funcs);
-
- rv = (funcs->C_CloseSession) (handle);
- if (rv != CKR_OK) {
- g_warning ("couldn't close session properly: %s",
- gp11_message_from_rv (rv));
- }
-
- g_object_unref (module);
-}
-
-static GP11SlotPrivate*
-lock_private (gpointer obj)
-{
- GP11SlotPrivate *pv;
- GP11Slot *self;
-
- g_assert (GP11_IS_SLOT (obj));
- self = GP11_SLOT (obj);
-
- g_object_ref (self);
-
- pv = G_TYPE_INSTANCE_GET_PRIVATE (self, GP11_TYPE_SLOT, GP11SlotPrivate);
- g_static_mutex_lock (&pv->mutex);
-
- return pv;
-}
-
-static void
-unlock_private (gpointer obj, GP11SlotPrivate *pv)
-{
- GP11Slot *self;
-
- g_assert (pv);
- g_assert (GP11_IS_SLOT (obj));
-
- self = GP11_SLOT (obj);
-
- g_assert (G_TYPE_INSTANCE_GET_PRIVATE (self, GP11_TYPE_SLOT, GP11SlotPrivate) == pv);
-
- g_static_mutex_unlock (&pv->mutex);
- g_object_unref (self);
-}
-
-static void
-free_session_pool (gpointer p)
-{
- SessionPool *pool = p;
- guint i;
-
- for(i = 0; i < pool->sessions->len; ++i)
- close_session (pool->module, g_array_index(pool->sessions, CK_SESSION_HANDLE, i));
- g_array_free(pool->sessions, TRUE);
- g_free (pool);
-}
-
-static gboolean
-push_session_table (GP11SlotPrivate *pv, gulong flags, CK_SESSION_HANDLE handle)
-{
- SessionPool *pool;
-
- g_assert (handle);
- g_assert (GP11_IS_MODULE (pv->data.module));
-
- if (pv->open_sessions == NULL)
- return FALSE;
-
- pool = g_hash_table_lookup (pv->open_sessions, &flags);
- if (!pool) {
- pool = g_new0 (SessionPool, 1);
- pool->flags = flags;
- pool->module = pv->data.module; /* weak ref */
- pool->sessions = g_array_new (FALSE, TRUE, sizeof (CK_SESSION_HANDLE));
- g_hash_table_insert (pv->open_sessions, g_memdup (&flags, sizeof (flags)), pool);
- }
-
- g_assert (pool->flags == flags);
- g_array_append_val (pool->sessions, handle);
- return TRUE;
-}
-
-static CK_SESSION_HANDLE
-pop_session_table (GP11SlotPrivate *pv, gulong flags)
-{
- CK_SESSION_HANDLE result = 0;
- SessionPool *pool;
-
- g_return_val_if_fail (pv, 0);
-
-
- g_assert (GP11_IS_MODULE (pv->data.module));
-
- if (pv->open_sessions) {
- pool = g_hash_table_lookup (pv->open_sessions, &flags);
- if (pool) {
- g_assert (pool->sessions->len > 0);
- result = g_array_index (pool->sessions, CK_SESSION_HANDLE, pool->sessions->len - 1);
- g_assert (result != 0);
- g_array_remove_index_fast (pool->sessions, pool->sessions->len - 1);
- if (!pool->sessions->len)
- g_hash_table_remove(pv->open_sessions, &flags);
- }
- }
-
- return result;
-}
-
-static void
-destroy_session_table (GP11SlotPrivate *pv)
-{
- if (pv->open_sessions)
- g_hash_table_unref (pv->open_sessions);
- pv->open_sessions = NULL;
-}
-
-static void
-create_session_table (GP11SlotPrivate *pv)
-{
- if (!pv->open_sessions)
- pv->open_sessions = g_hash_table_new_full (ulong_hash, ulong_equal, g_free, free_session_pool);
-}
-
-static gboolean
-reuse_session_handle (GP11Session *session, CK_SESSION_HANDLE handle, GP11Slot *self)
-{
- GP11SlotData *data = GP11_SLOT_GET_DATA (self);
- GP11SlotPrivate *pv;
- CK_FUNCTION_LIST_PTR funcs;
- CK_SESSION_INFO info;
- gboolean handled = FALSE;
- CK_RV rv;
-
- g_return_val_if_fail (GP11_IS_SESSION (session), FALSE);
- g_return_val_if_fail (GP11_IS_SLOT (self), FALSE);
-
- funcs = gp11_module_get_function_list (data->module);
- g_return_val_if_fail (funcs, FALSE);
-
- /* Get the session info so we know where to categorize this */
- rv = (funcs->C_GetSessionInfo) (handle, &info);
-
- if (rv == CKR_OK) {
-
- /* Keep this one around for later use */
- pv = lock_private (self);
-
- {
- handled = push_session_table (pv, info.flags, handle);
- }
-
- unlock_private (self, pv);
-
- } else {
-
- /* An already closed session, we don't want to bother with */
- if (rv == CKR_SESSION_CLOSED || rv == CKR_SESSION_HANDLE_INVALID)
- handled = TRUE;
- }
-
- return handled;
-}
-
static GP11Session*
make_session_object (GP11Slot *self, gulong flags, CK_SESSION_HANDLE handle)
{
GP11Session *session;
+ GP11Module *module;
g_return_val_if_fail (handle != 0, NULL);
- g_object_ref (self);
-
- session = gp11_session_from_handle (self, handle);
- g_return_val_if_fail (session != NULL, NULL);
-
- /* Session keeps a reference to us, so this is safe */
- g_signal_connect (session, "discard-handle", G_CALLBACK (reuse_session_handle), self);
+ module = gp11_slot_get_module (self);
+
+ session = gp11_session_from_handle (self, handle);
+ g_return_val_if_fail (session != NULL, NULL);
- g_object_unref (self);
+ /* Session keeps a reference to module so this is safe */
+ g_signal_connect (session, "discard-handle",
+ G_CALLBACK (_gp11_module_pool_session_handle), module);
+
+ g_object_unref (module);
return session;
}
@@ -321,23 +111,10 @@
* OBJECT
*/
-static gboolean
-gp11_slot_real_authenticate_token (GP11Slot *self, gchar *label, gchar **password)
-{
- return FALSE;
-}
-
-static gboolean
-gp11_slot_real_authenticate_object (GP11Slot *self, GP11Object *object, gchar *label, gchar **password)
-{
- return FALSE;
-}
-
static void
gp11_slot_init (GP11Slot *self)
{
- GP11SlotPrivate *pv = G_TYPE_INSTANCE_GET_PRIVATE (self, GP11_TYPE_SLOT, GP11SlotPrivate);
- g_static_mutex_init (&pv->mutex);
+
}
static void
@@ -353,12 +130,6 @@
case PROP_HANDLE:
g_value_set_ulong (value, gp11_slot_get_handle (self));
break;
- case PROP_AUTO_LOGIN:
- g_value_set_boolean (value, gp11_slot_get_auto_login (self));
- break;
- case PROP_REUSE_SESSIONS:
- g_value_set_boolean (value, gp11_slot_get_reuse_sessions (self));
- break;
}
}
@@ -367,7 +138,6 @@
GParamSpec *pspec)
{
GP11SlotData *data = GP11_SLOT_GET_DATA (obj);
- GP11Slot *self = GP11_SLOT (obj);
/* All writes to data members below, happen only during construct phase */
@@ -382,50 +152,26 @@
g_assert (!data->handle);
data->handle = g_value_get_ulong (value);
break;
- case PROP_AUTO_LOGIN:
- gp11_slot_set_auto_login (self, g_value_get_boolean (value));
- break;
- case PROP_REUSE_SESSIONS:
- gp11_slot_set_reuse_sessions (self, g_value_get_boolean (value));
- break;
}
}
static void
gp11_slot_dispose (GObject *obj)
{
- GP11SlotPrivate *pv = lock_private (obj);
-
- {
- /* Need to do this before the module goes away */
- destroy_session_table (pv);
- }
-
- unlock_private (obj, pv);
-
G_OBJECT_CLASS (gp11_slot_parent_class)->dispose (obj);
}
static void
gp11_slot_finalize (GObject *obj)
{
- GP11SlotPrivate *pv = G_TYPE_INSTANCE_GET_PRIVATE (obj, GP11_TYPE_SLOT, GP11SlotPrivate);
GP11SlotData *data = GP11_SLOT_GET_DATA (obj);
data->handle = 0;
- g_assert (!pv->open_sessions);
-
if (data->module)
g_object_unref (data->module);
data->module = NULL;
-
- if (pv->token_info)
- gp11_token_info_free (pv->token_info);
- pv->token_info = NULL;
- g_static_mutex_free (&pv->mutex);
-
G_OBJECT_CLASS (gp11_slot_parent_class)->finalize (obj);
}
@@ -441,9 +187,6 @@
gobject_class->dispose = gp11_slot_dispose;
gobject_class->finalize = gp11_slot_finalize;
- klass->authenticate_object = gp11_slot_real_authenticate_object;
- klass->authenticate_token = gp11_slot_real_authenticate_token;
-
g_object_class_install_property (gobject_class, PROP_MODULE,
g_param_spec_object ("module", "Module", "PKCS11 Module",
GP11_TYPE_MODULE, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
@@ -452,25 +195,6 @@
g_param_spec_ulong ("handle", "Handle", "PKCS11 Slot ID",
0, G_MAXULONG, 0, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
- g_object_class_install_property (gobject_class, PROP_AUTO_LOGIN,
- g_param_spec_boolean ("auto-login", "Auto Login", "Auto Login to Token when necessary",
- FALSE, G_PARAM_READWRITE));
-
- g_object_class_install_property (gobject_class, PROP_REUSE_SESSIONS,
- g_param_spec_boolean ("reuse-sessions", "Reuse Sessions", "Reuse sessions?",
- FALSE, G_PARAM_READWRITE));
-
- signals[AUTHENTICATE_TOKEN] = g_signal_new ("authenticate-token", GP11_TYPE_SLOT,
- G_SIGNAL_RUN_LAST, G_STRUCT_OFFSET (GP11SlotClass, authenticate_token),
- g_signal_accumulator_true_handled, NULL, _gp11_marshal_BOOLEAN__STRING_POINTER,
- G_TYPE_BOOLEAN, 2, G_TYPE_STRING, G_TYPE_POINTER);
-
- signals[AUTHENTICATE_OBJECT] = g_signal_new ("authenticate-object", GP11_TYPE_SLOT,
- G_SIGNAL_RUN_LAST, G_STRUCT_OFFSET (GP11SlotClass, authenticate_object),
- g_signal_accumulator_true_handled, NULL, _gp11_marshal_BOOLEAN__OBJECT_STRING_POINTER,
- G_TYPE_BOOLEAN, 3, G_TYPE_OBJECT, G_TYPE_STRING, G_TYPE_POINTER);
-
-
g_type_class_add_private (gobject_class, sizeof (GP11SlotPrivate));
}
@@ -478,74 +202,17 @@
* INTERNAL AUTHENTICATION
*/
-
-gboolean
-_gp11_slot_fire_authenticate_token (GP11Slot *self, gchar *label, gchar **password)
-{
- GP11SlotPrivate *pv = lock_private (self);
- gboolean protected_auth = FALSE;
- gchar *allocated = NULL;
- gboolean ret;
-
- g_assert (GP11_IS_SLOT (self));
- g_assert (pv);
-
- {
- if (!pv->token_info)
- pv->token_info = gp11_slot_get_token_info (self);
- if (pv->token_info) {
- protected_auth = (pv->token_info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? TRUE : FALSE;
- if (!label)
- label = allocated = g_strdup (pv->token_info->label);
- }
- }
-
- unlock_private (self, pv);
-
- if (protected_auth) {
- *password = NULL;
- return TRUE;
- }
-
- g_signal_emit (self, signals[AUTHENTICATE_TOKEN], 0, label, password, &ret);
- g_free (allocated);
- return ret;
-}
-
-gboolean
-_gp11_slot_fire_authenticate_object (GP11Slot *self, GP11Object *object,
- gchar *label, gchar **password)
-{
- gboolean ret;
-
- g_assert (GP11_IS_SLOT (self));
- g_assert (password);
-
- if (_gp11_slot_is_protected_auth_path (self)) {
- *password = NULL;
- return TRUE;
- }
-
- g_signal_emit (self, signals[AUTHENTICATE_OBJECT], 0, object, label, password, &ret);
- return ret;
-}
-
gboolean
_gp11_slot_is_protected_auth_path (GP11Slot *self)
{
- GP11SlotPrivate *pv = lock_private (self);
+ GP11TokenInfo *info;
gboolean ret;
g_assert (GP11_IS_SLOT (self));
- g_assert (pv);
- {
- if (!pv->token_info)
- pv->token_info = gp11_slot_get_token_info (self);
- ret = (pv->token_info && pv->token_info->flags & CKF_PROTECTED_AUTHENTICATION_PATH);
- }
-
- unlock_private (self, pv);
+ info = gp11_slot_get_token_info (self);
+ ret = (info && info->flags & CKF_PROTECTED_AUTHENTICATION_PATH);
+ gp11_token_info_free (info);
return ret;
}
@@ -636,110 +303,6 @@
}
/**
- * gp11_slot_get_reuse_sessions:
- * @self: The slot to get setting from.
- *
- * Get the reuse sessions setting. When this is set, sessions
- * will be pooled and reused if their flags match when
- * gp11_slot_open_session() is called.
- *
- * Return value: Whether reusing sessions or not.
- **/
-gboolean
-gp11_slot_get_reuse_sessions (GP11Slot *self)
-{
- GP11SlotPrivate *pv = lock_private (self);
- gboolean ret;
-
- g_return_val_if_fail (pv, FALSE);
-
- {
- ret = pv->open_sessions != NULL;
- }
-
- unlock_private (self, pv);
-
- return ret;
-}
-
-/**
- * gp11_slot_set_reuse_sessions:
- * @self: The slot to set the setting on.
- * @reuse: Whether to reuse sessions or not.
- *
- * When this is set, sessions will be pooled and reused
- * if their flags match when gp11_slot_open_session() is called.
- **/
-void
-gp11_slot_set_reuse_sessions (GP11Slot *self, gboolean reuse)
-{
- GP11SlotPrivate *pv = lock_private (self);
-
- g_return_if_fail (pv);
-
- {
- if (reuse)
- create_session_table (pv);
- else
- destroy_session_table (pv);
- }
-
- unlock_private (self, pv);
- g_object_notify (G_OBJECT (self), "reuse-sessions");
-}
-
-/**
- * gp11_slot_get_auto_login:
- * @self: The slot to get setting from.
- *
- * Get the auto login setting. When this is set, this slot
- * will emit the 'authenticate-token' signal when a session
- * requires authentication.
- *
- * Return value: Whether auto login or not.
- **/
-gboolean
-gp11_slot_get_auto_login (GP11Slot *self)
-{
- GP11SlotPrivate *pv = lock_private (self);
- gboolean ret;
-
- g_return_val_if_fail (pv, FALSE);
-
- {
- ret = pv->auto_login;
- }
-
- unlock_private (self, pv);
-
- return ret;
-}
-
-/**
- * gp11_slot_set_auto_login:
- * @self: The slot to set the setting on.
- * @auto_login: Whether auto login or not.
- *
- * When this is set, this slot
- * will emit the 'authenticate-token' signal when a session
- * requires authentication.
- **/
-void
-gp11_slot_set_auto_login (GP11Slot *self, gboolean auto_login)
-{
- GP11SlotPrivate *pv = lock_private (self);
-
- g_return_if_fail (pv);
-
- {
- pv->auto_login = auto_login;
- }
-
- unlock_private (self, pv);
- g_object_notify (G_OBJECT (self), "auto-login");
-}
-
-/**
* gp11_slot_get_info:
* @self: The slot to get info for.
*
@@ -763,7 +326,7 @@
g_object_get (self, "module", &module, "handle", &handle, NULL);
g_return_val_if_fail (GP11_IS_MODULE (module), NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_val_if_fail (funcs, NULL);
memset (&info, 0, sizeof (info));
@@ -816,7 +379,7 @@
g_object_get (self, "module", &module, "handle", &handle, NULL);
g_return_val_if_fail (GP11_IS_MODULE (module), NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_val_if_fail (funcs, NULL);
memset (&info, 0, sizeof (info));
@@ -891,7 +454,7 @@
g_object_get (self, "module", &module, "handle", &handle, NULL);
g_return_val_if_fail (GP11_IS_MODULE (module), NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_val_if_fail (funcs, NULL);
rv = (funcs->C_GetMechanismList) (handle, NULL, &count);
@@ -948,7 +511,7 @@
g_object_get (self, "module", &module, "handle", &handle, NULL);
g_return_val_if_fail (GP11_IS_MODULE (module), NULL);
- funcs = gp11_module_get_function_list (module);
+ funcs = gp11_module_get_functions (module);
g_return_val_if_fail (funcs, NULL);
memset (&info, 0, sizeof (info));
@@ -1023,6 +586,7 @@
GP11Slot *slot;
gulong flags;
gchar *password;
+ gboolean auto_login;
CK_SESSION_HANDLE session;
} OpenSession;
@@ -1041,7 +605,7 @@
NULL, NULL, &args->session);
}
- if (rv != CKR_OK || !gp11_slot_get_auto_login (args->slot))
+ if (rv != CKR_OK || !args->auto_login)
return rv;
/* Step two, check if session is logged in */
@@ -1062,17 +626,26 @@
static gboolean
complete_open_session (OpenSession *args, CK_RV result)
{
+ GP11Module *module;
+ gboolean ret = TRUE;
+
g_free (args->password);
args->password = NULL;
/* Ask the token for a password */
- if (gp11_slot_get_auto_login (args->slot) && result == CKR_PIN_INCORRECT) {
- if (_gp11_slot_fire_authenticate_token (args->slot, NULL, &args->password))
- return FALSE; /* Call is not complete */
+ module = gp11_slot_get_module (args->slot);
+
+ if (args->auto_login && result == CKR_PIN_INCORRECT) {
+
+ ret = _gp11_module_fire_authenticate_slot (module, args->slot, NULL, &args->password);
+
+ /* Call is not complete */
+ ret = !ret;
}
-
- /* Call is complete */
- return TRUE;
+
+ g_object_unref (module);
+
+ return ret;
}
static void
@@ -1120,24 +693,21 @@
GP11Session*
gp11_slot_open_session_full (GP11Slot *self, gulong flags, GCancellable *cancellable, GError **err)
{
- GP11SlotPrivate *pv;
GP11Session *session = NULL;
+ GP11Module *module = NULL;
CK_SESSION_HANDLE handle;
+ CK_SLOT_ID slot_id;
flags |= CKF_SERIAL_SESSION;
g_object_ref (self);
- pv = lock_private (self);
-
- {
- /* Try to use a cached session */
- handle = pop_session_table (pv, flags);
- if (handle != 0)
- session = make_session_object (self, flags, handle);
- }
-
- unlock_private (self, pv);
+ /* Try to use a cached session */
+ module = gp11_slot_get_module (self);
+ slot_id = gp11_slot_get_handle (self);
+ handle = _gp11_module_pooled_session_handle (module, slot_id, flags);
+ if (handle != 0)
+ session = make_session_object (self, flags, handle);
/* Open a new session */
if (session == NULL) {
@@ -1146,12 +716,14 @@
args.slot = self;
args.flags = flags;
args.password = NULL;
+ args.auto_login = gp11_module_get_auto_authenticate (module);
args.session = 0;
if (_gp11_call_sync (self, perform_open_session, complete_open_session, &args, cancellable, err))
session = make_session_object (self, flags, args.session);
}
+ g_object_unref (module);
g_object_unref (self);
return session;
@@ -1174,9 +746,10 @@
gp11_slot_open_session_async (GP11Slot *self, gulong flags, GCancellable *cancellable,
GAsyncReadyCallback callback, gpointer user_data)
{
- GP11SlotPrivate *pv;
+ GP11Module *module = NULL;
GP11Call *call;
OpenSession *args;
+ CK_SLOT_ID slot_id;
flags |= CKF_SERIAL_SESSION;
@@ -1184,17 +757,16 @@
args = _gp11_call_async_prep (self, self, perform_open_session, complete_open_session,
sizeof (*args), free_open_session);
-
- pv = lock_private (self);
- {
- /* Try to use a cached session */
- args->session = pop_session_table (pv, flags);
- args->flags = flags;
- args->slot = g_object_ref (self);
- }
-
- unlock_private (self, pv);
+ args->flags = flags;
+ args->slot = g_object_ref (self);
+
+ /* Try to use a cached session */
+ module = gp11_slot_get_module (self);
+ slot_id = gp11_slot_get_handle (self);
+ args->session = _gp11_module_pooled_session_handle (module, slot_id, flags);
+ args->auto_login = gp11_module_get_auto_authenticate (module);
+ g_object_unref (module);
call = _gp11_call_async_ready (args, cancellable, callback, user_data);
if (args->session)
Modified: trunk/gp11/gp11.h
==============================================================================
--- trunk/gp11/gp11.h (original)
+++ trunk/gp11/gp11.h Mon Jan 5 03:59:24 2009
@@ -224,6 +224,8 @@
typedef struct _GP11Session GP11Session;
typedef struct _GP11Object GP11Object;
+typedef gboolean (*GP11ObjectForeachFunc) (GP11Object *object, gpointer user_data);
+
/* -------------------------------------------------------------------------
* MODULE
*/
@@ -258,28 +260,68 @@
struct _GP11ModuleClass {
GObjectClass parent;
+
+ gboolean (*authenticate_slot) (GP11Module *self, GP11Slot *slot, gchar *label, gchar **password);
+
+ gboolean (*authenticate_object) (GP11Module *self, GP11Object *object, gchar *label, gchar **password);
+
gpointer reserved[8];
};
GType gp11_module_get_type (void) G_GNUC_CONST;
-GP11Module* gp11_module_initialize (const gchar *path,
- gpointer reserved,
- GError **err);
+GP11Module* gp11_module_new (CK_FUNCTION_LIST_PTR funcs);
-GP11Module* gp11_module_initialize_with_functions (CK_FUNCTION_LIST_PTR funcs,
+GP11Module* gp11_module_initialize (const gchar *path,
gpointer reserved,
GError **err);
const gchar* gp11_module_get_path (GP11Module *self);
-CK_FUNCTION_LIST_PTR gp11_module_get_function_list (GP11Module *self);
+CK_FUNCTION_LIST_PTR gp11_module_get_functions (GP11Module *self);
GP11ModuleInfo* gp11_module_get_info (GP11Module *self);
GList* gp11_module_get_slots (GP11Module *self,
gboolean token_present);
+gboolean gp11_module_get_pool_sessions (GP11Module *self);
+
+void gp11_module_set_pool_sessions (GP11Module *self,
+ gboolean pool_sessions);
+
+gboolean gp11_module_get_auto_authenticate (GP11Module *self);
+
+void gp11_module_set_auto_authenticate (GP11Module *self,
+ gboolean auto_authenticate);
+
+void gp11_module_enumerate_objects (GP11Module *self,
+ GP11ObjectForeachFunc func,
+ gpointer user_data,
+ ...);
+
+void gp11_module_enumerate_objects_full (GP11Module *self,
+ GP11Attributes *attrs,
+ GCancellable *cancellable,
+ GP11ObjectForeachFunc func,
+ gpointer user_data);
+
+#ifdef UNIMPLEMENTED
+void gp11_module_enumerate_objects_async (GP11Module *self,
+ GP11Attributes *attrs,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+
+GP11Object* gp11_module_enumerate_objects_next (GP11Module *self,
+ GAsyncResult *res,
+ GError **error);
+
+void gp11_module_enumerate_objects_finish (GP11Module *self,
+ GAsyncResult *res,
+ GError **error);
+#endif
+
enum {
GP11_IS_STRING = -1,
GP11_IS_BOOLEAN = -2,
@@ -361,10 +403,6 @@
struct _GP11SlotClass {
GObjectClass parent;
- gboolean (*authenticate_token) (GP11Slot *self, gchar *label, gchar **password);
-
- gboolean (*authenticate_object) (GP11Slot *self, GP11Object *object, gchar *label, gchar **password);
-
#ifdef UNIMPLEMENTED
void (*slot_event) (GP11Slot *self);
#endif
@@ -378,16 +416,6 @@
CK_SLOT_ID gp11_slot_get_handle (GP11Slot *self);
-gboolean gp11_slot_get_reuse_sessions (GP11Slot *self);
-
-void gp11_slot_set_reuse_sessions (GP11Slot *self,
- gboolean reuse);
-
-gboolean gp11_slot_get_auto_login (GP11Slot *self);
-
-void gp11_slot_set_auto_login (GP11Slot *self,
- gboolean auto_login);
-
gint gp11_slot_get_max_pin_length (GP11Slot *self);
GP11SlotInfo* gp11_slot_get_info (GP11Slot *self);
Modified: trunk/gp11/tests/unit-test-gp11-crypto.c
==============================================================================
--- trunk/gp11/tests/unit-test-gp11-crypto.c (original)
+++ trunk/gp11/tests/unit-test-gp11-crypto.c Mon Jan 5 03:59:24 2009
@@ -76,9 +76,9 @@
}
static gboolean
-authenticate_object (GP11Slot *slot, GP11Object *object, gchar *label, gchar **password)
+authenticate_object (GP11Slot *module, GP11Object *object, gchar *label, gchar **password)
{
- g_assert (GP11_IS_SLOT (slot));
+ g_assert (GP11_IS_MODULE (module));
g_assert (GP11_IS_OBJECT (object));
g_assert (password);
g_assert (!*password);
@@ -219,8 +219,8 @@
mech.parameter = "my-prefix:";
/* Enable auto-login on this session, see previous test */
- gp11_slot_set_auto_login (slot, TRUE);
- g_signal_connect (slot, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
+ gp11_module_set_auto_authenticate (module, TRUE);
+ g_signal_connect (module, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
/* Find the right key */
key = find_key (session, CKA_SIGN, CKM_PREFIX);
@@ -270,8 +270,8 @@
mech.parameter = "my-prefix:";
/* Enable auto-login on this session, shouldn't be needed */
- gp11_slot_set_auto_login (slot, TRUE);
- g_signal_connect (slot, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
+ gp11_module_set_auto_authenticate (module, TRUE);
+ g_signal_connect (module, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
/* Find the right key */
key = find_key (session, CKA_VERIFY, CKM_PREFIX);
Modified: trunk/gp11/tests/unit-test-gp11-module.c
==============================================================================
--- trunk/gp11/tests/unit-test-gp11-module.c (original)
+++ trunk/gp11/tests/unit-test-gp11-module.c Mon Jan 5 03:59:24 2009
@@ -63,3 +63,72 @@
gp11_module_info_free (info);
}
+
+static int n_objects = 0;
+static GP11Object *last_object = NULL;
+
+static gboolean
+for_each_object (GP11Object *object, gpointer user_data)
+{
+ g_assert (GP11_IS_OBJECT (object));
+ g_assert_cmpstr ("blah", ==, user_data);
+ g_assert (user_data);
+
+ if (last_object)
+ g_object_unref (last_object);
+ last_object = g_object_ref (object);
+
+ ++n_objects;
+
+ return TRUE;
+}
+
+static gboolean
+for_first_object (GP11Object *object, gpointer user_data)
+{
+ g_assert (GP11_IS_OBJECT (object));
+ g_assert_cmpstr ("first", ==, user_data);
+ g_assert (user_data);
+
+ if (last_object)
+ g_object_unref (last_object);
+ last_object = g_object_ref (object);
+
+ ++n_objects;
+
+ return FALSE;
+}
+
+DEFINE_TEST(module_enumerate)
+{
+ GP11Session *session;
+ GP11Attributes *attrs;
+
+ attrs = gp11_attributes_new ();
+ gp11_module_enumerate_objects_full (module, attrs, NULL, for_first_object, "first");
+ g_assert_cmpint (n_objects, ==, 1);
+ g_assert (GP11_IS_OBJECT (last_object));
+ gp11_attributes_unref (attrs);
+
+ session = gp11_object_get_session (last_object);
+ g_assert (GP11_IS_SESSION (session));
+ g_object_unref (session);
+
+ g_object_unref (last_object);
+ last_object = NULL;
+ n_objects = 0;
+
+ gp11_module_enumerate_objects (module, for_each_object, "blah",
+ CKA_CLASS, GP11_ULONG, CKO_PRIVATE_KEY,
+ GP11_INVALID);
+ g_assert_cmpint (n_objects, ==, 2);
+ g_assert (GP11_IS_OBJECT (last_object));
+
+ session = gp11_object_get_session (last_object);
+ g_assert (GP11_IS_SESSION (session));
+ g_object_unref (session);
+
+ g_object_unref (last_object);
+ last_object = NULL;
+ n_objects = 0;
+}
Modified: trunk/gp11/tests/unit-test-gp11-session.c
==============================================================================
--- trunk/gp11/tests/unit-test-gp11-session.c (original)
+++ trunk/gp11/tests/unit-test-gp11-session.c Mon Jan 5 03:59:24 2009
@@ -108,10 +108,10 @@
GError *err = NULL;
gboolean value;
- g_assert (gp11_slot_get_reuse_sessions (slot) == FALSE);
- gp11_slot_set_reuse_sessions (slot, TRUE);
- g_assert (gp11_slot_get_reuse_sessions (slot) == TRUE);
- g_object_get (slot, "reuse-sessions", &value, NULL);
+ g_assert (gp11_module_get_pool_sessions (module) == FALSE);
+ gp11_module_set_pool_sessions (module, TRUE);
+ g_assert (gp11_module_get_pool_sessions (module) == TRUE);
+ g_object_get (module, "pool-sessions", &value, NULL);
g_assert (value == TRUE);
sess = gp11_slot_open_session (slot, 0, &err);
@@ -152,8 +152,8 @@
if (!sess2) return;
g_assert (gp11_session_get_handle (sess) != gp11_session_get_handle (sess2));
- g_object_set (slot, "reuse-sessions", FALSE, NULL);
- g_assert (gp11_slot_get_reuse_sessions (slot) == FALSE);
+ g_object_set (module, "pool-sessions", FALSE, NULL);
+ g_assert (gp11_module_get_pool_sessions (module) == FALSE);
g_object_unref (sess);
g_object_unref (sess2);
@@ -205,11 +205,12 @@
}
static gboolean
-authenticate_token (GP11Slot *slot, gchar *label, gchar **password, gpointer unused)
+authenticate_token (GP11Module *module, GP11Slot *slot, gchar *label, gchar **password, gpointer unused)
{
g_assert (unused == GUINT_TO_POINTER (35));
g_assert (password != NULL);
g_assert (*password == NULL);
+ g_assert (GP11_IS_MODULE (module));
g_assert (GP11_IS_SLOT (slot));
*password = g_strdup ("booo");
@@ -238,13 +239,13 @@
g_clear_error (&err);
/* Setup for auto login */
- g_assert (gp11_slot_get_auto_login (slot) == FALSE);
- gp11_slot_set_auto_login (slot, TRUE);
- g_assert (gp11_slot_get_auto_login (slot) == TRUE);
- g_object_get (slot, "auto-login", &value, NULL);
+ g_assert (gp11_module_get_auto_authenticate (module) == FALSE);
+ gp11_module_set_auto_authenticate (module, TRUE);
+ g_assert (gp11_module_get_auto_authenticate (module) == TRUE);
+ g_object_get (module, "auto-authenticate", &value, NULL);
g_assert (value == TRUE);
- g_signal_connect (slot, "authenticate-token", G_CALLBACK (authenticate_token), GUINT_TO_POINTER (35));
+ g_signal_connect (module, "authenticate-slot", G_CALLBACK (authenticate_token), GUINT_TO_POINTER (35));
/* Create a new session */
new_session = gp11_slot_open_session (slot, CKF_RW_SESSION, &err);
@@ -282,6 +283,6 @@
ret = gp11_session_logout (session, &err);
SUCCESS_RES (ret, err);
- g_object_set (slot, "auto-login", FALSE, NULL);
- g_assert (gp11_slot_get_auto_login (slot) == FALSE);
+ g_object_set (module, "auto-authenticate", FALSE, NULL);
+ g_assert (gp11_module_get_auto_authenticate (module) == FALSE);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
