[gnome-keyring/dbus-api: 3/7] [gck] Delay checks of whether a new object is a token object.

From: Stefan Walter <stefw src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [gnome-keyring/dbus-api: 3/7] [gck] Delay checks of whether a new object is a token object.
Date: Mon, 9 Nov 2009 17:12:23 +0000 (UTC)
commit cb8e3afb394d5824ac15538842b8be5fc4fcab11
Author: Stef Walter <stef memberwebs com>
Date:   Sun Nov 8 23:27:18 2009 +0000

    [gck] Delay checks of whether a new object is a token object.
    
    Don't determine if a new object is a token object or not
    until after its been created and the factory has had its say.

 pkcs11/gck/gck-module.c               |    4 ++--
 pkcs11/gck/gck-object.c               |   16 +++++++++++-----
 pkcs11/gck/gck-object.h               |    4 +++-
 pkcs11/gck/gck-session.c              |   32 +++++++++++++-------------------
 pkcs11/secret-store/gck-secret-item.c |   29 ++++++++++++++++-------------
 5 files changed, 45 insertions(+), 40 deletions(-)
---
diff --git a/pkcs11/gck/gck-module.c b/pkcs11/gck/gck-module.c
index a1764b7..5ae1c52 100644
--- a/pkcs11/gck/gck-module.c
+++ b/pkcs11/gck/gck-module.c
@@ -806,7 +806,7 @@ gck_module_store_token_object (GckModule *self, GckTransaction *transaction, Gck
 	g_return_if_fail (GCK_IS_OBJECT (object));
 	g_assert (GCK_MODULE_GET_CLASS (self)->store_token_object);
 
-	if (gck_object_get_transient (object))
+	if (gck_object_is_transient (object))
 		add_transient_object (self, transaction, object);
 	else
 		GCK_MODULE_GET_CLASS (self)->store_token_object (self, transaction, object);
@@ -819,7 +819,7 @@ gck_module_remove_token_object (GckModule *self, GckTransaction *transaction, Gc
 	g_return_if_fail (GCK_IS_OBJECT (object));
 	g_assert (GCK_MODULE_GET_CLASS (self)->remove_token_object);
 
-	if (gck_object_get_transient (object))
+	if (gck_object_is_transient (object))
 		remove_transient_object (self, transaction, object);
 	else
 		GCK_MODULE_GET_CLASS (self)->remove_token_object (self, transaction, object);
diff --git a/pkcs11/gck/gck-object.c b/pkcs11/gck/gck-object.c
index 978bdf5..1e295e4 100644
--- a/pkcs11/gck/gck-object.c
+++ b/pkcs11/gck/gck-object.c
@@ -172,9 +172,7 @@ gck_object_real_get_attribute (GckObject *self, GckSession *session, CK_ATTRIBUT
 	case CKA_PRIVATE:
 		return gck_attribute_set_bool (attr, FALSE);
 	case CKA_TOKEN:
-		if (!self->pv->manager)
-			return gck_attribute_set_bool (attr, FALSE);
-		return gck_attribute_set_bool (attr, gck_manager_get_for_token (self->pv->manager));
+		return gck_attribute_set_bool (attr, gck_object_is_token (self));
 	case CKA_GNOME_UNIQUE:
 		if (self->pv->unique)
 			return gck_attribute_set_string (attr, self->pv->unique);
@@ -650,12 +648,20 @@ gck_object_get_unique (GckObject *self)
 }
 
 gboolean
-gck_object_get_transient (GckObject *self)
+gck_object_is_token (GckObject *self)
 {
 	g_return_val_if_fail (GCK_IS_OBJECT (self), FALSE);
-	return self->pv->transient ? TRUE : FALSE;
+	if (!self->pv->manager)
+		return FALSE;
+	return gck_manager_get_for_token (self->pv->manager);
 }
 
+gboolean
+gck_object_is_transient (GckObject *self)
+{
+	g_return_val_if_fail (GCK_IS_OBJECT (self), FALSE);
+	return self->pv->transient ? TRUE : FALSE;
+}
 
 CK_RV
 gck_object_unlock (GckObject *self, GckAuthenticator *auth)
diff --git a/pkcs11/gck/gck-object.h b/pkcs11/gck/gck-object.h
index 29988e1..7f17074 100644
--- a/pkcs11/gck/gck-object.h
+++ b/pkcs11/gck/gck-object.h
@@ -79,7 +79,9 @@ GckManager*            gck_object_get_manager            (GckObject *self);
 
 const gchar*           gck_object_get_unique             (GckObject *self);
 
-gboolean               gck_object_get_transient          (GckObject *self);
+gboolean               gck_object_is_token               (GckObject *self);
+
+gboolean               gck_object_is_transient           (GckObject *self);
 
 CK_RV                  gck_object_unlock                 (GckObject *self, 
                                                           GckAuthenticator *auth);
diff --git a/pkcs11/gck/gck-session.c b/pkcs11/gck/gck-session.c
index 578945d..cea06c4 100644
--- a/pkcs11/gck/gck-session.c
+++ b/pkcs11/gck/gck-session.c
@@ -282,7 +282,7 @@ lookup_object_from_handle (GckSession *self, CK_OBJECT_HANDLE handle,
 	 */
 	if (writable) {
 		if (is_token) {
-			if (!gck_object_get_transient (object))
+			if (!gck_object_is_transient (object))
 				if (gck_module_get_write_protected (self->pv->module))
 					return CKR_TOKEN_WRITE_PROTECTED;
 			if (self->pv->read_only)
@@ -803,8 +803,6 @@ gck_session_create_object_for_factory (GckSession *self, GckFactory *factory,
 	GckTransaction *transaction;
 	CK_ATTRIBUTE_PTR attrs;
 	CK_ULONG n_attrs, i;
-	gboolean is_token;
-	gboolean is_transient;
 	gboolean is_private;
 	CK_RV rv;
 
@@ -813,20 +811,6 @@ gck_session_create_object_for_factory (GckSession *self, GckFactory *factory,
 	g_return_val_if_fail (template || !count, CKR_GENERAL_ERROR);
 	g_return_val_if_fail (object, CKR_GENERAL_ERROR);
 
-	/* Find out where we'll be creating this */
-	if (!gck_attributes_find_boolean (template, count, CKA_TOKEN, &is_token))
-		is_token = FALSE;
-	if (!gck_attributes_find_boolean (template, count, CKA_GNOME_TRANSIENT, &is_transient))
-		is_transient = FALSE;
-
-	/* See if we can create due to read-only */
-	if (is_token) {
-		if (!is_transient && gck_module_get_write_protected (self->pv->module))
-			return CKR_TOKEN_WRITE_PROTECTED;
-		if (self->pv->read_only)
-			return CKR_SESSION_READ_ONLY;
-	}
-
 	/* The transaction for this whole dealio */
 	transaction = gck_transaction_new ();
 
@@ -841,10 +825,20 @@ gck_session_create_object_for_factory (GckSession *self, GckFactory *factory,
 	*object = NULL;
 	(factory->func) (self, transaction, attrs, n_attrs, object);
 
+	/* See if we can create due to read-only */
 	if (!gck_transaction_get_failed (transaction)) {
 		g_return_val_if_fail (*object, CKR_GENERAL_ERROR);
+		if (gck_object_is_token (*object)) {
+			if (!gck_object_is_transient (*object) &&
+			    gck_module_get_write_protected (self->pv->module))
+				gck_transaction_fail (transaction, CKR_TOKEN_WRITE_PROTECTED);
+			else if (self->pv->read_only)
+				gck_transaction_fail (transaction, CKR_SESSION_READ_ONLY);
+		}
+	}
 
-		/* Can only create public objects unless logged in */
+	/* Can only create public objects unless logged in */
+	if (!gck_transaction_get_failed (transaction)) {
 		if (gck_session_get_logged_in (self) != CKU_USER &&
 		    gck_object_get_attribute_boolean (*object, self, CKA_PRIVATE, &is_private) && 
 		    is_private == TRUE) {
@@ -859,7 +853,7 @@ gck_session_create_object_for_factory (GckSession *self, GckFactory *factory,
 
 	/* Find somewhere to store the object */
 	if (!gck_transaction_get_failed (transaction)) {
-		if (is_token)
+		if (gck_object_is_token (*object))
 			gck_module_store_token_object (self->pv->module, transaction, *object); 
 		else
 			add_object (self, transaction, *object);
diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c
index 558a5ff..48e1efa 100644
--- a/pkcs11/secret-store/gck-secret-item.c
+++ b/pkcs11/secret-store/gck-secret-item.c
@@ -103,7 +103,8 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
 {
 	GckSecretCollection *collection = NULL;
 	GckSecretItem *item;
-	GckManager *manager;
+	GckManager *m_manager;
+	GckManager *s_manager;
 	CK_ATTRIBUTE *attr;
 	gboolean is_token;
 
@@ -111,22 +112,24 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
 	g_return_if_fail (attrs || !n_attrs);
 	g_return_if_fail (result);
 
-	if (!gck_attributes_find_boolean (attrs, n_attrs, CKA_TOKEN, &is_token))
-		is_token = FALSE;
-
 	/* See if a collection attribute was specified */
 	attr = gck_attributes_find (attrs, n_attrs, CKA_G_COLLECTION);
-	if (attr != NULL) {
-		gck_attribute_consume (attr);
-		if (is_token)
-			manager = gck_module_get_manager (gck_session_get_module (session));
-		else
-			manager = gck_session_get_manager (session);
-		collection = gck_secret_collection_find (attr, manager, NULL);
-	}
+	if (attr == NULL)
+		return gck_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
+
+	m_manager = gck_module_get_manager (gck_session_get_module (session));
+	s_manager = gck_session_get_manager (session);
+
+	gck_attribute_consume (attr);
+	if (!gck_attributes_find_boolean (attrs, n_attrs, CKA_TOKEN, &is_token))
+		collection = gck_secret_collection_find (attr, m_manager, s_manager, NULL);
+	else if (is_token)
+		collection = gck_secret_collection_find (attr, m_manager, NULL);
+	else
+		collection = gck_secret_collection_find (attr, s_manager, NULL);
 
 	if (!collection)
-		return gck_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
+		return gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
 
 	/* The collection owns the item */
 	item = gck_secret_collection_create_item (collection, transaction);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]