[gnome-keyring/gck-work] [gck] Add session options, remove module options.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/gck-work] [gck] Add session options, remove module options.
- Date: Mon, 27 Sep 2010 23:11:02 +0000 (UTC)
commit d5183211fe8c7e377e4e2faacb3b6896bf1d9c04
Author: Stef Walter <stef memberwebs com>
Date: Mon Sep 27 23:09:01 2010 +0000
[gck] Add session options, remove module options.
Add concept of session options, which are different (but sometimes
related to) session PKCS#11 flags. The session options take the
place of module options, which were much harder to use appropriately.
daemon/dbus/gkd-secret-service.c | 7 +--
daemon/gpg-agent/gkd-gpg-agent-standalone.c | 2 +-
daemon/gpg-agent/gkd-gpg-agent.c | 4 +-
daemon/login/gkd-login.c | 2 +-
daemon/ssh-agent/gkd-ssh-agent-ops.c | 6 +-
daemon/ssh-agent/gkd-ssh-agent-standalone.c | 2 +-
daemon/ssh-agent/gkd-ssh-agent.c | 4 +-
gck/gck-enumerator.c | 25 ++++++++---
gck/gck-mock.c | 4 +-
gck/gck-module.c | 49 +++-------------------
gck/gck-modules.c | 18 ++++----
gck/gck-private.h | 2 +-
gck/gck-session.c | 53 +++++++++++++++++++----
gck/gck-slot.c | 60 +++++++++++++++------------
gck/gck.h | 46 ++++++++++++--------
gck/tests/test-gck-crypto.c | 19 +++++---
gck/tests/test-gck-session.c | 29 ++++---------
gcr/gcr-importer.c | 8 ++--
gcr/gcr-library.c | 2 +-
19 files changed, 178 insertions(+), 164 deletions(-)
---
diff --git a/daemon/dbus/gkd-secret-service.c b/daemon/dbus/gkd-secret-service.c
index 440bd83..f9f3985 100644
--- a/daemon/dbus/gkd-secret-service.c
+++ b/daemon/dbus/gkd-secret-service.c
@@ -1207,7 +1207,6 @@ gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *call
GError *error = NULL;
GckTokenInfo *info;
GckSlot *slot;
- gulong flags;
gboolean login;
g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
@@ -1218,10 +1217,10 @@ gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *call
/* Open a new session if necessary */
if (!client->pkcs11_session) {
- flags = CKF_RW_SESSION | CKF_G_APPLICATION_SESSION;
slot = gkd_secret_service_get_pkcs11_slot (self);
- client->pkcs11_session = gck_slot_open_session_full (slot, flags, &client->app,
- NULL, NULL, &error);
+ client->pkcs11_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
+ CKF_G_APPLICATION_SESSION, &client->app,
+ NULL, NULL, &error);
if (!client->pkcs11_session) {
g_warning ("couldn't open pkcs11 session for secret service: %s",
egg_error_message (error));
diff --git a/daemon/gpg-agent/gkd-gpg-agent-standalone.c b/daemon/gpg-agent/gkd-gpg-agent-standalone.c
index 3e9aa55..51fd1c3 100644
--- a/daemon/gpg-agent/gkd-gpg-agent-standalone.c
+++ b/daemon/gpg-agent/gkd-gpg-agent-standalone.c
@@ -87,7 +87,7 @@ main(int argc, char *argv[])
return 1;
}
- module = gck_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, GCK_AUTHENTICATE_OBJECTS, &error);
+ module = gck_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, 0, &error);
if (!module) {
g_message ("couldn't load pkcs11 module: %s", egg_error_message (error));
g_clear_error (&error);
diff --git a/daemon/gpg-agent/gkd-gpg-agent.c b/daemon/gpg-agent/gkd-gpg-agent.c
index c7683c2..2440e1e 100644
--- a/daemon/gpg-agent/gkd-gpg-agent.c
+++ b/daemon/gpg-agent/gkd-gpg-agent.c
@@ -405,7 +405,7 @@ gkd_gpg_agent_initialize (CK_FUNCTION_LIST_PTR funcs)
g_return_val_if_fail (funcs, -1);
- module = gck_module_new (funcs, GCK_AUTHENTICATE_OBJECTS);
+ module = gck_module_new (funcs, 0);
ret = gkd_gpg_agent_initialize_with_module (module);
g_object_unref (module);
return ret;
@@ -435,7 +435,7 @@ gkd_gpg_agent_initialize_with_module (GckModule *module)
}
/* Try and open a session */
- session = gck_slot_open_session (slot, CKF_RW_SESSION | CKF_SERIAL_SESSION, &error);
+ session = gck_slot_open_session (slot, GCK_SESSION_READ_WRITE | GCK_SESSION_AUTHENTICATE, &error);
g_object_unref (slot);
if (!session) {
diff --git a/daemon/login/gkd-login.c b/daemon/login/gkd-login.c
index b45c313..1ac69d4 100644
--- a/daemon/login/gkd-login.c
+++ b/daemon/login/gkd-login.c
@@ -54,7 +54,7 @@ open_and_login_session (GckSlot *slot, CK_USER_TYPE user_type, GError **error)
if (!error)
error = &err;
- session = gck_slot_open_session (slot, CKF_RW_SESSION, error);
+ session = gck_slot_open_session (slot, GCK_SESSION_READ_WRITE, error);
if (session != NULL) {
if (!gck_session_login (session, user_type, NULL, 0, error)) {
if (g_error_matches (*error, GCK_ERROR, CKR_USER_ALREADY_LOGGED_IN)) {
diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c
index 845c8dd..dba36f9 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-ops.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c
@@ -135,7 +135,7 @@ search_keys_like_attributes (GList *modules, GckSession *session, GckAttributes
/* In all slots */
if (modules) {
- en = gck_modules_enumerate_objects (modules, search, CKF_RW_SESSION);
+ en = gck_modules_enumerate_objects (modules, search, GCK_SESSION_AUTHENTICATE | GCK_SESSION_READ_WRITE);
for (;;) {
object = gck_enumerator_next (en, NULL, &error);
@@ -757,7 +757,7 @@ op_request_identities (GkdSshAgentCall *call)
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY);
/* Find all the keys (we filter out v1 later) */
- en = gck_modules_enumerate_objects (call->modules, attrs, CKF_RW_SESSION);
+ en = gck_modules_enumerate_objects (call->modules, attrs, GCK_SESSION_AUTHENTICATE | GCK_SESSION_READ_WRITE);
gck_attributes_unref (attrs);
g_return_val_if_fail (en, FALSE);
@@ -824,7 +824,7 @@ op_v1_request_identities (GkdSshAgentCall *call)
gck_attributes_add_string (attrs, CKA_LABEL, V1_LABEL);
/* Find all the keys not on token, and are V1 */
- en = gck_modules_enumerate_objects (call->modules, attrs, CKF_RW_SESSION);
+ en = gck_modules_enumerate_objects (call->modules, attrs, GCK_SESSION_AUTHENTICATE | GCK_SESSION_READ_WRITE);
gck_attributes_unref (attrs);
g_return_val_if_fail (en, FALSE);
diff --git a/daemon/ssh-agent/gkd-ssh-agent-standalone.c b/daemon/ssh-agent/gkd-ssh-agent-standalone.c
index fae687e..19111e0 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-standalone.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-standalone.c
@@ -88,7 +88,7 @@ main(int argc, char *argv[])
return 1;
}
- module = gck_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, GCK_AUTHENTICATE_OBJECTS, &error);
+ module = gck_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, 0, &error);
if (!module) {
g_message ("couldn't load pkcs11 module: %s", egg_error_message (error));
g_clear_error (&error);
diff --git a/daemon/ssh-agent/gkd-ssh-agent.c b/daemon/ssh-agent/gkd-ssh-agent.c
index fa06f76..b744ddc 100644
--- a/daemon/ssh-agent/gkd-ssh-agent.c
+++ b/daemon/ssh-agent/gkd-ssh-agent.c
@@ -353,7 +353,7 @@ gkd_ssh_agent_initialize (CK_FUNCTION_LIST_PTR funcs)
g_return_val_if_fail (funcs, -1);
- module = gck_module_new (funcs, GCK_AUTHENTICATE_OBJECTS);
+ module = gck_module_new (funcs, 0);
ret = gkd_ssh_agent_initialize_with_module (module);
g_object_unref (module);
return ret;
@@ -378,7 +378,7 @@ gkd_ssh_agent_initialize_with_module (GckModule *module)
if (gck_mechanisms_check (mechs, CKM_RSA_PKCS, CKM_DSA, GCK_INVALID)) {
/* Try and open a session */
- session = gck_slot_open_session (l->data, CKF_SERIAL_SESSION, &error);
+ session = gck_slot_open_session (l->data, GCK_SESSION_AUTHENTICATE, &error);
if (!session) {
g_warning ("couldn't create pkcs#11 session: %s", egg_error_message (error));
g_clear_error (&error);
diff --git a/gck/gck-enumerator.c b/gck/gck-enumerator.c
index dd2d58b..682a8b1 100644
--- a/gck/gck-enumerator.c
+++ b/gck/gck-enumerator.c
@@ -58,7 +58,8 @@ struct _GckEnumeratorState {
GList *modules;
GckTokenInfo *match_token;
GckAttributes *match_attrs;
- CK_FLAGS session_flags;
+ guint session_options;
+ gboolean authenticate;
gchar *password;
/* state_module */
@@ -262,6 +263,7 @@ state_slot (GckEnumeratorState *args, gboolean forward)
{
CK_FUNCTION_LIST_PTR funcs;
CK_SESSION_HANDLE session;
+ CK_FLAGS flags;
CK_RV rv;
g_assert (args->slot);
@@ -273,15 +275,20 @@ state_slot (GckEnumeratorState *args, gboolean forward)
funcs = gck_module_get_functions (args->module);
g_return_val_if_fail (funcs, NULL);
+ flags = CKF_SERIAL_SESSION;
+ if ((args->session_options & GCK_SESSION_READ_WRITE) == GCK_SESSION_READ_WRITE)
+ flags |= CKF_RW_SESSION;
+
rv = (funcs->C_OpenSession) (gck_slot_get_handle (args->slot),
- args->session_flags, NULL, NULL, &session);
+ flags, NULL, NULL, &session);
+
if (rv != CKR_OK) {
g_message ("couldn't open session on module while enumerating objects: %s",
gck_message_from_rv (rv));
return rewind_state (args, state_slots);
}
- args->session = gck_session_from_handle (args->slot, session);
+ args->session = gck_session_from_handle (args->slot, session, args->session_options);
return state_session;
/* slot to slots state */
@@ -312,6 +319,10 @@ state_session (GckEnumeratorState *args, gboolean forward)
/* session to authenticated state */
if (forward) {
+ /* Don't want to authenticate? */
+ if (!args->authenticate)
+ return state_authenticated;
+
/* No login necessary */
if ((args->token_info->flags & CKF_LOGIN_REQUIRED) == 0)
return state_authenticated;
@@ -341,8 +352,8 @@ state_session (GckEnumeratorState *args, gboolean forward)
rv = (funcs->C_Login) (gck_session_get_handle (args->session), CKU_USER,
(CK_BYTE_PTR)args->password, n_pin);
- /* Authentication failed can we ask for a password? */
- if (rv == CKR_PIN_INCORRECT && gck_module_get_options (args->module) & GCK_AUTHENTICATE_TOKENS) {
+ /* Authentication failed, ask for a password */
+ if (rv == CKR_PIN_INCORRECT) {
args->want_password = TRUE;
return NULL;
@@ -507,7 +518,7 @@ gck_enumerator_class_init (GckEnumeratorClass *klass)
*/
GckEnumerator*
-_gck_enumerator_new (GList *modules, guint session_flags, GckTokenInfo *match_token, GckAttributes *match_attrs)
+_gck_enumerator_new (GList *modules, guint session_options, GckTokenInfo *match_token, GckAttributes *match_attrs)
{
GckEnumerator *self;
GckEnumeratorState *state;
@@ -515,7 +526,7 @@ _gck_enumerator_new (GList *modules, guint session_flags, GckTokenInfo *match_to
self = g_object_new (GCK_TYPE_ENUMERATOR, NULL);
state = g_atomic_pointer_get (&self->pv->state);
- state->session_flags = session_flags | CKF_SERIAL_SESSION;
+ state->session_options = session_options;
state->modules = gck_list_ref_copy (modules);
if (match_attrs) {
diff --git a/gck/gck-mock.c b/gck/gck-mock.c
index 3887896..bc4a839 100644
--- a/gck/gck-mock.c
+++ b/gck/gck-mock.c
@@ -639,9 +639,7 @@ gck_mock_C_CloseSession (CK_SESSION_HANDLE hSession)
Session *session;
session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
- g_assert (session != NULL && "No such session found");
- if (!session)
- return CKR_SESSION_HANDLE_INVALID;
+ g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
g_hash_table_remove (the_sessions, GUINT_TO_POINTER (hSession));
return CKR_OK;
diff --git a/gck/gck-module.c b/gck/gck-module.c
index 7e06683..04d6ad6 100644
--- a/gck/gck-module.c
+++ b/gck/gck-module.c
@@ -76,8 +76,7 @@
enum {
PROP_0,
PROP_PATH,
- PROP_FUNCTIONS,
- PROP_OPTIONS
+ PROP_FUNCTIONS
};
enum {
@@ -92,7 +91,6 @@ struct _GckModulePrivate {
gboolean initialized;
CK_FUNCTION_LIST_PTR funcs;
CK_C_INITIALIZE_ARGS init_args;
- guint options;
/* Modified atomically */
gint finalized;
@@ -254,9 +252,6 @@ gck_module_get_property (GObject *obj, guint prop_id, GValue *value,
case PROP_FUNCTIONS:
g_value_set_pointer (value, gck_module_get_functions (self));
break;
- case PROP_OPTIONS:
- g_value_set_uint (value, gck_module_get_options (self));
- break;
}
}
@@ -276,10 +271,6 @@ gck_module_set_property (GObject *obj, guint prop_id, const GValue *value,
g_return_if_fail (!self->pv->funcs);
self->pv->funcs = g_value_get_pointer (value);
break;
- case PROP_OPTIONS:
- g_return_if_fail (!self->pv->options);
- self->pv->options = g_value_get_uint (value);
- break;
}
}
@@ -366,18 +357,6 @@ gck_module_class_init (GckModuleClass *klass)
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
/**
- * GckModule:options:
- *
- * Various option flags related to authentication etc.
- *
- * The #GckModule::authenticate-object signal will be fired when an
- * object needs to be authenticated.
- */
- g_object_class_install_property (gobject_class, PROP_OPTIONS,
- g_param_spec_uint ("options", "Options", "Module options",
- 0, G_MAXUINT, 0, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
-
- /**
* GckModule::authenticate-slot:
* @module: The module
* @slot: The slot to be authenticated.
@@ -440,7 +419,7 @@ gck_module_info_free (GckModuleInfo *module_info)
* gck_module_initialize:
* @path: The file system path to the PKCS#11 module to load.
* @reserved: Extra arguments for the PKCS#11 module, should usually be NULL.
- * @options: Options which control the authentication behavior etc.
+ * @reserved_options: No options are currently available.
* @err: A location to store an error resulting from a failed load.
*
* Load and initialize a PKCS#11 module represented by a GckModule object.
@@ -448,7 +427,7 @@ gck_module_info_free (GckModuleInfo *module_info)
* Return value: The loaded PKCS#11 module or NULL if failed.
**/
GckModule*
-gck_module_initialize (const gchar *path, gpointer reserved, guint options, GError **err)
+gck_module_initialize (const gchar *path, gpointer reserved, guint reserved_options, GError **err)
{
CK_C_GetFunctionList get_function_list;
CK_FUNCTION_LIST_PTR funcs;
@@ -484,7 +463,7 @@ gck_module_initialize (const gchar *path, gpointer reserved, guint options, GErr
return NULL;
}
- self = g_object_new (GCK_TYPE_MODULE, "functions", funcs, "path", path, "options", options, NULL);
+ self = g_object_new (GCK_TYPE_MODULE, "functions", funcs, "path", path, NULL);
self->pv->module = module;
memset (&self->pv->init_args, 0, sizeof (self->pv->init_args));
@@ -519,10 +498,10 @@ gck_module_initialize (const gchar *path, gpointer reserved, guint options, GErr
* Return value: The new PKCS#11 module.
**/
GckModule*
-gck_module_new (CK_FUNCTION_LIST_PTR funcs, guint options)
+gck_module_new (CK_FUNCTION_LIST_PTR funcs, guint reserved_options)
{
g_return_val_if_fail (funcs, NULL);
- return g_object_new (GCK_TYPE_MODULE, "functions", funcs, "options", options, NULL);
+ return g_object_new (GCK_TYPE_MODULE, "functions", funcs, NULL);
}
/**
@@ -689,19 +668,3 @@ gck_module_get_functions (GckModule *self)
g_return_val_if_fail (GCK_IS_MODULE (self), NULL);
return self->pv->funcs;
}
-
-
-/**
- * gck_module_get_options:
- * @self: The module to get setting from.
- *
- * Get the various module options, such as auto authenticate etc.
- *
- * Return value: The module options.
- **/
-guint
-gck_module_get_options (GckModule *self)
-{
- g_return_val_if_fail (GCK_IS_MODULE (self), 0);
- return self->pv->options;
-}
diff --git a/gck/gck-modules.c b/gck/gck-modules.c
index fd9e0bd..d05a5f0 100644
--- a/gck/gck-modules.c
+++ b/gck/gck-modules.c
@@ -134,7 +134,7 @@ gck_modules_get_slots (GList *modules, gboolean token_present)
* gck_module_enumerate_objects_full:
* @self: The module to enumerate objects.
* @attrs: Attributes that the objects must have, or empty for all objects.
- * @session_flags: PKCS#11 flags for opening a session.
+ * @session_flags: Flags for opening a session.
*
* Setup an enumerator for listing matching objects on the modules.
*
@@ -145,9 +145,9 @@ gck_modules_get_slots (GList *modules, gboolean token_present)
* Return value: A new enumerator
**/
GckEnumerator*
-gck_modules_enumerate_objects (GList *modules, GckAttributes *attrs, guint session_flags)
+gck_modules_enumerate_objects (GList *modules, GckAttributes *attrs, guint session_options)
{
- return _gck_enumerator_new (modules, session_flags, NULL, attrs);
+ return _gck_enumerator_new (modules, session_options, NULL, attrs);
}
GckSlot*
@@ -177,7 +177,7 @@ gck_modules_token_for_uri (GList *modules, const gchar *uri, GError **error)
}
GckObject*
-gck_modules_object_for_uri (GList *modules, const gchar *uri, guint session_flags,
+gck_modules_object_for_uri (GList *modules, const gchar *uri, guint session_options,
GError **error)
{
GckEnumerator *en;
@@ -186,7 +186,7 @@ gck_modules_object_for_uri (GList *modules, const gchar *uri, guint session_flag
g_return_val_if_fail (uri, NULL);
g_return_val_if_fail (!error || !*error, NULL);
- en = gck_modules_enumerate_uri (modules, uri, session_flags, error);
+ en = gck_modules_enumerate_uri (modules, uri, session_options, error);
if (en == NULL)
return NULL;
@@ -197,7 +197,7 @@ gck_modules_object_for_uri (GList *modules, const gchar *uri, guint session_flag
}
GList*
-gck_modules_objects_for_uri (GList *modules, const gchar *uri, guint session_flags,
+gck_modules_objects_for_uri (GList *modules, const gchar *uri, guint session_options,
GError **error)
{
GckEnumerator *en;
@@ -206,7 +206,7 @@ gck_modules_objects_for_uri (GList *modules, const gchar *uri, guint session_fla
g_return_val_if_fail (uri, NULL);
g_return_val_if_fail (!error || !*error, NULL);
- en = gck_modules_enumerate_uri (modules, uri, session_flags, error);
+ en = gck_modules_enumerate_uri (modules, uri, session_options, error);
if (en == NULL)
return NULL;
@@ -217,7 +217,7 @@ gck_modules_objects_for_uri (GList *modules, const gchar *uri, guint session_fla
}
GckEnumerator*
-gck_modules_enumerate_uri (GList *modules, const gchar *uri, guint session_flags,
+gck_modules_enumerate_uri (GList *modules, const gchar *uri, guint session_options,
GError **error)
{
GckTokenInfo *token;
@@ -228,7 +228,7 @@ gck_modules_enumerate_uri (GList *modules, const gchar *uri, guint session_flags
return NULL;
/* Takes ownership of token info */
- en = _gck_enumerator_new (modules, session_flags, token, attrs);
+ en = _gck_enumerator_new (modules, session_options, token, attrs);
gck_attributes_unref (attrs);
return en;
diff --git a/gck/gck-private.h b/gck/gck-private.h
index 4a4aa9d..00af629 100644
--- a/gck/gck-private.h
+++ b/gck/gck-private.h
@@ -77,7 +77,7 @@ gboolean _gck_module_fire_authenticate_object (GckModule *module,
*/
GckEnumerator* _gck_enumerator_new (GList *modules,
- guint session_flags,
+ guint session_options,
GckTokenInfo *match_token,
GckAttributes *match_attrs);
diff --git a/gck/gck-session.c b/gck/gck-session.c
index 225a812..ee72163 100644
--- a/gck/gck-session.c
+++ b/gck/gck-session.c
@@ -64,13 +64,15 @@ enum {
PROP_0,
PROP_MODULE,
PROP_HANDLE,
- PROP_SLOT
+ PROP_SLOT,
+ PROP_OPTIONS,
};
struct _GckSessionPrivate {
GckSlot *slot;
GckModule *module;
CK_SESSION_HANDLE handle;
+ guint options;
/* Modified atomically */
gint discarded;
@@ -130,6 +132,9 @@ gck_session_get_property (GObject *obj, guint prop_id, GValue *value,
case PROP_SLOT:
g_value_take_object (value, gck_session_get_slot (self));
break;
+ case PROP_OPTIONS:
+ g_value_set_uint (value, gck_session_get_options (self));
+ break;
}
}
@@ -156,6 +161,10 @@ gck_session_set_property (GObject *obj, guint prop_id, const GValue *value,
self->pv->slot = g_value_dup_object (value);
g_return_if_fail (self->pv->slot);
break;
+ case PROP_OPTIONS:
+ g_return_if_fail (!self->pv->options);
+ self->pv->options = g_value_get_uint (value);
+ break;
}
}
@@ -240,6 +249,15 @@ gck_session_class_init (GckSessionClass *klass)
GCK_TYPE_SLOT, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
/**
+ * GckSession:options:
+ *
+ * The options this session was opened with.
+ */
+ g_object_class_install_property (gobject_class, PROP_OPTIONS,
+ g_param_spec_uint ("options", "Session Options", "Session Options",
+ 0, G_MAXUINT, 0, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+
+ /**
* GckSession::discard-handle:
* @session: The session.
* @handle: The handle being discarded.
@@ -294,6 +312,7 @@ gck_session_info_free (GckSessionInfo *session_info)
* gck_session_from_handle:
* @slot: The slot which the session belongs to.
* @handle: The raw PKCS#11 handle of the session.
+ * @options: Session options. Those which are used during opening a session have no effect.
*
* Initialize a GckSession object from a raw PKCS#11 session handle.
* Usually one would use the gck_slot_open_session() function to
@@ -302,7 +321,7 @@ gck_session_info_free (GckSessionInfo *session_info)
* Return value: The new GckSession object.
**/
GckSession*
-gck_session_from_handle (GckSlot *slot, CK_SESSION_HANDLE handle)
+gck_session_from_handle (GckSlot *slot, CK_SESSION_HANDLE handle, guint options)
{
GckModule *module;
GckSession *session;
@@ -311,7 +330,8 @@ gck_session_from_handle (GckSlot *slot, CK_SESSION_HANDLE handle)
module = gck_slot_get_module (slot);
session = g_object_new (GCK_TYPE_SESSION, "module", module,
- "handle", handle, "slot", slot, NULL);
+ "handle", handle, "slot", slot,
+ "options", options, NULL);
g_object_unref (module);
return session;
@@ -436,6 +456,21 @@ gck_session_get_state (GckSession *self)
return info.state;
}
+/**
+ * gck_session_get_options:
+ * @self: The session to get options from.
+ *
+ * Get the options this session was opened with.
+ *
+ * Return value: The session options.
+ **/
+guint
+gck_session_get_options (GckSession *self)
+{
+ g_return_val_if_fail (GCK_IS_SESSION (self), 0);
+ return self->pv->options;
+}
+
/* ---------------------------------------------------------------------------------------------
* INIT PIN
*/
@@ -1916,7 +1951,7 @@ authenticate_complete (Authenticate *auth, GckArguments *base, CK_RV result)
}
static void
-authenticate_init (Authenticate *auth, GckSlot *slot, GckObject *object)
+authenticate_init (Authenticate *auth, GckSlot *slot, GckObject *object, guint options)
{
GckModule *module;
@@ -1924,7 +1959,7 @@ authenticate_init (Authenticate *auth, GckSlot *slot, GckObject *object)
g_assert (GCK_IS_OBJECT (object));
module = gck_slot_get_module (slot);
- if (gck_module_get_options (module) & GCK_AUTHENTICATE_OBJECTS) {
+ if ((options & GCK_SESSION_AUTHENTICATE) == GCK_SESSION_AUTHENTICATE) {
auth->state = AUTHENTICATE_CAN;
auth->protected_auth = gck_slot_has_flags (slot, CKF_PROTECTED_AUTHENTICATION_PATH);
auth->module = module;
@@ -2037,7 +2072,7 @@ crypt_sync (GckSession *self, GckObject *key, GckMechanism *mechanism, const guc
args.complete_func = complete_func;
slot = gck_session_get_slot (self);
- authenticate_init (&args.auth, slot, key);
+ authenticate_init (&args.auth, slot, key, self->pv->options);
g_object_unref (slot);
if (!_gck_call_sync (self, perform_crypt, complete_crypt, &args, cancellable, err)) {
@@ -2074,7 +2109,7 @@ crypt_async (GckSession *self, GckObject *key, GckMechanism *mechanism, const gu
args->complete_func = complete_func;
slot = gck_session_get_slot (self);
- authenticate_init (&args->auth, slot, key);
+ authenticate_init (&args->auth, slot, key, self->pv->options);
g_object_unref (slot);
_gck_call_async_ready_go (args, cancellable, callback, user_data);
@@ -2570,7 +2605,7 @@ gck_session_verify_full (GckSession *self, GckObject *key, GckMechanism *mechani
args.n_signature = n_signature;
slot = gck_session_get_slot (self);
- authenticate_init (&args.auth, slot, key);
+ authenticate_init (&args.auth, slot, key, self->pv->options);
g_object_unref (slot);
return _gck_call_sync (self, perform_verify, complete_verify, &args, cancellable, err);
@@ -2615,7 +2650,7 @@ gck_session_verify_async (GckSession *self, GckObject *key, GckMechanism *mechan
args->n_signature = n_signature;
slot = gck_session_get_slot (self);
- authenticate_init (&args->auth, slot, key);
+ authenticate_init (&args->auth, slot, key, self->pv->options);
g_object_unref (slot);
_gck_call_async_ready_go (args, cancellable, callback, user_data);
diff --git a/gck/gck-slot.c b/gck/gck-slot.c
index 48c3f17..dd9a1fb 100644
--- a/gck/gck-slot.c
+++ b/gck/gck-slot.c
@@ -94,7 +94,7 @@ timegm(struct tm *t)
*/
static GckSession*
-make_session_object (GckSlot *self, gulong flags, CK_SESSION_HANDLE handle)
+make_session_object (GckSlot *self, guint options, CK_SESSION_HANDLE handle)
{
GckSession *session;
GckModule *module;
@@ -103,7 +103,7 @@ make_session_object (GckSlot *self, gulong flags, CK_SESSION_HANDLE handle)
module = gck_slot_get_module (self);
- session = gck_session_from_handle (self, handle);
+ session = gck_session_from_handle (self, handle, options);
g_return_val_if_fail (session != NULL, NULL);
g_object_unref (module);
@@ -940,15 +940,16 @@ free_open_session (OpenSession *args)
* Return value: A new session or NULL if an error occurs.
**/
GckSession*
-gck_slot_open_session (GckSlot *self, gulong flags, GError **err)
+gck_slot_open_session (GckSlot *self, guint options, GError **err)
{
- return gck_slot_open_session_full (self, flags, NULL, NULL, NULL, err);
+ return gck_slot_open_session_full (self, options, 0, NULL, NULL, NULL, err);
}
/**
* gck_slot_open_session_full:
* @self: The slot to open a session on.
- * @flags: The flags to open a session with.
+ * @options: The options to open the new session with.
+ * @pkcs11_flags: Additional raw PKCS#11 flags.
* @app_data: Application data for notification callback.
* @notify: PKCS#11 notification callback.
* @cancellable: Optional cancellation object, or NULL.
@@ -962,16 +963,14 @@ gck_slot_open_session (GckSlot *self, gulong flags, GError **err)
* Return value: A new session or NULL if an error occurs.
**/
GckSession*
-gck_slot_open_session_full (GckSlot *self, gulong flags, gpointer app_data,
- CK_NOTIFY notify, GCancellable *cancellable, GError **err)
+gck_slot_open_session_full (GckSlot *self, guint options, gulong pkcs11_flags, gpointer app_data,
+ CK_NOTIFY notify, GCancellable *cancellable, GError **err)
{
OpenSession args = { GCK_ARGUMENTS_INIT, 0, };
GckSession *session = NULL;
GckModule *module = NULL;
CK_SLOT_ID slot_id;
- flags |= CKF_SERIAL_SESSION;
-
g_object_ref (self);
/* Try to use a cached session */
@@ -980,15 +979,19 @@ gck_slot_open_session_full (GckSlot *self, gulong flags, gpointer app_data,
/* Open a new session */
args.slot = self;
- args.flags = flags;
args.app_data = app_data;
args.notify = notify;
args.password = NULL;
- args.auto_login = (gck_module_get_options (module) & GCK_AUTHENTICATE_TOKENS) ? TRUE : FALSE;
args.session = 0;
+ args.auto_login = ((options & GCK_SESSION_LOGIN_USER) == GCK_SESSION_LOGIN_USER);
+
+ args.flags = pkcs11_flags | CKF_SERIAL_SESSION;
+ if ((options & GCK_SESSION_READ_WRITE) == GCK_SESSION_READ_WRITE)
+ args.flags |= CKF_RW_SESSION;
+
if (_gck_call_sync (self, perform_open_session, complete_open_session, &args, cancellable, err))
- session = make_session_object (self, flags, args.session);
+ session = make_session_object (self, options, args.session);
g_object_unref (module);
g_object_unref (self);
@@ -996,10 +999,18 @@ gck_slot_open_session_full (GckSlot *self, gulong flags, gpointer app_data,
return session;
}
+void
+gck_slot_open_session_async (GckSlot *self, guint options, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
+{
+ gck_slot_open_session_full_async (self, options, 0UL, NULL, NULL, cancellable, callback, user_data);
+}
+
/**
* gck_slot_open_session_async:
* @self: The slot to open a session on.
- * @flags: The flags to open a session with.
+ * @options: Options to open the new session with.
+ * @pkcs11_flags: Additional raw PKCS#11 flags.
* @app_data: Application data for notification callback.
* @notify: PKCS#11 notification callback.
* @cancellable: Optional cancellation object, or NULL.
@@ -1012,31 +1023,26 @@ gck_slot_open_session_full (GckSlot *self, gulong flags, gpointer app_data,
* This call will return immediately and complete asynchronously.
**/
void
-gck_slot_open_session_async (GckSlot *self, gulong flags, gpointer app_data,
- CK_NOTIFY notify, GCancellable *cancellable,
- GAsyncReadyCallback callback, gpointer user_data)
+gck_slot_open_session_full_async (GckSlot *self, guint options, gulong pkcs11_flags, gpointer app_data,
+ CK_NOTIFY notify, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
{
- GckModule *module = NULL;
OpenSession *args;
- CK_SLOT_ID slot_id;
-
- flags |= CKF_SERIAL_SESSION;
g_object_ref (self);
args = _gck_call_async_prep (self, self, perform_open_session, complete_open_session,
- sizeof (*args), free_open_session);
+ sizeof (*args), free_open_session);
- args->flags = flags;
args->app_data = app_data;
args->notify = notify;
args->slot = g_object_ref (self);
- /* Try to use a cached session */
- module = gck_slot_get_module (self);
- slot_id = gck_slot_get_handle (self);
- args->auto_login = (gck_module_get_options (module) & GCK_AUTHENTICATE_TOKENS) ? TRUE : FALSE;
- g_object_unref (module);
+ args->auto_login = ((options & GCK_SESSION_LOGIN_USER) == GCK_SESSION_LOGIN_USER);
+
+ args->flags = pkcs11_flags | CKF_SERIAL_SESSION;
+ if ((options & GCK_SESSION_READ_WRITE) == GCK_SESSION_READ_WRITE)
+ args->flags |= CKF_RW_SESSION;
_gck_call_async_ready_go (args, cancellable, callback, user_data);
g_object_unref (self);
diff --git a/gck/gck.h b/gck/gck.h
index 153d23c..021ce35 100644
--- a/gck/gck.h
+++ b/gck/gck.h
@@ -75,11 +75,6 @@ typedef struct GckAttribute {
#define GCK_INVALID G_MAXULONG
-enum {
- GCK_AUTHENTICATE_TOKENS = 2,
- GCK_AUTHENTICATE_OBJECTS = 4
-};
-
gboolean gck_value_to_ulong (gconstpointer value,
gsize length,
gulong *result);
@@ -286,11 +281,11 @@ struct _GckModuleClass {
GType gck_module_get_type (void) G_GNUC_CONST;
GckModule* gck_module_new (CK_FUNCTION_LIST_PTR funcs,
- guint options);
+ guint reserved_options);
GckModule* gck_module_initialize (const gchar *path,
gpointer reserved,
- guint options,
+ guint reserved_options,
GError **err);
gboolean gck_module_equal (gconstpointer module1,
@@ -307,18 +302,16 @@ GckModuleInfo* gck_module_get_info (GckModule *self);
GList* gck_module_get_slots (GckModule *self,
gboolean token_present);
-guint gck_module_get_options (GckModule *self);
-
gchar** gck_modules_list_registered_paths (GError **err);
-GList* gck_modules_initialize_registered (guint options);
+GList* gck_modules_initialize_registered (guint reserved_options);
GList* gck_modules_get_slots (GList *modules,
gboolean token_present);
GckEnumerator* gck_modules_enumerate_objects (GList *modules,
GckAttributes *attrs,
- guint session_flags);
+ guint session_options);
GckSlot* gck_modules_token_for_uri (GList *modules,
const gchar *uri,
@@ -326,17 +319,17 @@ GckSlot* gck_modules_token_for_uri (GList *modules,
GckObject* gck_modules_object_for_uri (GList *modules,
const gchar *uri,
- guint session_flags,
+ guint session_options,
GError **error);
GList* gck_modules_objects_for_uri (GList *modules,
const gchar *uri,
- guint session_flags,
+ guint session_options,
GError **error);
GckEnumerator* gck_modules_enumerate_uri (GList *modules,
const gchar *uri,
- guint session_flags,
+ guint session_options,
GError **error);
@@ -516,18 +509,26 @@ gboolean gck_slot_init_token_finish (GckSlot *self,
#endif /* UNIMPLEMENTED */
GckSession* gck_slot_open_session (GckSlot *self,
- gulong flags,
+ guint options,
GError **err);
GckSession* gck_slot_open_session_full (GckSlot *self,
- gulong flags,
+ guint options,
+ gulong pkcs11_flags,
gpointer app_data,
CK_NOTIFY notify,
GCancellable *cancellable,
GError **err);
void gck_slot_open_session_async (GckSlot *self,
- gulong flags,
+ guint options,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+
+void gck_slot_open_session_full_async (GckSlot *self,
+ guint options,
+ gulong pkcs11_flags,
gpointer app_data,
CK_NOTIFY notify,
GCancellable *cancellable,
@@ -542,6 +543,12 @@ GckSession* gck_slot_open_session_finish (GckSlot *self,
* SESSION
*/
+typedef enum _GckSessionOptions {
+ GCK_SESSION_READ_WRITE = 1 << 1,
+ GCK_SESSION_LOGIN_USER = 1 << 2,
+ GCK_SESSION_AUTHENTICATE = 1 << 3,
+} GckSessionOptions;
+
typedef struct _GckSessionInfo {
gulong slot_id;
gulong state;
@@ -578,7 +585,8 @@ struct _GckSessionClass {
GType gck_session_get_type (void) G_GNUC_CONST;
GckSession* gck_session_from_handle (GckSlot *slot,
- CK_SESSION_HANDLE handle);
+ CK_SESSION_HANDLE handle,
+ guint options);
GckModule* gck_session_get_module (GckSession *self);
@@ -590,6 +598,8 @@ GckSessionInfo* gck_session_get_info (GckSession *self);
gulong gck_session_get_state (GckSession *self);
+guint gck_session_get_options (GckSession *self);
+
gboolean gck_session_init_pin (GckSession *self,
const guchar *pin,
gsize n_pin,
diff --git a/gck/tests/test-gck-crypto.c b/gck/tests/test-gck-crypto.c
index 48ca597..631e327 100644
--- a/gck/tests/test-gck-crypto.c
+++ b/gck/tests/test-gck-crypto.c
@@ -9,10 +9,16 @@
#include "gck-test.h"
static GckModule *module = NULL;
-static GckModule *module_with_auth = NULL;
static GckSession *session = NULL;
static GckSession *session_with_auth = NULL;
+static gboolean
+on_discard_handle_ignore (GckSession *self, CK_OBJECT_HANDLE handle, gpointer unused)
+{
+ /* Don't close the handle for this session, since it's a duplicate */
+ return TRUE;
+}
+
DEFINE_SETUP(crypto_session)
{
GError *err = NULL;
@@ -29,13 +35,11 @@ DEFINE_SETUP(crypto_session)
session = gck_slot_open_session (slots->data, 0, &err);
SUCCESS_RES(session, err);
- module_with_auth = gck_module_new (gck_module_get_functions (module), GCK_AUTHENTICATE_OBJECTS);
- g_assert (module_with_auth);
-
- slot = gck_slot_from_handle (module_with_auth, gck_slot_get_handle (slots->data));
+ slot = gck_session_get_slot (session);
g_assert (slot);
- session_with_auth = gck_session_from_handle (slot, gck_session_get_handle (session));
+ session_with_auth = gck_session_from_handle (slot, gck_session_get_handle (session), GCK_SESSION_AUTHENTICATE);
+ g_signal_connect (session_with_auth, "discard-handle", G_CALLBACK (on_discard_handle_ignore), NULL);
g_assert (session_with_auth);
g_object_unref (slot);
@@ -46,6 +50,7 @@ DEFINE_TEARDOWN(crypto_session)
{
g_object_unref (session);
g_object_unref (module);
+ g_object_unref (session_with_auth);
}
static void
@@ -270,7 +275,7 @@ DEFINE_TEST(sign)
mech = gck_mechanism_new_with_param (CKM_MOCK_PREFIX, "my-prefix:", 10);
/* Enable auto-login on this session, see previous test */
- g_signal_connect (module_with_auth, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
+ g_signal_connect (module, "authenticate-object", G_CALLBACK (authenticate_object), NULL);
/* Find the right key */
key = find_key (session_with_auth, CKA_SIGN, CKM_MOCK_PREFIX);
diff --git a/gck/tests/test-gck-session.c b/gck/tests/test-gck-session.c
index 3413a0a..f9b8eb7 100644
--- a/gck/tests/test-gck-session.c
+++ b/gck/tests/test-gck-session.c
@@ -82,13 +82,13 @@ DEFINE_TEST(open_close_session)
GAsyncResult *result = NULL;
GError *err = NULL;
- sess = gck_slot_open_session_full (slot, 0, NULL, NULL, NULL, &err);
+ sess = gck_slot_open_session (slot, 0, &err);
SUCCESS_RES (sess, err);
g_object_unref (sess);
/* Test opening async */
- gck_slot_open_session_async (slot, 0, NULL, NULL, NULL, fetch_async_result, &result);
+ gck_slot_open_session_async (slot, 0, NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result != NULL);
@@ -195,14 +195,11 @@ authenticate_token (GckModule *module, GckSlot *slot, gchar *label, gchar **pass
DEFINE_TEST(auto_login)
{
GckObject *object;
- GckModule *module_with_auth;
- GckSlot *slot_with_auth;
GckSession *new_session;
GAsyncResult *result = NULL;
GError *err = NULL;
GckAttributes *attrs;
gboolean ret;
- gint value;
attrs = gck_attributes_new ();
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_DATA);
@@ -210,23 +207,14 @@ DEFINE_TEST(auto_login)
gck_attributes_add_boolean (attrs, CKA_PRIVATE, CK_TRUE);
/* Try to do something that requires a login */
- g_assert_cmpuint (gck_module_get_options (module), ==, 0);
object = gck_session_create_object (session, attrs, NULL, &err);
g_assert (!object);
g_assert (err && err->code == CKR_USER_NOT_LOGGED_IN);
g_clear_error (&err);
/* Setup for auto login */
- module_with_auth = gck_module_new (gck_module_get_functions (module), GCK_AUTHENTICATE_TOKENS | GCK_AUTHENTICATE_OBJECTS);
- g_assert (gck_module_get_options (module_with_auth) == (GCK_AUTHENTICATE_TOKENS | GCK_AUTHENTICATE_OBJECTS));
- g_object_get (module_with_auth, "options", &value, NULL);
- g_assert_cmpuint (value, ==, (GCK_AUTHENTICATE_TOKENS | GCK_AUTHENTICATE_OBJECTS));
-
- g_signal_connect (module_with_auth, "authenticate-slot", G_CALLBACK (authenticate_token), GUINT_TO_POINTER (35));
-
- /* Create a new session */
- slot_with_auth = g_object_new (GCK_TYPE_SLOT, "module", module_with_auth, "handle", gck_slot_get_handle (slot), NULL);
- new_session = gck_slot_open_session (slot_with_auth, CKF_RW_SESSION, &err);
+ g_signal_connect (module, "authenticate-slot", G_CALLBACK (authenticate_token), GUINT_TO_POINTER (35));
+ new_session = gck_slot_open_session (slot, GCK_SESSION_READ_WRITE | GCK_SESSION_LOGIN_USER, &err);
SUCCESS_RES (new_session, err);
/* Try again to do something that requires a login */
@@ -238,11 +226,13 @@ DEFINE_TEST(auto_login)
ret = gck_session_logout (new_session, &err);
SUCCESS_RES (ret, err);
+ g_object_unref (new_session);
+
/* Now try the same thing, but asyncronously */
- gck_slot_open_session_async (slot_with_auth, CKF_RW_SESSION, NULL, NULL, NULL, fetch_async_result, &result);
+ gck_slot_open_session_async (slot, GCK_SESSION_READ_WRITE | GCK_SESSION_LOGIN_USER, NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result != NULL);
- new_session = gck_slot_open_session_finish (slot_with_auth, result, &err);
+ new_session = gck_slot_open_session_finish (slot, result, &err);
SUCCESS_RES (new_session, err);
g_object_unref (result);
@@ -260,7 +250,4 @@ DEFINE_TEST(auto_login)
SUCCESS_RES (ret, err);
g_object_unref (new_session);
-
- g_object_unref (slot_with_auth);
- g_object_unref (module_with_auth);
}
diff --git a/gcr/gcr-importer.c b/gcr/gcr-importer.c
index 87dfc7d..2891ab2 100644
--- a/gcr/gcr-importer.c
+++ b/gcr/gcr-importer.c
@@ -258,11 +258,11 @@ state_open_session (GcrImporter *self, gboolean async)
} else {
if (async) {
- gck_slot_open_session_async (self->pv->slot, CKF_RW_SESSION, NULL, NULL,
- self->pv->cancel, on_open_session, self);
+ gck_slot_open_session_async (self->pv->slot, GCK_SESSION_READ_WRITE, self->pv->cancel,
+ on_open_session, self);
} else {
- session = gck_slot_open_session_full (self->pv->slot, CKF_RW_SESSION, NULL, NULL,
- self->pv->cancel, &error);
+ session = gck_slot_open_session_full (self->pv->slot, GCK_SESSION_READ_WRITE, 0, NULL, NULL,
+ self->pv->cancel, &error);
complete_open_session (self, session, error);
}
}
diff --git a/gcr/gcr-library.c b/gcr/gcr-library.c
index 4317426..1aa413b 100644
--- a/gcr/gcr-library.c
+++ b/gcr/gcr-library.c
@@ -119,7 +119,7 @@ _gcr_initialize (void)
egg_libgcrypt_initialize ();
if (g_once_init_enter (&gcr_initialized)) {
- all_modules = gck_modules_initialize_registered (GCK_AUTHENTICATE_OBJECTS | GCK_AUTHENTICATE_TOKENS);
+ all_modules = gck_modules_initialize_registered (0);
g_once_init_leave (&gcr_initialized, 1);
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
