[gnome-keyring] dbus: Provide way to get an internal PKCS#11 session.

From: Stefan Walter <stefw src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keyring] dbus: Provide way to get an internal PKCS#11 session.
Date: Mon, 12 Sep 2011 08:12:02 +0000 (UTC)
commit ee35bf099d98164f19a750fa02c48461c2b389a1
Author: Stef Walter <stefw collabora co uk>
Date:   Mon Jun 13 14:29:17 2011 +0100

    dbus: Provide way to get an internal PKCS#11 session.
    
     * Normally we request PKCS#11 sessions on behalf of the client.
     * For the NTLM stuff we need a PKCS#11 on behalf of the daemon,
       so that we can access sensitive values in the store.

 daemon/dbus/gkd-secret-service.c |   67 ++++++++++++++++++++++++++++++++++----
 daemon/dbus/gkd-secret-service.h |    2 +
 2 files changed, 62 insertions(+), 7 deletions(-)
---
diff --git a/daemon/dbus/gkd-secret-service.c b/daemon/dbus/gkd-secret-service.c
index dfd1b3e..599e2e5 100644
--- a/daemon/dbus/gkd-secret-service.c
+++ b/daemon/dbus/gkd-secret-service.c
@@ -60,6 +60,7 @@ struct _GkdSecretService {
 	gchar *match_rule;
 	GkdSecretObjects *objects;
 	GHashTable *aliases;
+	GckSession *internal_session;
 };
 
 typedef struct _ServiceClient {
@@ -1092,6 +1093,11 @@ gkd_secret_service_dispose (GObject *obj)
 		self->connection = NULL;
 	}
 
+	if (self->internal_session) {
+		dispose_and_unref (self->internal_session);
+		self->internal_session = NULL;
+	}
+
 	G_OBJECT_CLASS (gkd_secret_service_parent_class)->dispose (obj);
 }
 
@@ -1202,14 +1208,32 @@ gkd_secret_service_get_pkcs11_slot (GkdSecretService *self)
 	return gkd_secret_objects_get_pkcs11_slot (self->objects);
 }
 
+static gboolean
+log_into_pkcs11_session (GckSession *session, GError **error)
+{
+	GckTokenInfo *info;
+	GckSlot *slot;
+	gboolean login;
+
+	/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
+	slot = gck_session_get_slot (session);
+	info = gck_slot_get_token_info (slot);
+	login = info && (info->flags & CKF_LOGIN_REQUIRED);
+	gck_token_info_free (info);
+	g_object_unref (slot);
+
+	if (login && !gck_session_login (session, CKU_USER, NULL, 0, NULL, error))
+		return FALSE;
+
+	return TRUE;
+}
+
 GckSession*
 gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller)
 {
 	ServiceClient *client;
 	GError *error = NULL;
-	GckTokenInfo *info;
 	GckSlot *slot;
-	gboolean login;
 
 	g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
 	g_return_val_if_fail (caller, NULL);
@@ -1230,11 +1254,7 @@ gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *call
 			return NULL;
 		}
 
-		/* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */
-		info = gck_slot_get_token_info (slot);
-		login = info && (info->flags & CKF_LOGIN_REQUIRED);
-		gck_token_info_free (info);
-		if (login && !gck_session_login (client->pkcs11_session, CKU_USER, NULL, 0, NULL, &error)) {
+		if (!log_into_pkcs11_session (client->pkcs11_session, &error)) {
 			g_warning ("couldn't log in to pkcs11 session for secret service: %s",
 			           egg_error_message (error));
 			g_clear_error (&error);
@@ -1247,6 +1267,39 @@ gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *call
 	return client->pkcs11_session;
 }
 
+GckSession*
+gkd_secret_service_internal_pkcs11_session (GkdSecretService *self)
+{
+	GError *error = NULL;
+	GckSlot *slot;
+
+	g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
+
+	if (self->internal_session)
+		return self->internal_session;
+
+	slot = gkd_secret_service_get_pkcs11_slot (self);
+	self->internal_session = gck_slot_open_session_full (slot, GCK_SESSION_READ_WRITE,
+	                                                     0, NULL, NULL, NULL, &error);
+	if (!self->internal_session) {
+		g_warning ("couldn't open pkcs11 session for secret service: %s",
+		           egg_error_message (error));
+		g_clear_error (&error);
+		return NULL;
+	}
+
+	if (!log_into_pkcs11_session (self->internal_session, &error)) {
+		g_warning ("couldn't log in to pkcs11 session for secret service: %s",
+		           egg_error_message (error));
+		g_clear_error (&error);
+		g_object_unref (self->internal_session);
+		self->internal_session = NULL;
+		return NULL;
+	}
+
+	return self->internal_session;
+}
+
 GkdSecretSession*
 gkd_secret_service_lookup_session (GkdSecretService *self, const gchar *path,
                                    const gchar *caller)
diff --git a/daemon/dbus/gkd-secret-service.h b/daemon/dbus/gkd-secret-service.h
index 84356c3..9425ea7 100644
--- a/daemon/dbus/gkd-secret-service.h
+++ b/daemon/dbus/gkd-secret-service.h
@@ -52,6 +52,8 @@ GckSlot*                gkd_secret_service_get_pkcs11_slot         (GkdSecretSer
 GckSession*             gkd_secret_service_get_pkcs11_session      (GkdSecretService *self,
                                                                     const gchar *caller);
 
+GckSession*             gkd_secret_service_internal_pkcs11_session (GkdSecretService *self);
+
 GkdSecretObjects*       gkd_secret_service_get_objects             (GkdSecretService *self);
 
 GkdSecretIndex*         gkd_secret_service_get_index               (GkdSecretService *self);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]