[gnome-keyring/gnome-3-4] Fix implementation of LockService dbus method

[Stefan Walter <stefw src gnome org>]

commit 53c3fee938050a8bd3f5fd3462b613c651b5274b
Author: Stef Walter <stefw gnome org>
Date:   Sat Apr 27 21:48:58 2013 +0200

    Fix implementation of LockService dbus method
    
    This prevented gnome_keyring_lock_all() in libgnome-keyring from
    working as expected.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=690466

 daemon/dbus/gkd-secret-lock.c    |   50 ++++++++++++++++++++++++++++++++++++++
 daemon/dbus/gkd-secret-lock.h    |    3 ++
 daemon/dbus/gkd-secret-service.c |   12 ++++++++-
 daemon/dbus/gkd-secret-unlock.c  |    1 +
 4 files changed, 65 insertions(+), 1 deletions(-)
---
diff --git a/daemon/dbus/gkd-secret-lock.c b/daemon/dbus/gkd-secret-lock.c
index 9b68c46..64f0151 100644
--- a/daemon/dbus/gkd-secret-lock.c
+++ b/daemon/dbus/gkd-secret-lock.c
@@ -65,3 +65,53 @@ gkd_secret_lock (GckObject *collection, DBusError *derr)
        gck_list_unref_free (objects);
        return TRUE;
 }
+
+gboolean
+gkd_secret_lock_all (GckSession *session,
+                     DBusError *derr)
+{
+       GckBuilder builder = GCK_BUILDER_INIT;
+       GError *error = NULL;
+       GList *objects, *l;
+
+       /* Lock all the main collections */
+       gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_CREDENTIAL);
+       gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
+
+       objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
+       if (error != NULL) {
+               g_warning ("couldn't search for credential objects: %s", egg_error_message (error));
+               dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock service");
+               g_clear_error (&error);
+               return FALSE;
+       }
+
+       for (l = objects; l; l = g_list_next (l)) {
+               if (!gck_object_destroy (l->data, NULL, &error)) {
+                       g_warning ("couldn't destroy credential object: %s", egg_error_message (error));
+                       g_clear_error (&error);
+               }
+       }
+
+       /* Now delete all session objects */
+       gck_builder_add_ulong (&builder, CKA_CLASS, CKO_SECRET_KEY);
+       gck_builder_add_string (&builder, CKA_G_COLLECTION, "session");
+
+       objects = gck_session_find_objects (session, gck_builder_end (&builder), NULL, &error);
+       if (error != NULL) {
+               g_warning ("couldn't search for session items: %s", egg_error_message (error));
+               dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock service");
+               g_clear_error (&error);
+               return FALSE;
+       }
+
+       for (l = objects; l; l = g_list_next (l)) {
+               if (!gck_object_destroy (l->data, NULL, &error)) {
+                       g_warning ("couldn't destroy session item: %s", egg_error_message (error));
+                       g_clear_error (&error);
+               }
+       }
+
+       gck_list_unref_free (objects);
+       return TRUE;
+}
diff --git a/daemon/dbus/gkd-secret-lock.h b/daemon/dbus/gkd-secret-lock.h
index e8f03a7..31bd7c7 100644
--- a/daemon/dbus/gkd-secret-lock.h
+++ b/daemon/dbus/gkd-secret-lock.h
@@ -31,4 +31,7 @@
 gboolean            gkd_secret_lock                (GckObject *collection,
                                                     DBusError *derr);
 
+gboolean            gkd_secret_lock_all            (GckSession *session,
+                                                    DBusError *derr);
+
 #endif /* __GKD_SECRET_LOCK_H__ */
diff --git a/daemon/dbus/gkd-secret-service.c b/daemon/dbus/gkd-secret-service.c
index 08d7d7f..4a2af62 100644
--- a/daemon/dbus/gkd-secret-service.c
+++ b/daemon/dbus/gkd-secret-service.c
@@ -456,10 +456,20 @@ service_method_create_collection (GkdSecretService *self, DBusMessage *message)
 static DBusMessage*
 service_method_lock_service (GkdSecretService *self, DBusMessage *message)
 {
+       DBusError derr = DBUS_ERROR_INIT;
+       GckSession *session;
+       const char *caller;
+
        if (!dbus_message_get_args (message, NULL, DBUS_TYPE_INVALID))
                return NULL;
 
-       /* TODO: Need to implement */
+       caller = dbus_message_get_sender (message);
+       session = gkd_secret_service_get_pkcs11_session (self, caller);
+       g_return_val_if_fail (session != NULL, NULL);
+
+       if (!gkd_secret_lock_all (session, &derr))
+               return gkd_secret_error_to_reply (message, &derr);
+
        return dbus_message_new_method_return (message);
 }
 
diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c
index 2e3fbed..bb91697 100644
--- a/daemon/dbus/gkd-secret-unlock.c
+++ b/daemon/dbus/gkd-secret-unlock.c
@@ -270,6 +270,7 @@ perform_next_unlock (GkdSecretUnlock *self)
                 */
                if (proceed) {
                        common_unlock_attributes (&builder, collection);
+                       gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
                        gck_builder_add_data (&builder, CKA_VALUE, NULL, 0);
 
                        session = gkd_secret_service_get_pkcs11_session (self->service, self->caller);