diff options
author | Stef Walter <stef@memberwebs.com> | 2010-08-25 08:14:32 -0500 |
---|---|---|
committer | Stef Walter <stef@memberwebs.com> | 2010-08-25 08:14:32 -0500 |
commit | 9ea8cbd7a7cfee35c723c7a0b24b9b252389a5aa (patch) | |
tree | fcdad795b71d914ef5d806f0f90edb2211541e34 | |
parent | a9c7f91915decb9a1c326ae09f4ac64bd462d8b2 (diff) | |
download | gnome-keyring-9ea8cbd7a7cfee35c723c7a0b24b9b252389a5aa.tar.gz |
Port gnome-keyring to new gck library.
59 files changed, 1352 insertions, 1268 deletions
diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 757e9d12..6634d2cc 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -43,7 +43,7 @@ gnome_keyring_daemon_LDADD = \ $(top_builddir)/pkcs11/ssh-store/libgkm-ssh-store.la \ $(top_builddir)/pkcs11/user-store/libgkm-user-store.la \ $(top_builddir)/pkcs11/gkm/libgkm.la \ - $(top_builddir)/gp11/libgp11.la \ + $(top_builddir)/gck/libgck.la \ $(top_builddir)/egg/libegg-dbus.la \ $(DAEMON_LIBS) \ $(GOBJECT_LIBS) \ diff --git a/daemon/dbus/gkd-dbus-secrets.c b/daemon/dbus/gkd-dbus-secrets.c index 2978d5f0..089d7834 100644 --- a/daemon/dbus/gkd-dbus-secrets.c +++ b/daemon/dbus/gkd-dbus-secrets.c @@ -30,39 +30,33 @@ #include "daemon/gkd-pkcs11.h" #include "egg/egg-cleanup.h" +#include "egg/egg-error.h" -#include "gp11/gp11.h" +#include "gck/gck.h" static DBusConnection *dbus_conn = NULL; static GkdSecretService *secrets_service = NULL; -static GP11Slot* +static GckSlot* calculate_secrets_slot (void) { - GP11Slot *slot = NULL; - GP11Module *module; - GList *slots, *l; - GP11SlotInfo *info; + GckSlot *slot = NULL; + GckModule *module; + GList *modules; + GError *err = NULL; - module = gp11_module_new (gkd_pkcs11_get_functions ()); + /* TODO: Should we be handling just one module here? */ + module = gck_module_new (gkd_pkcs11_get_functions (), 0); g_return_val_if_fail (module, NULL); - /* - * Find the right slot. - * - * TODO: This isn't necessarily the best way to do this. - * A good function could be added to gp11 library. - * But needs more thought on how to do this. - */ - slots = gp11_module_get_slots (module, TRUE); - for (l = slots; !slot && l; l = g_list_next (l)) { - info = gp11_slot_get_info (l->data); - if (g_ascii_strcasecmp ("Secret Store", info->slot_description) == 0) - slot = g_object_ref (l->data); - gp11_slot_info_free (info); + modules = g_list_prepend (NULL, module); + slot = gck_modules_token_for_uri (modules, "pkcs11:token=Secret%20Store", &err); + if (!slot && err) { + g_warning ("couldn't find secret store: %s", egg_error_message (err)); + g_clear_error (&err); } - gp11_list_unref_free (slots); + gck_list_unref_free (modules); return slot; } @@ -73,7 +67,7 @@ gkd_dbus_secrets_startup (void) dbus_uint32_t result = 0; const gchar *service = NULL; unsigned int flags = 0; - GP11Slot *slot; + GckSlot *slot; g_return_val_if_fail (dbus_conn, FALSE); diff --git a/daemon/dbus/gkd-secret-change.c b/daemon/dbus/gkd-secret-change.c index e25bb2aa..e4d00bf2 100644 --- a/daemon/dbus/gkd-secret-change.c +++ b/daemon/dbus/gkd-secret-change.c @@ -36,7 +36,7 @@ #include <glib/gi18n.h> -#include <gp11/gp11.h> +#include <gck/gck.h> #include <string.h> @@ -57,7 +57,7 @@ G_DEFINE_TYPE (GkdSecretChange, gkd_secret_change, GKD_SECRET_TYPE_PROMPT); */ static void -prepare_change_prompt (GkdSecretChange *self, GP11Object *collection, gboolean first) +prepare_change_prompt (GkdSecretChange *self, GckObject *collection, gboolean first) { GError *error = NULL; GkuPrompt *prompt; @@ -68,7 +68,7 @@ prepare_change_prompt (GkdSecretChange *self, GP11Object *collection, gboolean f prompt = GKU_PROMPT (self); - data = gp11_object_get_data (collection, CKA_LABEL, &n_data, &error); + data = gck_object_get_data (collection, CKA_LABEL, &n_data, &error); if (!data) { g_warning ("couldn't get label for collection: %s", egg_error_message (error)); g_clear_error (&error); @@ -121,7 +121,7 @@ gkd_secret_change_prompt_ready (GkdSecretPrompt *prompt) GkdSecretChange *self = GKD_SECRET_CHANGE (prompt); GkdSecretSecret *original, *master; DBusError derr = DBUS_ERROR_INIT; - GP11Object *collection; + GckObject *collection; gboolean result; collection = gkd_secret_prompt_lookup_collection (prompt, self->collection_path); @@ -262,50 +262,53 @@ gkd_secret_change_new (GkdSecretService *service, const gchar *caller, } gboolean -gkd_secret_change_with_secrets (GP11Object *collection, GkdSecretSecret *original, +gkd_secret_change_with_secrets (GckObject *collection, GkdSecretSecret *original, GkdSecretSecret *master, DBusError *derr) { GError *error = NULL; - GP11Attributes *attrs = NULL; + GckAttributes *attrs = NULL; gboolean result = FALSE; - GP11Object *ocred = NULL; - GP11Object *mcred = NULL; + GckObject *ocred = NULL; + GckObject *mcred = NULL; /* Create the new credential */ - attrs = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, - CKA_TOKEN, GP11_BOOLEAN, FALSE, GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); mcred = gkd_secret_session_create_credential (master->session, NULL, attrs, master, derr); if (mcred == NULL) goto cleanup; /* Create the original credential, in order to make sure we can the collection */ - gp11_attributes_add_ulong (attrs, CKA_G_OBJECT, gp11_object_get_handle (collection)); + gck_attributes_add_ulong (attrs, CKA_G_OBJECT, gck_object_get_handle (collection)); ocred = gkd_secret_session_create_credential (original->session, NULL, attrs, original, derr); if (ocred == NULL) goto cleanup; + gck_attributes_unref (attrs); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_G_CREDENTIAL, gck_object_get_handle (mcred)); + /* Now set the collection credentials to the first one */ - result = gp11_object_set (collection, &error, - CKA_G_CREDENTIAL, GP11_ULONG, gp11_object_get_handle (mcred), - GP11_INVALID); + result = gck_object_set (collection, attrs, NULL, &error); cleanup: if (ocred) { /* Always destroy the original credential */ - gp11_object_destroy (ocred, NULL); + gck_object_destroy (ocred, NULL); g_object_unref (ocred); } if (mcred) { /* Destroy the master credential if failed */ if (!result) - gp11_object_destroy (mcred, NULL); + gck_object_destroy (mcred, NULL); g_object_unref (mcred); } - if (attrs) - gp11_attributes_unref (attrs); + + gck_attributes_unref (attrs); if (!result && error) { - if (g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN)) + if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN)) dbus_set_error (derr, INTERNAL_ERROR_DENIED, "The original password was invalid"); else g_warning ("failure occurred while changing password: %s", egg_error_message (error)); diff --git a/daemon/dbus/gkd-secret-change.h b/daemon/dbus/gkd-secret-change.h index 8c702323..91228135 100644 --- a/daemon/dbus/gkd-secret-change.h +++ b/daemon/dbus/gkd-secret-change.h @@ -27,7 +27,7 @@ #include "gkd-secret-prompt.h" #include "gkd-secret-types.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #define GKD_SECRET_TYPE_CHANGE (gkd_secret_change_get_type ()) #define GKD_SECRET_CHANGE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GKD_SECRET_TYPE_CHANGE, GkdSecretChange)) @@ -48,7 +48,7 @@ GkdSecretChange* gkd_secret_change_new (GkdSecretService const gchar *caller, const gchar *path); -gboolean gkd_secret_change_with_secrets (GP11Object *collection, +gboolean gkd_secret_change_with_secrets (GckObject *collection, GkdSecretSecret *original, GkdSecretSecret *master, DBusError *derr); diff --git a/daemon/dbus/gkd-secret-create.c b/daemon/dbus/gkd-secret-create.c index 80863f19..9a787712 100644 --- a/daemon/dbus/gkd-secret-create.c +++ b/daemon/dbus/gkd-secret-create.c @@ -37,7 +37,7 @@ #include <glib/gi18n.h> -#include <gp11/gp11.h> +#include <gck/gck.h> #include <string.h> @@ -48,7 +48,7 @@ enum { struct _GkdSecretCreate { GkdSecretPrompt parent; - GP11Attributes *pkcs11_attrs; + GckAttributes *pkcs11_attrs; gchar *result_path; }; @@ -70,7 +70,7 @@ prepare_create_prompt (GkdSecretCreate *self) prompt = GKU_PROMPT (self); - if (!gp11_attributes_find_string (self->pkcs11_attrs, CKA_LABEL, &label)) + if (!gck_attributes_find_string (self->pkcs11_attrs, CKA_LABEL, &label)) label = g_strdup (_("Unnamed")); gku_prompt_reset (prompt, TRUE); @@ -160,8 +160,7 @@ gkd_secret_create_finalize (GObject *obj) { GkdSecretCreate *self = GKD_SECRET_CREATE (obj); - if (self->pkcs11_attrs) - gp11_attributes_unref (self->pkcs11_attrs); + gck_attributes_unref (self->pkcs11_attrs); self->pkcs11_attrs = NULL; g_free (self->result_path); @@ -219,7 +218,7 @@ gkd_secret_create_class_init (GkdSecretCreateClass *klass) g_object_class_install_property (gobject_class, PROP_PKCS11_ATTRIBUTES, g_param_spec_boxed ("pkcs11-attributes", "PKCS11 Attributes", "PKCS11 Attributes", - GP11_TYPE_ATTRIBUTES, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + GCK_TYPE_ATTRIBUTES, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); } /* ----------------------------------------------------------------------------- @@ -228,7 +227,7 @@ gkd_secret_create_class_init (GkdSecretCreateClass *klass) GkdSecretCreate* gkd_secret_create_new (GkdSecretService *service, const gchar *caller, - GP11Attributes *attrs) + GckAttributes *attrs) { return g_object_new (GKD_SECRET_TYPE_CREATE, "service", service, @@ -237,70 +236,67 @@ gkd_secret_create_new (GkdSecretService *service, const gchar *caller, NULL); } -GP11Object* -gkd_secret_create_with_credential (GP11Session *session, GP11Attributes *attrs, - GP11Object *cred, GError **error) +GckObject* +gkd_secret_create_with_credential (GckSession *session, GckAttributes *attrs, + GckObject *cred, GError **error) { - GP11Attributes *atts; - GP11Attribute *attr; - GP11Object *collection; + GckAttributes *atts; + GckAttribute *attr; + GckObject *collection; gboolean token; - atts = gp11_attributes_newv (CKA_G_CREDENTIAL, GP11_ULONG, gp11_object_get_handle (cred), - CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION, - GP11_INVALID); + atts = gck_attributes_new (); + gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred)); + gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION); - attr = gp11_attributes_find (attrs, CKA_LABEL); + attr = gck_attributes_find (attrs, CKA_LABEL); if (attr != NULL) - gp11_attributes_add (atts, attr); - if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token)) + gck_attributes_add (atts, attr); + if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token)) token = FALSE; - gp11_attributes_add_boolean (atts, CKA_TOKEN, token); + gck_attributes_add_boolean (atts, CKA_TOKEN, token); - collection = gp11_session_create_object_full (session, atts, NULL, error); - gp11_attributes_unref (atts); - - if (collection != NULL) - gp11_object_set_session (collection, session); + collection = gck_session_create_object (session, atts, NULL, error); + gck_attributes_unref (atts); return collection; } gchar* -gkd_secret_create_with_secret (GP11Attributes *attrs, GkdSecretSecret *master, +gkd_secret_create_with_secret (GckAttributes *attrs, GkdSecretSecret *master, DBusError *derr) { - GP11Attributes *atts; - GP11Object *cred; - GP11Object *collection; - GP11Session *session; + GckAttributes *atts; + GckObject *cred; + GckObject *collection; + GckSession *session; GError *error = NULL; gpointer identifier; gsize n_identifier; gboolean token; gchar *path; - if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token)) + if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token)) token = FALSE; - atts = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, - CKA_GNOME_TRANSIENT, GP11_BOOLEAN, TRUE, - CKA_TOKEN, GP11_BOOLEAN, token, - GP11_INVALID); + atts = gck_attributes_new (); + gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_boolean (atts, CKA_GNOME_TRANSIENT, TRUE); + gck_attributes_add_boolean (atts, CKA_TOKEN, token); session = gkd_secret_session_get_pkcs11_session (master->session); g_return_val_if_fail (session, NULL); /* Create ourselves some credentials */ cred = gkd_secret_session_create_credential (master->session, session, atts, master, derr); - gp11_attributes_unref (atts); + gck_attributes_unref (atts); if (cred == NULL) return FALSE; collection = gkd_secret_create_with_credential (session, attrs, cred, &error); - gp11_attributes_unref (atts); + gck_attributes_unref (atts); g_object_unref (cred); if (collection == NULL) { @@ -310,8 +306,7 @@ gkd_secret_create_with_secret (GP11Attributes *attrs, GkdSecretSecret *master, return FALSE; } - gp11_object_set_session (collection, session); - identifier = gp11_object_get_data (collection, CKA_ID, &n_identifier, &error); + identifier = gck_object_get_data (collection, CKA_ID, &n_identifier, &error); g_object_unref (collection); if (!identifier) { diff --git a/daemon/dbus/gkd-secret-create.h b/daemon/dbus/gkd-secret-create.h index f9e68641..ad37a589 100644 --- a/daemon/dbus/gkd-secret-create.h +++ b/daemon/dbus/gkd-secret-create.h @@ -27,7 +27,7 @@ #include "gkd-secret-prompt.h" #include "gkd-secret-types.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #define GKD_SECRET_TYPE_CREATE (gkd_secret_create_get_type ()) #define GKD_SECRET_CREATE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GKD_SECRET_TYPE_CREATE, GkdSecretCreate)) @@ -46,14 +46,14 @@ GType gkd_secret_create_get_type (void); GkdSecretCreate* gkd_secret_create_new (GkdSecretService *service, const gchar *caller, - GP11Attributes *attrs); + GckAttributes *attrs); -GP11Object* gkd_secret_create_with_credential (GP11Session *session, - GP11Attributes *attrs, - GP11Object *cred, +GckObject* gkd_secret_create_with_credential (GckSession *session, + GckAttributes *attrs, + GckObject *cred, GError **error); -gchar* gkd_secret_create_with_secret (GP11Attributes *attrs, +gchar* gkd_secret_create_with_secret (GckAttributes *attrs, GkdSecretSecret *master, DBusError *derr); diff --git a/daemon/dbus/gkd-secret-lock.c b/daemon/dbus/gkd-secret-lock.c index c348d786..8d4b4884 100644 --- a/daemon/dbus/gkd-secret-lock.c +++ b/daemon/dbus/gkd-secret-lock.c @@ -28,26 +28,29 @@ #include "pkcs11/pkcs11i.h" -#include <gp11/gp11.h> +#include <gck/gck.h> gboolean -gkd_secret_lock (GP11Object *collection, DBusError *derr) +gkd_secret_lock (GckObject *collection, DBusError *derr) { GError *error = NULL; - GP11Session *session; - GP11Object *cred; GList *objects, *l; + GckAttributes *atts; + GckSession *session; - session = gp11_object_get_session (collection); + atts = gck_attributes_new (); + gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_ulong (atts, CKA_G_OBJECT, gck_object_get_handle (collection)); + + session = gck_object_get_session (collection); g_return_val_if_fail (session, FALSE); - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, - CKA_G_OBJECT, GP11_ULONG, gp11_object_get_handle (collection), - GP11_INVALID); + objects = gck_session_find_objects (session, atts, NULL, &error); + + gck_attributes_unref (atts); + g_object_unref (session); if (error != NULL) { - g_object_unref (session); g_warning ("couldn't search for credential objects: %s", egg_error_message (error)); dbus_set_error (derr, DBUS_ERROR_FAILED, "Couldn't lock collection"); g_clear_error (&error); @@ -55,15 +58,12 @@ gkd_secret_lock (GP11Object *collection, DBusError *derr) } for (l = objects; l; l = g_list_next (l)) { - cred = GP11_OBJECT (l->data); - gp11_object_set_session (cred, session); - if (!gp11_object_destroy (cred, &error)) { + if (!gck_object_destroy (l->data, &error)) { g_warning ("couldn't destroy credential object: %s", egg_error_message (error)); g_clear_error (&error); } } - gp11_list_unref_free (objects); - g_object_unref (session); + gck_list_unref_free (objects); return TRUE; } diff --git a/daemon/dbus/gkd-secret-lock.h b/daemon/dbus/gkd-secret-lock.h index d4a59a56..e8f03a71 100644 --- a/daemon/dbus/gkd-secret-lock.h +++ b/daemon/dbus/gkd-secret-lock.h @@ -24,11 +24,11 @@ #include "gkd-secret-types.h" -#include <gp11/gp11.h> +#include <gck/gck.h> #include <dbus/dbus.h> -gboolean gkd_secret_lock (GP11Object *collection, +gboolean gkd_secret_lock (GckObject *collection, DBusError *derr); #endif /* __GKD_SECRET_LOCK_H__ */ diff --git a/daemon/dbus/gkd-secret-objects.c b/daemon/dbus/gkd-secret-objects.c index 6af6a916..120241d6 100644 --- a/daemon/dbus/gkd-secret-objects.c +++ b/daemon/dbus/gkd-secret-objects.c @@ -47,7 +47,7 @@ enum { struct _GkdSecretObjects { GObject parent; GkdSecretService *service; - GP11Slot *pkcs11_slot; + GckSlot *pkcs11_slot; GHashTable *aliases; }; @@ -101,7 +101,7 @@ parse_object_path (GkdSecretObjects *self, const gchar *path, gchar **collection } static void -iter_append_item_path (const gchar *base, GP11Object *object, DBusMessageIter *iter) +iter_append_item_path (const gchar *base, GckObject *object, DBusMessageIter *iter) { GError *error = NULL; gpointer identifier; @@ -110,7 +110,7 @@ iter_append_item_path (const gchar *base, GP11Object *object, DBusMessageIter *i gchar *alloc = NULL; if (base == NULL) { - identifier = gp11_object_get_data (object, CKA_G_COLLECTION, &n_identifier, &error); + identifier = gck_object_get_data (object, CKA_G_COLLECTION, &n_identifier, &error); if (!identifier) { g_warning ("couldn't get item collection identifier: %s", egg_error_message (error)); g_clear_error (&error); @@ -121,7 +121,7 @@ iter_append_item_path (const gchar *base, GP11Object *object, DBusMessageIter *i g_free (identifier); } - identifier = gp11_object_get_data (object, CKA_ID, &n_identifier, &error); + identifier = gck_object_get_data (object, CKA_ID, &n_identifier, &error); if (identifier == NULL) { g_warning ("couldn't get item identifier: %s", egg_error_message (error)); g_clear_error (&error); @@ -163,7 +163,7 @@ iter_append_collection_paths (GList *collections, DBusMessageIter *iter) for (l = collections; l; l = g_list_next (l)) { - identifier = gp11_object_get_data (l->data, CKA_ID, &n_identifier, &error); + identifier = gck_object_get_data (l->data, CKA_ID, &n_identifier, &error); if (identifier == NULL) { g_warning ("couldn't get collection identifier: %s", egg_error_message (error)); g_clear_error (&error); @@ -182,13 +182,13 @@ iter_append_collection_paths (GList *collections, DBusMessageIter *iter) static DBusMessage* -object_property_get (GP11Object *object, DBusMessage *message, +object_property_get (GckObject *object, DBusMessage *message, const gchar *prop_name) { DBusMessageIter iter; GError *error = NULL; DBusMessage *reply; - GP11Attribute attr; + GckAttribute attr; gsize length; if (!gkd_secret_property_get_type (prop_name, &attr.type)) @@ -196,7 +196,7 @@ object_property_get (GP11Object *object, DBusMessage *message, "Object does not have the '%s' property", prop_name); /* Retrieve the actual attribute */ - attr.value = gp11_object_get_data (object, attr.type, &length, &error); + attr.value = gck_object_get_data (object, attr.type, &length, &error); if (error != NULL) { reply = dbus_message_new_error_printf (message, DBUS_ERROR_FAILED, "Couldn't retrieve '%s' property: %s", @@ -215,12 +215,12 @@ object_property_get (GP11Object *object, DBusMessage *message, } static DBusMessage* -object_property_set (GP11Object *object, DBusMessage *message, +object_property_set (GckObject *object, DBusMessage *message, DBusMessageIter *iter, const gchar *prop_name) { DBusMessage *reply; - GP11Attributes *attrs; - GP11Attribute *attr; + GckAttributes *attrs; + GckAttribute *attr; GError *error = NULL; gulong attr_type; @@ -231,22 +231,22 @@ object_property_set (GP11Object *object, DBusMessage *message, return dbus_message_new_error_printf (message, DBUS_ERROR_FAILED, "Object does not have the '%s' property", prop_name); - attrs = gp11_attributes_new (); - gp11_attributes_add_empty (attrs, attr_type); - attr = gp11_attributes_at (attrs, 0); + attrs = gck_attributes_new (); + gck_attributes_add_empty (attrs, attr_type); + attr = gck_attributes_at (attrs, 0); /* Retrieve the actual attribute value */ if (!gkd_secret_property_parse_variant (iter, prop_name, attr)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return dbus_message_new_error_printf (message, DBUS_ERROR_FAILED, "The property type or value was invalid: %s", prop_name); } - gp11_object_set_full (object, attrs, NULL, &error); - gp11_attributes_unref (attrs); + gck_object_set (object, attrs, NULL, &error); + gck_attributes_unref (attrs); if (error != NULL) { - if (g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN)) + if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN)) reply = dbus_message_new_error (message, SECRET_ERROR_IS_LOCKED, "Cannot set property on a locked object"); else @@ -261,7 +261,7 @@ object_property_set (GP11Object *object, DBusMessage *message, } static DBusMessage* -item_property_get (GP11Object *object, DBusMessage *message) +item_property_get (GckObject *object, DBusMessage *message) { const gchar *interface; const gchar *name; @@ -279,7 +279,7 @@ item_property_get (GP11Object *object, DBusMessage *message) } static DBusMessage* -item_property_set (GP11Object *object, DBusMessage *message) +item_property_set (GckObject *object, DBusMessage *message) { DBusMessageIter iter; const char *interface; @@ -303,9 +303,9 @@ item_property_set (GP11Object *object, DBusMessage *message) } static DBusMessage* -item_property_getall (GP11Object *object, DBusMessage *message) +item_property_getall (GckObject *object, DBusMessage *message) { - GP11Attributes *attrs; + GckAttributes *attrs; DBusMessageIter iter; DBusMessageIter array; GError *error = NULL; @@ -320,14 +320,14 @@ item_property_getall (GP11Object *object, DBusMessage *message) "Object does not have properties on interface '%s'", interface); - attrs = gp11_object_get (object, &error, + attrs = gck_object_get (object, &error, CKA_LABEL, CKA_G_SCHEMA, CKA_G_LOCKED, CKA_G_CREATED, CKA_G_MODIFIED, CKA_G_FIELDS, - GP11_INVALID); + GCK_INVALID); if (error != NULL) return dbus_message_new_error_printf (message, DBUS_ERROR_FAILED, @@ -344,7 +344,7 @@ item_property_getall (GP11Object *object, DBusMessage *message) } static DBusMessage* -item_method_delete (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +item_method_delete (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { GError *error = NULL; DBusMessage *reply; @@ -353,8 +353,8 @@ item_method_delete (GkdSecretObjects *self, GP11Object *object, DBusMessage *mes if (!dbus_message_get_args (message, NULL, DBUS_TYPE_INVALID)) return NULL; - if (!gp11_object_destroy (object, &error)) { - if (g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN)) + if (!gck_object_destroy (object, &error)) { + if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN)) reply = dbus_message_new_error_printf (message, SECRET_ERROR_IS_LOCKED, "Cannot delete a locked item"); else @@ -372,7 +372,7 @@ item_method_delete (GkdSecretObjects *self, GP11Object *object, DBusMessage *mes } static DBusMessage* -item_method_get_secret (GkdSecretObjects *self, GP11Object *item, DBusMessage *message) +item_method_get_secret (GkdSecretObjects *self, GckObject *item, DBusMessage *message) { DBusError derr = DBUS_ERROR_INIT; GkdSecretSession *session; @@ -400,7 +400,7 @@ item_method_get_secret (GkdSecretObjects *self, GP11Object *item, DBusMessage *m } static DBusMessage* -item_method_set_secret (GkdSecretObjects *self, GP11Object *item, DBusMessage *message) +item_method_set_secret (GkdSecretObjects *self, GckObject *item, DBusMessage *message) { DBusError derr = DBUS_ERROR_INIT; DBusMessageIter iter; @@ -427,7 +427,7 @@ item_method_set_secret (GkdSecretObjects *self, GP11Object *item, DBusMessage *m } static DBusMessage* -item_message_handler (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +item_message_handler (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { /* org.freedesktop.Secrets.Item.Delete() */ if (dbus_message_is_method_call (message, SECRET_ITEM_INTERFACE, "Delete")) @@ -460,7 +460,7 @@ item_message_handler (GkdSecretObjects *self, GP11Object *object, DBusMessage *m } static void -item_cleanup_search_results (GP11Session *session, GList *items, +item_cleanup_search_results (GckSession *session, GList *items, GList **locked, GList **unlocked) { GError *error = NULL; @@ -472,11 +472,9 @@ item_cleanup_search_results (GP11Session *session, GList *items, *unlocked = NULL; for (l = items; l; l = g_list_next (l)) { - - gp11_object_set_session (l->data, session); - value = gp11_object_get_data (l->data, CKA_G_LOCKED, &n_value, &error); + value = gck_object_get_data (l->data, CKA_G_LOCKED, &n_value, &error); if (value == NULL) { - if (!g_error_matches (error, GP11_ERROR, CKR_OBJECT_HANDLE_INVALID)) + if (!g_error_matches (error, GCK_ERROR, CKR_OBJECT_HANDLE_INVALID)) g_warning ("couldn't check if item is locked: %s", egg_error_message (error)); g_clear_error (&error); @@ -494,7 +492,7 @@ item_cleanup_search_results (GP11Session *session, GList *items, } static DBusMessage* -collection_property_get (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +collection_property_get (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { DBusMessageIter iter; DBusMessage *reply; @@ -522,7 +520,7 @@ collection_property_get (GkdSecretObjects *self, GP11Object *object, DBusMessage } static DBusMessage* -collection_property_set (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +collection_property_set (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { DBusMessageIter iter; const char *interface; @@ -546,9 +544,9 @@ collection_property_set (GkdSecretObjects *self, GP11Object *object, DBusMessage } static DBusMessage* -collection_property_getall (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +collection_property_getall (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { - GP11Attributes *attrs; + GckAttributes *attrs; DBusMessageIter iter; DBusMessageIter array; DBusMessageIter dict; @@ -565,12 +563,12 @@ collection_property_getall (GkdSecretObjects *self, GP11Object *object, DBusMess "Object does not have properties on interface '%s'", interface); - attrs = gp11_object_get (object, &error, - CKA_LABEL, - CKA_G_LOCKED, - CKA_G_CREATED, - CKA_G_MODIFIED, - GP11_INVALID); + attrs = gck_object_get (object, &error, + CKA_LABEL, + CKA_G_LOCKED, + CKA_G_CREATED, + CKA_G_MODIFIED, + GCK_INVALID); if (error != NULL) return dbus_message_new_error_printf (message, DBUS_ERROR_FAILED, @@ -597,32 +595,32 @@ collection_property_getall (GkdSecretObjects *self, GP11Object *object, DBusMess } static DBusMessage* -collection_method_search_items (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +collection_method_search_items (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { return gkd_secret_objects_handle_search_items (self, message, dbus_message_get_path (message)); } -static GP11Object* -collection_find_matching_item (GkdSecretObjects *self, GP11Session *session, - const gchar *identifier, GP11Attribute *fields) +static GckObject* +collection_find_matching_item (GkdSecretObjects *self, GckSession *session, + const gchar *identifier, GckAttribute *fields) { - GP11Attributes *attrs; - GP11Object *result = NULL; + GckAttributes *attrs; + GckObject *result = NULL; GError *error = NULL; - GP11Object *search; + GckObject *search; gpointer data; gsize n_data; /* Find items matching the collection and fields */ - attrs = gp11_attributes_new (); - gp11_attributes_add (attrs, fields); - gp11_attributes_add_string (attrs, CKA_G_COLLECTION, identifier); - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_SEARCH); - gp11_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); + attrs = gck_attributes_new (); + gck_attributes_add (attrs, fields); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, identifier); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_SEARCH); + gck_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); /* Create the search object */ - search = gp11_session_create_object_full (session, attrs, NULL, &error); - gp11_attributes_unref (attrs); + search = gck_session_create_object (session, attrs, NULL, &error); + gck_attributes_unref (attrs); if (error != NULL) { g_warning ("couldn't search for matching item: %s", egg_error_message (error)); @@ -631,32 +629,28 @@ collection_find_matching_item (GkdSecretObjects *self, GP11Session *session, } /* Get the matched item handles, and delete the search object */ - gp11_object_set_session (search, session); - data = gp11_object_get_data (search, CKA_G_MATCHED, &n_data, NULL); - gp11_object_destroy (search, NULL); + data = gck_object_get_data (search, CKA_G_MATCHED, &n_data, NULL); + gck_object_destroy (search, NULL); g_object_unref (search); - if (n_data >= sizeof (CK_OBJECT_HANDLE)) { - result = gp11_object_from_handle (gp11_session_get_slot (session), - *((CK_OBJECT_HANDLE_PTR)data)); - gp11_object_set_session (result, session); - } + if (n_data >= sizeof (CK_OBJECT_HANDLE)) + result = gck_object_from_handle (session, *((CK_OBJECT_HANDLE_PTR)data)); g_free (data); return result; } static DBusMessage* -collection_method_create_item (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +collection_method_create_item (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { - GP11Session *pkcs11_session = NULL; + GckSession *pkcs11_session = NULL; DBusError derr = DBUS_ERROR_INIT; GkdSecretSecret *secret = NULL; dbus_bool_t replace = FALSE; - GP11Attributes *attrs = NULL; - GP11Attribute *fields; + GckAttributes *attrs = NULL; + GckAttribute *fields; DBusMessageIter iter, array; - GP11Object *item = NULL; + GckObject *item = NULL; const gchar *prompt; const gchar *base; GError *error = NULL; @@ -670,7 +664,7 @@ collection_method_create_item (GkdSecretObjects *self, GP11Object *object, DBusM return NULL; if (!dbus_message_iter_init (message, &iter)) g_return_val_if_reached (NULL); - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); dbus_message_iter_recurse (&iter, &array); if (!gkd_secret_property_parse_all (&array, attrs)) { reply = dbus_message_new_error (message, DBUS_ERROR_INVALID_ARGS, @@ -691,35 +685,34 @@ collection_method_create_item (GkdSecretObjects *self, GP11Object *object, DBusM g_return_val_if_reached (NULL); g_return_val_if_fail (identifier, NULL); - pkcs11_session = gp11_object_get_session (object); + pkcs11_session = gck_object_get_session (object); g_return_val_if_fail (pkcs11_session, NULL); if (replace) { - fields = gp11_attributes_find (attrs, CKA_G_FIELDS); + fields = gck_attributes_find (attrs, CKA_G_FIELDS); if (fields) item = collection_find_matching_item (self, pkcs11_session, identifier, fields); } /* Replace the item */ if (item) { - if (!gp11_object_set_full (item, attrs, NULL, &error)) + if (!gck_object_set (item, attrs, NULL, &error)) goto cleanup; /* Create a new item */ } else { - gp11_attributes_add_string (attrs, CKA_G_COLLECTION, identifier); - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); - item = gp11_session_create_object_full (pkcs11_session, attrs, NULL, &error); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, identifier); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + item = gck_session_create_object (pkcs11_session, attrs, NULL, &error); if (item == NULL) goto cleanup; - gp11_object_set_session (item, pkcs11_session); created = TRUE; } /* Set the secret */ if (!gkd_secret_session_set_item_secret (secret->session, item, secret, &derr)) { if (created) /* If we created, then try to destroy on failure */ - gp11_object_destroy (item, NULL); + gck_object_destroy (item, NULL); goto cleanup; } @@ -733,7 +726,7 @@ collection_method_create_item (GkdSecretObjects *self, GP11Object *object, DBusM cleanup: if (error) { if (!reply) { - if (g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN)) + if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN)) reply = dbus_message_new_error_printf (message, SECRET_ERROR_IS_LOCKED, "Cannot create an item in a locked collection"); else @@ -750,7 +743,7 @@ cleanup: } gkd_secret_secret_free (secret); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); if (item) g_object_unref (item); if (pkcs11_session) @@ -761,7 +754,7 @@ cleanup: } static DBusMessage* -collection_method_delete (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +collection_method_delete (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { GError *error = NULL; DBusMessage *reply; @@ -770,7 +763,7 @@ collection_method_delete (GkdSecretObjects *self, GP11Object *object, DBusMessag if (!dbus_message_get_args (message, NULL, DBUS_TYPE_INVALID)) return NULL; - if (!gp11_object_destroy (object, &error)) { + if (!gck_object_destroy (object, &error)) { reply = dbus_message_new_error_printf (message, DBUS_ERROR_FAILED, "Couldn't delete collection: %s", egg_error_message (error)); @@ -785,7 +778,7 @@ collection_method_delete (GkdSecretObjects *self, GP11Object *object, DBusMessag } static DBusMessage* -collection_message_handler (GkdSecretObjects *self, GP11Object *object, DBusMessage *message) +collection_message_handler (GkdSecretObjects *self, GckObject *object, DBusMessage *message) { /* org.freedesktop.Secrets.Collection.Delete() */ if (dbus_message_is_method_call (message, SECRET_COLLECTION_INTERFACE, "Delete")) @@ -927,7 +920,7 @@ gkd_secret_objects_class_init (GkdSecretObjectsClass *klass) g_object_class_install_property (gobject_class, PROP_PKCS11_SLOT, g_param_spec_object ("pkcs11-slot", "Pkcs11 Slot", "PKCS#11 slot that we use for secrets", - GP11_TYPE_SLOT, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + GCK_TYPE_SLOT, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (gobject_class, PROP_SERVICE, g_param_spec_object ("service", "Service", "Service which owns this objects", @@ -938,7 +931,7 @@ gkd_secret_objects_class_init (GkdSecretObjectsClass *klass) * PUBLIC */ -GP11Slot* +GckSlot* gkd_secret_objects_get_pkcs11_slot (GkdSecretObjects *self) { g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL); @@ -951,11 +944,12 @@ gkd_secret_objects_dispatch (GkdSecretObjects *self, DBusMessage *message) DBusMessage *reply = NULL; GError *error = NULL; GList *objects; - GP11Session *session; + GckSession *session; gchar *c_ident; gchar *i_ident; gboolean is_item; const char *path; + GckAttributes *attrs; g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL); g_return_val_if_fail (message, NULL); @@ -970,21 +964,22 @@ gkd_secret_objects_dispatch (GkdSecretObjects *self, DBusMessage *message) session = gkd_secret_service_get_pkcs11_session (self->service, dbus_message_get_sender (message)); g_return_val_if_fail (session, NULL); + attrs = gck_attributes_new (); + if (i_ident) { is_item = TRUE; - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY, - CKA_G_COLLECTION, strlen (c_ident), c_ident, - CKA_ID, strlen (i_ident), i_ident, - GP11_INVALID); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, c_ident); + gck_attributes_add_string (attrs, CKA_ID, i_ident); } else { is_item = FALSE; - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION, - CKA_ID, strlen (c_ident), c_ident, - GP11_INVALID); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_COLLECTION); + gck_attributes_add_string (attrs, CKA_ID, c_ident); } + objects = gck_session_find_objects (session, attrs, NULL, &error); + + gck_attributes_unref (attrs); g_free (c_ident); g_free (i_ident); @@ -996,25 +991,25 @@ gkd_secret_objects_dispatch (GkdSecretObjects *self, DBusMessage *message) if (!objects) return gkd_secret_error_no_such_object (message); - gp11_object_set_session (objects->data, session); if (is_item) reply = item_message_handler (self, objects->data, message); else reply = collection_message_handler (self, objects->data, message); - gp11_list_unref_free (objects); + gck_list_unref_free (objects); return reply; } -GP11Object* +GckObject* gkd_secret_objects_lookup_collection (GkdSecretObjects *self, const gchar *caller, const gchar *path) { - GP11Object *object = NULL; + GckObject *object = NULL; GError *error = NULL; GList *objects; - GP11Session *session; + GckSession *session; gchar *identifier; + GckAttributes *attrs; g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL); g_return_val_if_fail (caller, NULL); @@ -1027,11 +1022,13 @@ gkd_secret_objects_lookup_collection (GkdSecretObjects *self, const gchar *calle session = gkd_secret_service_get_pkcs11_session (self->service, caller); g_return_val_if_fail (session, NULL); - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION, - CKA_ID, strlen (identifier), identifier, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_COLLECTION); + gck_attributes_add_string (attrs, CKA_ID, identifier); + objects = gck_session_find_objects (session, attrs, NULL, &error); + + gck_attributes_unref (attrs); g_free (identifier); if (error != NULL) { @@ -1039,25 +1036,24 @@ gkd_secret_objects_lookup_collection (GkdSecretObjects *self, const gchar *calle g_clear_error (&error); } - if (objects) { + if (objects) object = g_object_ref (objects->data); - gp11_object_set_session (object, session); - } - gp11_list_unref_free (objects); + gck_list_unref_free (objects); return object; } -GP11Object* +GckObject* gkd_secret_objects_lookup_item (GkdSecretObjects *self, const gchar *caller, const gchar *path) { - GP11Object *object = NULL; + GckObject *object = NULL; GError *error = NULL; GList *objects; - GP11Session *session; + GckSession *session; gchar *collection; gchar *identifier; + GckAttributes *attrs; g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL); g_return_val_if_fail (caller, NULL); @@ -1070,12 +1066,14 @@ gkd_secret_objects_lookup_item (GkdSecretObjects *self, const gchar *caller, session = gkd_secret_service_get_pkcs11_session (self->service, caller); g_return_val_if_fail (session, NULL); - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY, - CKA_ID, strlen (identifier), identifier, - CKA_G_COLLECTION, strlen (collection), collection, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + gck_attributes_add_string (attrs, CKA_ID, identifier); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, collection); + objects = gck_session_find_objects (session, attrs, NULL, &error); + + gck_attributes_unref (attrs); g_free (identifier); g_free (collection); @@ -1084,12 +1082,10 @@ gkd_secret_objects_lookup_item (GkdSecretObjects *self, const gchar *caller, g_clear_error (&error); } - if (objects) { + if (objects) object = g_object_ref (objects->data); - gp11_object_set_session (object, session); - } - gp11_list_unref_free (objects); + gck_list_unref_free (objects); return object; } @@ -1098,10 +1094,11 @@ gkd_secret_objects_append_item_paths (GkdSecretObjects *self, const gchar *base, DBusMessageIter *iter, DBusMessage *message) { DBusMessageIter variant; - GP11Session *session; + GckSession *session; GError *error = NULL; gchar *identifier; GList *items; + GckAttributes *attrs; g_return_if_fail (GKD_SECRET_IS_OBJECTS (self)); g_return_if_fail (base); @@ -1115,10 +1112,13 @@ gkd_secret_objects_append_item_paths (GkdSecretObjects *self, const gchar *base, if (!parse_object_path (self, base, &identifier, NULL)) g_return_if_reached (); - items = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY, - CKA_G_COLLECTION, strlen (identifier), identifier, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, identifier); + + items = gck_session_find_objects (session, attrs, NULL, &error); + + gck_attributes_unref (attrs); if (error == NULL) { dbus_message_iter_open_container (iter, DBUS_TYPE_VARIANT, "ao", &variant); @@ -1129,7 +1129,7 @@ gkd_secret_objects_append_item_paths (GkdSecretObjects *self, const gchar *base, g_clear_error (&error); } - gp11_list_unref_free (items); + gck_list_unref_free (items); g_free (identifier); } @@ -1139,7 +1139,8 @@ gkd_secret_objects_append_collection_paths (GkdSecretObjects *self, DBusMessageI { DBusMessageIter variant; GError *error = NULL; - GP11Session *session; + GckAttributes *attrs; + GckSession *session; GList *colls; g_return_if_fail (GKD_SECRET_IS_OBJECTS (self)); @@ -1149,9 +1150,12 @@ gkd_secret_objects_append_collection_paths (GkdSecretObjects *self, DBusMessageI session = gkd_secret_service_get_pkcs11_session (self->service, dbus_message_get_sender (message)); g_return_if_fail (session); - colls = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_COLLECTION); + + colls = gck_session_find_objects (session, attrs, NULL, &error); + + gck_attributes_unref (attrs); if (error != NULL) { g_warning ("couldn't lookup collections: %s", egg_error_message (error)); @@ -1162,18 +1166,18 @@ gkd_secret_objects_append_collection_paths (GkdSecretObjects *self, DBusMessageI dbus_message_iter_open_container (iter, DBUS_TYPE_VARIANT, "ao", &variant); iter_append_collection_paths (colls, &variant); dbus_message_iter_close_container (iter, &variant); - gp11_list_unref_free (colls); + gck_list_unref_free (colls); } DBusMessage* gkd_secret_objects_handle_search_items (GkdSecretObjects *self, DBusMessage *message, const gchar *base) { - GP11Attributes *attrs; - GP11Attribute *attr; + GckAttributes *attrs; + GckAttribute *attr; DBusMessageIter iter; - GP11Object *search; - GP11Session *session; + GckObject *search; + GckSession *session; DBusMessage *reply; GError *error = NULL; gchar *identifier; @@ -1188,12 +1192,12 @@ gkd_secret_objects_handle_search_items (GkdSecretObjects *self, DBusMessage *mes if (!dbus_message_has_signature (message, "a{ss}")) return NULL; - attrs = gp11_attributes_new (); - attr = gp11_attributes_add_empty (attrs, CKA_G_FIELDS); + attrs = gck_attributes_new (); + attr = gck_attributes_add_empty (attrs, CKA_G_FIELDS); dbus_message_iter_init (message, &iter); if (!gkd_secret_property_parse_fields (&iter, attr)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return dbus_message_new_error (message, DBUS_ERROR_FAILED, "Invalid data in attributes argument"); } @@ -1201,20 +1205,20 @@ gkd_secret_objects_handle_search_items (GkdSecretObjects *self, DBusMessage *mes if (base != NULL) { if (!parse_object_path (self, base, &identifier, NULL)) g_return_val_if_reached (NULL); - gp11_attributes_add_string (attrs, CKA_G_COLLECTION, identifier); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, identifier); g_free (identifier); } - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_SEARCH); - gp11_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_SEARCH); + gck_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); /* The session we're using to access the object */ session = gkd_secret_service_get_pkcs11_session (self->service, dbus_message_get_sender (message)); g_return_val_if_fail (session, NULL); /* Create the search object */ - search = gp11_session_create_object_full (session, attrs, NULL, &error); - gp11_attributes_unref (attrs); + search = gck_session_create_object (session, attrs, NULL, &error); + gck_attributes_unref (attrs); if (error != NULL) { reply = dbus_message_new_error_printf (message, DBUS_ERROR_FAILED, @@ -1225,9 +1229,8 @@ gkd_secret_objects_handle_search_items (GkdSecretObjects *self, DBusMessage *mes } /* Get the matched item handles, and delete the search object */ - gp11_object_set_session (search, session); - data = gp11_object_get_data (search, CKA_G_MATCHED, &n_data, &error); - gp11_object_destroy (search, NULL); + data = gck_object_get_data (search, CKA_G_MATCHED, &n_data, &error); + gck_object_destroy (search, NULL); g_object_unref (search); if (error != NULL) { @@ -1239,8 +1242,7 @@ gkd_secret_objects_handle_search_items (GkdSecretObjects *self, DBusMessage *mes } /* Build a list of object handles */ - items = gp11_objects_from_handle_array (gp11_session_get_slot (session), - data, n_data / sizeof (CK_OBJECT_HANDLE)); + items = gck_objects_from_handle_array (session, data, n_data / sizeof (CK_OBJECT_HANDLE)); g_free (data); /* Filter out the locked items */ @@ -1254,7 +1256,7 @@ gkd_secret_objects_handle_search_items (GkdSecretObjects *self, DBusMessage *mes g_list_free (locked); g_list_free (unlocked); - gp11_list_unref_free (items); + gck_list_unref_free (items); return reply; } @@ -1266,7 +1268,7 @@ gkd_secret_objects_handle_get_secrets (GkdSecretObjects *self, DBusMessage *mess GkdSecretSession *session; GkdSecretSecret *secret; DBusMessage *reply; - GP11Object *item; + GckObject *item; DBusMessageIter iter, array, dict; const char *session_path; const char *caller; diff --git a/daemon/dbus/gkd-secret-objects.h b/daemon/dbus/gkd-secret-objects.h index 485f8300..2f2ffb2c 100644 --- a/daemon/dbus/gkd-secret-objects.h +++ b/daemon/dbus/gkd-secret-objects.h @@ -24,7 +24,7 @@ #include "gkd-secret-types.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <glib-object.h> @@ -64,13 +64,13 @@ void gkd_secret_objects_append_item_paths (GkdSecretObjec DBusMessageIter *iter, DBusMessage *message); -GP11Slot* gkd_secret_objects_get_pkcs11_slot (GkdSecretObjects *self); +GckSlot* gkd_secret_objects_get_pkcs11_slot (GkdSecretObjects *self); -GP11Object* gkd_secret_objects_lookup_collection (GkdSecretObjects *self, +GckObject* gkd_secret_objects_lookup_collection (GkdSecretObjects *self, const gchar *caller, const gchar *path); -GP11Object* gkd_secret_objects_lookup_item (GkdSecretObjects *self, +GckObject* gkd_secret_objects_lookup_item (GkdSecretObjects *self, const gchar *caller, const gchar *path); diff --git a/daemon/dbus/gkd-secret-prompt.c b/daemon/dbus/gkd-secret-prompt.c index 50c3281c..f3cc1264 100644 --- a/daemon/dbus/gkd-secret-prompt.c +++ b/daemon/dbus/gkd-secret-prompt.c @@ -442,7 +442,7 @@ gkd_secret_prompt_get_caller (GkdSecretPrompt *self) return self->pv->caller; } -GP11Session* +GckSession* gkd_secret_prompt_get_pkcs11_session (GkdSecretPrompt *self) { g_return_val_if_fail (GKD_SECRET_IS_PROMPT (self), NULL); @@ -484,7 +484,7 @@ gkd_secret_prompt_get_session (GkdSecretPrompt *self) return self->pv->session; } -GP11Object* +GckObject* gkd_secret_prompt_lookup_collection (GkdSecretPrompt *self, const gchar *path) { GkdSecretObjects *objects; diff --git a/daemon/dbus/gkd-secret-prompt.h b/daemon/dbus/gkd-secret-prompt.h index cc3b9930..1766a5d6 100644 --- a/daemon/dbus/gkd-secret-prompt.h +++ b/daemon/dbus/gkd-secret-prompt.h @@ -28,7 +28,7 @@ #include "ui/gku-prompt.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <dbus/dbus.h> @@ -59,7 +59,7 @@ GType gkd_secret_prompt_get_type (void); const gchar* gkd_secret_prompt_get_caller (GkdSecretPrompt *self); -GP11Session* gkd_secret_prompt_get_pkcs11_session (GkdSecretPrompt *self); +GckSession* gkd_secret_prompt_get_pkcs11_session (GkdSecretPrompt *self); GkdSecretService* gkd_secret_prompt_get_service (GkdSecretPrompt *self); @@ -70,7 +70,7 @@ GkdSecretSession* gkd_secret_prompt_get_session (GkdSecretPrompt * GkdSecretSecret* gkd_secret_prompt_get_secret (GkdSecretPrompt *self, const gchar *password_type); -GP11Object* gkd_secret_prompt_lookup_collection (GkdSecretPrompt *self, +GckObject* gkd_secret_prompt_lookup_collection (GkdSecretPrompt *self, const gchar *path); void gkd_secret_prompt_complete (GkdSecretPrompt *self); diff --git a/daemon/dbus/gkd-secret-property.c b/daemon/dbus/gkd-secret-property.c index ecc2d666..8b2f65fc 100644 --- a/daemon/dbus/gkd-secret-property.c +++ b/daemon/dbus/gkd-secret-property.c @@ -136,11 +136,11 @@ attribute_to_property (CK_ATTRIBUTE_TYPE attr_type, const gchar **prop_name, Dat return TRUE; } -typedef void (*IterAppendFunc) (DBusMessageIter*, GP11Attribute*); -typedef gboolean (*IterGetFunc) (DBusMessageIter*, GP11Attribute*); +typedef void (*IterAppendFunc) (DBusMessageIter*, GckAttribute*); +typedef gboolean (*IterGetFunc) (DBusMessageIter*, GckAttribute*); static void -iter_append_string (DBusMessageIter *iter, GP11Attribute *attr) +iter_append_string (DBusMessageIter *iter, GckAttribute *attr) { gchar *value; @@ -158,7 +158,7 @@ iter_append_string (DBusMessageIter *iter, GP11Attribute *attr) } static gboolean -iter_get_string (DBusMessageIter *iter, GP11Attribute* attr) +iter_get_string (DBusMessageIter *iter, GckAttribute* attr) { const char *value; @@ -169,24 +169,24 @@ iter_get_string (DBusMessageIter *iter, GP11Attribute* attr) dbus_message_iter_get_basic (iter, &value); if (value == NULL) value = ""; - gp11_attribute_init_string (attr, attr->type, value); + gck_attribute_init_string (attr, attr->type, value); return TRUE; } static void -iter_append_bool (DBusMessageIter *iter, GP11Attribute *attr) +iter_append_bool (DBusMessageIter *iter, GckAttribute *attr) { dbus_bool_t value; g_assert (iter); g_assert (attr); - value = gp11_attribute_get_boolean (attr) ? TRUE : FALSE; + value = gck_attribute_get_boolean (attr) ? TRUE : FALSE; dbus_message_iter_append_basic (iter, DBUS_TYPE_BOOLEAN, &value); } static gboolean -iter_get_bool (DBusMessageIter *iter, GP11Attribute* attr) +iter_get_bool (DBusMessageIter *iter, GckAttribute* attr) { dbus_bool_t value; @@ -195,12 +195,12 @@ iter_get_bool (DBusMessageIter *iter, GP11Attribute* attr) g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_BOOLEAN, FALSE); dbus_message_iter_get_basic (iter, &value); - gp11_attribute_init_boolean (attr, attr->type, value ? TRUE : FALSE); + gck_attribute_init_boolean (attr, attr->type, value ? TRUE : FALSE); return TRUE; } static void -iter_append_time (DBusMessageIter *iter, GP11Attribute *attr) +iter_append_time (DBusMessageIter *iter, GckAttribute *attr) { gint64 value; struct tm tm; @@ -238,7 +238,7 @@ iter_append_time (DBusMessageIter *iter, GP11Attribute *attr) } static gboolean -iter_get_time (DBusMessageIter *iter, GP11Attribute* attr) +iter_get_time (DBusMessageIter *iter, GckAttribute* attr) { time_t time; struct tm tm; @@ -251,7 +251,7 @@ iter_get_time (DBusMessageIter *iter, GP11Attribute* attr) g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_INT64, FALSE); dbus_message_iter_get_basic (iter, &value); if (value < 0) { - gp11_attribute_init_empty (attr, attr->type); + gck_attribute_init_empty (attr, attr->type); return TRUE; } @@ -262,12 +262,12 @@ iter_get_time (DBusMessageIter *iter, GP11Attribute* attr) if (!strftime (buf, sizeof (buf), "%Y%m%d%H%M%S00", &tm)) g_return_val_if_reached (FALSE); - gp11_attribute_init (attr, attr->type, buf, 16); + gck_attribute_init (attr, attr->type, buf, 16); return TRUE; } static void -iter_append_fields (DBusMessageIter *iter, GP11Attribute *attr) +iter_append_fields (DBusMessageIter *iter, GckAttribute *attr) { DBusMessageIter array; DBusMessageIter dict; @@ -322,7 +322,7 @@ iter_append_fields (DBusMessageIter *iter, GP11Attribute *attr) } static gboolean -iter_get_fields (DBusMessageIter *iter, GP11Attribute* attr) +iter_get_fields (DBusMessageIter *iter, GckAttribute* attr) { DBusMessageIter array; DBusMessageIter dict; @@ -356,13 +356,13 @@ iter_get_fields (DBusMessageIter *iter, GP11Attribute* attr) dbus_message_iter_next (&array); } - gp11_attribute_init (attr, attr->type, result->str, result->len); + gck_attribute_init (attr, attr->type, result->str, result->len); g_string_free (result, TRUE); return TRUE; } static void -iter_append_variant (DBusMessageIter *iter, DataType data_type, GP11Attribute *attr) +iter_append_variant (DBusMessageIter *iter, DataType data_type, GckAttribute *attr) { DBusMessageIter sub; IterAppendFunc func; @@ -399,7 +399,7 @@ iter_append_variant (DBusMessageIter *iter, DataType data_type, GP11Attribute *a } static gboolean -iter_get_variant (DBusMessageIter *iter, DataType data_type, GP11Attribute *attr) +iter_get_variant (DBusMessageIter *iter, DataType data_type, GckAttribute *attr) { DBusMessageIter variant; IterGetFunc func; @@ -462,11 +462,11 @@ gkd_secret_property_get_type (const gchar *property, CK_ATTRIBUTE_TYPE *type) } gboolean -gkd_secret_property_parse_all (DBusMessageIter *array, GP11Attributes *attrs) +gkd_secret_property_parse_all (DBusMessageIter *array, GckAttributes *attrs) { DBusMessageIter dict; CK_ATTRIBUTE_TYPE attr_type; - GP11Attribute *attr; + GckAttribute *attr; const char *name; DataType data_type; @@ -486,7 +486,7 @@ gkd_secret_property_parse_all (DBusMessageIter *array, GP11Attributes *attrs) /* Property value */ g_return_val_if_fail (dbus_message_iter_get_arg_type (&dict) == DBUS_TYPE_VARIANT, FALSE); - attr = gp11_attributes_add_empty (attrs, attr_type); + attr = gck_attributes_add_empty (attrs, attr_type); if (!iter_get_variant (&dict, data_type, attr)) return FALSE; @@ -497,10 +497,10 @@ gkd_secret_property_parse_all (DBusMessageIter *array, GP11Attributes *attrs) } gboolean -gkd_secret_property_append_all (DBusMessageIter *array, GP11Attributes *attrs) +gkd_secret_property_append_all (DBusMessageIter *array, GckAttributes *attrs) { DBusMessageIter dict; - GP11Attribute *attr; + GckAttribute *attr; DataType data_type; const gchar *name; gulong num, i; @@ -508,9 +508,9 @@ gkd_secret_property_append_all (DBusMessageIter *array, GP11Attributes *attrs) g_return_val_if_fail (array, FALSE); g_return_val_if_fail (attrs, FALSE); - num = gp11_attributes_count (attrs); + num = gck_attributes_count (attrs); for (i = 0; i < num; ++i) { - attr = gp11_attributes_at (attrs, i); + attr = gck_attributes_at (attrs, i); if (!attribute_to_property (attr->type, &name, &data_type)) g_return_val_if_reached (FALSE); @@ -524,7 +524,7 @@ gkd_secret_property_append_all (DBusMessageIter *array, GP11Attributes *attrs) } gboolean -gkd_secret_property_append_variant (DBusMessageIter *iter, GP11Attribute *attr) +gkd_secret_property_append_variant (DBusMessageIter *iter, GckAttribute *attr) { const gchar *property; DataType data_type; @@ -540,7 +540,7 @@ gkd_secret_property_append_variant (DBusMessageIter *iter, GP11Attribute *attr) gboolean gkd_secret_property_parse_variant (DBusMessageIter *iter, const gchar *property, - GP11Attribute *attr) + GckAttribute *attr) { CK_ATTRIBUTE_TYPE attr_type; DataType data_type; @@ -557,7 +557,7 @@ gkd_secret_property_parse_variant (DBusMessageIter *iter, const gchar *property, } gboolean -gkd_secret_property_parse_fields (DBusMessageIter *iter, GP11Attribute *attr) +gkd_secret_property_parse_fields (DBusMessageIter *iter, GckAttribute *attr) { g_return_val_if_fail (attr, FALSE); g_return_val_if_fail (iter, FALSE); diff --git a/daemon/dbus/gkd-secret-property.h b/daemon/dbus/gkd-secret-property.h index c523a034..e1059b3a 100644 --- a/daemon/dbus/gkd-secret-property.h +++ b/daemon/dbus/gkd-secret-property.h @@ -24,7 +24,7 @@ #include "gkd-secret-types.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <dbus/dbus.h> @@ -32,19 +32,19 @@ gboolean gkd_secret_property_get_type (const gchar * CK_ATTRIBUTE_TYPE *type); gboolean gkd_secret_property_append_variant (DBusMessageIter *iter, - GP11Attribute *attr); + GckAttribute *attr); gboolean gkd_secret_property_append_all (DBusMessageIter *array, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_secret_property_parse_variant (DBusMessageIter *iter, const gchar *property, - GP11Attribute *attr); + GckAttribute *attr); gboolean gkd_secret_property_parse_fields (DBusMessageIter *iter, - GP11Attribute *attr); + GckAttribute *attr); gboolean gkd_secret_property_parse_all (DBusMessageIter *array, - GP11Attributes *attrs); + GckAttributes *attrs); #endif /* __GKD_SECRET_PROPERTY_H__ */ diff --git a/daemon/dbus/gkd-secret-service.c b/daemon/dbus/gkd-secret-service.c index 00032410..440bd836 100644 --- a/daemon/dbus/gkd-secret-service.c +++ b/daemon/dbus/gkd-secret-service.c @@ -40,7 +40,7 @@ #include "egg/egg-error.h" #include "egg/egg-unix-credentials.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include "pkcs11/pkcs11i.h" @@ -65,7 +65,7 @@ typedef struct _ServiceClient { gchar *caller_exec; pid_t caller_pid; CK_G_APPLICATION app; - GP11Session *pkcs11_session; + GckSession *pkcs11_session; GHashTable *sessions; GHashTable *prompts; } ServiceClient; @@ -165,7 +165,7 @@ free_client (gpointer data) /* The session we use for accessing as our client */ if (client->pkcs11_session) { #if 0 - gp11_session_close (client->pkcs11_session, NULL); + gck_session_close (client->pkcs11_session, NULL); #endif g_object_unref (client->pkcs11_session); } @@ -403,7 +403,7 @@ static DBusMessage* service_method_create_collection (GkdSecretService *self, DBusMessage *message) { DBusMessageIter iter, array; - GP11Attributes *attrs; + GckAttributes *attrs; GkdSecretCreate *create; ServiceClient *client; DBusMessage *reply; @@ -416,20 +416,20 @@ service_method_create_collection (GkdSecretService *self, DBusMessage *message) return NULL; if (!dbus_message_iter_init (message, &iter)) g_return_val_if_reached (NULL); - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); dbus_message_iter_recurse (&iter, &array); if (!gkd_secret_property_parse_all (&array, attrs)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return dbus_message_new_error_printf (message, DBUS_ERROR_INVALID_ARGS, "Invalid properties"); } - gp11_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); + gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); /* Create the prompt object, for the password */ caller = dbus_message_get_sender (message); create = gkd_secret_create_new (self, caller, attrs); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (create)); client = g_hash_table_lookup (self->clients, caller); @@ -509,7 +509,7 @@ service_method_lock (GkdSecretService *self, DBusMessage *message) DBusMessage *reply; const char *caller; const gchar *prompt; - GP11Object *collection; + GckObject *collection; int n_objpaths, i; char **objpaths; GPtrArray *array; @@ -549,7 +549,7 @@ service_method_change_lock (GkdSecretService *self, DBusMessage *message) DBusMessage *reply; const char *caller; const gchar *path; - GP11Object *collection; + GckObject *collection; caller = dbus_message_get_sender (message); if (!dbus_message_get_args (message, NULL, DBUS_TYPE_OBJECT_PATH, &path, DBUS_TYPE_INVALID)) @@ -582,7 +582,7 @@ service_method_read_alias (GkdSecretService *self, DBusMessage *message) const char *alias; gchar *path = NULL; const gchar *identifier; - GP11Object *collection = NULL; + GckObject *collection = NULL; if (!dbus_message_get_args (message, NULL, DBUS_TYPE_STRING, &alias, DBUS_TYPE_INVALID)) return NULL; @@ -616,7 +616,7 @@ service_method_read_alias (GkdSecretService *self, DBusMessage *message) static DBusMessage* service_method_set_alias (GkdSecretService *self, DBusMessage *message) { - GP11Object *collection; + GckObject *collection; gchar *identifier; const char *alias; const char *path; @@ -661,7 +661,7 @@ service_method_create_with_master_password (GkdSecretService *self, DBusMessage DBusMessageIter iter, array; DBusMessage *reply = NULL; GkdSecretSecret *secret = NULL; - GP11Attributes *attrs = NULL; + GckAttributes *attrs = NULL; gchar *path; /* Parse the incoming message */ @@ -669,23 +669,23 @@ service_method_create_with_master_password (GkdSecretService *self, DBusMessage return NULL; if (!dbus_message_iter_init (message, &iter)) g_return_val_if_reached (NULL); - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); dbus_message_iter_recurse (&iter, &array); if (!gkd_secret_property_parse_all (&array, attrs)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return dbus_message_new_error (message, DBUS_ERROR_INVALID_ARGS, "Invalid properties argument"); } dbus_message_iter_next (&iter); secret = gkd_secret_secret_parse (self, message, &iter, &derr); if (secret == NULL) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return gkd_secret_error_to_reply (message, &derr); } - gp11_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); + gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); path = gkd_secret_create_with_secret (attrs, secret, &derr); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); gkd_secret_secret_free (secret); if (path == NULL) @@ -703,7 +703,7 @@ service_method_change_with_master_password (GkdSecretService *self, DBusMessage { DBusError derr = DBUS_ERROR_INIT; GkdSecretSecret *original, *master; - GP11Object *collection; + GckObject *collection; DBusMessageIter iter; DBusMessage *reply; const gchar *path; @@ -757,7 +757,7 @@ service_method_unlock_with_master_password (GkdSecretService *self, DBusMessage { DBusError derr = DBUS_ERROR_INIT; GkdSecretSecret *master; - GP11Object *collection; + GckObject *collection; DBusMessageIter iter; DBusMessage *reply; const gchar *path; @@ -1025,7 +1025,7 @@ gkd_secret_service_constructor (GType type, guint n_props, GObjectConstructParam { GkdSecretService *self = GKD_SECRET_SERVICE (G_OBJECT_CLASS (gkd_secret_service_parent_class)->constructor(type, n_props, props)); DBusError error = DBUS_ERROR_INIT; - GP11Slot *slot = NULL; + GckSlot *slot = NULL; guint i; g_return_val_if_fail (self, NULL); @@ -1038,7 +1038,7 @@ gkd_secret_service_constructor (GType type, guint n_props, GObjectConstructParam } /* Create our objects proxy */ - g_return_val_if_fail (GP11_IS_SLOT (slot), NULL); + g_return_val_if_fail (GCK_IS_SLOT (slot), NULL); self->objects = g_object_new (GKD_SECRET_TYPE_OBJECTS, "pkcs11-slot", slot, "service", self, NULL); @@ -1165,7 +1165,7 @@ gkd_secret_service_class_init (GkdSecretServiceClass *klass) g_object_class_install_property (gobject_class, PROP_PKCS11_SLOT, g_param_spec_object ("pkcs11-slot", "Pkcs11 Slot", "PKCS#11 slot that we use for secrets", - GP11_TYPE_SLOT, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + GCK_TYPE_SLOT, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); } /* ----------------------------------------------------------------------------- @@ -1193,20 +1193,20 @@ gkd_secret_service_get_connection (GkdSecretService *self) return self->connection; } -GP11Slot* +GckSlot* gkd_secret_service_get_pkcs11_slot (GkdSecretService *self) { g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL); return gkd_secret_objects_get_pkcs11_slot (self->objects); } -GP11Session* +GckSession* gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller) { ServiceClient *client; GError *error = NULL; - GP11TokenInfo *info; - GP11Slot *slot; + GckTokenInfo *info; + GckSlot *slot; gulong flags; gboolean login; @@ -1220,7 +1220,7 @@ gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *call if (!client->pkcs11_session) { flags = CKF_RW_SESSION | CKF_G_APPLICATION_SESSION; slot = gkd_secret_service_get_pkcs11_slot (self); - client->pkcs11_session = gp11_slot_open_session_full (slot, flags, &client->app, + client->pkcs11_session = gck_slot_open_session_full (slot, flags, &client->app, NULL, NULL, &error); if (!client->pkcs11_session) { g_warning ("couldn't open pkcs11 session for secret service: %s", @@ -1230,10 +1230,10 @@ gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *call } /* Perform the necessary 'user' login to secrets token. Doesn't unlock anything */ - info = gp11_slot_get_token_info (slot); + info = gck_slot_get_token_info (slot); login = info && (info->flags & CKF_LOGIN_REQUIRED); - gp11_token_info_free (info); - if (login && !gp11_session_login (client->pkcs11_session, CKU_USER, NULL, 0, &error)) { + gck_token_info_free (info); + if (login && !gck_session_login (client->pkcs11_session, CKU_USER, NULL, 0, &error)) { g_warning ("couldn't log in to pkcs11 session for secret service: %s", egg_error_message (error)); g_clear_error (&error); diff --git a/daemon/dbus/gkd-secret-service.h b/daemon/dbus/gkd-secret-service.h index e644caa4..6eac4ed7 100644 --- a/daemon/dbus/gkd-secret-service.h +++ b/daemon/dbus/gkd-secret-service.h @@ -24,7 +24,7 @@ #include "gkd-secret-types.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <dbus/dbus.h> @@ -47,9 +47,9 @@ GType gkd_secret_service_get_type (void); DBusConnection* gkd_secret_service_get_connection (GkdSecretService *self); -GP11Slot* gkd_secret_service_get_pkcs11_slot (GkdSecretService *self); +GckSlot* gkd_secret_service_get_pkcs11_slot (GkdSecretService *self); -GP11Session* gkd_secret_service_get_pkcs11_session (GkdSecretService *self, +GckSession* gkd_secret_service_get_pkcs11_session (GkdSecretService *self, const gchar *caller); GkdSecretObjects* gkd_secret_service_get_objects (GkdSecretService *self); diff --git a/daemon/dbus/gkd-secret-session.c b/daemon/dbus/gkd-secret-session.c index f75750b9..c1ae92ca 100644 --- a/daemon/dbus/gkd-secret-session.c +++ b/daemon/dbus/gkd-secret-session.c @@ -54,10 +54,10 @@ struct _GkdSecretSession { gchar *caller; /* While negotiating with a prompt, set to private key */ - GP11Object *private; + GckObject *private; /* Once negotiated set to key and mechanism */ - GP11Object *key; + GckObject *key; CK_MECHANISM_TYPE mech_type; }; @@ -72,7 +72,7 @@ static guint unique_session_number = 0; */ static void -take_session_key (GkdSecretSession *self, GP11Object *key, CK_MECHANISM_TYPE mech) +take_session_key (GkdSecretSession *self, GckObject *key, CK_MECHANISM_TYPE mech) { g_return_if_fail (!self->key); self->key = key; @@ -80,13 +80,13 @@ take_session_key (GkdSecretSession *self, GP11Object *key, CK_MECHANISM_TYPE mec } static gboolean -aes_create_dh_keys (GP11Session *session, const gchar *group, - GP11Object **pub_key, GP11Object **priv_key) +aes_create_dh_keys (GckSession *session, const gchar *group, + GckObject **pub_key, GckObject **priv_key) { - GP11Attributes *attrs; + GckAttributes *attrs; gconstpointer prime, base; gsize n_prime, n_base; - GP11Mechanism *mech; + GckMechanism *mech; GError *error = NULL; gboolean ret; @@ -95,18 +95,18 @@ aes_create_dh_keys (GP11Session *session, const gchar *group, return FALSE; } - attrs = gp11_attributes_new (); - gp11_attributes_add_data (attrs, CKA_PRIME, prime, n_prime); - gp11_attributes_add_data (attrs, CKA_BASE, base, n_base); + attrs = gck_attributes_new (); + gck_attributes_add_data (attrs, CKA_PRIME, prime, n_prime); + gck_attributes_add_data (attrs, CKA_BASE, base, n_base); - mech = gp11_mechanism_new (CKM_DH_PKCS_KEY_PAIR_GEN); + mech = gck_mechanism_new (CKM_DH_PKCS_KEY_PAIR_GEN); /* Perform the DH key generation */ - ret = gp11_session_generate_key_pair_full (session, mech, attrs, attrs, - pub_key, priv_key, NULL, &error); + ret = gck_session_generate_key_pair_full (session, mech, attrs, attrs, + pub_key, priv_key, NULL, &error); - gp11_mechanism_unref (mech); - gp11_attributes_unref (attrs); + gck_mechanism_unref (mech); + gck_attributes_unref (attrs); if (ret == FALSE) { g_warning ("couldn't generate dh key pair: %s", egg_error_message (error)); @@ -114,29 +114,27 @@ aes_create_dh_keys (GP11Session *session, const gchar *group, return FALSE; } - gp11_object_set_session (*pub_key, session); - gp11_object_set_session (*priv_key, session); return TRUE; } static gboolean -aes_derive_key (GP11Session *session, GP11Object *priv_key, - gconstpointer input, gsize n_input, GP11Object **aes_key) +aes_derive_key (GckSession *session, GckObject *priv_key, + gconstpointer input, gsize n_input, GckObject **aes_key) { GError *error = NULL; - GP11Mechanism *mech; - GP11Attributes *attrs; + GckMechanism *mech; + GckAttributes *attrs; - mech = gp11_mechanism_new_with_param (CKM_DH_PKCS_DERIVE, input, n_input); - attrs = gp11_attributes_newv (CKA_VALUE_LEN, GP11_ULONG, 16UL, - CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY, - CKA_KEY_TYPE, GP11_ULONG, CKK_AES, - GP11_INVALID); + mech = gck_mechanism_new_with_param (CKM_DH_PKCS_DERIVE, input, n_input); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_VALUE_LEN, 16UL); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + gck_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_AES); - *aes_key = gp11_session_derive_key_full (session, priv_key, mech, attrs, NULL, &error); + *aes_key = gck_session_derive_key (session, priv_key, mech, attrs, NULL, &error); - gp11_mechanism_unref (mech); - gp11_attributes_unref (attrs); + gck_mechanism_unref (mech); + gck_attributes_unref (attrs); if (!*aes_key) { g_warning ("couldn't derive aes key from dh key pair: %s", egg_error_message (error)); @@ -144,7 +142,6 @@ aes_derive_key (GP11Session *session, GP11Object *priv_key, return FALSE; } - gp11_object_set_session (*aes_key, session); return TRUE; } @@ -152,8 +149,8 @@ static DBusMessage* aes_negotiate (GkdSecretSession *self, DBusMessage *message, gconstpointer input, gsize n_input) { DBusMessageIter iter, variant, array; - GP11Session *session; - GP11Object *pub, *priv, *key; + GckSession *session; + GckObject *pub, *priv, *key; GError *error = NULL; DBusMessage *reply; gpointer output; @@ -168,8 +165,8 @@ aes_negotiate (GkdSecretSession *self, DBusMessage *message, gconstpointer input "Failed to create necessary crypto keys."); /* Get the output data */ - output = gp11_object_get_data (pub, CKA_VALUE, &n_output, &error); - gp11_object_destroy (pub, NULL); + output = gck_object_get_data (pub, CKA_VALUE, &n_output, &error); + gck_object_destroy (pub, NULL); g_object_unref (pub); if (output == NULL) { @@ -182,7 +179,7 @@ aes_negotiate (GkdSecretSession *self, DBusMessage *message, gconstpointer input ret = aes_derive_key (session, priv, input, n_input, &key); - gp11_object_destroy (priv, NULL); + gck_object_destroy (priv, NULL); g_object_unref (priv); if (ret == FALSE) { @@ -213,16 +210,20 @@ plain_negotiate (GkdSecretSession *self, DBusMessage *message) GError *error = NULL; const char *output = ""; DBusMessage *reply; - GP11Object *key; - GP11Session *session; + GckObject *key; + GckSession *session; + GckAttributes *attrs; session = gkd_secret_service_get_pkcs11_session (self->service, self->caller); g_return_val_if_fail (session, NULL); - key = gp11_session_create_object (session, &error, - CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY, - CKA_KEY_TYPE, GP11_ULONG, CKK_G_NULL, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + gck_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_G_NULL); + + key = gck_session_create_object (session, attrs, NULL, &error); + + gck_attributes_unref (attrs); if (key == NULL) { g_warning ("couldn't create null key: %s", egg_error_message (error)); @@ -458,8 +459,8 @@ gkd_secret_session_begin (GkdSecretSession *self, const gchar *group, gsize *n_output) { GError *error = NULL; - GP11Session *session; - GP11Object *public; + GckSession *session; + GckObject *public; gpointer output; g_return_val_if_fail (GKD_SECRET_IS_SESSION (self), NULL); @@ -474,8 +475,8 @@ gkd_secret_session_begin (GkdSecretSession *self, const gchar *group, return NULL; /* Get the output data */ - output = gp11_object_get_data (public, CKA_VALUE, n_output, &error); - gp11_object_destroy (public, NULL); + output = gck_object_get_data (public, CKA_VALUE, n_output, &error); + gck_object_destroy (public, NULL); g_object_unref (public); if (output == NULL) { @@ -491,7 +492,7 @@ gboolean gkd_secret_session_complete (GkdSecretSession *self, gconstpointer peer, gsize n_peer) { - GP11Session *session; + GckSession *session; g_return_val_if_fail (GKD_SECRET_IS_SESSION (self), FALSE); g_return_val_if_fail (self->key == NULL, FALSE); @@ -564,7 +565,7 @@ gkd_secret_session_get_caller_executable (GkdSecretSession *self) return self->caller_exec; } -GP11Session* +GckSession* gkd_secret_session_get_pkcs11_session (GkdSecretSession *self) { g_return_val_if_fail (GKD_SECRET_IS_SESSION (self), NULL); @@ -572,37 +573,37 @@ gkd_secret_session_get_pkcs11_session (GkdSecretSession *self) } GkdSecretSecret* -gkd_secret_session_get_item_secret (GkdSecretSession *self, GP11Object *item, +gkd_secret_session_get_item_secret (GkdSecretSession *self, GckObject *item, DBusError *derr) { - GP11Mechanism *mech; - GP11Session *session; + GckMechanism *mech; + GckSession *session; gpointer value, iv; gsize n_value, n_iv; GError *error = NULL; - g_assert (GP11_IS_OBJECT (self->key)); + g_assert (GCK_IS_OBJECT (self->key)); - session = gp11_object_get_session (item); + session = gck_object_get_session (item); g_return_val_if_fail (session, FALSE); if (self->mech_type == CKM_AES_CBC_PAD) { n_iv = 16; iv = g_malloc (n_iv); gcry_create_nonce (iv, n_iv); - mech = gp11_mechanism_new_with_param (CKM_AES_CBC_PAD, iv, n_iv); + mech = gck_mechanism_new_with_param (CKM_AES_CBC_PAD, iv, n_iv); } else { n_iv = 0; iv = NULL; - mech = gp11_mechanism_new (self->mech_type); + mech = gck_mechanism_new (self->mech_type); } - value = gp11_session_wrap_key_full (session, self->key, mech, item, &n_value, - NULL, &error); - gp11_mechanism_unref (mech); + value = gck_session_wrap_key_full (session, self->key, mech, item, &n_value, + NULL, &error); + gck_mechanism_unref (mech); if (value == NULL) { - if (g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN)) { + if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN)) { dbus_set_error_const (derr, SECRET_ERROR_IS_LOCKED, "Cannot get secret of a locked object"); } else { @@ -619,54 +620,54 @@ gkd_secret_session_get_item_secret (GkdSecretSession *self, GP11Object *item, } gboolean -gkd_secret_session_set_item_secret (GkdSecretSession *self, GP11Object *item, +gkd_secret_session_set_item_secret (GkdSecretSession *self, GckObject *item, GkdSecretSecret *secret, DBusError *derr) { - GP11Mechanism *mech; - GP11Object *object; - GP11Session *session; + GckMechanism *mech; + GckObject *object; + GckSession *session; GError *error = NULL; - GP11Attributes *attrs; + GckAttributes *attrs; g_return_val_if_fail (GKD_SECRET_IS_SESSION (self), FALSE); - g_return_val_if_fail (GP11_IS_OBJECT (item), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (item), FALSE); g_return_val_if_fail (secret, FALSE); - g_assert (GP11_IS_OBJECT (self->key)); + g_assert (GCK_IS_OBJECT (self->key)); /* * By getting these attributes, and then using them in the unwrap, * the unwrap won't generate a new object, but merely set the secret. */ - attrs = gp11_object_get (item, &error, CKA_ID, CKA_G_COLLECTION, GP11_INVALID); + attrs = gck_object_get (item, &error, CKA_ID, CKA_G_COLLECTION, GCK_INVALID); if (attrs == NULL) { g_message ("couldn't get item attributes: %s", egg_error_message (error)); dbus_set_error_const (derr, DBUS_ERROR_FAILED, "Couldn't set item secret"); g_clear_error (&error); return FALSE; } - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); session = gkd_secret_service_get_pkcs11_session (self->service, self->caller); g_return_val_if_fail (session, FALSE); - mech = gp11_mechanism_new_with_param (self->mech_type, secret->parameter, - secret->n_parameter); + mech = gck_mechanism_new_with_param (self->mech_type, secret->parameter, + secret->n_parameter); - object = gp11_session_unwrap_key_full (session, self->key, mech, secret->value, - secret->n_value, attrs, NULL, &error); + object = gck_session_unwrap_key (session, self->key, mech, secret->value, + secret->n_value, attrs, NULL, &error); - gp11_mechanism_unref (mech); - gp11_attributes_unref (attrs); + gck_mechanism_unref (mech); + gck_attributes_unref (attrs); if (object == NULL) { - if (g_error_matches (error, GP11_ERROR, CKR_USER_NOT_LOGGED_IN)) { + if (g_error_matches (error, GCK_ERROR, CKR_USER_NOT_LOGGED_IN)) { dbus_set_error_const (derr, SECRET_ERROR_IS_LOCKED, "Cannot set secret of a locked item"); - } else if (g_error_matches (error, GP11_ERROR, CKR_WRAPPED_KEY_INVALID) || - g_error_matches (error, GP11_ERROR, CKR_WRAPPED_KEY_LEN_RANGE) || - g_error_matches (error, GP11_ERROR, CKR_MECHANISM_PARAM_INVALID)) { + } else if (g_error_matches (error, GCK_ERROR, CKR_WRAPPED_KEY_INVALID) || + g_error_matches (error, GCK_ERROR, CKR_WRAPPED_KEY_LEN_RANGE) || + g_error_matches (error, GCK_ERROR, CKR_MECHANISM_PARAM_INVALID)) { dbus_set_error_const (derr, DBUS_ERROR_INVALID_ARGS, "The secret was transferred or encrypted in an invalid way."); } else { @@ -677,7 +678,7 @@ gkd_secret_session_set_item_secret (GkdSecretSession *self, GP11Object *item, return FALSE; } - if (!gp11_object_equal (object, item)) { + if (!gck_object_equal (object, item)) { g_warning ("unwrapped secret went to new object, instead of item"); dbus_set_error_const (derr, DBUS_ERROR_FAILED, "Couldn't set item secret"); g_object_unref (object); @@ -688,44 +689,44 @@ gkd_secret_session_set_item_secret (GkdSecretSession *self, GP11Object *item, return TRUE; } -GP11Object* -gkd_secret_session_create_credential (GkdSecretSession *self, GP11Session *session, - GP11Attributes *attrs, GkdSecretSecret *secret, +GckObject* +gkd_secret_session_create_credential (GkdSecretSession *self, GckSession *session, + GckAttributes *attrs, GkdSecretSecret *secret, DBusError *derr) { - GP11Attributes *alloc = NULL; - GP11Mechanism *mech; - GP11Object *object; + GckAttributes *alloc = NULL; + GckMechanism *mech; + GckObject *object; GError *error = NULL; - g_assert (GP11_IS_OBJECT (self->key)); + g_assert (GCK_IS_OBJECT (self->key)); g_assert (attrs); if (session == NULL) session = gkd_secret_service_get_pkcs11_session (self->service, self->caller); g_return_val_if_fail (session, NULL); - if (attrs == NULL) - alloc = attrs = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, - CKA_TOKEN, GP11_BOOLEAN, FALSE, - GP11_INVALID); + if (attrs == NULL) { + alloc = attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); + } - mech = gp11_mechanism_new_with_param (self->mech_type, secret->parameter, - secret->n_parameter); + mech = gck_mechanism_new_with_param (self->mech_type, secret->parameter, + secret->n_parameter); - object = gp11_session_unwrap_key_full (session, self->key, mech, secret->value, - secret->n_value, attrs, NULL, &error); + object = gck_session_unwrap_key (session, self->key, mech, secret->value, + secret->n_value, attrs, NULL, &error); - gp11_mechanism_unref (mech); - if (alloc != NULL) - gp11_attributes_unref (alloc); + gck_mechanism_unref (mech); + gck_attributes_unref (alloc); if (object == NULL) { - if (g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT)) { + if (g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) { dbus_set_error_const (derr, INTERNAL_ERROR_DENIED, "The password was incorrect."); - } else if (g_error_matches (error, GP11_ERROR, CKR_WRAPPED_KEY_INVALID) || - g_error_matches (error, GP11_ERROR, CKR_WRAPPED_KEY_LEN_RANGE) || - g_error_matches (error, GP11_ERROR, CKR_MECHANISM_PARAM_INVALID)) { + } else if (g_error_matches (error, GCK_ERROR, CKR_WRAPPED_KEY_INVALID) || + g_error_matches (error, GCK_ERROR, CKR_WRAPPED_KEY_LEN_RANGE) || + g_error_matches (error, GCK_ERROR, CKR_MECHANISM_PARAM_INVALID)) { dbus_set_error_const (derr, DBUS_ERROR_INVALID_ARGS, "The secret was transferred or encrypted in an invalid way."); } else { @@ -734,8 +735,6 @@ gkd_secret_session_create_credential (GkdSecretSession *self, GP11Session *sessi } g_clear_error (&error); return NULL; - } else { - gp11_object_set_session (object, session); } return object; diff --git a/daemon/dbus/gkd-secret-session.h b/daemon/dbus/gkd-secret-session.h index ce8853ea..6b1092e8 100644 --- a/daemon/dbus/gkd-secret-session.h +++ b/daemon/dbus/gkd-secret-session.h @@ -56,20 +56,20 @@ const gchar* gkd_secret_session_get_caller (GkdSecretSession const gchar* gkd_secret_session_get_caller_executable (GkdSecretSession *self); -GP11Session* gkd_secret_session_get_pkcs11_session (GkdSecretSession *self); +GckSession* gkd_secret_session_get_pkcs11_session (GkdSecretSession *self); GkdSecretSecret* gkd_secret_session_get_item_secret (GkdSecretSession *self, - GP11Object *item, + GckObject *item, DBusError *derr); gboolean gkd_secret_session_set_item_secret (GkdSecretSession *self, - GP11Object *item, + GckObject *item, GkdSecretSecret *secret, DBusError *derr); -GP11Object* gkd_secret_session_create_credential (GkdSecretSession *self, - GP11Session *session, - GP11Attributes *attrs, +GckObject* gkd_secret_session_create_credential (GkdSecretSession *self, + GckSession *session, + GckAttributes *attrs, GkdSecretSecret *secret, DBusError *derr); diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c index bf1f5d0a..c716073c 100644 --- a/daemon/dbus/gkd-secret-unlock.c +++ b/daemon/dbus/gkd-secret-unlock.c @@ -40,7 +40,7 @@ #include <glib/gi18n.h> -#include <gp11/gp11.h> +#include <gck/gck.h> #include <string.h> @@ -78,7 +78,7 @@ static guint unique_prompt_number = 0; * INTERNAL */ -static GP11Object* +static GckObject* lookup_collection (GkdSecretUnlock *self, const gchar *path) { GkdSecretObjects *objects = gkd_secret_service_get_objects (self->service); @@ -86,15 +86,15 @@ lookup_collection (GkdSecretUnlock *self, const gchar *path) } static gboolean -check_locked_collection (GP11Object *collection, gboolean *locked) +check_locked_collection (GckObject *collection, gboolean *locked) { GError *error = NULL; gpointer value; gsize n_value; - value = gp11_object_get_data (collection, CKA_G_LOCKED, &n_value, &error); + value = gck_object_get_data (collection, CKA_G_LOCKED, &n_value, &error); if (value == NULL) { - if (!g_error_matches (error, GP11_ERROR, CKR_OBJECT_HANDLE_INVALID)) + if (!g_error_matches (error, GCK_ERROR, CKR_OBJECT_HANDLE_INVALID)) g_warning ("couldn't check locked status of collection: %s", egg_error_message (error)); return FALSE; @@ -106,12 +106,12 @@ check_locked_collection (GP11Object *collection, gboolean *locked) } static void -common_unlock_attributes (GP11Attributes *attrs, GP11Object *collection) +common_unlock_attributes (GckAttributes *attrs, GckObject *collection) { g_assert (attrs); - g_assert (GP11_IS_OBJECT (collection)); - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL); - gp11_attributes_add_ulong (attrs, CKA_G_OBJECT, gp11_object_get_handle (collection)); + g_assert (GCK_IS_OBJECT (collection)); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_ulong (attrs, CKA_G_OBJECT, gck_object_get_handle (collection)); } static gboolean @@ -157,10 +157,10 @@ static void on_unlock_complete (GObject *object, GAsyncResult *res, gpointer user_data) { GkdSecretUnlock *self = GKD_SECRET_UNLOCK (user_data); - GP11Object *cred; + GckObject *cred; GError *error = NULL; - cred = gp11_session_create_object_finish (GP11_SESSION (object), res, &error); + cred = gck_session_create_object_finish (GCK_SESSION (object), res, &error); /* Successfully authentication */ if (cred) { @@ -170,13 +170,13 @@ on_unlock_complete (GObject *object, GAsyncResult *res, gpointer user_data) perform_next_unlock (self); /* The user cancelled the protected auth prompt */ - } else if (g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT)) { + } else if (g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) { g_free (self->current); self->current = NULL; mark_as_complete (self, TRUE); /* The operation was cancelled via Dismiss call */ - } else if (g_error_matches (error, GP11_ERROR, CKR_CANCEL)) { + } else if (g_error_matches (error, GCK_ERROR, CKR_CANCEL)) { /* Should have been the result of a dismiss */ g_return_if_fail (self->completed); @@ -192,9 +192,9 @@ on_unlock_complete (GObject *object, GAsyncResult *res, gpointer user_data) static void perform_next_unlock (GkdSecretUnlock *self) { - GP11Object *collection; - GP11Attributes *template; - GP11Session *session; + GckObject *collection; + GckAttributes *template; + GckSession *session; gboolean locked; gchar *objpath; @@ -226,13 +226,13 @@ perform_next_unlock (GkdSecretUnlock *self) } /* The various unlock options */ - template = gp11_attributes_new (); + template = gck_attributes_new (); common_unlock_attributes (template, collection); - gp11_attributes_add_data (template, CKA_VALUE, NULL, 0); + gck_attributes_add_data (template, CKA_VALUE, NULL, 0); session = gkd_secret_service_get_pkcs11_session (self->service, self->caller); - gp11_session_create_object_async (session, template, self->cancellable, on_unlock_complete, self); - gp11_attributes_unref (template); + gck_session_create_object_async (session, template, self->cancellable, on_unlock_complete, self); + gck_attributes_unref (template); g_object_unref (collection); self->current = objpath; @@ -494,7 +494,7 @@ void gkd_secret_unlock_queue (GkdSecretUnlock *self, const gchar *objpath) { gboolean locked = TRUE; - GP11Object *coll; + GckObject *coll; gchar *path; g_return_if_fail (GKD_SECRET_IS_UNLOCK (self)); @@ -548,28 +548,28 @@ gkd_secret_unlock_reset_results (GkdSecretUnlock *self) } gboolean -gkd_secret_unlock_with_secret (GP11Object *collection, GkdSecretSecret *master, +gkd_secret_unlock_with_secret (GckObject *collection, GkdSecretSecret *master, DBusError *derr) { - GP11Attributes *attrs; - GP11Object *cred; + GckAttributes *attrs; + GckObject *cred; gboolean locked; - g_return_val_if_fail (GP11_IS_OBJECT (collection), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (collection), FALSE); g_return_val_if_fail (master, FALSE); /* Shortcut if already unlocked */ if (check_locked_collection (collection, &locked) && !locked) return TRUE; - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); common_unlock_attributes (attrs, collection); - gp11_attributes_add_boolean (attrs, CKA_GNOME_TRANSIENT, TRUE); - gp11_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); + gck_attributes_add_boolean (attrs, CKA_GNOME_TRANSIENT, TRUE); + gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); cred = gkd_secret_session_create_credential (master->session, NULL, attrs, master, derr); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); if (cred != NULL) g_object_unref (cred); @@ -577,33 +577,33 @@ gkd_secret_unlock_with_secret (GP11Object *collection, GkdSecretSecret *master, } gboolean -gkd_secret_unlock_with_password (GP11Object *collection, const guchar *password, +gkd_secret_unlock_with_password (GckObject *collection, const guchar *password, gsize n_password, DBusError *derr) { - GP11Attributes *attrs; + GckAttributes *attrs; GError *error = NULL; - GP11Session *session; - GP11Object *cred; + GckSession *session; + GckObject *cred; gboolean locked; - g_return_val_if_fail (GP11_IS_OBJECT (collection), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (collection), FALSE); /* Shortcut if already unlocked */ if (check_locked_collection (collection, &locked) && !locked) return TRUE; - session = gp11_object_get_session (collection); + session = gck_object_get_session (collection); g_return_val_if_fail (session, FALSE); - attrs = gp11_attributes_new_full (egg_secure_realloc); + attrs = gck_attributes_new_full (egg_secure_realloc); common_unlock_attributes (attrs, collection); - gp11_attributes_add_boolean (attrs, CKA_GNOME_TRANSIENT, TRUE); - gp11_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); - gp11_attributes_add_data (attrs, CKA_VALUE, password, n_password); + gck_attributes_add_boolean (attrs, CKA_GNOME_TRANSIENT, TRUE); + gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); + gck_attributes_add_data (attrs, CKA_VALUE, password, n_password); - cred = gp11_session_create_object_full (session, attrs, NULL, &error); + cred = gck_session_create_object (session, attrs, NULL, &error); if (cred == NULL) { - if (g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT)) { + if (g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) { dbus_set_error_const (derr, INTERNAL_ERROR_DENIED, "The password was incorrect."); } else { g_message ("couldn't create credential: %s", egg_error_message (error)); diff --git a/daemon/dbus/gkd-secret-unlock.h b/daemon/dbus/gkd-secret-unlock.h index bcbce8ae..3fde30f5 100644 --- a/daemon/dbus/gkd-secret-unlock.h +++ b/daemon/dbus/gkd-secret-unlock.h @@ -54,11 +54,11 @@ gchar** gkd_secret_unlock_get_results (GkdSecretUnlock * void gkd_secret_unlock_reset_results (GkdSecretUnlock *self); -gboolean gkd_secret_unlock_with_secret (GP11Object *collection, +gboolean gkd_secret_unlock_with_secret (GckObject *collection, GkdSecretSecret *master, DBusError *derr); -gboolean gkd_secret_unlock_with_password (GP11Object *collection, +gboolean gkd_secret_unlock_with_password (GckObject *collection, const guchar *password, gsize n_password, DBusError *derr); diff --git a/daemon/gpg-agent/Makefile.am b/daemon/gpg-agent/Makefile.am index b53bba48..7226a14a 100644 --- a/daemon/gpg-agent/Makefile.am +++ b/daemon/gpg-agent/Makefile.am @@ -29,7 +29,7 @@ gkd_gpg_agent_standalone_SOURCES = \ gkd_gpg_agent_standalone_LDADD = \ libgkd-gpg-agent.la \ $(top_builddir)/ui/libgku-prompt.la \ - $(top_builddir)/gp11/libgp11.la \ + $(top_builddir)/gck/libgck.la \ $(top_builddir)/egg/libegg.la \ $(GOBJECT_LIBS) \ $(GTHREAD_LIBS) \ diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c index 5defe24b..5707ef55 100644 --- a/daemon/gpg-agent/gkd-gpg-agent-ops.c +++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c @@ -47,7 +47,7 @@ */ static void -keyid_to_field_attribute (const gchar *keyid, GP11Attributes *attrs) +keyid_to_field_attribute (const gchar *keyid, GckAttributes *attrs) { GString *fields = g_string_sized_new (128); @@ -66,7 +66,7 @@ keyid_to_field_attribute (const gchar *keyid, GP11Attributes *attrs) g_string_append (fields, "gnome-keyring:gpg-agent"); g_string_append_c (fields, '\0'); - gp11_attributes_add_data (attrs, CKA_G_FIELDS, fields->str, fields->len); + gck_attributes_add_data (attrs, CKA_G_FIELDS, fields->str, fields->len); g_string_free (fields, TRUE); } @@ -105,30 +105,30 @@ calculate_label_for_key (const gchar *keyid, const gchar *description) } static GList* -find_saved_items (GP11Session *session, GP11Attributes *attrs) +find_saved_items (GckSession *session, GckAttributes *attrs) { - GP11Attributes *template; + GckAttributes *template; GError *error = NULL; - GP11Attribute *attr; - GP11Object *search; + GckAttribute *attr; + GckObject *search; GList *results; gpointer data; gsize n_data; - template = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_G_SEARCH, - CKA_TOKEN, GP11_BOOLEAN, FALSE, - GP11_INVALID); + template = gck_attributes_new (); + gck_attributes_add_ulong (template, CKA_CLASS, CKO_G_SEARCH); + gck_attributes_add_boolean (template, CKA_TOKEN, FALSE); - attr = gp11_attributes_find (attrs, CKA_G_COLLECTION); + attr = gck_attributes_find (attrs, CKA_G_COLLECTION); if (attr != NULL) - gp11_attributes_add (template, attr); + gck_attributes_add (template, attr); - attr = gp11_attributes_find (attrs, CKA_G_FIELDS); + attr = gck_attributes_find (attrs, CKA_G_FIELDS); g_return_val_if_fail (attr != NULL, NULL); - gp11_attributes_add (template, attr); + gck_attributes_add (template, attr); - search = gp11_session_create_object_full (session, template, NULL, &error); - gp11_attributes_unref (template); + search = gck_session_create_object (session, template, NULL, &error); + gck_attributes_unref (template); if (search == NULL) { g_warning ("couldn't perform search for gpg agent stored passphrases: %s", @@ -137,9 +137,8 @@ find_saved_items (GP11Session *session, GP11Attributes *attrs) return NULL; } - gp11_object_set_session (search, session); - data = gp11_object_get_data (search, CKA_G_MATCHED, &n_data, &error); - gp11_object_destroy (search, NULL); + data = gck_object_get_data (search, CKA_G_MATCHED, &n_data, &error); + gck_object_destroy (search, NULL); g_object_unref (search); if (data == NULL) { @@ -149,23 +148,22 @@ find_saved_items (GP11Session *session, GP11Attributes *attrs) return NULL; } - results = gp11_objects_from_handle_array (gp11_session_get_slot (session), - data, n_data / sizeof (CK_ULONG)); + results = gck_objects_from_handle_array (session, data, n_data / sizeof (CK_ULONG)); g_free (data); return results; } static void -do_save_password (GP11Session *session, const gchar *keyid, const gchar *description, - const gchar *password, GP11Attributes *options) +do_save_password (GckSession *session, const gchar *keyid, const gchar *description, + const gchar *password, GckAttributes *options) { - GP11Attributes *attrs; + GckAttributes *attrs; gpointer identifier; gsize n_identifier; GList *previous; GError *error = NULL; - GP11Object *item; + GckObject *item; gchar *text; gchar *label; gint i; @@ -174,26 +172,25 @@ do_save_password (GP11Session *session, const gchar *keyid, const gchar *descrip g_assert (keyid); /* Sending a password, needs to be secure */ - attrs = gp11_attributes_new_full (egg_secure_realloc); + attrs = gck_attributes_new_full (egg_secure_realloc); /* Build up basic set of attributes */ - gp11_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); + gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); keyid_to_field_attribute (keyid, attrs); /* Bring in all the unlock options */ - for (i = 0; options && i < gp11_attributes_count (options); ++i) - gp11_attributes_add (attrs, gp11_attributes_at (options, i)); + for (i = 0; options && i < gck_attributes_count (options); ++i) + gck_attributes_add (attrs, gck_attributes_at (options, i)); /* Find a previously stored object like this, and replace if so */ previous = find_saved_items (session, attrs); if (previous) { - gp11_object_set_session (previous->data, session); - identifier = gp11_object_get_data (previous->data, CKA_ID, &n_identifier, NULL); + identifier = gck_object_get_data (previous->data, CKA_ID, &n_identifier, NULL); if (identifier != NULL) - gp11_attributes_add_data (attrs, CKA_ID, identifier, n_identifier); + gck_attributes_add_data (attrs, CKA_ID, identifier, n_identifier); g_free (identifier); - gp11_list_unref_free (previous); + gck_list_unref_free (previous); } text = calculate_label_for_key (keyid, description); @@ -201,11 +198,11 @@ do_save_password (GP11Session *session, const gchar *keyid, const gchar *descrip g_free (text); /* Put in the remainder of the attributes */ - gp11_attributes_add_string (attrs, CKA_VALUE, password); - gp11_attributes_add_string (attrs, CKA_LABEL, label); + gck_attributes_add_string (attrs, CKA_VALUE, password); + gck_attributes_add_string (attrs, CKA_LABEL, label); g_free (label); - item = gp11_session_create_object_full (session, attrs, NULL, &error); + item = gck_session_create_object (session, attrs, NULL, &error); if (item == NULL) { g_warning ("couldn't store gpg agent password: %s", egg_error_message (error)); g_clear_error (&error); @@ -213,30 +210,29 @@ do_save_password (GP11Session *session, const gchar *keyid, const gchar *descrip if (item != NULL) g_object_unref (item); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); } static gboolean -do_clear_password (GP11Session *session, const gchar *keyid) +do_clear_password (GckSession *session, const gchar *keyid) { - GP11Attributes *attrs; + GckAttributes *attrs; GList *objects, *l; GError *error = NULL; - attrs = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); keyid_to_field_attribute (keyid, attrs); objects = find_saved_items (session, attrs); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); if (!objects) return TRUE; /* Delete first item */ for (l = objects; l; l = g_list_next (l)) { - gp11_object_set_session (l->data, session); - if (gp11_object_destroy (l->data, &error)) { + if (gck_object_destroy (l->data, &error)) { break; /* Only delete the first item */ } else { g_warning ("couldn't clear gpg agent password: %s", @@ -245,33 +241,32 @@ do_clear_password (GP11Session *session, const gchar *keyid) } } - gp11_list_unref_free (objects); + gck_list_unref_free (objects); return TRUE; } static gchar* -do_lookup_password (GP11Session *session, const gchar *keyid) +do_lookup_password (GckSession *session, const gchar *keyid) { - GP11Attributes *attrs; + GckAttributes *attrs; GList *objects, *l; GError *error = NULL; gpointer data = NULL; gsize n_data; - attrs = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_SECRET_KEY, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY); keyid_to_field_attribute (keyid, attrs); objects = find_saved_items (session, attrs); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); if (!objects) return NULL; /* Return first password */ for (l = objects; l; l = g_list_next (l)) { - gp11_object_set_session (l->data, session); - data = gp11_object_get_data_full (l->data, CKA_VALUE, egg_secure_realloc, NULL, &n_data, &error); + data = gck_object_get_data_full (l->data, CKA_VALUE, egg_secure_realloc, NULL, &n_data, &error); if (error) { g_warning ("couldn't lookup gpg agent password: %s", egg_error_message (error)); g_clear_error (&error); @@ -281,22 +276,23 @@ do_lookup_password (GP11Session *session, const gchar *keyid) } } - gp11_list_unref_free (objects); + gck_list_unref_free (objects); /* Data is null terminated */ return data; } static GkuPrompt* -prepare_password_prompt (GP11Session *session, const gchar *errmsg, const gchar *prompt_text, +prepare_password_prompt (GckSession *session, const gchar *errmsg, const gchar *prompt_text, const gchar *description, gboolean confirm) { GkuPrompt *prompt; GError *error = NULL; gboolean auto_unlock; GList *objects; + GckAttributes *attrs; - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); prompt = gku_prompt_new (); @@ -316,12 +312,14 @@ prepare_password_prompt (GP11Session *session, const gchar *errmsg, const gchar auto_unlock = FALSE; + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_COLLECTION); + gck_attributes_add_string (attrs, CKA_ID, "login"); + gck_attributes_add_boolean (attrs, CKA_G_LOCKED, FALSE); + /* Check if the login keyring is usable */ - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION, - CKA_ID, 5, "login", - CKA_G_LOCKED, GP11_BOOLEAN, FALSE, - GP11_INVALID); + objects = gck_session_find_objects (session, attrs, NULL, &error); + gck_attributes_unref (attrs); if (errmsg) gku_prompt_set_warning (prompt, errmsg); @@ -338,7 +336,7 @@ prepare_password_prompt (GP11Session *session, const gchar *errmsg, const gchar else gku_prompt_hide_widget (prompt, "auto_area"); - gp11_list_unref_free (objects); + gck_list_unref_free (objects); return prompt; } @@ -351,15 +349,15 @@ on_prompt_attention (gpointer user_data) } static gchar* -do_get_password (GP11Session *session, const gchar *keyid, const gchar *errmsg, +do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg, const gchar *prompt_text, const gchar *description, gboolean confirm) { - GP11Attributes *attrs; + GckAttributes *attrs; gchar *password = NULL; gint value = 0; GkuPrompt *prompt; - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); g_assert (keyid); password = do_lookup_password (session, keyid); @@ -377,22 +375,22 @@ do_get_password (GP11Session *session, const gchar *keyid, const gchar *errmsg, g_return_val_if_fail (password, NULL); /* Load up the save options */ - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); if (gku_prompt_get_unlock_option (prompt, GKU_UNLOCK_AUTO, &value)) - gp11_attributes_add_string (attrs, CKA_G_COLLECTION, "login"); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, "login"); else - gp11_attributes_add_string (attrs, CKA_G_COLLECTION, "session"); + gck_attributes_add_string (attrs, CKA_G_COLLECTION, "session"); if (gku_prompt_get_unlock_option (prompt, GKU_UNLOCK_IDLE, &value) && value > 0) - gp11_attributes_add_ulong (attrs, CKA_G_DESTRUCT_IDLE, value); + gck_attributes_add_ulong (attrs, CKA_G_DESTRUCT_IDLE, value); if (gku_prompt_get_unlock_option (prompt, GKU_UNLOCK_TIMEOUT, &value) && value > 0) - gp11_attributes_add_ulong (attrs, CKA_G_DESTRUCT_AFTER, value); + gck_attributes_add_ulong (attrs, CKA_G_DESTRUCT_AFTER, value); /* Now actually save the password */ do_save_password (session, keyid, description, password, attrs); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); } g_object_unref (prompt); @@ -646,7 +644,7 @@ gkd_gpg_agent_ops_getpass (GkdGpgAgentCall *call, gchar *args) gchar *errmsg; gchar *prompt; gchar *description; - GP11Session *session; + GckSession *session; gchar *password; gchar *encoded; guint32 flags; @@ -699,7 +697,7 @@ gkd_gpg_agent_ops_getpass (GkdGpgAgentCall *call, gchar *args) gboolean gkd_gpg_agent_ops_clrpass (GkdGpgAgentCall *call, gchar *args) { - GP11Session *session; + GckSession *session; gchar *id; /* We don't answer this unless it's from the right terminal */ diff --git a/daemon/gpg-agent/gkd-gpg-agent-private.h b/daemon/gpg-agent/gkd-gpg-agent-private.h index 5688354d..c3675282 100644 --- a/daemon/gpg-agent/gkd-gpg-agent-private.h +++ b/daemon/gpg-agent/gkd-gpg-agent-private.h @@ -26,13 +26,13 @@ #include "pkcs11/pkcs11.h" -#include <gp11/gp11.h> +#include <gck/gck.h> #include <glib.h> typedef struct _GkdGpgAgentCall { int sock; - GP11Module *module; + GckModule *module; GIOChannel *channel; gboolean terminal_ok; } GkdGpgAgentCall; @@ -72,11 +72,11 @@ typedef struct _GkdGpgAgentCall { * gkd-gpg-agent.c */ -gboolean gkd_gpg_agent_initialize_with_module (GP11Module *module); +gboolean gkd_gpg_agent_initialize_with_module (GckModule *module); -GP11Session* gkd_gpg_agent_checkout_main_session (void); +GckSession* gkd_gpg_agent_checkout_main_session (void); -void gkd_gpg_agent_checkin_main_session (GP11Session* session); +void gkd_gpg_agent_checkin_main_session (GckSession* session); gboolean gkd_gpg_agent_send_reply (GkdGpgAgentCall *call, gboolean ok, diff --git a/daemon/gpg-agent/gkd-gpg-agent-standalone.c b/daemon/gpg-agent/gkd-gpg-agent-standalone.c index 3f8a75fb..3e9aa559 100644 --- a/daemon/gpg-agent/gkd-gpg-agent-standalone.c +++ b/daemon/gpg-agent/gkd-gpg-agent-standalone.c @@ -27,7 +27,7 @@ #include "egg/egg-error.h" #include "egg/egg-secure-memory.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <glib.h> #include <glib-object.h> @@ -46,7 +46,7 @@ accept_client (GIOChannel *channel, GIOCondition cond, gpointer unused) } static gboolean -authenticate_slot (GP11Module *module, GP11Slot *slot, gchar *label, gchar **password, gpointer unused) +authenticate_slot (GckModule *module, GckSlot *slot, gchar *label, gchar **password, gpointer unused) { gchar *prompt = g_strdup_printf ("Enter token password (%s): ", label); char *result = getpass (prompt); @@ -57,7 +57,7 @@ authenticate_slot (GP11Module *module, GP11Slot *slot, gchar *label, gchar **pas } static gboolean -authenticate_object (GP11Module *module, GP11Object *object, gchar *label, gchar **password) +authenticate_object (GckModule *module, GckObject *object, gchar *label, gchar **password) { gchar *prompt = g_strdup_printf ("Enter object password (%s): ", label); char *result = getpass (prompt); @@ -70,7 +70,7 @@ authenticate_object (GP11Module *module, GP11Object *object, gchar *label, gchar int main(int argc, char *argv[]) { - GP11Module *module; + GckModule *module; GError *error = NULL; GIOChannel *channel; GMainLoop *loop; @@ -87,17 +87,15 @@ main(int argc, char *argv[]) return 1; } - module = gp11_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, &error); + module = gck_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, GCK_AUTHENTICATE_OBJECTS, &error); if (!module) { g_message ("couldn't load pkcs11 module: %s", egg_error_message (error)); g_clear_error (&error); return 1; } - g_signal_connect (module, "authenticate-slot", G_CALLBACK (authenticate_slot), NULL); g_signal_connect (module, "authenticate-object", G_CALLBACK (authenticate_object), NULL); - gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS); ret = gkd_gpg_agent_initialize_with_module (module); g_object_unref (module); diff --git a/daemon/gpg-agent/gkd-gpg-agent.c b/daemon/gpg-agent/gkd-gpg-agent.c index 67d7cef1..fa1afb15 100644 --- a/daemon/gpg-agent/gkd-gpg-agent.c +++ b/daemon/gpg-agent/gkd-gpg-agent.c @@ -43,7 +43,7 @@ #endif /* The loaded PKCS#11 module */ -static GP11Module *pkcs11_module = NULL; +static GckModule *pkcs11_module = NULL; #ifndef KL #define KL(s) ((sizeof(s) - 1) / sizeof(s[0])) @@ -167,7 +167,7 @@ run_client_thread (gpointer data) gchar *line; gsize n_line; - g_assert (GP11_IS_MODULE (pkcs11_module)); + g_assert (GCK_IS_MODULE (pkcs11_module)); call.sock = g_atomic_int_get (socket); call.channel = g_io_channel_unix_new (call.sock); @@ -215,19 +215,19 @@ run_client_thread (gpointer data) */ /* The main PKCS#11 session that owns objects, and the mutex/cond for waiting on it */ -static GP11Session *pkcs11_main_session = NULL; +static GckSession *pkcs11_main_session = NULL; static gboolean pkcs11_main_checked = FALSE; static GMutex *pkcs11_main_mutex = NULL; static GCond *pkcs11_main_cond = NULL; -GP11Session* +GckSession* gkd_gpg_agent_checkout_main_session (void) { - GP11Session *result; + GckSession *result; g_mutex_lock (pkcs11_main_mutex); - g_assert (GP11_IS_SESSION (pkcs11_main_session)); + g_assert (GCK_IS_SESSION (pkcs11_main_session)); while (pkcs11_main_checked) g_cond_wait (pkcs11_main_cond, pkcs11_main_mutex); pkcs11_main_checked = TRUE; @@ -239,9 +239,9 @@ gkd_gpg_agent_checkout_main_session (void) } void -gkd_gpg_agent_checkin_main_session (GP11Session *session) +gkd_gpg_agent_checkin_main_session (GckSession *session) { - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); g_mutex_lock (pkcs11_main_mutex); @@ -359,7 +359,7 @@ gkd_gpg_agent_uninitialize (void) ret = g_mutex_trylock (pkcs11_main_mutex); g_assert (ret); - g_assert (GP11_IS_SESSION (pkcs11_main_session)); + g_assert (GCK_IS_SESSION (pkcs11_main_session)); g_assert (!pkcs11_main_checked); g_object_unref (pkcs11_main_session); pkcs11_main_session = NULL; @@ -375,56 +375,47 @@ gkd_gpg_agent_uninitialize (void) int gkd_gpg_agent_initialize (CK_FUNCTION_LIST_PTR funcs) { - GP11Module *module; + GckModule *module; gboolean ret; g_return_val_if_fail (funcs, -1); - module = gp11_module_new (funcs); - gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS); - gp11_module_set_pool_sessions (module, TRUE); + module = gck_module_new (funcs, GCK_AUTHENTICATE_OBJECTS); ret = gkd_gpg_agent_initialize_with_module (module); g_object_unref (module); return ret; } gboolean -gkd_gpg_agent_initialize_with_module (GP11Module *module) +gkd_gpg_agent_initialize_with_module (GckModule *module) { - GP11Session *session = NULL; - GList *slots, *l; + GckSession *session = NULL; + GckSlot *slot; GError *error = NULL; - GP11SlotInfo *info; + GList *modules; - g_assert (GP11_IS_MODULE (module)); + g_assert (GCK_IS_MODULE (module)); /* * Find the right slot. - * - * TODO: This isn't necessarily the best way to do this. - * A good function could be added to gp11 library. - * But needs more thought on how to do this. */ - slots = gp11_module_get_slots (module, TRUE); - for (l = slots; !session && l; l = g_list_next (l)) { - info = gp11_slot_get_info (l->data); - if (g_ascii_strcasecmp ("Secret Store", info->slot_description) == 0) { - - /* Try and open a session */ - session = gp11_slot_open_session (l->data, CKF_RW_SESSION | CKF_SERIAL_SESSION, &error); - if (!session) { - g_warning ("couldn't create pkcs#11 session: %s", error->message); - g_clear_error (&error); - } - } + modules = g_list_append (NULL, module); + slot = gck_modules_token_for_uri (modules, "pkcs11:token=Secret%20Store", &error); + g_list_free (modules); - gp11_slot_info_free (info); + if (!slot) { + g_warning ("couldn't find secret store module: %s", egg_error_message (error)); + g_clear_error (&error); + return FALSE; } - gp11_list_unref_free (slots); + /* Try and open a session */ + session = gck_slot_open_session (slot, CKF_RW_SESSION | CKF_SERIAL_SESSION, &error); + g_object_unref (slot); if (!session) { - g_warning ("couldn't select a usable pkcs#11 slot for the ssh agent to use"); + g_warning ("couldn't select a usable pkcs#11 slot for the gpg agent to use"); + g_clear_error (&error); return FALSE; } diff --git a/daemon/login/Makefile.am b/daemon/login/Makefile.am index b48f519a..c538a7d0 100644 --- a/daemon/login/Makefile.am +++ b/daemon/login/Makefile.am @@ -19,6 +19,6 @@ libgkd_login_la_SOURCES = \ gkd-login.c gkd-login.h libgkd_login_la_LIBADD = \ - $(top_builddir)/gp11/libgp11.la \ + $(top_builddir)/gck/libgck.la \ $(GOBJECT_LIBS) \ $(GLIB_LIBS) diff --git a/daemon/login/gkd-login.c b/daemon/login/gkd-login.c index 408d41ac..b45c3131 100644 --- a/daemon/login/gkd-login.c +++ b/daemon/login/gkd-login.c @@ -35,31 +35,29 @@ #include <string.h> -static GP11Module* -module_instance (void) +static GList* +module_instances (void) { - GP11Module *module = gp11_module_new (gkd_pkcs11_get_base_functions ()); - gp11_module_set_pool_sessions (module, FALSE); - gp11_module_set_auto_authenticate (module, FALSE); + GckModule *module = gck_module_new (gkd_pkcs11_get_base_functions (), 0); g_return_val_if_fail (module, NULL); - return module; + return g_list_append (NULL, module); } -static GP11Session* -open_and_login_session (GP11Slot *slot, CK_USER_TYPE user_type, GError **error) +static GckSession* +open_and_login_session (GckSlot *slot, CK_USER_TYPE user_type, GError **error) { - GP11Session *session; + GckSession *session; GError *err = NULL; - g_return_val_if_fail (GP11_IS_SLOT (slot), NULL); + g_return_val_if_fail (GCK_IS_SLOT (slot), NULL); if (!error) error = &err; - session = gp11_slot_open_session (slot, CKF_RW_SESSION, error); + session = gck_slot_open_session (slot, CKF_RW_SESSION, error); if (session != NULL) { - if (!gp11_session_login (session, user_type, NULL, 0, error)) { - if (g_error_matches (*error, GP11_ERROR, CKR_USER_ALREADY_LOGGED_IN)) { + if (!gck_session_login (session, user_type, NULL, 0, error)) { + if (g_error_matches (*error, GCK_ERROR, CKR_USER_ALREADY_LOGGED_IN)) { g_clear_error (error); } else { g_object_unref (session); @@ -71,35 +69,18 @@ open_and_login_session (GP11Slot *slot, CK_USER_TYPE user_type, GError **error) return session; } -static GP11Session* -lookup_login_session (GP11Module *module) +static GckSession* +lookup_login_session (GList *modules) { - GP11Slot *slot = NULL; + GckSlot *slot = NULL; GError *error = NULL; - GP11Session *session; - GP11SlotInfo *info; - GList *slots; - GList *l; - - g_assert (GP11_IS_MODULE (module)); - - /* - * Find the right slot. - * - * TODO: This isn't necessarily the best way to do this. - * A good function could be added to gp11 library. - * But needs more thought on how to do this. - */ - slots = gp11_module_get_slots (module, TRUE); - for (l = slots; !slot && l; l = g_list_next (l)) { - info = gp11_slot_get_info (l->data); - if (g_ascii_strcasecmp ("Secret Store", info->slot_description) == 0) - slot = g_object_ref (l->data); - gp11_slot_info_free (info); - } - gp11_list_unref_free (slots); + GckSession *session; - g_return_val_if_fail (slot, NULL); + slot = gck_modules_token_for_uri (modules, "pkcs11:token=Secret%20Store", &error); + if (!slot) { + g_warning ("couldn't find secret store module: %s", egg_error_message (error)); + return NULL; + } session = open_and_login_session (slot, CKU_USER, &error); if (error) { @@ -112,21 +93,24 @@ lookup_login_session (GP11Module *module) return session; } -static GP11Object* -lookup_login_keyring (GP11Session *session) +static GckObject* +lookup_login_keyring (GckSession *session) { + GckAttributes *atts; GError *error = NULL; - GP11Object *login = NULL; + GckObject *login = NULL; GList *objects; guint length; - g_return_val_if_fail (GP11_IS_SESSION (session), NULL); + g_return_val_if_fail (GCK_IS_SESSION (session), NULL); - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION, - CKA_TOKEN, GP11_BOOLEAN, TRUE, - CKA_ID, (gsize)5, "login", - GP11_INVALID); + atts = gck_attributes_new (); + gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION); + gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE); + gck_attributes_add_string (atts, CKA_ID, "login"); + + objects = gck_session_find_objects (session, atts, NULL, &error); + gck_attributes_unref (atts); if (error) { g_warning ("couldn't search for login keyring: %s", egg_error_message (error)); @@ -135,87 +119,80 @@ lookup_login_keyring (GP11Session *session) } length = g_list_length (objects); - if (length == 1) { + if (length == 1) login = g_object_ref (objects->data); - gp11_object_set_session (login, session); - } else if (length > 1) { + else if (length > 1) g_warning ("more than one login keyring exists"); - } - gp11_list_unref_free (objects); + gck_list_unref_free (objects); return login; } -static GP11Object* -create_login_keyring (GP11Session *session, GP11Object *cred, GError **error) +static GckObject* +create_login_keyring (GckSession *session, GckObject *cred, GError **error) { - GP11Object *login; - const gchar *label; + GckObject *login; + GckAttributes *atts; - g_return_val_if_fail (GP11_IS_SESSION (session), NULL); - g_return_val_if_fail (GP11_IS_OBJECT (cred), NULL); + g_return_val_if_fail (GCK_IS_SESSION (session), NULL); + g_return_val_if_fail (GCK_IS_OBJECT (cred), NULL); + + atts = gck_attributes_new (); + gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION); + gck_attributes_add_string (atts, CKA_ID, "login"); + gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred)); + gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE); /* TRANSLATORS: This is the display label for the login keyring */ - label = _("Login"); - - login = gp11_session_create_object (session, error, - CKA_CLASS, GP11_ULONG, CKO_G_COLLECTION, - CKA_ID, (gsize)5, "login", - CKA_LABEL, strlen (label), label, - CKA_G_CREDENTIAL, GP11_ULONG, gp11_object_get_handle (cred), - CKA_TOKEN, GP11_BOOLEAN, TRUE, - GP11_INVALID); - - if (login != NULL) - gp11_object_set_session (login, session); + gck_attributes_add_string (atts, CKA_LABEL, _("Login")); + + login = gck_session_create_object (session, atts, NULL, error); + gck_attributes_unref (atts); + return login; } -static GP11Object* -create_credential (GP11Session *session, GP11Object *object, +static GckObject* +create_credential (GckSession *session, GckObject *object, const gchar *secret, GError **error) { - GP11Attributes *attrs; - GP11Object *cred; + GckAttributes *attrs; + GckObject *cred; - g_return_val_if_fail (GP11_IS_SESSION (session), NULL); - g_return_val_if_fail (!object || GP11_IS_OBJECT (object), NULL); + g_return_val_if_fail (GCK_IS_SESSION (session), NULL); + g_return_val_if_fail (!object || GCK_IS_OBJECT (object), NULL); if (!secret) secret = ""; - attrs = gp11_attributes_newv (CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, - CKA_VALUE, strlen (secret), secret, - CKA_GNOME_TRANSIENT, GP11_BOOLEAN, TRUE, - CKA_TOKEN, GP11_BOOLEAN, TRUE, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_string (attrs, CKA_VALUE, secret); + gck_attributes_add_boolean (attrs, CKA_GNOME_TRANSIENT, TRUE); + gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE); if (object) - gp11_attributes_add_ulong (attrs, CKA_G_OBJECT, - gp11_object_get_handle (object)); - - cred = gp11_session_create_object_full (session, attrs, NULL, error); - gp11_attributes_unref (attrs); + gck_attributes_add_ulong (attrs, CKA_G_OBJECT, + gck_object_get_handle (object)); - if (cred != NULL) - gp11_object_set_session (cred, session); + cred = gck_session_create_object (session, attrs, NULL, error); + gck_attributes_unref (attrs); return cred; } static gboolean -unlock_or_create_login (GP11Module *module, const gchar *master) +unlock_or_create_login (GList *modules, const gchar *master) { GError *error = NULL; - GP11Session *session; - GP11Object *login; - GP11Object *cred; + GckSession *session; + GckObject *login; + GckObject *cred; - g_return_val_if_fail (GP11_IS_MODULE (module), FALSE); g_return_val_if_fail (master, FALSE); /* Find the login object */ - session = lookup_login_session (module); + session = lookup_login_session (modules); login = lookup_login_keyring (session); /* Create credentials for login object */ @@ -223,7 +200,7 @@ unlock_or_create_login (GP11Module *module, const gchar *master) /* Failure, bad password? */ if (cred == NULL) { - if (login && g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT)) + if (login && g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) gkm_wrap_layer_hint_login_unlock_failure (); else g_warning ("couldn't create login credential: %s", egg_error_message (error)); @@ -253,27 +230,26 @@ unlock_or_create_login (GP11Module *module, const gchar *master) } static gboolean -init_pin_for_uninitialized_slots (GP11Module *module, const gchar *master) +init_pin_for_uninitialized_slots (GList *modules, const gchar *master) { GError *error = NULL; GList *slots, *l; gboolean initialize; - GP11TokenInfo *info; - GP11Session *session; + GckTokenInfo *info; + GckSession *session; - g_return_val_if_fail (GP11_IS_MODULE (module), FALSE); g_return_val_if_fail (master, FALSE); - slots = gp11_module_get_slots (module, TRUE); + slots = gck_modules_get_slots (modules, TRUE); for (l = slots; l; l = g_list_next (l)) { - info = gp11_slot_get_token_info (l->data); + info = gck_slot_get_token_info (l->data); initialize = (info && !(info->flags & CKF_USER_PIN_INITIALIZED)); if (initialize) { session = open_and_login_session (l->data, CKU_SO, NULL); if (session != NULL) { - if (!gp11_session_init_pin (session, (const guchar*)master, strlen (master), &error)) { - if (!g_error_matches (error, GP11_ERROR, CKR_FUNCTION_NOT_SUPPORTED)) + if (!gck_session_init_pin (session, (const guchar*)master, strlen (master), &error)) { + if (!g_error_matches (error, GCK_ERROR, CKR_FUNCTION_NOT_SUPPORTED)) g_warning ("couldn't initialize slot with master password: %s", egg_error_message (error)); g_clear_error (&error); @@ -282,48 +258,48 @@ init_pin_for_uninitialized_slots (GP11Module *module, const gchar *master) } } - gp11_token_info_free (info); + gck_token_info_free (info); } - gp11_list_unref_free (slots); + gck_list_unref_free (slots); return TRUE; } gboolean gkd_login_unlock (const gchar *master) { - GP11Module *module; + GList *modules; gboolean result; /* We don't support null or empty master passwords */ if (!master || !master[0]) return FALSE; - module = module_instance (); + modules = module_instances (); - result = unlock_or_create_login (module, master); + result = unlock_or_create_login (modules, master); if (result == TRUE) - init_pin_for_uninitialized_slots (module, master); + init_pin_for_uninitialized_slots (modules, master); - g_object_unref (module); + gck_list_unref_free (modules); return result; } static gboolean -change_or_create_login (GP11Module *module, const gchar *original, const gchar *master) +change_or_create_login (GList *modules, const gchar *original, const gchar *master) { GError *error = NULL; - GP11Session *session; - GP11Object *login = NULL; - GP11Object *ocred = NULL; - GP11Object *mcred = NULL; + GckSession *session; + GckObject *login = NULL; + GckObject *ocred = NULL; + GckObject *mcred = NULL; gboolean success = FALSE; + GckAttributes *atts; - g_return_val_if_fail (GP11_IS_MODULE (module), FALSE); g_return_val_if_fail (original, FALSE); g_return_val_if_fail (master, FALSE); /* Find the login object */ - session = lookup_login_session (module); + session = lookup_login_session (modules); login = lookup_login_keyring (session); /* Create the new credential we'll be changing to */ @@ -336,7 +312,7 @@ change_or_create_login (GP11Module *module, const gchar *original, const gchar * } else if (login) { ocred = create_credential (session, login, original, &error); if (ocred == NULL) { - if (g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT)) { + if (g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT)) { g_message ("couldn't change login master password, " "original password was wrong: %s", egg_error_message (error)); @@ -361,18 +337,19 @@ change_or_create_login (GP11Module *module, const gchar *original, const gchar * /* Change the master password */ } else if (login && ocred && mcred) { - if (!gp11_object_set (login, &error, - CKA_G_CREDENTIAL, GP11_ULONG, gp11_object_get_handle (mcred), - GP11_INVALID)) { + atts = gck_attributes_new (); + gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (mcred)); + if (!gck_object_set (login, atts, NULL, &error)) { g_warning ("couldn't change login master password: %s", egg_error_message (error)); g_clear_error (&error); } else { success = TRUE; } + gck_attributes_unref (atts); } if (ocred) { - gp11_object_destroy (ocred, NULL); + gck_object_destroy (ocred, NULL); g_object_unref (ocred); } if (mcred) @@ -386,32 +363,31 @@ change_or_create_login (GP11Module *module, const gchar *original, const gchar * } static gboolean -set_pin_for_any_slots (GP11Module *module, const gchar *original, const gchar *master) +set_pin_for_any_slots (GList *modules, const gchar *original, const gchar *master) { GError *error = NULL; GList *slots, *l; gboolean initialize; - GP11TokenInfo *info; - GP11Session *session; + GckTokenInfo *info; + GckSession *session; - g_return_val_if_fail (GP11_IS_MODULE (module), FALSE); g_return_val_if_fail (original, FALSE); g_return_val_if_fail (master, FALSE); - slots = gp11_module_get_slots (module, TRUE); + slots = gck_modules_get_slots (modules, TRUE); for (l = slots; l; l = g_list_next (l)) { /* Set pin for any that are initialized, and not pap */ - info = gp11_slot_get_token_info (l->data); + info = gck_slot_get_token_info (l->data); initialize = (info && (info->flags & CKF_USER_PIN_INITIALIZED)); if (initialize) { session = open_and_login_session (l->data, CKU_USER, NULL); if (session != NULL) { - if (!gp11_session_set_pin (session, (const guchar*)original, strlen (original), - (const guchar*)master, strlen (master), &error)) { - if (!g_error_matches (error, GP11_ERROR, CKR_PIN_INCORRECT) && - !g_error_matches (error, GP11_ERROR, CKR_FUNCTION_NOT_SUPPORTED)) + if (!gck_session_set_pin (session, (const guchar*)original, strlen (original), + (const guchar*)master, strlen (master), &error)) { + if (!g_error_matches (error, GCK_ERROR, CKR_PIN_INCORRECT) && + !g_error_matches (error, GCK_ERROR, CKR_FUNCTION_NOT_SUPPORTED)) g_warning ("couldn't change slot master password: %s", egg_error_message (error)); g_clear_error (&error); @@ -420,16 +396,16 @@ set_pin_for_any_slots (GP11Module *module, const gchar *original, const gchar *m } } - gp11_token_info_free (info); + gck_token_info_free (info); } - gp11_list_unref_free (slots); + gck_list_unref_free (slots); return TRUE; } gboolean gkd_login_change_lock (const gchar *original, const gchar *master) { - GP11Module *module; + GList *modules; gboolean result; /* We don't support null or empty master passwords */ @@ -438,12 +414,12 @@ gkd_login_change_lock (const gchar *original, const gchar *master) if (original == NULL) original = ""; - module = module_instance (); + modules = module_instances (); - result = change_or_create_login (module, original, master); + result = change_or_create_login (modules, original, master); if (result == TRUE) - set_pin_for_any_slots (module, original, master); + set_pin_for_any_slots (modules, original, master); - g_object_unref (module); + gck_list_unref_free (modules); return result; } diff --git a/daemon/login/gkd-login.h b/daemon/login/gkd-login.h index acf9264c..01b4ddba 100644 --- a/daemon/login/gkd-login.h +++ b/daemon/login/gkd-login.h @@ -24,7 +24,7 @@ #include <glib.h> -#include "gp11/gp11.h" +#include "gck/gck.h" gboolean gkd_login_unlock (const gchar *master); diff --git a/daemon/ssh-agent/Makefile.am b/daemon/ssh-agent/Makefile.am index d3c4e574..6311fc0c 100644 --- a/daemon/ssh-agent/Makefile.am +++ b/daemon/ssh-agent/Makefile.am @@ -29,7 +29,7 @@ gkd_ssh_agent_standalone_SOURCES = \ gkd_ssh_agent_standalone_LDADD = \ libgkd-ssh-agent.la \ - $(top_builddir)/gp11/libgp11.la \ + $(top_builddir)/gck/libgck.la \ $(top_builddir)/egg/libegg-buffer.la \ $(top_builddir)/egg/libegg-secure.la \ $(GOBJECT_LIBS) \ diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c index dc022455..02a5fd76 100644 --- a/daemon/ssh-agent/gkd-ssh-agent-ops.c +++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c @@ -24,7 +24,7 @@ #include "gkd-ssh-agent-private.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include "pkcs11/pkcs11.h" #include "pkcs11/pkcs11g.h" @@ -43,60 +43,58 @@ #define V1_LABEL "SSH1 RSA Key" +typedef gboolean (*ObjectForeachFunc) (GckObject *object, gpointer user_data); + /* ---------------------------------------------------------------------------- */ static void -copy_attribute (GP11Attributes *original, CK_ATTRIBUTE_TYPE type, GP11Attributes *dest) +copy_attribute (GckAttributes *original, CK_ATTRIBUTE_TYPE type, GckAttributes *dest) { - GP11Attribute *attr; + GckAttribute *attr; g_assert (original); g_assert (dest); - attr = gp11_attributes_find (original, type); + attr = gck_attributes_find (original, type); if (attr) - gp11_attributes_add (dest, attr); + gck_attributes_add (dest, attr); } static gboolean -login_session (GP11Session *session) +login_session (GckSession *session) { - GP11SessionInfo *info; + gulong state; GError *error = NULL; gboolean ret = TRUE; - /* TODO: We should have a way to just get the state */ - info = gp11_session_get_info (session); - g_return_val_if_fail (info, FALSE); + state = gck_session_get_state (session); /* Log in the session if necessary */ - if (info->state == CKS_RO_PUBLIC_SESSION || info->state == CKS_RW_PUBLIC_SESSION) { - if (!gp11_session_login (session, CKU_USER, NULL, 0, &error)) { + if (state == CKS_RO_PUBLIC_SESSION || state == CKS_RW_PUBLIC_SESSION) { + if (!gck_session_login (session, CKU_USER, NULL, 0, &error)) { g_message ("couldn't log in to session: %s", egg_error_message (error)); ret = FALSE; } } - gp11_session_info_free (info); - return ret; } -static GP11Attributes* -build_like_attributes (GP11Attributes *attrs, CK_OBJECT_CLASS klass) +static GckAttributes* +build_like_attributes (GckAttributes *attrs, CK_OBJECT_CLASS klass) { - GP11Attributes *search; + GckAttributes *search; gulong key_type; g_assert (attrs); /* Determine the key type */ - if (!gp11_attributes_find_ulong (attrs, CKA_KEY_TYPE, &key_type)) + if (!gck_attributes_find_ulong (attrs, CKA_KEY_TYPE, &key_type)) g_return_val_if_reached (NULL); - search = gp11_attributes_new (); - gp11_attributes_add_ulong (search, CKA_CLASS, klass); + search = gck_attributes_new (); + gck_attributes_add_ulong (search, CKA_CLASS, klass); copy_attribute (attrs, CKA_KEY_TYPE, search); copy_attribute (attrs, CKA_TOKEN, search); @@ -122,26 +120,44 @@ build_like_attributes (GP11Attributes *attrs, CK_OBJECT_CLASS klass) } static void -search_keys_like_attributes (gpointer session_or_module, GP11Attributes *attrs, CK_OBJECT_CLASS klass, - GP11ObjectForeachFunc func, gpointer user_data) +search_keys_like_attributes (GList *modules, GckSession *session, GckAttributes *attrs, + CK_OBJECT_CLASS klass, ObjectForeachFunc func, gpointer user_data) { - GP11Attributes *search; + GckAttributes *search; + GckEnumerator *en; GError *error = NULL; GList *keys, *l; + GckObject *object; + + g_assert (modules || session); search = build_like_attributes (attrs, klass); /* In all slots */ - if (GP11_IS_MODULE (session_or_module)) { - if (!gp11_module_enumerate_objects_full (session_or_module, search, NULL, - func, user_data, &error)) { - g_warning ("couldn't enumerate matching keys: %s", egg_error_message (error)); - g_clear_error (&error); + if (modules) { + en = gck_modules_enumerate_objects (modules, search, CKF_RW_SESSION); + + for (;;) { + object = gck_enumerator_next (en, NULL, &error); + if (!object) { + if (error) { + g_warning ("couldn't enumerate matching keys: %s", egg_error_message (error)); + g_clear_error (&error); + } + break; + } + + if (!(func) (object, user_data)) + break; } - /* Otherwise search in the session */ - } else if (GP11_IS_SESSION (session_or_module)){ - keys = gp11_session_find_objects_full (session_or_module, search, NULL, &error); + g_object_unref (en); + + } + + /* Search in the session */ + if (session){ + keys = gck_session_find_objects (session, search, NULL, &error); if (error) { g_warning ("couldn't find matching keys: %s", egg_error_message (error)); @@ -153,22 +169,18 @@ search_keys_like_attributes (gpointer session_or_module, GP11Attributes *attrs, break; } - gp11_list_unref_free (keys); + gck_list_unref_free (keys); } - - /* Bad object passed in */ - } else { - g_assert_not_reached (); } - gp11_attributes_unref (search); + gck_attributes_unref (search); } static gboolean -list_all_matching (GP11Object *object, gpointer user_data) +list_all_matching (GckObject *object, gpointer user_data) { GList** list = (GList**)user_data; - g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (object), FALSE); *list = g_list_prepend (*list, g_object_ref (object)); /* Keep going */ @@ -176,11 +188,11 @@ list_all_matching (GP11Object *object, gpointer user_data) } static gboolean -return_first_matching (GP11Object *object, gpointer user_data) +return_first_matching (GckObject *object, gpointer user_data) { - GP11Object **result = (GP11Object**)user_data; + GckObject **result = (GckObject**)user_data; - g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (object), FALSE); g_return_val_if_fail (result != NULL, FALSE); g_return_val_if_fail (*result == NULL, FALSE); *result = g_object_ref (object); @@ -190,22 +202,23 @@ return_first_matching (GP11Object *object, gpointer user_data) } static gboolean -return_private_matching (GP11Object *object, gpointer user_data) +return_private_matching (GckObject *object, gpointer user_data) { - GP11Object **result = (GP11Object**)user_data; - GP11Session *session; - GP11Attributes *attrs; - GP11Attribute *attr; + GckObject **result = (GckObject**)user_data; + GckSession *session; + GckAttributes *attrs; + GckAttribute *attr; gboolean token; GList *objects; GError *error = NULL; + GckAttributes *atts; - g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (object), FALSE); g_return_val_if_fail (result != NULL, FALSE); g_return_val_if_fail (*result == NULL, FALSE); /* Get the key identifier and token */ - attrs = gp11_object_get (object, &error, CKA_ID, CKA_TOKEN, GP11_INVALID); + attrs = gck_object_get (object, &error, CKA_ID, CKA_TOKEN, GCK_INVALID); if (error) { g_warning ("error retrieving attributes for public key: %s", egg_error_message (error)); g_clear_error (&error); @@ -213,32 +226,32 @@ return_private_matching (GP11Object *object, gpointer user_data) } /* Dig out the key identifier and token */ - attr = gp11_attributes_find (attrs, CKA_ID); + attr = gck_attributes_find (attrs, CKA_ID); g_return_val_if_fail (attr, FALSE); - if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token)) + if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token)) token = FALSE; - session = gp11_object_get_session (object); - g_return_val_if_fail (GP11_IS_SESSION (session), FALSE); + session = gck_object_get_session (object); + g_return_val_if_fail (GCK_IS_SESSION (session), FALSE); if (!login_session (session)) return FALSE; - /* Search for the matching private key */ - objects = gp11_session_find_objects (session, NULL, - CKA_ID, attr->length, attr->value, - CKA_CLASS, GP11_ULONG, CKO_PRIVATE_KEY, - CKA_TOKEN, GP11_BOOLEAN, token, - GP11_INVALID); + atts = gck_attributes_new (); + gck_attributes_add (atts, attr); + gck_attributes_add_ulong (atts, CKA_CLASS, CKO_PRIVATE_KEY); + gck_attributes_add_boolean (atts, CKA_TOKEN, token); - gp11_attributes_unref (attrs); + /* Search for the matching private key */ + objects = gck_session_find_objects (session, atts, NULL, NULL); + gck_attributes_unref (atts); + gck_attributes_unref (attrs); /* Keep searching, not found */ if (objects) { *result = g_object_ref (objects->data); - gp11_object_set_session (*result, session); - gp11_list_unref_free (objects); + gck_list_unref_free (objects); } g_object_unref (session); @@ -248,13 +261,13 @@ return_private_matching (GP11Object *object, gpointer user_data) } static gboolean -load_identity_v1_attributes (GP11Object *object, gpointer user_data) +load_identity_v1_attributes (GckObject *object, gpointer user_data) { - GP11Attributes *attrs; + GckAttributes *attrs; GError *error = NULL; GList **all_attrs; - g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (object), FALSE); g_return_val_if_fail (user_data, FALSE); /* @@ -262,8 +275,8 @@ load_identity_v1_attributes (GP11Object *object, gpointer user_data) * In addition V1 keys are only RSA. */ - attrs = gp11_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS, - CKA_PUBLIC_EXPONENT, CKA_CLASS, CKA_MODULUS_BITS, GP11_INVALID); + attrs = gck_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS, + CKA_PUBLIC_EXPONENT, CKA_CLASS, CKA_MODULUS_BITS, GCK_INVALID); if (error) { g_warning ("error retrieving attributes for public key: %s", egg_error_message (error)); g_clear_error (&error); @@ -280,21 +293,21 @@ load_identity_v1_attributes (GP11Object *object, gpointer user_data) } static gboolean -load_identity_v2_attributes (GP11Object *object, gpointer user_data) +load_identity_v2_attributes (GckObject *object, gpointer user_data) { - GP11Attributes *attrs; - GP11Attribute *attr; + GckAttributes *attrs; + GckAttribute *attr; GError *error = NULL; gboolean valid = TRUE; gboolean token; GList **all_attrs; - g_return_val_if_fail (GP11_IS_OBJECT (object), FALSE); + g_return_val_if_fail (GCK_IS_OBJECT (object), FALSE); g_return_val_if_fail (user_data, FALSE); - attrs = gp11_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS, - CKA_PUBLIC_EXPONENT, CKA_PRIME, CKA_SUBPRIME, CKA_BASE, - CKA_VALUE, CKA_CLASS, CKA_MODULUS_BITS, CKA_TOKEN, GP11_INVALID); + attrs = gck_object_get (object, &error, CKA_ID, CKA_LABEL, CKA_KEY_TYPE, CKA_MODULUS, + CKA_PUBLIC_EXPONENT, CKA_PRIME, CKA_SUBPRIME, CKA_BASE, + CKA_VALUE, CKA_CLASS, CKA_MODULUS_BITS, CKA_TOKEN, GCK_INVALID); if (error) { g_warning ("error retrieving attributes for public key: %s", egg_error_message (error)); g_clear_error (&error); @@ -302,7 +315,7 @@ load_identity_v2_attributes (GP11Object *object, gpointer user_data) } /* Dig out the label, and see if it's not v1, skip if so */ - attr = gp11_attributes_find (attrs, CKA_LABEL); + attr = gck_attributes_find (attrs, CKA_LABEL); if (attr != NULL) { if (attr->length == strlen (V1_LABEL) && strncmp ((gchar*)attr->value, V1_LABEL, attr->length) == 0) @@ -310,14 +323,14 @@ load_identity_v2_attributes (GP11Object *object, gpointer user_data) } /* Figure out if it's a token object or not */ - if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token)) + if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token)) token = FALSE; all_attrs = (GList**)user_data; if (valid == TRUE) *all_attrs = g_list_prepend (*all_attrs, attrs); else - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); /* Note that we haven't reffed the object or session */ @@ -326,32 +339,30 @@ load_identity_v2_attributes (GP11Object *object, gpointer user_data) } static void -remove_key_pair (GP11Session *session, GP11Object *priv, GP11Object *pub) +remove_key_pair (GckSession *session, GckObject *priv, GckObject *pub) { GError *error = NULL; - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); if (!login_session (session)) return; if (priv != NULL) { - gp11_object_set_session (priv, session); - gp11_object_destroy (priv, &error); + gck_object_destroy (priv, &error); if (error) { - if (!g_error_matches (error, GP11_ERROR, CKR_OBJECT_HANDLE_INVALID)) + if (!g_error_matches (error, GCK_ERROR, CKR_OBJECT_HANDLE_INVALID)) g_warning ("couldn't remove ssh private key: %s", egg_error_message (error)); g_clear_error (&error); } } if (pub != NULL) { - gp11_object_set_session (pub, session); - gp11_object_destroy (pub, &error); + gck_object_destroy (pub, &error); if (error) { - if (!g_error_matches (error, GP11_ERROR, CKR_OBJECT_HANDLE_INVALID)) + if (!g_error_matches (error, GCK_ERROR, CKR_OBJECT_HANDLE_INVALID)) g_warning ("couldn't remove ssh public key: %s", egg_error_message (error)); g_clear_error (&error); } @@ -359,23 +370,26 @@ remove_key_pair (GP11Session *session, GP11Object *priv, GP11Object *pub) } static void -lock_key_pair (GP11Session *session, GP11Object *priv, GP11Object *pub) +lock_key_pair (GckSession *session, GckObject *priv, GckObject *pub) { + GckAttributes *atts; GError *error = NULL; GList *objects, *l; - g_assert (GP11_IS_SESSION (session)); - g_assert (GP11_IS_OBJECT (priv)); - g_assert (GP11_IS_OBJECT (pub)); + g_assert (GCK_IS_SESSION (session)); + g_assert (GCK_IS_OBJECT (priv)); + g_assert (GCK_IS_OBJECT (pub)); if (!login_session (session)) return; + atts = gck_attributes_new (); + gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_ulong (atts, CKA_G_OBJECT, gck_object_get_handle (priv)); + /* Delete any authenticator objects */ - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, - CKA_G_OBJECT, GP11_ULONG, gp11_object_get_handle (priv), - GP11_INVALID); + objects = gck_session_find_objects (session, atts, NULL, &error); + gck_attributes_unref (atts); if (error) { g_warning ("couldn't search for authenticator objects: %s", egg_error_message (error)); @@ -385,7 +399,7 @@ lock_key_pair (GP11Session *session, GP11Object *priv, GP11Object *pub) /* Delete them all */ for (l = objects; l; l = g_list_next (l)) { - gp11_object_destroy (l->data, &error); + gck_object_destroy (l->data, &error); if (error) { g_warning ("couldn't delete authenticator object: %s", egg_error_message (error)); g_clear_error (&error); @@ -394,24 +408,22 @@ lock_key_pair (GP11Session *session, GP11Object *priv, GP11Object *pub) } static void -remove_by_public_key (GP11Session *session, GP11Object *pub, gboolean exclude_v1) +remove_by_public_key (GckSession *session, GckObject *pub, gboolean exclude_v1) { - GP11Attributes *attrs; + GckAttributes *attrs; GError *error = NULL; GList *objects; gboolean token; gchar *label; - g_assert (GP11_IS_SESSION (session)); - g_assert (GP11_IS_OBJECT (pub)); + g_assert (GCK_IS_SESSION (session)); + g_assert (GCK_IS_OBJECT (pub)); if (!login_session (session)) return; - gp11_object_set_session (pub, session); - attrs = gp11_object_get (pub, &error, - CKA_LABEL, CKA_ID, CKA_TOKEN, - GP11_INVALID); + attrs = gck_object_get (pub, &error, CKA_LABEL, CKA_ID, CKA_TOKEN, GCK_INVALID); + if (error) { g_warning ("couldn't lookup attributes for key: %s", egg_error_message (error)); g_clear_error (&error); @@ -419,22 +431,22 @@ remove_by_public_key (GP11Session *session, GP11Object *pub, gboolean exclude_v1 } /* Skip over SSH V1 keys */ - if (exclude_v1 && gp11_attributes_find_string (attrs, CKA_LABEL, &label)) { + if (exclude_v1 && gck_attributes_find_string (attrs, CKA_LABEL, &label)) { if (label && strcmp (label, V1_LABEL) == 0) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); g_free (label); return; } } /* Lock token objects, remove session objects */ - if (!gp11_attributes_find_boolean (attrs, CKA_TOKEN, &token)) + if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token)) token = FALSE; /* Search for exactly the same attributes but with a private key class */ - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PRIVATE_KEY); - objects = gp11_session_find_objects_full (session, attrs, NULL, &error); - gp11_attributes_unref (attrs); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PRIVATE_KEY); + objects = gck_session_find_objects (session, attrs, NULL, &error); + gck_attributes_unref (attrs); if (error) { g_warning ("couldn't search for related key: %s", egg_error_message (error)); @@ -449,37 +461,36 @@ remove_by_public_key (GP11Session *session, GP11Object *pub, gboolean exclude_v1 remove_key_pair (session, objects->data, pub); } - gp11_list_unref_free (objects); + gck_list_unref_free (objects); } static gboolean -create_key_pair (GP11Session *session, GP11Attributes *priv, GP11Attributes *pub) +create_key_pair (GckSession *session, GckAttributes *priv, GckAttributes *pub) { - GP11Object *priv_key, *pub_key; + GckObject *priv_key, *pub_key; GError *error = NULL; - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); g_assert (priv); g_assert (pub); if (!login_session (session)) return FALSE; - priv_key = gp11_session_create_object_full (session, priv, NULL, &error); + priv_key = gck_session_create_object (session, priv, NULL, &error); if (error) { g_warning ("couldn't create session private key: %s", egg_error_message (error)); g_clear_error (&error); return FALSE; } - pub_key = gp11_session_create_object_full (session, pub, NULL, &error); + pub_key = gck_session_create_object (session, pub, NULL, &error); if (error) { g_warning ("couldn't create session public key: %s", egg_error_message (error)); g_clear_error (&error); /* Failed, so remove private as well */ - gp11_object_set_session (priv_key, session); - gp11_object_destroy (priv_key, NULL); + gck_object_destroy (priv_key, NULL); g_object_unref (priv_key); return FALSE; @@ -492,17 +503,16 @@ create_key_pair (GP11Session *session, GP11Attributes *priv, GP11Attributes *pub } static void -destroy_replaced_keys (GP11Session *session, GList *keys) +destroy_replaced_keys (GckSession *session, GList *keys) { GError *error = NULL; GList *l; - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); for (l = keys; l; l = g_list_next (l)) { - gp11_object_set_session (l->data, session); - if (!gp11_object_destroy (l->data, &error)) { - if (!g_error_matches (error, GP11_ERROR, CKR_OBJECT_HANDLE_INVALID)) + if (!gck_object_destroy (l->data, &error)) { + if (!g_error_matches (error, GCK_ERROR, CKR_OBJECT_HANDLE_INVALID)) g_warning ("couldn't delete a SSH key we replaced: %s", egg_error_message (error)); g_clear_error (&error); @@ -511,24 +521,24 @@ destroy_replaced_keys (GP11Session *session, GList *keys) } static gboolean -replace_key_pair (GP11Session *session, GP11Attributes *priv, GP11Attributes *pub) +replace_key_pair (GckSession *session, GckAttributes *priv, GckAttributes *pub) { GList *priv_prev, *pub_prev; - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); g_assert (priv); g_assert (pub); if (!login_session (session)) return FALSE; - gp11_attributes_add_boolean (priv, CKA_TOKEN, FALSE); - gp11_attributes_add_boolean (pub, CKA_TOKEN, FALSE); + gck_attributes_add_boolean (priv, CKA_TOKEN, FALSE); + gck_attributes_add_boolean (pub, CKA_TOKEN, FALSE); /* Find the previous keys that match the same description */ priv_prev = pub_prev = NULL; - search_keys_like_attributes (session, priv, CKO_PRIVATE_KEY, list_all_matching, &priv_prev); - search_keys_like_attributes (session, priv, CKO_PUBLIC_KEY, list_all_matching, &pub_prev); + search_keys_like_attributes (NULL, session, priv, CKO_PRIVATE_KEY, list_all_matching, &priv_prev); + search_keys_like_attributes (NULL, session, priv, CKO_PUBLIC_KEY, list_all_matching, &pub_prev); /* Now try and create the new keys */ if (create_key_pair (session, priv, pub)) { @@ -538,15 +548,15 @@ replace_key_pair (GP11Session *session, GP11Attributes *priv, GP11Attributes *pu destroy_replaced_keys (session, pub_prev); } - gp11_list_unref_free (priv_prev); - gp11_list_unref_free (pub_prev); + gck_list_unref_free (priv_prev); + gck_list_unref_free (pub_prev); return TRUE; } static gboolean load_contraints (EggBuffer *buffer, gsize offset, gsize *next_offset, - GP11Attributes *priv, GP11Attributes *pub) + GckAttributes *priv, GckAttributes *pub) { guchar constraint; guint32 lifetime; @@ -565,8 +575,8 @@ load_contraints (EggBuffer *buffer, gsize offset, gsize *next_offset, if (!egg_buffer_get_uint32 (buffer, offset, &offset, &lifetime)) return FALSE; - gp11_attributes_add_ulong (pub, CKA_G_DESTRUCT_AFTER, lifetime); - gp11_attributes_add_ulong (priv, CKA_G_DESTRUCT_AFTER, lifetime); + gck_attributes_add_ulong (pub, CKA_G_DESTRUCT_AFTER, lifetime); + gck_attributes_add_ulong (priv, CKA_G_DESTRUCT_AFTER, lifetime); break; case GKD_SSH_FLAG_CONSTRAIN_CONFIRM: @@ -591,9 +601,9 @@ load_contraints (EggBuffer *buffer, gsize offset, gsize *next_offset, static gboolean op_add_identity (GkdSshAgentCall *call) { - GP11Attributes *pub; - GP11Attributes *priv; - GP11Session *session; + GckAttributes *pub; + GckAttributes *priv; + GckSession *session; gchar *stype = NULL; gchar *comment = NULL; gboolean ret; @@ -611,8 +621,8 @@ op_add_identity (GkdSshAgentCall *call) } g_free (stype); - priv = gp11_attributes_new_full ((GP11Allocator)egg_secure_realloc); - pub = gp11_attributes_new_full (g_realloc); + priv = gck_attributes_new_full ((GckAllocator)egg_secure_realloc); + pub = gck_attributes_new_full (g_realloc); switch (algo) { case CKK_RSA: @@ -628,26 +638,26 @@ op_add_identity (GkdSshAgentCall *call) if (!ret) { g_warning ("couldn't read incoming SSH private key"); - gp11_attributes_unref (pub); - gp11_attributes_unref (priv); + gck_attributes_unref (pub); + gck_attributes_unref (priv); return FALSE; } /* Get the comment */ if (!egg_buffer_get_string (call->req, offset, &offset, &comment, (EggBufferAllocator)g_realloc)) { - gp11_attributes_unref (pub); - gp11_attributes_unref (priv); + gck_attributes_unref (pub); + gck_attributes_unref (priv); return FALSE; } - gp11_attributes_add_string (pub, CKA_LABEL, comment); - gp11_attributes_add_string (priv, CKA_LABEL, comment); + gck_attributes_add_string (pub, CKA_LABEL, comment); + gck_attributes_add_string (priv, CKA_LABEL, comment); g_free (comment); /* Any constraints on loading the key */ if (!load_contraints (call->req, offset, &offset, priv, pub)) { - gp11_attributes_unref (pub); - gp11_attributes_unref (priv); + gck_attributes_unref (pub); + gck_attributes_unref (priv); return FALSE; } @@ -663,8 +673,8 @@ op_add_identity (GkdSshAgentCall *call) gkd_ssh_agent_checkin_main_session (session); - gp11_attributes_unref (priv); - gp11_attributes_unref (pub); + gck_attributes_unref (priv); + gck_attributes_unref (pub); egg_buffer_add_byte (call->resp, ret ? GKD_SSH_RES_SUCCESS : GKD_SSH_RES_FAILURE); return TRUE; @@ -673,8 +683,8 @@ op_add_identity (GkdSshAgentCall *call) static gboolean op_v1_add_identity (GkdSshAgentCall *call) { - GP11Attributes *pub, *priv; - GP11Session *session; + GckAttributes *pub, *priv; + GckSession *session; gchar *comment = NULL; gboolean ret; gsize offset = 5; @@ -683,32 +693,32 @@ op_v1_add_identity (GkdSshAgentCall *call) if (!egg_buffer_get_uint32 (call->req, offset, &offset, &unused)) return FALSE; - priv = gp11_attributes_new_full ((GP11Allocator)egg_secure_realloc); - pub = gp11_attributes_new_full (g_realloc); + priv = gck_attributes_new_full ((GckAllocator)egg_secure_realloc); + pub = gck_attributes_new_full (g_realloc); if (!gkd_ssh_agent_proto_read_pair_v1 (call->req, &offset, priv, pub)) { g_warning ("couldn't read incoming SSH private key"); - gp11_attributes_unref (pub); - gp11_attributes_unref (priv); + gck_attributes_unref (pub); + gck_attributes_unref (priv); return FALSE; } /* Get the comment */ if (!egg_buffer_get_string (call->req, offset, &offset, &comment, (EggBufferAllocator)g_realloc)) { - gp11_attributes_unref (pub); - gp11_attributes_unref (priv); + gck_attributes_unref (pub); + gck_attributes_unref (priv); return FALSE; } g_free (comment); - gp11_attributes_add_string (priv, CKA_LABEL, V1_LABEL); - gp11_attributes_add_string (pub, CKA_LABEL, V1_LABEL); + gck_attributes_add_string (priv, CKA_LABEL, V1_LABEL); + gck_attributes_add_string (pub, CKA_LABEL, V1_LABEL); /* Any constraints on loading the key */ if (!load_contraints (call->req, offset, &offset, priv, pub)) { - gp11_attributes_unref (pub); - gp11_attributes_unref (priv); + gck_attributes_unref (pub); + gck_attributes_unref (priv); return FALSE; } @@ -724,8 +734,8 @@ op_v1_add_identity (GkdSshAgentCall *call) gkd_ssh_agent_checkin_main_session (session); - gp11_attributes_unref (priv); - gp11_attributes_unref (pub); + gck_attributes_unref (priv); + gck_attributes_unref (pub); egg_buffer_add_byte (call->resp, ret ? GKD_SSH_RES_SUCCESS : GKD_SSH_RES_FAILURE); return TRUE; @@ -734,19 +744,34 @@ op_v1_add_identity (GkdSshAgentCall *call) static gboolean op_request_identities (GkdSshAgentCall *call) { + GckEnumerator *en; + GckObject *obj; + GError *error = NULL; GList *all_attrs, *l; - GP11Attributes *attrs; + GckAttributes *attrs; gsize blobpos; gchar *comment; - /* Find all the keys (we filter out v1 later) */ /* TODO: Check SSH purpose */ + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); + + /* Find all the keys (we filter out v1 later) */ + en = gck_modules_enumerate_objects (call->modules, attrs, CKF_RW_SESSION); + gck_attributes_unref (attrs); + g_return_val_if_fail (en, FALSE); + all_attrs = NULL; - if (!gp11_module_enumerate_objects (call->module, - load_identity_v2_attributes, &all_attrs, - CKA_CLASS, GP11_ULONG, CKO_PUBLIC_KEY, - GP11_INVALID)) { + do { + obj = gck_enumerator_next (en, NULL, &error); + } while (obj && load_identity_v2_attributes (obj, &all_attrs)); + + g_object_unref (en); + + if (error) { + g_warning ("couldn't enumerate ssh keys: %s", egg_error_message (error)); egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE); + g_clear_error (&error); return TRUE; } @@ -758,7 +783,7 @@ op_request_identities (GkdSshAgentCall *call) attrs = l->data; /* Dig out the label */ - if (!gp11_attributes_find_string (attrs, CKA_LABEL, &comment)) + if (!gck_attributes_find_string (attrs, CKA_LABEL, &comment)) comment = NULL; /* Add a space for the key blob length */ @@ -775,7 +800,7 @@ op_request_identities (GkdSshAgentCall *call) egg_buffer_add_string (call->resp, comment ? comment : ""); g_free (comment); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); } g_list_free (all_attrs); @@ -787,18 +812,33 @@ static gboolean op_v1_request_identities (GkdSshAgentCall *call) { GList *all_attrs, *l; - GP11Attributes *attrs; + GckAttributes *attrs; + GError *error = NULL; + GckEnumerator *en; + GckObject *obj; - /* Find all the keys not on token, and are V1 */ /* TODO: Check SSH purpose */ + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); + gck_attributes_add_string (attrs, CKA_LABEL, V1_LABEL); + + /* Find all the keys not on token, and are V1 */ + en = gck_modules_enumerate_objects (call->modules, attrs, CKF_RW_SESSION); + gck_attributes_unref (attrs); + g_return_val_if_fail (en, FALSE); + all_attrs = NULL; - if (!gp11_module_enumerate_objects (call->module, - load_identity_v1_attributes, &all_attrs, - CKA_CLASS, GP11_ULONG, CKO_PUBLIC_KEY, - CKA_TOKEN, GP11_BOOLEAN, FALSE, - CKA_LABEL, GP11_STRING, V1_LABEL, - GP11_INVALID)) { + do { + obj = gck_enumerator_next (en, NULL, &error); + } while (obj && load_identity_v1_attributes (obj, &all_attrs)); + + g_object_unref (en); + + if (error) { + g_warning ("couldn't enumerate ssh keys: %s", egg_error_message (error)); egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE); + g_clear_error (&error); return TRUE; } @@ -815,7 +855,7 @@ op_v1_request_identities (GkdSshAgentCall *call) /* And now a per key comment */ egg_buffer_add_string (call->resp, "Public Key"); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); } g_list_free (all_attrs); @@ -893,31 +933,34 @@ make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data, } static guchar* -unlock_and_sign (GP11Session *session, GP11Object *key, gulong mech_type, const guchar *input, +unlock_and_sign (GckSession *session, GckObject *key, gulong mech_type, const guchar *input, gsize n_input, gsize *n_result, GError **err) { - GP11Attributes *attrs; - GP11Object *cred; + GckAttributes *attrs; + GckObject *cred; gboolean always; /* First check if we should authenticate the key */ - attrs = gp11_object_get (key, err, CKA_ALWAYS_AUTHENTICATE, GP11_INVALID); + attrs = gck_object_get (key, err, CKA_ALWAYS_AUTHENTICATE, GCK_INVALID); if (!attrs) return NULL; /* Authenticate the key if necessary, this allows long term */ - if (!gp11_attributes_find_boolean (attrs, CKA_ALWAYS_AUTHENTICATE, &always)) + if (!gck_attributes_find_boolean (attrs, CKA_ALWAYS_AUTHENTICATE, &always)) g_return_val_if_reached (NULL); - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); if (always == TRUE) { - cred = gp11_session_create_object (session, err, - CKA_TOKEN, GP11_BOOLEAN, FALSE, - CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, - CKA_VALUE, 0, NULL, - CKA_G_OBJECT, GP11_ULONG, gp11_object_get_handle (key), - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL); + gck_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); + gck_attributes_add_empty (attrs, CKA_VALUE); + gck_attributes_add_ulong (attrs, CKA_G_OBJECT, gck_object_get_handle (key)); + + cred = gck_session_create_object (session, attrs, NULL, err); + gck_attributes_unref (attrs); + if (cred == NULL) return NULL; @@ -925,18 +968,18 @@ unlock_and_sign (GP11Session *session, GP11Object *key, gulong mech_type, const } /* Do the magic */ - return gp11_session_sign (session, key, mech_type, input, n_input, n_result, err); + return gck_session_sign (session, key, mech_type, input, n_input, n_result, err); } static gboolean op_sign_request (GkdSshAgentCall *call) { - GP11Attributes *attrs; + GckAttributes *attrs; GError *error = NULL; - GP11Object *key = NULL; + GckObject *key = NULL; const guchar *data; const gchar *salgo; - GP11Session *session; + GckSession *session; guchar *result; gsize n_data, n_result; guint32 flags; @@ -955,7 +998,7 @@ op_sign_request (GkdSshAgentCall *call) return FALSE; /* The key itself */ - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); if (!gkd_ssh_agent_proto_read_public (call->req, &offset, attrs, &algo)) return FALSE; @@ -969,13 +1012,13 @@ op_sign_request (GkdSshAgentCall *call) if (!egg_buffer_get_byte_array (call->req, offset, &offset, &data, &n_data) || !egg_buffer_get_uint32 (call->req, offset, &offset, &flags)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return FALSE; } /* Lookup the key */ - search_keys_like_attributes (call->module, attrs, CKO_PUBLIC_KEY, return_private_matching, &key); - gp11_attributes_unref (attrs); + search_keys_like_attributes (call->modules, NULL, attrs, CKO_PUBLIC_KEY, return_private_matching, &key); + gck_attributes_unref (attrs); if (!key) { egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE); @@ -994,7 +1037,7 @@ op_sign_request (GkdSshAgentCall *call) else hash = make_raw_sign_hash (halgo, data, n_data, &n_hash); - session = gp11_object_get_session (key); + session = gck_object_get_session (key); g_return_val_if_fail (session, FALSE); result = unlock_and_sign (session, key, mech, hash, n_hash, &n_result, &error); @@ -1004,7 +1047,7 @@ op_sign_request (GkdSshAgentCall *call) g_free (hash); if (error) { - if (!g_error_matches (error, GP11_ERROR, CKR_FUNCTION_CANCELED)) + if (!g_error_matches (error, GCK_ERROR, CKR_FUNCTION_CANCELED)) g_message ("signing of the data failed: %s", egg_error_message (error)); g_clear_error (&error); egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE); @@ -1047,14 +1090,14 @@ static gboolean op_v1_challenge (GkdSshAgentCall *call) { gsize offset, n_data, n_result, n_hash; - GP11Session *session; - GP11Attributes *attrs; + GckSession *session; + GckAttributes *attrs; guchar session_id[16]; guint8 hash[16]; const guchar *data; guchar *result = NULL; GChecksum *checksum; - GP11Object *key = NULL; + GckObject *key = NULL; guint32 resp_type; GError *error = NULL; gboolean ret; @@ -1064,9 +1107,9 @@ op_v1_challenge (GkdSshAgentCall *call) ret = FALSE; offset = 5; - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); if (!gkd_ssh_agent_proto_read_public_v1 (call->req, &offset, attrs)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return FALSE; } @@ -1075,7 +1118,7 @@ op_v1_challenge (GkdSshAgentCall *call) /* Only protocol 1.1 is supported */ if (call->req->len <= offset) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE); return TRUE; } @@ -1091,20 +1134,20 @@ op_v1_challenge (GkdSshAgentCall *call) /* Did parsing fail? */ if (egg_buffer_has_error (call->req) || data == NULL) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return FALSE; } /* Not supported request type */ if (resp_type != 1) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE); return TRUE; } /* Lookup the key */ - search_keys_like_attributes (call->module, attrs, CKO_PUBLIC_KEY, return_private_matching, &key); - gp11_attributes_unref (attrs); + search_keys_like_attributes (call->modules, NULL, attrs, CKO_PUBLIC_KEY, return_private_matching, &key); + gck_attributes_unref (attrs); /* Didn't find a key? */ if (key == NULL) { @@ -1112,16 +1155,16 @@ op_v1_challenge (GkdSshAgentCall *call) return TRUE; } - session = gp11_object_get_session (key); + session = gck_object_get_session (key); g_return_val_if_fail (session, FALSE); - result = gp11_session_decrypt (session, key, CKM_RSA_PKCS, data, n_data, &n_result, &error); + result = gck_session_decrypt (session, key, CKM_RSA_PKCS, data, n_data, &n_result, &error); g_object_unref (session); g_object_unref (key); if (error) { - if (!g_error_matches (error, GP11_ERROR, CKR_FUNCTION_CANCELED)) + if (!g_error_matches (error, GCK_ERROR, CKR_FUNCTION_CANCELED)) g_message ("decryption of the data failed: %s", egg_error_message (error)); g_clear_error (&error); egg_buffer_add_byte (call->resp, GKD_SSH_RES_FAILURE); @@ -1145,9 +1188,9 @@ op_v1_challenge (GkdSshAgentCall *call) static gboolean op_remove_identity (GkdSshAgentCall *call) { - GP11Attributes *attrs; - GP11Session *session; - GP11Object *key = NULL; + GckAttributes *attrs; + GckSession *session; + GckObject *key = NULL; gsize offset; guint sz; @@ -1158,9 +1201,9 @@ op_remove_identity (GkdSshAgentCall *call) return FALSE; /* The public key itself */ - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); if (!gkd_ssh_agent_proto_read_public (call->req, &offset, attrs, NULL)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return FALSE; } @@ -1172,8 +1215,8 @@ op_remove_identity (GkdSshAgentCall *call) session = gkd_ssh_agent_checkout_main_session (); g_return_val_if_fail (session, FALSE); - search_keys_like_attributes (session, attrs, CKO_PUBLIC_KEY, return_first_matching, &key); - gp11_attributes_unref (attrs); + search_keys_like_attributes (NULL, session, attrs, CKO_PUBLIC_KEY, return_first_matching, &key); + gck_attributes_unref (attrs); if (key != NULL) { remove_by_public_key (session, key, TRUE); @@ -1190,16 +1233,16 @@ op_remove_identity (GkdSshAgentCall *call) static gboolean op_v1_remove_identity (GkdSshAgentCall *call) { - GP11Session *session; - GP11Attributes *attrs; - GP11Object *key = NULL; + GckSession *session; + GckAttributes *attrs; + GckObject *key = NULL; gsize offset; offset = 5; - attrs = gp11_attributes_new (); + attrs = gck_attributes_new (); if (!gkd_ssh_agent_proto_read_public_v1 (call->req, &offset, attrs)) { - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); return FALSE; } @@ -1211,8 +1254,8 @@ op_v1_remove_identity (GkdSshAgentCall *call) session = gkd_ssh_agent_checkout_main_session (); g_return_val_if_fail (session, FALSE); - search_keys_like_attributes (session, attrs, CKO_PUBLIC_KEY, return_first_matching, &key); - gp11_attributes_unref (attrs); + search_keys_like_attributes (NULL, session, attrs, CKO_PUBLIC_KEY, return_first_matching, &key); + gck_attributes_unref (attrs); if (key != NULL) { remove_by_public_key (session, key, FALSE); @@ -1228,9 +1271,10 @@ op_v1_remove_identity (GkdSshAgentCall *call) static gboolean op_remove_all_identities (GkdSshAgentCall *call) { - GP11Session *session; + GckSession *session; GList *objects, *l; GError *error = NULL; + GckAttributes *attrs; /* * This is the session that owns these objects. Only @@ -1241,15 +1285,21 @@ op_remove_all_identities (GkdSshAgentCall *call) g_return_val_if_fail (session, FALSE); /* Find all session SSH public keys */ - objects = gp11_session_find_objects (session, &error, - CKA_CLASS, GP11_ULONG, CKO_PUBLIC_KEY, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); + objects = gck_session_find_objects (session, attrs, NULL, &error); + gck_attributes_unref (attrs); - for (l = objects; l; l = g_list_next (l)) - remove_by_public_key (session, l->data, TRUE); + if (error) { + g_warning ("couldn't search for keys to remove: %s", egg_error_message (error)); + g_clear_error (&error); - gp11_list_unref_free (objects); + } else { + for (l = objects; l; l = g_list_next (l)) + remove_by_public_key (session, l->data, TRUE); + gck_list_unref_free (objects); + } gkd_ssh_agent_checkin_main_session (session); @@ -1260,9 +1310,10 @@ op_remove_all_identities (GkdSshAgentCall *call) static gboolean op_v1_remove_all_identities (GkdSshAgentCall *call) { - GP11Session *session; + GckSession *session; GList *objects, *l; GError *error = NULL; + GckAttributes *attrs; /* * This is the session that owns these objects. Only @@ -1273,16 +1324,23 @@ op_v1_remove_all_identities (GkdSshAgentCall *call) g_return_val_if_fail (session, FALSE); /* Find all session SSH v1 public keys */ - objects = gp11_session_find_objects (session, &error, - CKA_TOKEN, GP11_BOOLEAN, FALSE, - CKA_CLASS, GP11_ULONG, CKO_PUBLIC_KEY, - CKA_LABEL, GP11_STRING, V1_LABEL, - GP11_INVALID); + attrs = gck_attributes_new (); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_boolean (attrs, CKA_TOKEN, FALSE); + gck_attributes_add_string (attrs, CKA_LABEL, V1_LABEL); - for (l = objects; l; l = g_list_next (l)) - remove_by_public_key (session, l->data, FALSE); + objects = gck_session_find_objects (session, attrs, NULL, &error); + gck_attributes_unref (attrs); - gp11_list_unref_free (objects); + if (error) { + g_warning ("couldn't search for keys to remove: %s", egg_error_message (error)); + g_clear_error (&error); + + } else { + for (l = objects; l; l = g_list_next (l)) + remove_by_public_key (session, l->data, FALSE); + gck_list_unref_free (objects); + } gkd_ssh_agent_checkin_main_session (session); diff --git a/daemon/ssh-agent/gkd-ssh-agent-private.h b/daemon/ssh-agent/gkd-ssh-agent-private.h index c843730e..2fe598f5 100644 --- a/daemon/ssh-agent/gkd-ssh-agent-private.h +++ b/daemon/ssh-agent/gkd-ssh-agent-private.h @@ -27,13 +27,13 @@ #include "pkcs11/pkcs11.h" -#include <gp11/gp11.h> +#include <gck/gck.h> #include <glib.h> typedef struct _GkdSshAgentCall { int sock; - GP11Module *module; + GList *modules; EggBuffer *req; EggBuffer *resp; } GkdSshAgentCall; @@ -91,11 +91,11 @@ extern const GkdSshAgentOperation gkd_ssh_agent_operations[GKD_SSH_OP_MAX]; * gkd-ssh-agent.c */ -gboolean gkd_ssh_agent_initialize_with_module (GP11Module *module); +gboolean gkd_ssh_agent_initialize_with_module (GckModule *module); -GP11Session* gkd_ssh_agent_checkout_main_session (void); +GckSession* gkd_ssh_agent_checkout_main_session (void); -void gkd_ssh_agent_checkin_main_session (GP11Session* session); +void gkd_ssh_agent_checkin_main_session (GckSession* session); /* ----------------------------------------------------------------------------- * gkd-ssh-agent-proto.c @@ -107,12 +107,12 @@ const gchar* gkd_ssh_agent_proto_algo_to_keytype (gulong algo gboolean gkd_ssh_agent_proto_read_mpi (EggBuffer *req, gsize *offset, - GP11Attributes *attrs, + GckAttributes *attrs, CK_ATTRIBUTE_TYPE type); gboolean gkd_ssh_agent_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, - GP11Attributes *attrs, + GckAttributes *attrs, CK_ATTRIBUTE_TYPE type); const guchar* gkd_ssh_agent_proto_read_challenge_v1 (EggBuffer *req, @@ -120,54 +120,54 @@ const guchar* gkd_ssh_agent_proto_read_challenge_v1 (EggBuffer * gsize *n_challenge); gboolean gkd_ssh_agent_proto_write_mpi (EggBuffer *resp, - GP11Attribute *attr); + GckAttribute *attr); gboolean gkd_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp, - GP11Attribute *attr); + GckAttribute *attr); gboolean gkd_ssh_agent_proto_read_public (EggBuffer *req, gsize *offset, - GP11Attributes *attrs, + GckAttributes *attrs, gulong *algo); gboolean gkd_ssh_agent_proto_read_public_rsa (EggBuffer *req, gsize *offset, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_ssh_agent_proto_read_public_dsa (EggBuffer *req, gsize *offset, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_ssh_agent_proto_read_public_v1 (EggBuffer *req, gsize *offset, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_ssh_agent_proto_read_pair_rsa (EggBuffer *req, gsize *offset, - GP11Attributes *priv_attrs, - GP11Attributes *pub_attrs); + GckAttributes *priv_attrs, + GckAttributes *pub_attrs); gboolean gkd_ssh_agent_proto_read_pair_dsa (EggBuffer *req, gsize *offset, - GP11Attributes *priv_attrs, - GP11Attributes *pub_attrs); + GckAttributes *priv_attrs, + GckAttributes *pub_attrs); gboolean gkd_ssh_agent_proto_read_pair_v1 (EggBuffer *req, gsize *offset, - GP11Attributes *priv_attrs, - GP11Attributes *pub_attrs); + GckAttributes *priv_attrs, + GckAttributes *pub_attrs); gboolean gkd_ssh_agent_proto_write_public (EggBuffer *resp, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_ssh_agent_proto_write_public_rsa (EggBuffer *resp, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_ssh_agent_proto_write_public_dsa (EggBuffer *resp, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_ssh_agent_proto_write_public_v1 (EggBuffer *resp, - GP11Attributes *attrs); + GckAttributes *attrs); gboolean gkd_ssh_agent_proto_write_signature_rsa (EggBuffer *resp, CK_BYTE_PTR signature, diff --git a/daemon/ssh-agent/gkd-ssh-agent-proto.c b/daemon/ssh-agent/gkd-ssh-agent-proto.c index 2e4c51fe..b6de1bca 100644 --- a/daemon/ssh-agent/gkd-ssh-agent-proto.c +++ b/daemon/ssh-agent/gkd-ssh-agent-proto.c @@ -26,7 +26,7 @@ #include "egg/egg-buffer.h" -#include <gp11/gp11.h> +#include <gck/gck.h> #include <glib.h> @@ -54,7 +54,7 @@ gkd_ssh_agent_proto_algo_to_keytype (gulong algo) } gboolean -gkd_ssh_agent_proto_read_mpi (EggBuffer *req, gsize *offset, GP11Attributes *attrs, +gkd_ssh_agent_proto_read_mpi (EggBuffer *req, gsize *offset, GckAttributes *attrs, CK_ATTRIBUTE_TYPE type) { const guchar *data; @@ -69,12 +69,12 @@ gkd_ssh_agent_proto_read_mpi (EggBuffer *req, gsize *offset, GP11Attributes *att --len; } - gp11_attributes_add_data (attrs, type, data, len); + gck_attributes_add_data (attrs, type, data, len); return TRUE; } gboolean -gkd_ssh_agent_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, GP11Attributes *attrs, +gkd_ssh_agent_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, GckAttributes *attrs, CK_ATTRIBUTE_TYPE type) { const guchar *data; @@ -96,13 +96,14 @@ gkd_ssh_agent_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, GP11Attributes * data = req->buf + *offset; *offset += bytes; - gp11_attributes_add_data (attrs, type, data, bytes); + gck_attributes_add_data (attrs, type, data, bytes); return TRUE; } gboolean -gkd_ssh_agent_proto_write_mpi (EggBuffer *resp, GP11Attribute *attr) +gkd_ssh_agent_proto_write_mpi (EggBuffer *resp, GckAttribute *attr) { + const guchar *value; guchar *data; gsize n_extra; @@ -111,7 +112,8 @@ gkd_ssh_agent_proto_write_mpi (EggBuffer *resp, GP11Attribute *attr) /* Convert from unsigned format */ n_extra = 0; - if (attr->length && (attr->value[0] & 0x80)) + value = attr->value; + if (attr->length && (value[0] & 0x80)) ++n_extra; data = egg_buffer_add_byte_array_empty (resp, attr->length + n_extra); @@ -124,7 +126,7 @@ gkd_ssh_agent_proto_write_mpi (EggBuffer *resp, GP11Attribute *attr) } gboolean -gkd_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp, GP11Attribute *attr) +gkd_ssh_agent_proto_write_mpi_v1 (EggBuffer *resp, GckAttribute *attr) { guchar *data; @@ -166,7 +168,7 @@ gkd_ssh_agent_proto_read_challenge_v1 (EggBuffer *req, gsize *offset, gsize *n_c } gboolean -gkd_ssh_agent_proto_read_public (EggBuffer *req, gsize *offset, GP11Attributes* attrs, gulong *algo) +gkd_ssh_agent_proto_read_public (EggBuffer *req, gsize *offset, GckAttributes* attrs, gulong *algo) { gboolean ret; gchar *stype; @@ -211,9 +213,9 @@ gkd_ssh_agent_proto_read_public (EggBuffer *req, gsize *offset, GP11Attributes* gboolean gkd_ssh_agent_proto_read_pair_rsa (EggBuffer *req, gsize *offset, - GP11Attributes *priv_attrs, GP11Attributes *pub_attrs) + GckAttributes *priv_attrs, GckAttributes *pub_attrs) { - GP11Attribute *attr; + GckAttribute *attr; g_assert (req); g_assert (offset); @@ -229,25 +231,25 @@ gkd_ssh_agent_proto_read_pair_rsa (EggBuffer *req, gsize *offset, return FALSE; /* Copy attributes to the public key */ - attr = gp11_attributes_find (priv_attrs, CKA_MODULUS); - gp11_attributes_add (pub_attrs, attr); - attr = gp11_attributes_find (priv_attrs, CKA_PUBLIC_EXPONENT); - gp11_attributes_add (pub_attrs, attr); + attr = gck_attributes_find (priv_attrs, CKA_MODULUS); + gck_attributes_add (pub_attrs, attr); + attr = gck_attributes_find (priv_attrs, CKA_PUBLIC_EXPONENT); + gck_attributes_add (pub_attrs, attr); /* Add in your basic other required attributes */ - gp11_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY); - gp11_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_RSA); - gp11_attributes_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY); - gp11_attributes_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_RSA); + gck_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY); + gck_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_RSA); + gck_attributes_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_RSA); return TRUE; } gboolean gkd_ssh_agent_proto_read_pair_v1 (EggBuffer *req, gsize *offset, - GP11Attributes *priv_attrs, GP11Attributes *pub_attrs) + GckAttributes *priv_attrs, GckAttributes *pub_attrs) { - GP11Attribute *attr; + GckAttribute *attr; g_assert (req); g_assert (offset); @@ -263,22 +265,22 @@ gkd_ssh_agent_proto_read_pair_v1 (EggBuffer *req, gsize *offset, return FALSE; /* Copy attributes to the public key */ - attr = gp11_attributes_find (priv_attrs, CKA_MODULUS); - gp11_attributes_add (pub_attrs, attr); - attr = gp11_attributes_find (priv_attrs, CKA_PUBLIC_EXPONENT); - gp11_attributes_add (pub_attrs, attr); + attr = gck_attributes_find (priv_attrs, CKA_MODULUS); + gck_attributes_add (pub_attrs, attr); + attr = gck_attributes_find (priv_attrs, CKA_PUBLIC_EXPONENT); + gck_attributes_add (pub_attrs, attr); /* Add in your basic other required attributes */ - gp11_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY); - gp11_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_RSA); - gp11_attributes_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY); - gp11_attributes_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_RSA); + gck_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY); + gck_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_RSA); + gck_attributes_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_RSA); return TRUE; } gboolean -gkd_ssh_agent_proto_read_public_rsa (EggBuffer *req, gsize *offset, GP11Attributes *attrs) +gkd_ssh_agent_proto_read_public_rsa (EggBuffer *req, gsize *offset, GckAttributes *attrs) { g_assert (req); g_assert (offset); @@ -289,14 +291,14 @@ gkd_ssh_agent_proto_read_public_rsa (EggBuffer *req, gsize *offset, GP11Attribut return FALSE; /* Add in your basic other required attributes */ - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); - gp11_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_RSA); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_RSA); return TRUE; } gboolean -gkd_ssh_agent_proto_read_public_v1 (EggBuffer *req, gsize *offset, GP11Attributes *attrs) +gkd_ssh_agent_proto_read_public_v1 (EggBuffer *req, gsize *offset, GckAttributes *attrs) { guint32 bits; @@ -312,17 +314,17 @@ gkd_ssh_agent_proto_read_public_v1 (EggBuffer *req, gsize *offset, GP11Attribute return FALSE; /* Add in your basic other required attributes */ - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); - gp11_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_RSA); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_RSA); return TRUE; } gboolean gkd_ssh_agent_proto_read_pair_dsa (EggBuffer *req, gsize *offset, - GP11Attributes *priv_attrs, GP11Attributes *pub_attrs) + GckAttributes *priv_attrs, GckAttributes *pub_attrs) { - GP11Attribute *attr; + GckAttribute *attr; g_assert (req); g_assert (offset); @@ -337,24 +339,24 @@ gkd_ssh_agent_proto_read_pair_dsa (EggBuffer *req, gsize *offset, return FALSE; /* Copy attributes to the public key */ - attr = gp11_attributes_find (priv_attrs, CKA_PRIME); - gp11_attributes_add (pub_attrs, attr); - attr = gp11_attributes_find (priv_attrs, CKA_SUBPRIME); - gp11_attributes_add (pub_attrs, attr); - attr = gp11_attributes_find (priv_attrs, CKA_BASE); - gp11_attributes_add (pub_attrs, attr); + attr = gck_attributes_find (priv_attrs, CKA_PRIME); + gck_attributes_add (pub_attrs, attr); + attr = gck_attributes_find (priv_attrs, CKA_SUBPRIME); + gck_attributes_add (pub_attrs, attr); + attr = gck_attributes_find (priv_attrs, CKA_BASE); + gck_attributes_add (pub_attrs, attr); /* Add in your basic other required attributes */ - gp11_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY); - gp11_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_DSA); - gp11_attributes_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY); - gp11_attributes_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_DSA); + gck_attributes_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY); + gck_attributes_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_DSA); + gck_attributes_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_DSA); return TRUE; } gboolean -gkd_ssh_agent_proto_read_public_dsa (EggBuffer *req, gsize *offset, GP11Attributes *attrs) +gkd_ssh_agent_proto_read_public_dsa (EggBuffer *req, gsize *offset, GckAttributes *attrs) { g_assert (req); g_assert (offset); @@ -367,14 +369,14 @@ gkd_ssh_agent_proto_read_public_dsa (EggBuffer *req, gsize *offset, GP11Attribut return FALSE; /* Add in your basic other required attributes */ - gp11_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); - gp11_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_DSA); + gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_PUBLIC_KEY); + gck_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_DSA); return TRUE; } gboolean -gkd_ssh_agent_proto_write_public (EggBuffer *resp, GP11Attributes *attrs) +gkd_ssh_agent_proto_write_public (EggBuffer *resp, GckAttributes *attrs) { gboolean ret = FALSE; const gchar *salgo; @@ -383,7 +385,7 @@ gkd_ssh_agent_proto_write_public (EggBuffer *resp, GP11Attributes *attrs) g_assert (resp); g_assert (attrs); - if (!gp11_attributes_find_ulong (attrs, CKA_KEY_TYPE, &algo)) + if (!gck_attributes_find_ulong (attrs, CKA_KEY_TYPE, &algo)) g_return_val_if_reached (FALSE); salgo = gkd_ssh_agent_proto_algo_to_keytype (algo); @@ -408,20 +410,20 @@ gkd_ssh_agent_proto_write_public (EggBuffer *resp, GP11Attributes *attrs) } gboolean -gkd_ssh_agent_proto_write_public_rsa (EggBuffer *resp, GP11Attributes *attrs) +gkd_ssh_agent_proto_write_public_rsa (EggBuffer *resp, GckAttributes *attrs) { - GP11Attribute *attr; + GckAttribute *attr; g_assert (resp); g_assert (attrs); - attr = gp11_attributes_find (attrs, CKA_PUBLIC_EXPONENT); + attr = gck_attributes_find (attrs, CKA_PUBLIC_EXPONENT); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi (resp, attr)) return FALSE; - attr = gp11_attributes_find (attrs, CKA_MODULUS); + attr = gck_attributes_find (attrs, CKA_MODULUS); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi (resp, attr)) @@ -431,32 +433,32 @@ gkd_ssh_agent_proto_write_public_rsa (EggBuffer *resp, GP11Attributes *attrs) } gboolean -gkd_ssh_agent_proto_write_public_dsa (EggBuffer *resp, GP11Attributes *attrs) +gkd_ssh_agent_proto_write_public_dsa (EggBuffer *resp, GckAttributes *attrs) { - GP11Attribute *attr; + GckAttribute *attr; g_assert (resp); g_assert (attrs); - attr = gp11_attributes_find (attrs, CKA_PRIME); + attr = gck_attributes_find (attrs, CKA_PRIME); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi (resp, attr)) return FALSE; - attr = gp11_attributes_find (attrs, CKA_SUBPRIME); + attr = gck_attributes_find (attrs, CKA_SUBPRIME); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi (resp, attr)) return FALSE; - attr = gp11_attributes_find (attrs, CKA_BASE); + attr = gck_attributes_find (attrs, CKA_BASE); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi (resp, attr)) return FALSE; - attr = gp11_attributes_find (attrs, CKA_VALUE); + attr = gck_attributes_find (attrs, CKA_VALUE); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi (resp, attr)) @@ -466,9 +468,9 @@ gkd_ssh_agent_proto_write_public_dsa (EggBuffer *resp, GP11Attributes *attrs) } gboolean -gkd_ssh_agent_proto_write_public_v1 (EggBuffer *resp, GP11Attributes *attrs) +gkd_ssh_agent_proto_write_public_v1 (EggBuffer *resp, GckAttributes *attrs) { - GP11Attribute *attr; + GckAttribute *attr; gulong bits; g_assert (resp); @@ -477,19 +479,19 @@ gkd_ssh_agent_proto_write_public_v1 (EggBuffer *resp, GP11Attributes *attrs) /* This is always an RSA key. */ /* Write out the number of bits of the key */ - if (!gp11_attributes_find_ulong (attrs, CKA_MODULUS_BITS, &bits)) + if (!gck_attributes_find_ulong (attrs, CKA_MODULUS_BITS, &bits)) g_return_val_if_reached (FALSE); egg_buffer_add_uint32 (resp, bits); /* Write out the exponent */ - attr = gp11_attributes_find (attrs, CKA_PUBLIC_EXPONENT); + attr = gck_attributes_find (attrs, CKA_PUBLIC_EXPONENT); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi_v1 (resp, attr)) return FALSE; /* Write out the modulus */ - attr = gp11_attributes_find (attrs, CKA_MODULUS); + attr = gck_attributes_find (attrs, CKA_MODULUS); g_return_val_if_fail (attr, FALSE); if (!gkd_ssh_agent_proto_write_mpi_v1 (resp, attr)) diff --git a/daemon/ssh-agent/gkd-ssh-agent-standalone.c b/daemon/ssh-agent/gkd-ssh-agent-standalone.c index d9c1b0ad..fae687e0 100644 --- a/daemon/ssh-agent/gkd-ssh-agent-standalone.c +++ b/daemon/ssh-agent/gkd-ssh-agent-standalone.c @@ -28,7 +28,7 @@ #include "egg/egg-error.h" #include "egg/egg-secure-memory.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <glib.h> #include <glib-object.h> @@ -47,7 +47,7 @@ accept_client (GIOChannel *channel, GIOCondition cond, gpointer unused) } static gboolean -authenticate_slot (GP11Module *module, GP11Slot *slot, gchar *label, gchar **password, gpointer unused) +authenticate_slot (GckModule *module, GckSlot *slot, gchar *label, gchar **password, gpointer unused) { gchar *prompt = g_strdup_printf ("Enter token password (%s): ", label); char *result = getpass (prompt); @@ -58,7 +58,7 @@ authenticate_slot (GP11Module *module, GP11Slot *slot, gchar *label, gchar **pas } static gboolean -authenticate_object (GP11Module *module, GP11Object *object, gchar *label, gchar **password) +authenticate_object (GckModule *module, GckObject *object, gchar *label, gchar **password) { gchar *prompt = g_strdup_printf ("Enter object password (%s): ", label); char *result = getpass (prompt); @@ -71,7 +71,7 @@ authenticate_object (GP11Module *module, GP11Object *object, gchar *label, gchar int main(int argc, char *argv[]) { - GP11Module *module; + GckModule *module; GError *error = NULL; GIOChannel *channel; GMainLoop *loop; @@ -88,7 +88,7 @@ main(int argc, char *argv[]) return 1; } - module = gp11_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, &error); + module = gck_module_initialize (argv[1], argc > 2 ? argv[2] : NULL, GCK_AUTHENTICATE_OBJECTS, &error); if (!module) { g_message ("couldn't load pkcs11 module: %s", egg_error_message (error)); g_clear_error (&error); @@ -98,7 +98,6 @@ main(int argc, char *argv[]) g_signal_connect (module, "authenticate-slot", G_CALLBACK (authenticate_slot), NULL); g_signal_connect (module, "authenticate-object", G_CALLBACK (authenticate_object), NULL); - gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS); ret = gkd_ssh_agent_initialize_with_module (module); g_object_unref (module); diff --git a/daemon/ssh-agent/gkd-ssh-agent.c b/daemon/ssh-agent/gkd-ssh-agent.c index be2f89ec..fa06f76e 100644 --- a/daemon/ssh-agent/gkd-ssh-agent.c +++ b/daemon/ssh-agent/gkd-ssh-agent.c @@ -44,8 +44,8 @@ #define socklen_t int #endif -/* The loaded PKCS#11 module */ -static GP11Module *pkcs11_module = NULL; +/* The loaded PKCS#11 modules */ +static GList *pkcs11_modules = NULL; static gboolean read_all (int fd, guchar *buf, int len) @@ -136,8 +136,6 @@ run_client_thread (gpointer data) EggBuffer resp; guchar op; - g_assert (GP11_IS_MODULE (pkcs11_module)); - memset (&call, 0, sizeof (call)); call.sock = g_atomic_int_get (socket); g_assert (call.sock != -1); @@ -146,7 +144,7 @@ run_client_thread (gpointer data) egg_buffer_init_full (&resp, 128, (EggBufferAllocator)g_realloc); call.req = &req; call.resp = &resp; - call.module = g_object_ref (pkcs11_module); + call.modules = gck_list_ref_copy (pkcs11_modules); for (;;) { @@ -178,7 +176,8 @@ run_client_thread (gpointer data) egg_buffer_uninit (&req); egg_buffer_uninit (&resp); - g_object_unref (call.module); + gck_list_unref_free (call.modules); + call.modules = NULL; close (call.sock); g_atomic_int_set (socket, -1); @@ -191,19 +190,19 @@ run_client_thread (gpointer data) */ /* The main PKCS#11 session that owns objects, and the mutex/cond for waiting on it */ -static GP11Session *pkcs11_main_session = NULL; +static GckSession *pkcs11_main_session = NULL; static gboolean pkcs11_main_checked = FALSE; static GMutex *pkcs11_main_mutex = NULL; static GCond *pkcs11_main_cond = NULL; -GP11Session* +GckSession* gkd_ssh_agent_checkout_main_session (void) { - GP11Session *result; + GckSession *result; g_mutex_lock (pkcs11_main_mutex); - g_assert (GP11_IS_SESSION (pkcs11_main_session)); + g_assert (GCK_IS_SESSION (pkcs11_main_session)); while (pkcs11_main_checked) g_cond_wait (pkcs11_main_cond, pkcs11_main_mutex); pkcs11_main_checked = TRUE; @@ -215,9 +214,9 @@ gkd_ssh_agent_checkout_main_session (void) } void -gkd_ssh_agent_checkin_main_session (GP11Session *session) +gkd_ssh_agent_checkin_main_session (GckSession *session) { - g_assert (GP11_IS_SESSION (session)); + g_assert (GCK_IS_SESSION (session)); g_mutex_lock (pkcs11_main_mutex); @@ -333,7 +332,7 @@ gkd_ssh_agent_uninitialize (void) ret = g_mutex_trylock (pkcs11_main_mutex); g_assert (ret); - g_assert (GP11_IS_SESSION (pkcs11_main_session)); + g_assert (GCK_IS_SESSION (pkcs11_main_session)); g_assert (!pkcs11_main_checked); g_object_unref (pkcs11_main_session); pkcs11_main_session = NULL; @@ -342,63 +341,62 @@ gkd_ssh_agent_uninitialize (void) g_mutex_free (pkcs11_main_mutex); g_cond_free (pkcs11_main_cond); - g_assert (pkcs11_module); - g_object_unref (pkcs11_module); + gck_list_unref_free (pkcs11_modules); + pkcs11_modules = NULL; } int gkd_ssh_agent_initialize (CK_FUNCTION_LIST_PTR funcs) { - GP11Module *module; + GckModule *module; gboolean ret; g_return_val_if_fail (funcs, -1); - module = gp11_module_new (funcs); - gp11_module_set_auto_authenticate (module, GP11_AUTHENTICATE_OBJECTS); - gp11_module_set_pool_sessions (module, TRUE); + module = gck_module_new (funcs, GCK_AUTHENTICATE_OBJECTS); ret = gkd_ssh_agent_initialize_with_module (module); g_object_unref (module); return ret; } gboolean -gkd_ssh_agent_initialize_with_module (GP11Module *module) +gkd_ssh_agent_initialize_with_module (GckModule *module) { - GP11Session *session = NULL; + GckSession *session = NULL; GList *slots, *l; - GP11Mechanisms *mechs; + GckMechanisms *mechs; GError *error = NULL; - g_assert (GP11_IS_MODULE (module)); + g_assert (GCK_IS_MODULE (module)); /* Find a good slot for our session keys */ - slots = gp11_module_get_slots (module, TRUE); + slots = gck_module_get_slots (module, TRUE); for (l = slots; session == NULL && l; l = g_list_next (l)) { /* Check that it has the mechanisms we need */ - mechs = gp11_slot_get_mechanisms (l->data); - if (gp11_mechanisms_check (mechs, CKM_RSA_PKCS, CKM_DSA, GP11_INVALID)) { + mechs = gck_slot_get_mechanisms (l->data); + if (gck_mechanisms_check (mechs, CKM_RSA_PKCS, CKM_DSA, GCK_INVALID)) { /* Try and open a session */ - session = gp11_slot_open_session (l->data, CKF_SERIAL_SESSION, &error); + session = gck_slot_open_session (l->data, CKF_SERIAL_SESSION, &error); if (!session) { g_warning ("couldn't create pkcs#11 session: %s", egg_error_message (error)); g_clear_error (&error); } } - gp11_mechanisms_free (mechs); + gck_mechanisms_free (mechs); } - gp11_list_unref_free (slots); + gck_list_unref_free (slots); if (!session) { g_warning ("couldn't select a usable pkcs#11 slot for the ssh agent to use"); return FALSE; } - pkcs11_module = g_object_ref (module); + g_assert (!pkcs11_modules); + pkcs11_modules = g_list_append (NULL, g_object_ref (module)); pkcs11_main_mutex = g_mutex_new (); pkcs11_main_cond = g_cond_new (); diff --git a/egg/Makefile.am b/egg/Makefile.am index 527d80e5..7b1c7483 100644 --- a/egg/Makefile.am +++ b/egg/Makefile.am @@ -7,7 +7,8 @@ noinst_LTLIBRARIES = \ libegg-dbus.la \ libegg-secure.la \ libegg-prompt.la \ - libegg-entry-buffer.la + libegg-entry-buffer.la \ + libegg-hex.la BUILT_SOURCES = \ asn1-def-pk.c asn1-def-pkix.c @@ -108,6 +109,15 @@ libegg_prompt_la_LIBS = \ $(LIBGCRYPT_LIBS) \ $(GLIB_LIBS) +libegg_hex_la_SOURCES = \ + egg-hex.c egg-hex.h + +libegg_hex_la_CFLAGS = \ + $(GLIB_CFLAGS) + +libegg_hex_la_LIBS = \ + $(GLIB_LIBS) + # ------------------------------------------------------------------- if WITH_TESTS diff --git a/gck/Makefile.am b/gck/Makefile.am index bf7533a2..cd930992 100644 --- a/gck/Makefile.am +++ b/gck/Makefile.am @@ -35,7 +35,7 @@ libgck_la_LDFLAGS = \ -no-undefined -export-symbols-regex 'gck_*' libgck_la_LIBADD = \ - $(top_builddir)/egg/libegg.la \ + $(top_builddir)/egg/libegg-hex.la \ $(GOBJECT_LIBS) \ $(GTHREAD_LIBS) \ $(GIO_LIBS) \ diff --git a/gck/gck-enumerator.c b/gck/gck-enumerator.c index 0a57f90c..dd2d58bb 100644 --- a/gck/gck-enumerator.c +++ b/gck/gck-enumerator.c @@ -252,6 +252,7 @@ state_slots (GckEnumeratorState *args, gboolean forward) } else { gck_list_unref_free (args->slots); + args->slots = NULL; return state_module; } } @@ -414,10 +415,25 @@ state_authenticated (GckEnumeratorState *args, gboolean forward) return state_results; } +static GckObject* +extract_result (GckEnumeratorState *args) +{ + CK_OBJECT_HANDLE handle; + + if (!args->objects || !args->objects->len) + return NULL; + + g_assert (args->session); + + handle = g_array_index (args->objects, CK_OBJECT_HANDLE, 0); + g_array_remove_index_fast (args->objects, 0); + + return gck_object_from_handle (args->session, handle); +} + static gpointer state_results (GckEnumeratorState *args, gboolean forward) { - CK_OBJECT_HANDLE handle; GckObject *object; guint have; @@ -432,14 +448,10 @@ state_results (GckEnumeratorState *args, gboolean forward) while (have < args->want_objects) { - /* Need more objects! */ - if (!args->objects || args->objects->len == 0) + object = extract_result (args); + if (!object) return rewind_state (args, state_slots); - handle = g_array_index (args->objects, CK_OBJECT_HANDLE, 0); - g_array_remove_index_fast (args->objects, 0); - - object = gck_object_from_handle (args->session, handle); args->results = g_list_append (args->results, object); ++have; } @@ -581,19 +593,41 @@ free_enumerate_next (EnumerateNext *args) GckObject* gck_enumerator_next (GckEnumerator *self, GCancellable *cancellable, GError **error) { + EnumerateNext args = { GCK_ARGUMENTS_INIT, NULL, }; GckObject *result = NULL; - GList *results; g_return_val_if_fail (GCK_IS_ENUMERATOR (self), NULL); g_return_val_if_fail (!error || !*error, NULL); - results = gck_enumerator_next_n (self, 1, cancellable, error); - if (results) { - g_assert (GCK_IS_OBJECT (results->data)); - result = g_object_ref (results->data); - gck_list_unref_free (results); + /* Remove the state and own it ourselves */ + args.state = g_atomic_pointer_get (&self->pv->state); + if (!args.state || !g_atomic_pointer_compare_and_exchange (&self->pv->state, args.state, NULL)) { + g_warning ("this enumerator is already running a next operation"); + return NULL; + } + + /* A result from a previous run? */ + result = extract_result (args.state); + if (!result) { + args.state->want_objects = 1; + + /* Run the operation and steal away the results */ + if (_gck_call_sync (NULL, perform_enumerate_next, complete_enumerate_next, &args, cancellable, error)) { + if (args.state->results) { + g_assert (g_list_length (args.state->results) == 1); + result = g_object_ref (args.state->results->data); + gck_list_unref_free (args.state->results); + args.state->results = NULL; + } + } + + args.state->want_objects = 0; } + /* Put the state back */ + if (!g_atomic_pointer_compare_and_exchange (&self->pv->state, NULL, args.state)) + g_assert_not_reached (); + return result; } diff --git a/gck/gck-modules.c b/gck/gck-modules.c index 38ff1fc6..fd9e0bde 100644 --- a/gck/gck-modules.c +++ b/gck/gck-modules.c @@ -40,6 +40,7 @@ gchar** gck_modules_list_registered_paths (GError **err) { + GError *error = NULL; const gchar *name; gchar *path; GDir *dir; @@ -47,12 +48,26 @@ gck_modules_list_registered_paths (GError **err) g_return_val_if_fail (!err || !*err, NULL); - dir = g_dir_open (PKCS11_REGISTRY_DIR, 0, err); - if (dir == NULL) - return NULL; + /* We use this below */ + if (!err) + err = &error; paths = g_array_new (TRUE, TRUE, sizeof (gchar*)); + dir = g_dir_open (PKCS11_REGISTRY_DIR, 0, err); + + if (dir == NULL) { + if (g_error_matches (*err, G_FILE_ERROR, G_FILE_ERROR_NOENT) || + g_error_matches (*err, G_FILE_ERROR, G_FILE_ERROR_NOTDIR)) { + g_clear_error (err); + return (gchar**)g_array_free (paths, FALSE); + } else { + g_array_free (paths, TRUE); + g_clear_error (&error); + return NULL; + } + } + for (;;) { name = g_dir_read_name (dir); if (!name) diff --git a/gck/gck-session.c b/gck/gck-session.c index 9813a319..225a812a 100644 --- a/gck/gck-session.c +++ b/gck/gck-session.c @@ -408,6 +408,34 @@ gck_session_get_info (GckSession *self) return sessioninfo; } +gulong +gck_session_get_state (GckSession *self) +{ + CK_FUNCTION_LIST_PTR funcs; + CK_SESSION_INFO info; + CK_RV rv; + + g_return_val_if_fail (GCK_IS_SESSION (self), 0); + g_return_val_if_fail (GCK_IS_MODULE (self->pv->module), 0); + + g_object_ref (self->pv->module); + + funcs = gck_module_get_functions (self->pv->module); + g_return_val_if_fail (funcs, 0); + + memset (&info, 0, sizeof (info)); + rv = (funcs->C_GetSessionInfo) (self->pv->handle, &info); + + g_object_unref (self->pv->module); + + if (rv != CKR_OK) { + g_warning ("couldn't get session info: %s", gck_message_from_rv (rv)); + return 0; + } + + return info.state; +} + /* --------------------------------------------------------------------------------------------- * INIT PIN */ @@ -577,6 +577,8 @@ CK_SESSION_HANDLE gck_session_get_handle (GckSession *self); GckSessionInfo* gck_session_get_info (GckSession *self); +gulong gck_session_get_state (GckSession *self); + gboolean gck_session_init_pin (GckSession *self, const guchar *pin, gsize n_pin, diff --git a/gck/pkcs11.h b/gck/pkcs11.h index c0981c83..9a34c588 100644 --- a/gck/pkcs11.h +++ b/gck/pkcs11.h @@ -23,8 +23,8 @@ /* * This file is not installed. The one pkcs11/pkcs11.h is installed with the - * gp11.h header. However while building we included it here, so that relative - * includes work from within gp11.h + * gck.h header. However while building we included it here, so that relative + * includes work from within gck.h */ #include "pkcs11/pkcs11.h" diff --git a/gcr/Makefile.am b/gcr/Makefile.am index e0ae7799..ac174b75 100644 --- a/gcr/Makefile.am +++ b/gcr/Makefile.am @@ -67,7 +67,7 @@ libgcr_la_LDFLAGS = \ libgcr_la_LIBADD = \ $(top_builddir)/egg/libegg.la \ $(top_builddir)/egg/libegg-entry-buffer.la \ - $(top_builddir)/gp11/libgp11.la \ + $(top_builddir)/gck/libgck.la \ $(GOBJECT_LIBS) \ $(GLIB_LIBS) \ $(LIBGCRYPT_LIBS) \ diff --git a/gcr/gcr-import-dialog.c b/gcr/gcr-import-dialog.c index ae90abc4..dc6fdb46 100644 --- a/gcr/gcr-import-dialog.c +++ b/gcr/gcr-import-dialog.c @@ -61,7 +61,7 @@ populate_slots (GcrImportDialog *self) GList *modules, *m; GList *slots, *s; GtkTreeIter iter; - GP11TokenInfo *info; + GckTokenInfo *info; gboolean added; g_assert (GCR_IS_IMPORT_DIALOG (self)); @@ -69,7 +69,7 @@ populate_slots (GcrImportDialog *self) if (self->pv->slots) return; - self->pv->slots = gtk_list_store_new (N_COLUMNS, GP11_TYPE_SLOT, G_TYPE_STRING, G_TYPE_STRING); + self->pv->slots = gtk_list_store_new (N_COLUMNS, GCK_TYPE_SLOT, G_TYPE_STRING, G_TYPE_STRING); gtk_combo_box_set_model (self->pv->combo, GTK_TREE_MODEL (self->pv->slots)); modules = _gcr_get_pkcs11_modules (); @@ -79,12 +79,12 @@ populate_slots (GcrImportDialog *self) added = FALSE; for (m = modules; m; m = g_list_next (m)) { - - g_return_if_fail (GP11_IS_MODULE (m->data)); - slots = gp11_module_get_slots (m->data, TRUE); - + + g_return_if_fail (GCK_IS_MODULE (m->data)); + slots = gck_module_get_slots (m->data, TRUE); + for (s = slots; s; s = g_list_next (s)) { - info = gp11_slot_get_token_info (s->data); + info = gck_slot_get_token_info (s->data); if (!(info->flags & CKF_WRITE_PROTECTED)) { gtk_list_store_append (self->pv->slots, &iter); gtk_list_store_set (self->pv->slots, &iter, @@ -94,8 +94,8 @@ populate_slots (GcrImportDialog *self) added = TRUE; } } - - gp11_list_unref_free (slots); + + gck_list_unref_free (slots); } if (added) @@ -256,7 +256,7 @@ _gcr_import_dialog_class_init (GcrImportDialogClass *klass) g_object_class_install_property (gobject_class, PROP_SELECTED_SLOT, g_param_spec_object ("selected-slot", "Selected Slot", "Selected PKCS#11 slot", - GP11_TYPE_SLOT, G_PARAM_READWRITE)); + GCK_TYPE_SLOT, G_PARAM_READWRITE)); g_object_class_install_property (gobject_class, PROP_PASSWORD, g_param_spec_pointer ("password", "Password", "Pointer to password", @@ -303,11 +303,11 @@ _gcr_import_dialog_run (GcrImportDialog *self, GtkWindow *parent) return ret; } -GP11Slot* +GckSlot* _gcr_import_dialog_get_selected_slot (GcrImportDialog *self) { GtkTreeIter iter; - GP11Slot *slot; + GckSlot *slot; g_return_val_if_fail (GCR_IMPORT_DIALOG (self), NULL); @@ -329,10 +329,10 @@ _gcr_import_dialog_get_selected_slot (GcrImportDialog *self) } void -_gcr_import_dialog_set_selected_slot (GcrImportDialog *self, GP11Slot *slot) +_gcr_import_dialog_set_selected_slot (GcrImportDialog *self, GckSlot *slot) { GtkTreeIter iter; - GP11Slot *it_slot; + GckSlot *it_slot; gboolean matched; g_return_if_fail (GCR_IMPORT_DIALOG (self)); @@ -346,14 +346,14 @@ _gcr_import_dialog_set_selected_slot (GcrImportDialog *self, GP11Slot *slot) gtk_combo_box_set_active (self->pv->combo, -1); return; } - - g_return_if_fail (GP11_IS_SLOT (slot)); - + + g_return_if_fail (GCK_IS_SLOT (slot)); + matched = FALSE; if (gtk_tree_model_get_iter_first (GTK_TREE_MODEL (self->pv->slots), &iter)) { do { gtk_tree_model_get (GTK_TREE_MODEL (self->pv->slots), &iter, COLUMN_SLOT, &it_slot, -1); - if (gp11_slot_equal (it_slot, slot)) + if (gck_slot_equal (it_slot, slot)) matched = TRUE; g_object_unref (it_slot); } while (!matched && gtk_tree_model_iter_next (GTK_TREE_MODEL (self->pv->slots), &iter)); diff --git a/gcr/gcr-import-dialog.h b/gcr/gcr-import-dialog.h index 947269bb..00e147e4 100644 --- a/gcr/gcr-import-dialog.h +++ b/gcr/gcr-import-dialog.h @@ -24,7 +24,7 @@ #include "gcr.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <gtk/gtk.h> @@ -57,10 +57,10 @@ GcrImportDialog* _gcr_import_dialog_new (void); gboolean _gcr_import_dialog_run (GcrImportDialog *self, GtkWindow *parent); -GP11Slot* _gcr_import_dialog_get_selected_slot (GcrImportDialog *self); +GckSlot* _gcr_import_dialog_get_selected_slot (GcrImportDialog *self); void _gcr_import_dialog_set_selected_slot (GcrImportDialog *self, - GP11Slot *slot); + GckSlot *slot); void _gcr_import_dialog_show_selected_slot (GcrImportDialog *self); diff --git a/gcr/gcr-importer.c b/gcr/gcr-importer.c index 8fcc3f6b..87dfc7d0 100644 --- a/gcr/gcr-importer.c +++ b/gcr/gcr-importer.c @@ -43,7 +43,7 @@ enum { static guint signals[LAST_SIGNAL] = { 0 }; struct _GcrImporterPrivate { - GP11Slot *slot; + GckSlot *slot; GcrParser *parser; GcrImporterPromptBehavior behavior; @@ -58,7 +58,7 @@ struct _GcrImporterPrivate { gboolean prompted; gboolean async; GByteArray *buffer; - GP11Session *session; + GckSession *session; GQueue queue; /* Extra async stuff */ @@ -88,7 +88,7 @@ G_DEFINE_TYPE_WITH_CODE (GcrImporter, gcr_importer, G_TYPE_OBJECT, static void cleanup_state_data (GcrImporter *self) { - GP11Attributes *attrs; + GckAttributes *attrs; if (self->pv->buffer) g_byte_array_free (self->pv->buffer, TRUE); @@ -99,7 +99,7 @@ cleanup_state_data (GcrImporter *self) self->pv->session = NULL; while ((attrs = g_queue_pop_head (&self->pv->queue)) != NULL) - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); g_assert (g_queue_is_empty (&self->pv->queue)); if (self->pv->input) @@ -169,7 +169,7 @@ state_cancelled (GcrImporter *self, gboolean async) */ static void -complete_create_object (GcrImporter *self, GP11Object *object, GError *error) +complete_create_object (GcrImporter *self, GckObject *object, GError *error) { if (object == NULL) { g_propagate_error (&self->pv->error, error); @@ -186,15 +186,15 @@ static void on_create_object (GObject *obj, GAsyncResult *res, gpointer user_data) { GError *error = NULL; - GP11Object *object = gp11_session_create_object_finish (GP11_SESSION (obj), res, &error); + GckObject *object = gck_session_create_object_finish (GCK_SESSION (obj), res, &error); complete_create_object (GCR_IMPORTER (user_data), object, error); } static void state_create_object (GcrImporter *self, gboolean async) { - GP11Attributes *attrs; - GP11Object *object; + GckAttributes *attrs; + GckObject *object; GError *error = NULL; /* No more objects */ @@ -206,18 +206,18 @@ state_create_object (GcrImporter *self, gboolean async) /* Pop first one off the list */ attrs = g_queue_pop_head (&self->pv->queue); g_assert (attrs); - - gp11_attributes_add_boolean (attrs, CKA_TOKEN, CK_TRUE); - + + gck_attributes_add_boolean (attrs, CKA_TOKEN, CK_TRUE); + if (async) { - gp11_session_create_object_async (self->pv->session, attrs, self->pv->cancel, + gck_session_create_object_async (self->pv->session, attrs, self->pv->cancel, on_create_object, self); } else { - object = gp11_session_create_object_full (self->pv->session, attrs, self->pv->cancel, &error); + object = gck_session_create_object (self->pv->session, attrs, self->pv->cancel, &error); complete_create_object (self, object, error); } - gp11_attributes_unref (attrs); + gck_attributes_unref (attrs); } } @@ -226,7 +226,7 @@ state_create_object (GcrImporter *self, gboolean async) */ static void -complete_open_session (GcrImporter *self, GP11Session *session, GError *error) +complete_open_session (GcrImporter *self, GckSession *session, GError *error) { if (!session) { g_propagate_error (&self->pv->error, error); @@ -241,14 +241,14 @@ static void on_open_session (GObject *obj, GAsyncResult *res, gpointer user_data) { GError *error = NULL; - GP11Session *session = gp11_slot_open_session_finish (GP11_SLOT (obj), res, &error); + GckSession *session = gck_slot_open_session_finish (GCK_SLOT (obj), res, &error); complete_open_session (GCR_IMPORTER (user_data), session, error); } static void state_open_session (GcrImporter *self, gboolean async) { - GP11Session *session; + GckSession *session; GError *error = NULL; if (!self->pv->slot) { @@ -258,10 +258,10 @@ state_open_session (GcrImporter *self, gboolean async) } else { if (async) { - gp11_slot_open_session_async (self->pv->slot, CKF_RW_SESSION, NULL, NULL, + gck_slot_open_session_async (self->pv->slot, CKF_RW_SESSION, NULL, NULL, self->pv->cancel, on_open_session, self); } else { - session = gp11_slot_open_session_full (self->pv->slot, CKF_RW_SESSION, NULL, NULL, + session = gck_slot_open_session_full (self->pv->slot, CKF_RW_SESSION, NULL, NULL, self->pv->cancel, &error); complete_open_session (self, session, error); } @@ -276,7 +276,7 @@ state_open_session (GcrImporter *self, gboolean async) */ static CK_RV -hacky_perform_initialize_pin (GP11Slot *slot) +hacky_perform_initialize_pin (GckSlot *slot) { CK_FUNCTION_LIST_PTR funcs; CK_SESSION_HANDLE session; @@ -293,9 +293,9 @@ hacky_perform_initialize_pin (GP11Slot *slot) * the gnome-keyring tool. */ - funcs = gp11_module_get_functions (gp11_slot_get_module (slot)); + funcs = gck_module_get_functions (gck_slot_get_module (slot)); g_return_val_if_fail (funcs, CKR_GENERAL_ERROR); - slot_id = gp11_slot_get_handle (slot); + slot_id = gck_slot_get_handle (slot); rv = funcs->C_OpenSession (slot_id, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session); if (rv != CKR_OK) @@ -315,7 +315,7 @@ hacky_perform_initialize_pin (GP11Slot *slot) static void state_initialize_pin (GcrImporter *self, gboolean async) { - GP11TokenInfo *info; + GckTokenInfo *info; gboolean initialize; CK_RV rv; @@ -324,16 +324,16 @@ state_initialize_pin (GcrImporter *self, gboolean async) /* HACK: Doesn't function when async */ if (!async) { g_return_if_fail (self->pv->slot); - info = gp11_slot_get_token_info (self->pv->slot); + info = gck_slot_get_token_info (self->pv->slot); g_return_if_fail (info); initialize = !(info->flags & CKF_USER_PIN_INITIALIZED); - gp11_token_info_free (info); - + gck_token_info_free (info); + if (initialize) { rv = hacky_perform_initialize_pin (self->pv->slot); if (rv != CKR_OK) { - g_propagate_error (&self->pv->error, g_error_new (GP11_ERROR, rv, "%s", gp11_message_from_rv (rv))); + g_propagate_error (&self->pv->error, g_error_new (GCK_ERROR, rv, "%s", gck_message_from_rv (rv))); next_state (self, state_failure); return; } @@ -350,7 +350,7 @@ state_initialize_pin (GcrImporter *self, gboolean async) static void complete_import_prompt (GcrImporter *self, GcrImportDialog *dialog, gint response) { - GP11Slot *slot; + GckSlot *slot; gtk_widget_hide (GTK_WIDGET (dialog)); self->pv->prompted = TRUE; @@ -471,24 +471,24 @@ prepare_auth_secondary (CK_OBJECT_CLASS klass, const gchar *label) static void on_parser_parsed (GcrParser *parser, GcrImporter *self) { - GP11Attributes *attrs; + GckAttributes *attrs; g_return_if_fail (GCR_IS_PARSER (parser)); g_return_if_fail (GCR_IS_IMPORTER (self)); attrs = gcr_parser_get_parsed_attributes (parser); g_return_if_fail (attrs); - g_queue_push_tail (&self->pv->queue, gp11_attributes_ref (attrs)); + g_queue_push_tail (&self->pv->queue, gck_attributes_ref (attrs)); } static gboolean on_parser_authenticate (GcrParser *parser, gint count, GcrImporter *self) { GcrImportDialog *dialog; - GP11Attributes *attrs; + GckAttributes *attrs; const gchar *password; gchar *text, *label; - GP11Slot *slot; + GckSlot *slot; gulong klass; dialog = _gcr_import_dialog_new (); @@ -499,10 +499,10 @@ on_parser_authenticate (GcrParser *parser, gint count, GcrImporter *self) /* Figure out the text for the dialog */ attrs = gcr_parser_get_parsed_attributes (parser); g_return_val_if_fail (attrs, FALSE); - - if (!gp11_attributes_find_ulong (attrs, CKA_CLASS, &klass)) + + if (!gck_attributes_find_ulong (attrs, CKA_CLASS, &klass)) klass = (gulong)-1; - if (!gp11_attributes_find_string (attrs, CKA_LABEL, &label)) + if (!gck_attributes_find_string (attrs, CKA_LABEL, &label)) label = NULL; text = prepare_auth_secondary (klass, label); @@ -749,8 +749,8 @@ gcr_importer_class_init (GcrImporterClass *klass) g_object_class_install_property (gobject_class, PROP_PARSER, g_param_spec_object ("slot", "Slot", "PKCS#11 slot to import data into", - GP11_TYPE_SLOT, G_PARAM_READWRITE)); - + GCK_TYPE_SLOT, G_PARAM_READWRITE)); + g_object_class_install_property (gobject_class, PROP_PROMPT_BEHAVIOR, g_param_spec_int ("prompt-behavior", "Prompt Behavior", "Import Prompt Behavior", 0, G_MAXINT, GCR_IMPORTER_PROMPT_NEEDED, G_PARAM_READWRITE)); @@ -758,8 +758,8 @@ gcr_importer_class_init (GcrImporterClass *klass) signals[IMPORTED] = g_signal_new ("imported", GCR_TYPE_IMPORTER, G_SIGNAL_RUN_FIRST, G_STRUCT_OFFSET (GcrImporterClass, imported), NULL, NULL, g_cclosure_marshal_VOID__OBJECT, - G_TYPE_NONE, 1, GP11_TYPE_OBJECT); - + G_TYPE_NONE, 1, GCK_TYPE_OBJECT); + _gcr_initialize (); } @@ -816,7 +816,7 @@ gcr_importer_set_parser (GcrImporter *self, GcrParser *parser) g_object_notify (G_OBJECT (self), "parser"); } -GP11Slot* +GckSlot* gcr_importer_get_slot (GcrImporter *self) { g_return_val_if_fail (GCR_IS_IMPORTER (self), NULL); @@ -824,7 +824,7 @@ gcr_importer_get_slot (GcrImporter *self) } void -gcr_importer_set_slot (GcrImporter *self, GP11Slot *slot) +gcr_importer_set_slot (GcrImporter *self, GckSlot *slot) { g_return_if_fail (GCR_IS_IMPORTER (self)); diff --git a/gcr/gcr-importer.h b/gcr/gcr-importer.h index 358b3028..d186fb91 100644 --- a/gcr/gcr-importer.h +++ b/gcr/gcr-importer.h @@ -56,7 +56,7 @@ struct _GcrImporterClass { /* signals */ - void (*imported) (GcrImporter *self, struct _GP11Object *object); + void (*imported) (GcrImporter *self, struct _GckObject *object); }; GType gcr_importer_get_type (void); @@ -68,10 +68,10 @@ GcrParser* gcr_importer_get_parser (GcrImporter *self void gcr_importer_set_parser (GcrImporter *self, GcrParser *parser); -struct _GP11Slot* gcr_importer_get_slot (GcrImporter *self); +struct _GckSlot* gcr_importer_get_slot (GcrImporter *self); void gcr_importer_set_slot (GcrImporter *self, - struct _GP11Slot *slot); + struct _GckSlot *slot); GcrImporterPromptBehavior gcr_importer_get_prompt_behavior (GcrImporter *self); diff --git a/gcr/gcr-initializer.h b/gcr/gcr-initializer.h index f01c7dfb..15d99bf2 100644 --- a/gcr/gcr-initializer.h +++ b/gcr/gcr-initializer.h @@ -50,9 +50,9 @@ struct _GcrTokenManagerClass { GType gcr_token_manager_get_type (void); -GcrTokenManager* gcr_token_manager_new (struct _GP11Slot *slot); +GcrTokenManager* gcr_token_manager_new (struct _GckSlot *slot); -struct _GP11Slot* gcr_token_manager_get_slot (GcrTokenManager *self); +struct _GckSlot* gcr_token_manager_get_slot (GcrTokenManager *self); gboolean gcr_token_manager_initialize (GcrTokenManager *self, GCancellable *cancel, diff --git a/gcr/gcr-internal.h b/gcr/gcr-internal.h index a8a4651e..a4630abb 100644 --- a/gcr/gcr-internal.h +++ b/gcr/gcr-internal.h @@ -3,8 +3,6 @@ #include "gcr.h" -#include "gp11/gp11.h" - #include <glib.h> void _gcr_initialize (void); diff --git a/gcr/gcr-library.c b/gcr/gcr-library.c index cf087167..43174267 100644 --- a/gcr/gcr-library.c +++ b/gcr/gcr-library.c @@ -29,6 +29,8 @@ #include "egg/egg-libgcrypt.h" #include "egg/egg-secure-memory.h" +#include <gck/gck.h> + #include <gcrypt.h> static GList *all_modules = NULL; @@ -112,25 +114,12 @@ void _gcr_initialize (void) { static volatile gsize gcr_initialized = 0; - GP11Module *module; - GError *error = NULL; - + /* Initialize the libgcrypt library if needed */ egg_libgcrypt_initialize (); if (g_once_init_enter (&gcr_initialized)) { - - /* TODO: This needs reworking for multiple modules */ - module = gp11_module_initialize (PKCS11_MODULE_PATH, NULL, &error); - if (module) { - gp11_module_set_pool_sessions (module, TRUE); - gp11_module_set_auto_authenticate (module, TRUE); - all_modules = g_list_prepend (all_modules, module); - } else { - g_message ("couldn't initialize PKCS#11 module: %s", - egg_error_message (error)); - } - + all_modules = gck_modules_initialize_registered (GCK_AUTHENTICATE_OBJECTS | GCK_AUTHENTICATE_TOKENS); g_once_init_leave (&gcr_initialized, 1); } } diff --git a/gcr/gcr-parser.c b/gcr/gcr-parser.c index 3d7febea..50adc981 100644 --- a/gcr/gcr-parser.c +++ b/gcr/gcr-parser.c @@ -21,7 +21,7 @@ #include "config.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include "gcr-internal.h" #include "gcr-marshal.h" @@ -62,7 +62,7 @@ struct _GcrParserPrivate { gboolean normal_formats; GPtrArray *passwords; - GP11Attributes *parsed_attrs; + GckAttributes *parsed_attrs; const gchar *parsed_desc; gchar *parsed_label; }; @@ -174,7 +174,7 @@ parsed_asn1_attribute (GcrParser *self, GNode *asn, const guchar *data, gsize n_ return FALSE; /* TODO: Convert to USG FROM STD */ - gp11_attributes_add_data (self->pv->parsed_attrs, type, value, n_value); + gck_attributes_add_data (self->pv->parsed_attrs, type, value, n_value); return TRUE; } @@ -182,12 +182,12 @@ static void parsed_clear (GcrParser *self, CK_OBJECT_CLASS klass) { if (self->pv->parsed_attrs) - gp11_attributes_unref (self->pv->parsed_attrs); + gck_attributes_unref (self->pv->parsed_attrs); if (klass == CKO_PRIVATE_KEY) - self->pv->parsed_attrs = gp11_attributes_new_full ((GP11Allocator)egg_secure_realloc); + self->pv->parsed_attrs = gck_attributes_new_full ((GckAllocator)egg_secure_realloc); else - self->pv->parsed_attrs = gp11_attributes_new (); - gp11_attributes_add_ulong (self->pv->parsed_attrs, CKA_CLASS, klass); + self->pv->parsed_attrs = gck_attributes_new (); + gck_attributes_add_ulong (self->pv->parsed_attrs, CKA_CLASS, klass); g_free (self->pv->parsed_label); self->pv->parsed_label = NULL; @@ -220,7 +220,7 @@ parsed_attribute (GcrParser *self, CK_ATTRIBUTE_TYPE type, gconstpointer data, g { g_assert (GCR_IS_PARSER (self)); g_assert (self->pv->parsed_attrs); - gp11_attributes_add_data (self->pv->parsed_attrs, type, data, n_data); + gck_attributes_add_data (self->pv->parsed_attrs, type, data, n_data); } static void @@ -228,7 +228,7 @@ parsed_ulong (GcrParser *self, CK_ATTRIBUTE_TYPE type, gulong value) { g_assert (GCR_IS_PARSER (self)); g_assert (self->pv->parsed_attrs); - gp11_attributes_add_ulong (self->pv->parsed_attrs, type, value); + gck_attributes_add_ulong (self->pv->parsed_attrs, type, value); } static gint @@ -444,7 +444,7 @@ parse_der_pkcs8_plain (GcrParser *self, const guchar *data, gsize n_data) goto done; ret = GCR_ERROR_FAILURE; - key_type = GP11_INVALID; + key_type = GCK_INVALID; key_algo = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "privateKeyAlgorithm", "algorithm", NULL)); if (!key_algo) @@ -453,8 +453,8 @@ parse_der_pkcs8_plain (GcrParser *self, const guchar *data, gsize n_data) key_type = CKK_RSA; else if (key_algo == OID_PKIX1_DSA) key_type = CKK_DSA; - - if (key_type == GP11_INVALID) { + + if (key_type == GCK_INVALID) { ret = GCR_ERROR_UNRECOGNIZED; goto done; } @@ -1409,7 +1409,7 @@ gcr_parser_dispose (GObject *obj) gsize i; if (self->pv->parsed_attrs) - gp11_attributes_unref (self->pv->parsed_attrs); + gck_attributes_unref (self->pv->parsed_attrs); self->pv->parsed_attrs = NULL; g_free (self->pv->parsed_label); @@ -1488,7 +1488,7 @@ gcr_parser_class_init (GcrParserClass *klass) g_object_class_install_property (gobject_class, PROP_PARSED_ATTRIBUTES, g_param_spec_boxed ("parsed-attributes", "Parsed Attributes", "Parsed PKCS#11 attributes", - GP11_TYPE_ATTRIBUTES, G_PARAM_READABLE)); + GCK_TYPE_ATTRIBUTES, G_PARAM_READABLE)); g_object_class_install_property (gobject_class, PROP_PARSED_LABEL, g_param_spec_string ("parsed-label", "Parsed Label", "Parsed item label", @@ -1652,7 +1652,7 @@ gcr_parser_get_parsed_description (GcrParser *self) return self->pv->parsed_desc; } -GP11Attributes* +GckAttributes* gcr_parser_get_parsed_attributes (GcrParser *self) { g_return_val_if_fail (GCR_IS_PARSER (self), NULL); diff --git a/gcr/gcr-parser.h b/gcr/gcr-parser.h index 55c76713..6c44b5cf 100644 --- a/gcr/gcr-parser.h +++ b/gcr/gcr-parser.h @@ -81,7 +81,7 @@ const gchar* gcr_parser_get_parsed_label (GcrParser *self); const gchar* gcr_parser_get_parsed_description (GcrParser *self); -struct _GP11Attributes* gcr_parser_get_parsed_attributes (GcrParser *self); +struct _GckAttributes* gcr_parser_get_parsed_attributes (GcrParser *self); G_END_DECLS diff --git a/gcr/gcr-types.h b/gcr/gcr-types.h index d4fab714..3051ff5a 100644 --- a/gcr/gcr-types.h +++ b/gcr/gcr-types.h @@ -47,10 +47,10 @@ enum { GCR_FORMAT_PEM_PKCS12 }; -/* Forward declare some of the GP11 objects */ -struct _GP11Attributes; -struct _GP11Object; -struct _GP11Slot; +/* Forward declare some of the Gck objects */ +struct _GckAttributes; +struct _GckObject; +struct _GckSlot; G_END_DECLS diff --git a/gcr/tests/unit-test-parser.c b/gcr/tests/unit-test-parser.c index 16248d95..f62a07b3 100644 --- a/gcr/tests/unit-test-parser.c +++ b/gcr/tests/unit-test-parser.c @@ -30,7 +30,7 @@ #include "gcr/gcr-parser.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include <glib.h> #include <gcrypt.h> @@ -58,7 +58,7 @@ static const gchar* filedesc = NULL; static void parsed_item (GcrParser *par, gpointer user_data) { - GP11Attributes *attrs; + GckAttributes *attrs; const gchar *description; const gchar *label; diff --git a/pkcs11/Makefile.am b/pkcs11/Makefile.am index b75bcdf1..a9b96da1 100644 --- a/pkcs11/Makefile.am +++ b/pkcs11/Makefile.am @@ -1,6 +1,6 @@ # TODO: Are we sure this is the best location for these headers? -incdir = $(includedir)/gp11 +incdir = $(includedir)/gck inc_HEADERS = \ pkcs11.h \ diff --git a/pkcs11/gkm/gkm-mock.c b/pkcs11/gkm/gkm-mock.c index 471f4453..e7f41a59 100644 --- a/pkcs11/gkm/gkm-mock.c +++ b/pkcs11/gkm/gkm-mock.c @@ -83,11 +83,6 @@ enum { #define SIGNED_PREFIX "signed-prefix:" -/* - * This is not a generic test module, it works in concert with the - * unit-test-gp11-module.c - */ - static void free_session (gpointer data) { diff --git a/pkcs11/wrap-layer/gkm-wrap-prompt.h b/pkcs11/wrap-layer/gkm-wrap-prompt.h index 499ce3aa..a7367070 100644 --- a/pkcs11/wrap-layer/gkm-wrap-prompt.h +++ b/pkcs11/wrap-layer/gkm-wrap-prompt.h @@ -26,6 +26,8 @@ #include "ui/gku-prompt.h" +#include "pkcs11/pkcs11.h" + #define GKM_WRAP_TYPE_PROMPT (gkm_wrap_prompt_get_type ()) #define GKM_WRAP_PROMPT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GKM_WRAP_TYPE_PROMPT, GkmWrapPrompt)) #define GKM_WRAP_PROMPT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GKM_WRAP_TYPE_PROMPT, GkmWrapPromptClass)) diff --git a/tool/Makefile.am b/tool/Makefile.am index 9bb405d3..e3252f59 100644 --- a/tool/Makefile.am +++ b/tool/Makefile.am @@ -17,7 +17,7 @@ gnome_keyring_CFLAGS = \ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" gnome_keyring_LDADD = \ - $(top_builddir)/gp11/libgp11.la \ + $(top_builddir)/gck/libgck.la \ $(top_builddir)/gcr/libgcr.la \ $(top_builddir)/egg/libegg.la \ $(GTHREAD_LIBS) \ diff --git a/tool/gkr-tool-import.c b/tool/gkr-tool-import.c index 74bbfabb..3c3f4888 100644 --- a/tool/gkr-tool-import.c +++ b/tool/gkr-tool-import.c @@ -25,7 +25,7 @@ #include "gkr-tool.h" -#include "gp11/gp11.h" +#include "gck/gck.h" #include "gcr/gcr-importer.h" @@ -40,26 +40,26 @@ static GOptionEntry import_entries[] = { }; static void -on_imported (GcrImporter *importer, GP11Object *object) +on_imported (GcrImporter *importer, GckObject *object) { - GP11Attributes *attrs; - GP11Attribute *id; + GckAttributes *attrs; + GckAttribute *id; CK_OBJECT_CLASS klass; const gchar *message; GError *err = NULL; gchar *label, *hex; - attrs = gp11_attributes_new_empty (CKA_LABEL, CKA_CLASS, CKA_ID, GP11_INVALID); - if (!gp11_object_get_full (object, attrs, NULL, &err)) { + attrs = gck_attributes_new_empty (CKA_LABEL, CKA_CLASS, CKA_ID, GCK_INVALID); + if (!gck_object_get_full (object, attrs, NULL, &err)) { gkr_tool_handle_error (&err, "couldn't get imported object info"); return; } - if (!gp11_attributes_find_string (attrs, CKA_LABEL, &label)) + if (!gck_attributes_find_string (attrs, CKA_LABEL, &label)) label = g_strdup ("unknown"); - if (!gp11_attributes_find_ulong (attrs, CKA_CLASS, &klass)) + if (!gck_attributes_find_ulong (attrs, CKA_CLASS, &klass)) klass = CKO_DATA; - id = gp11_attributes_find (attrs, CKA_ID); + id = gck_attributes_find (attrs, CKA_ID); switch (klass) { case CKO_CERTIFICATE: @@ -89,8 +89,8 @@ on_imported (GcrImporter *importer, GP11Object *object) g_print ("\tID: %s\n", hex); g_free (hex); } - - gp11_attributes_unref (attrs); + + gck_attributes_unref (attrs); g_free (label); } diff --git a/ui/gku-prompt.h b/ui/gku-prompt.h index 060bfcf6..745e77b5 100644 --- a/ui/gku-prompt.h +++ b/ui/gku-prompt.h @@ -24,8 +24,6 @@ #include <glib-object.h> -#include <gp11/gp11.h> - typedef enum { GKU_RESPONSE_FAILURE = -1, GKU_RESPONSE_NONE = 0, |