95
is_login_keyring (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
97
gboolean is_login = FALSE;
98
if (!gkm_attributes_find_boolean (attrs, n_attrs, CKA_G_LOGIN_COLLECTION, &is_login))
93
104
auto_unlock_keyring_location (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
95
106
CK_ATTRIBUTE_PTR attr;
96
gboolean is_login = FALSE;
98
if (gkm_attributes_find_boolean (attrs, n_attrs, CKA_G_LOGIN_COLLECTION, &is_login) && is_login)
108
if (is_login_keyring (attrs, n_attrs))
101
111
attr = gkm_attributes_find (attrs, n_attrs, CKA_ID);
223
233
auto_unlock_should_attach (GkmWrapPrompt *self)
225
235
GkuPrompt *prompt = GKU_PROMPT (self);
227
return gku_prompt_has_response (prompt) &&
228
gku_prompt_get_unlock_option (prompt, GKU_UNLOCK_AUTO, &value) &&
238
if (!gku_prompt_has_response (prompt))
241
choice = gku_prompt_get_unlock_choice (prompt);
242
return (choice && g_str_equal (choice, GCR_UNLOCK_OPTION_ALWAYS));
502
520
options[1].ulValueLen = sizeof (bval);
504
522
/* CKA_G_DESTRUCT_IDLE */
506
gku_prompt_get_unlock_option (GKU_PROMPT (self), GKU_UNLOCK_IDLE, &value);
507
uval = value < 0 ? 0 : value;
523
uval = g_str_equal (choice, GCR_UNLOCK_OPTION_IDLE) ? ttl : 0;
508
524
options[2].type = CKA_G_DESTRUCT_IDLE;
509
525
options[2].pValue = pool_dup (self, &uval, sizeof (uval));
510
526
options[2].ulValueLen = sizeof (uval);
512
528
/* CKA_G_DESTRUCT_AFTER */
514
gku_prompt_get_unlock_option (GKU_PROMPT (self), GKU_UNLOCK_TIMEOUT, &value);
515
uval = value < 0 ? 0 : value;
529
uval = g_str_equal (choice, GCR_UNLOCK_OPTION_TIMEOUT) ? ttl : 0;
516
530
options[3].type = CKA_G_DESTRUCT_AFTER;
517
531
options[3].pValue = pool_dup (self, &uval, sizeof (uval));
518
532
options[3].ulValueLen = sizeof (uval);
524
538
set_unlock_options_on_prompt (GkmWrapPrompt *self, CK_ATTRIBUTE_PTR options, CK_ULONG n_options)
541
gboolean have_ttl = FALSE;
529
546
g_assert (GKM_WRAP_IS_PROMPT (self));
530
547
g_assert (options || !n_options);
532
if (gkm_attributes_find_boolean (options, n_options, CKA_GNOME_TRANSIENT, &bval))
533
gku_prompt_set_unlock_option (GKU_PROMPT (self), GKU_UNLOCK_AUTO, bval ? 0 : 1);
535
if (gkm_attributes_find_ulong (options, n_options, CKA_G_DESTRUCT_IDLE, &uval))
536
gku_prompt_set_unlock_option (GKU_PROMPT (self), GKU_UNLOCK_IDLE, (int)uval);
538
if (gkm_attributes_find_ulong (options, n_options, CKA_G_DESTRUCT_AFTER, &uval))
539
gku_prompt_set_unlock_option (GKU_PROMPT (self), GKU_UNLOCK_TIMEOUT, (int)uval);
549
if (gkm_attributes_find_boolean (options, n_options, CKA_GNOME_TRANSIENT, &bval)) {
550
choice = bval ? GCR_UNLOCK_OPTION_SESSION : GCR_UNLOCK_OPTION_ALWAYS;
553
if (gkm_attributes_find_ulong (options, n_options, CKA_G_DESTRUCT_IDLE, &uval) && uval) {
554
choice = GCR_UNLOCK_OPTION_IDLE;
559
if (gkm_attributes_find_ulong (options, n_options, CKA_G_DESTRUCT_AFTER, &uval) && uval) {
560
choice = GCR_UNLOCK_OPTION_TIMEOUT;
565
gku_prompt_set_unlock_choice (GKU_PROMPT (self), choice);
567
gku_prompt_set_unlock_ttl (GKU_PROMPT (self), ttl);
542
570
static CK_ATTRIBUTE_PTR
643
671
gku_prompt_hide_widget (prompt, "confirm_area");
644
672
gku_prompt_show_widget (prompt, "details_area");
645
673
gku_prompt_show_widget (prompt, "password_area");
646
gku_prompt_show_widget (prompt, "lock_area");
647
674
gku_prompt_show_widget (prompt, "options_area");
649
676
if (gkm_wrap_login_is_usable ())
650
gku_prompt_show_widget (prompt, "auto_unlock_check");
652
gku_prompt_hide_widget (prompt, "auto_unlock_check");
677
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_ALWAYS, FALSE, NULL);
723
748
gku_prompt_hide_widget (prompt, "confirm_area");
724
749
gku_prompt_show_widget (prompt, "details_area");
725
750
gku_prompt_show_widget (prompt, "password_area");
726
gku_prompt_show_widget (prompt, "lock_area");
727
751
gku_prompt_show_widget (prompt, "options_area");
728
gku_prompt_hide_widget (prompt, "auto_unlock_check");
753
/* TODO: After string freeze need to add a reason */
754
if (!gkm_wrap_login_is_usable ())
755
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_ALWAYS, FALSE, NULL);
763
789
label = _("Unnamed");
765
791
if (klass == CKO_G_COLLECTION) {
766
if (gkm_attributes_find_boolean (attrs, n_attrs, CKA_G_LOGIN_COLLECTION, &is_login) && is_login)
792
if (is_login_keyring (attrs, n_attrs))
767
793
prepare_unlock_keyring_login (self);
769
795
prepare_unlock_keyring_other (self, label);
801
827
gku_prompt_set_secondary_text (prompt, text);
804
if (gkm_wrap_login_is_usable ()) {
805
gku_prompt_show_widget (prompt, "details_area");
806
gku_prompt_show_widget (prompt, "lock_area");
807
gku_prompt_hide_widget (prompt, "options_area");
830
gku_prompt_show_widget (prompt, "details_area");
831
gku_prompt_show_widget (prompt, "options_area");
832
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_IDLE, FALSE, NULL);
833
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_TIMEOUT, FALSE, NULL);
834
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_ALWAYS,
835
gkm_wrap_login_is_usable (), NULL);
841
fix_login_keyring_if_unlock_failed (GkmWrapPrompt *self, const gchar *password)
843
CK_OBJECT_CLASS klass = CKO_G_CREDENTIAL;
844
CK_OBJECT_HANDLE cred;
845
CK_BBOOL tval = CK_TRUE;
846
CK_ATTRIBUTE attrs[4];
850
failed = gkm_wrap_login_steal_failed_password ();
852
/* Do we have a failed unlock password? */
853
if (!failed || !failed[0]) {
854
egg_secure_strfree (failed);
858
attrs[0].type = CKA_CLASS;
859
attrs[0].pValue = &klass;
860
attrs[0].ulValueLen = sizeof (klass);
862
attrs[1].type = CKA_VALUE;
863
attrs[1].pValue = failed;
864
attrs[1].ulValueLen = strlen (failed);
866
attrs[2].type = CKA_GNOME_TRANSIENT;
867
attrs[2].pValue = &tval;
868
attrs[2].ulValueLen = sizeof (tval);
870
attrs[3].type = CKA_TOKEN;
871
attrs[3].pValue = &tval;
872
attrs[3].ulValueLen = sizeof (tval);
874
/* Create a credential object for the failed password */
875
rv = (self->module->C_CreateObject) (self->session, attrs, G_N_ELEMENTS (attrs), &cred);
876
egg_secure_strfree (failed);
879
g_warning ("couldn't create credential to fix login password: %s",
880
gkm_util_rv_to_string (rv));
884
attrs[0].type = CKA_G_CREDENTIAL;
885
attrs[0].pValue = &cred;
886
attrs[0].ulValueLen = sizeof (cred);
888
/* Set the credential on the object */
889
rv = (self->module->C_SetAttributeValue) (self->session, self->object, attrs, 1);
891
g_warning ("couldn't change credential to fix login keyring password: %s",
892
gkm_util_rv_to_string (rv));
896
g_message ("fixed login keyring password to match login password");
813
899
/* -----------------------------------------------------------------------------
951
1031
if (!data->password) {
952
1032
prepare_unlock_prompt (self, attrs, n_attrs, self->iteration == 1);
1034
/* Now load up the unlock options into the prompt*/
1035
if (self->iteration == 1) {
1036
options = get_unlock_options_from_object (self, &n_options);
1037
if (options != NULL)
1038
set_unlock_options_on_prompt (self, options, n_options);
953
1041
++(self->iteration);
955
1043
gku_prompt_request_attention_sync (NULL, on_prompt_attention,
999
1087
/* Save the options, and possibly auto unlock */
1000
1088
if (call_result == CKR_OK) {
1090
attrs = get_attributes_from_object (self, &n_attrs);
1093
* For the login keyring, we check for a previous unlock failure,
1094
* that would have come from PAM, and try to change the password to
1095
* the one that failed earlier.
1097
if (is_login_keyring (attrs, n_attrs))
1098
fix_login_keyring_if_unlock_failed (self, data->password);
1001
1100
options = get_unlock_options_from_prompt (self, &n_options);
1002
1101
if (options != NULL)
1003
1102
set_unlock_options_on_object (self, options, n_options);
1005
if (auto_unlock_should_attach (self)) {
1006
attrs = get_attributes_from_object (self, &n_attrs);
1104
if (auto_unlock_should_attach (self))
1007
1105
auto_unlock_attach_object (attrs, n_attrs, data->password);
1039
1136
gku_prompt_set_secondary_text (prompt, text);
1042
if (gkm_wrap_login_is_usable ()) {
1043
gku_prompt_show_widget (prompt, "details_area");
1044
gku_prompt_show_widget (prompt, "lock_area");
1045
gku_prompt_hide_widget (prompt, "options_area");
1139
gku_prompt_show_widget (prompt, "details_area");
1140
gku_prompt_show_widget (prompt, "options_area");
1141
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_IDLE, FALSE, NULL);
1142
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_TIMEOUT, FALSE, NULL);
1143
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_ALWAYS,
1144
gkm_wrap_login_is_usable (), NULL);
1048
1146
g_free (label);
1164
1262
gku_prompt_set_secondary_text (prompt, text);
1167
if (gkm_wrap_login_is_usable ()) {
1168
gku_prompt_show_widget (prompt, "details_area");
1169
gku_prompt_show_widget (prompt, "lock_area");
1170
gku_prompt_hide_widget (prompt, "options_area");
1265
gku_prompt_show_widget (prompt, "details_area");
1266
gku_prompt_show_widget (prompt, "options_area");
1267
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_IDLE, FALSE, NULL);
1268
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_TIMEOUT, FALSE, NULL);
1269
gku_prompt_set_unlock_sensitive (prompt, GCR_UNLOCK_OPTION_ALWAYS,
1270
gkm_wrap_login_is_usable (), NULL);
1173
1272
g_free (label);
added
removed
pkcs11/wrap-layer/gkm-wrap-prompt.c
