diff options
| author | Stefan Walter <stefw@src.gnome.org> | 2007-12-01 17:58:56 +0000 |
|---|---|---|
| committer | Stefan Walter <stefw@src.gnome.org> | 2007-12-01 17:58:56 +0000 |
| commit | 754da578188686f598054d28950640359afba434 (patch) | |
| tree | 10265b05f1e527b7e68f6a45b770544a8e4594c1 | |
| parent | e82400eebc47770f8282f30cf7fdf42e45524a54 (diff) | |
| download | gnome-keyring-754da578188686f598054d28950640359afba434.tar.gz | |
Fix session objects so they are visible for all sessions in a client
* pk/gkr-pk-object.c:
* pk/gkr-pk-object-manager.c:
* pk/gkr-pk-object-manager.h:
* pk/gkr-pk-object-storage.c:
* pk/gkr-pk-privkey.c:
* pk/gkr-pk-pubkey.c:
* pk/gkr-pk-pubkey.h:
* pkcs11/gkr-pkcs11-calls.h:
* pkcs11/gkr-pkcs11-daemon-session.c:
* pkcs11/gkr-pkcs11-module.c:
* pkcs11/gkr-pkix-cert.c:
* ssh/gkr-ssh-daemon-ops.c: Fix session objects so they are visible
for all sessions in a client application, but are still scoped to
the session they were created on.
svn path=/trunk/; revision=919
| -rw-r--r-- | ChangeLog | 15 | ||||
| -rw-r--r-- | pk/gkr-pk-object-manager.c | 102 | ||||
| -rw-r--r-- | pk/gkr-pk-object-manager.h | 29 | ||||
| -rw-r--r-- | pk/gkr-pk-object-storage.c | 5 | ||||
| -rw-r--r-- | pk/gkr-pk-object.c | 16 | ||||
| -rw-r--r-- | pk/gkr-pk-privkey.c | 5 | ||||
| -rw-r--r-- | pk/gkr-pk-pubkey.c | 4 | ||||
| -rw-r--r-- | pk/gkr-pk-pubkey.h | 3 | ||||
| -rw-r--r-- | pkcs11/gkr-pkcs11-calls.h | 2 | ||||
| -rw-r--r-- | pkcs11/gkr-pkcs11-daemon-session.c | 122 | ||||
| -rw-r--r-- | pkcs11/gkr-pkcs11-module.c | 2 | ||||
| -rw-r--r-- | pkix/gkr-pkix-cert.c | 2 | ||||
| -rw-r--r-- | ssh/gkr-ssh-daemon-ops.c | 7 |
13 files changed, 174 insertions, 140 deletions
@@ -2,6 +2,21 @@ * pk/gkr-pk-object.c: * pk/gkr-pk-object-manager.c: + * pk/gkr-pk-object-manager.h: + * pk/gkr-pk-object-storage.c: + * pk/gkr-pk-privkey.c: + * pk/gkr-pk-pubkey.c: + * pk/gkr-pk-pubkey.h: + * pkcs11/gkr-pkcs11-calls.h: + * pkcs11/gkr-pkcs11-daemon-session.c: + * pkcs11/gkr-pkcs11-module.c: + * pkcs11/gkr-pkix-cert.c: + * ssh/gkr-ssh-daemon-ops.c: Fix session objects so they are visible + for all sessions in a client application, but are still scoped to + the session they were created on. + + * pk/gkr-pk-object.c: + * pk/gkr-pk-object-manager.c: * pk/gkr-pk-util.c: * pk/gkr-pk-util.h: * pkcs11/gkr-pkcs11-daemon-session.c: diff --git a/pk/gkr-pk-object-manager.c b/pk/gkr-pk-object-manager.c index 9d6d91d5..cd4538e6 100644 --- a/pk/gkr-pk-object-manager.c +++ b/pk/gkr-pk-object-manager.c @@ -48,16 +48,12 @@ #include <stdarg.h> -/* list my signals */ -enum { - /* MY_SIGNAL_1, */ - /* MY_SIGNAL_2, */ - LAST_SIGNAL -}; - typedef struct _GkrPkObjectManagerPrivate GkrPkObjectManagerPrivate; struct _GkrPkObjectManagerPrivate { + pid_t for_pid; + gboolean is_token; + GHashTable *object_by_handle; GHashTable *object_by_unique; }; @@ -67,13 +63,14 @@ struct _GkrPkObjectManagerPrivate { G_DEFINE_TYPE(GkrPkObjectManager, gkr_pk_object_manager, G_TYPE_OBJECT); -static GkrPkObjectManager *object_manager_singleton = NULL; +static GkrPkObjectManager *object_manager_for_token = NULL; +static GHashTable *object_managers_by_pid = NULL; /* * Constantly increasing counter for the token object handles. Starting at * a non-zero offset so that apps will be well behaved. */ -static CK_OBJECT_HANDLE next_object_handle = 0x000000F0; +static CK_OBJECT_HANDLE next_object_handle = 0x00000010; /* ----------------------------------------------------------------------------- * HELPERS @@ -82,9 +79,9 @@ static CK_OBJECT_HANDLE next_object_handle = 0x000000F0; static void cleanup_object_manager (void *unused) { - g_assert (object_manager_singleton); - g_object_unref (object_manager_singleton); - object_manager_singleton = NULL; + g_assert (object_manager_for_token); + g_object_unref (object_manager_for_token); + object_manager_for_token = NULL; } static void @@ -101,7 +98,8 @@ add_object_for_unique (GkrPkObjectManager *objmgr, gkrconstunique unique, GkrPkO if (!object->handle) { /* Make a new handle */ object->handle = (++next_object_handle & GKR_PK_OBJECT_HANDLE_MASK); - object->handle |= GKR_PK_OBJECT_IS_PERMANENT; + if (pv->is_token) + object->handle |= GKR_PK_OBJECT_IS_PERMANENT; } /* Mapping of objects by PKCS#11 'handle' */ @@ -166,12 +164,28 @@ gkr_pk_object_manager_dispose (GObject *obj) { GkrPkObjectManager *objmgr = GKR_PK_OBJECT_MANAGER (obj); GkrPkObjectManagerPrivate *pv = GKR_PK_OBJECT_MANAGER_GET_PRIVATE (obj); + gpointer k; g_hash_table_remove_all (pv->object_by_handle); g_hash_table_remove_all (pv->object_by_unique); g_list_free (objmgr->objects); objmgr->objects = NULL; + + if (pv->for_pid) { + g_assert (object_managers_by_pid); + + k = GUINT_TO_POINTER (pv->for_pid); + pv->for_pid = 0; + + /* Remove us from the hash table */ + g_assert (g_hash_table_lookup (object_managers_by_pid, k) == objmgr); + g_hash_table_remove (object_managers_by_pid, k); + + /* Destroy the table if its empty */ + if (g_hash_table_size (object_managers_by_pid) == 0) + g_hash_table_destroy (object_managers_by_pid); + } G_OBJECT_CLASS (gkr_pk_object_manager_parent_class)->dispose (obj); } @@ -185,6 +199,7 @@ gkr_pk_object_manager_finalize (GObject *obj) g_hash_table_destroy (pv->object_by_handle); g_hash_table_destroy (pv->object_by_unique); g_assert (!man->objects); + g_assert (!pv->for_pid); G_OBJECT_CLASS (gkr_pk_object_manager_parent_class)->finalize (obj); } @@ -203,24 +218,54 @@ gkr_pk_object_manager_class_init (GkrPkObjectManagerClass *klass) } GkrPkObjectManager* -gkr_pk_object_manager_get (void) +gkr_pk_object_manager_for_token (void) { - if (!object_manager_singleton) { - object_manager_singleton = g_object_new (GKR_TYPE_PK_OBJECT_MANAGER, NULL); + if (!object_manager_for_token) { + object_manager_for_token = g_object_new (GKR_TYPE_PK_OBJECT_MANAGER, NULL); + GKR_PK_OBJECT_MANAGER_GET_PRIVATE (object_manager_for_token)->is_token = TRUE; gkr_cleanup_register (cleanup_object_manager, NULL); } - return object_manager_singleton; -} + return object_manager_for_token; +} + +GkrPkObjectManager* +gkr_pk_object_manager_for_client (pid_t pid) +{ + if (!object_managers_by_pid) + return NULL; + return GKR_PK_OBJECT_MANAGER (g_hash_table_lookup (object_managers_by_pid, + GUINT_TO_POINTER (pid))); +} + +GkrPkObjectManager* +gkr_pk_object_manager_instance_for_client (pid_t pid) +{ + GkrPkObjectManager *manager; + + manager = gkr_pk_object_manager_for_client (pid); + if (manager) { + g_object_ref (manager); + return manager; + } + + manager = g_object_new (GKR_TYPE_PK_OBJECT_MANAGER, NULL); + GKR_PK_OBJECT_MANAGER_GET_PRIVATE (manager)->for_pid = pid; + + /* The first client? */ + if (!object_managers_by_pid) + object_managers_by_pid = g_hash_table_new (g_direct_hash, g_direct_equal); + + /* Note us in the table */ + g_hash_table_insert (object_managers_by_pid, GUINT_TO_POINTER (pid), manager); + return manager; +} void gkr_pk_object_manager_register (GkrPkObjectManager *objmgr, GkrPkObject *object) { GkrPkObjectManagerPrivate *pv; - if (!objmgr) - objmgr = gkr_pk_object_manager_get (); - g_return_if_fail (GKR_IS_PK_OBJECT_MANAGER (objmgr)); g_return_if_fail (GKR_IS_PK_OBJECT (object)); pv = GKR_PK_OBJECT_MANAGER_GET_PRIVATE (objmgr); @@ -236,9 +281,6 @@ gkr_pk_object_manager_unregister (GkrPkObjectManager *objmgr, GkrPkObject *objec { GkrPkObjectManagerPrivate *pv; - if (!objmgr) - objmgr = gkr_pk_object_manager_get (); - g_return_if_fail (GKR_IS_PK_OBJECT_MANAGER (objmgr)); g_return_if_fail (GKR_IS_PK_OBJECT (object)); pv = GKR_PK_OBJECT_MANAGER_GET_PRIVATE (objmgr); @@ -254,9 +296,6 @@ gkr_pk_object_manager_lookup (GkrPkObjectManager *man, CK_OBJECT_HANDLE obj) { GkrPkObjectManagerPrivate *pv; - if (!man) - man = gkr_pk_object_manager_get (); - g_return_val_if_fail (GKR_IS_PK_OBJECT_MANAGER (man), NULL); g_return_val_if_fail (obj != 0, NULL); pv = GKR_PK_OBJECT_MANAGER_GET_PRIVATE (man); @@ -338,9 +377,6 @@ gkr_pk_object_manager_find (GkrPkObjectManager *man, GType gtype, GArray *attrs) gboolean do_refresh = TRUE; GList *l, *objects = NULL; - if (!man) - man = gkr_pk_object_manager_get (); - g_return_val_if_fail (GKR_IS_PK_OBJECT_MANAGER (man), NULL); /* Figure out the class of objects we're loading */ @@ -386,9 +422,6 @@ gkr_pk_object_manager_find_by_id (GkrPkObjectManager *objmgr, GType gtype, gsize len; GList *l; - if (!objmgr) - objmgr = gkr_pk_object_manager_get (); - g_return_val_if_fail (id, NULL); g_return_val_if_fail (GKR_IS_PK_OBJECT_MANAGER (objmgr), NULL); @@ -414,9 +447,6 @@ gkr_pk_object_manager_find_by_unique (GkrPkObjectManager *objmgr, gkrconstunique GkrPkObjectManagerPrivate *pv; GkrPkObject *object; - if (!objmgr) - objmgr = gkr_pk_object_manager_get (); - g_return_val_if_fail (unique, NULL); g_return_val_if_fail (GKR_IS_PK_OBJECT_MANAGER (objmgr), NULL); pv = GKR_PK_OBJECT_MANAGER_GET_PRIVATE (objmgr); diff --git a/pk/gkr-pk-object-manager.h b/pk/gkr-pk-object-manager.h index 1167434e..b1a767a4 100644 --- a/pk/gkr-pk-object-manager.h +++ b/pk/gkr-pk-object-manager.h @@ -29,6 +29,25 @@ #include "gkr-pk-object.h" +/* + * GkrPkObjectManager + * + * A GkrPkObjectManager tracks a set of GkrPkObject objects. It does not own + * those objects. Once an object is registered with the manager it gets + * an identifier. + * + * An object will unregister itself from the manager when it is destroyed or + * it can be done explicitely. + * + * A singleton GkrPkObjectManager exists for token objects, those stored in + * persistent storage. This manager lasts for the lifetime of the daemon. + * + * Other GkrPkObjectManager objects can exist per client for session or + * temporary objects. Multiple requests for a manager for the same client + * will return the same manager. Once all references dissappear this + * manager will go away. + */ + G_BEGIN_DECLS #define GKR_TYPE_PK_OBJECT_MANAGER (gkr_pk_object_manager_get_type ()) @@ -49,11 +68,15 @@ struct _GkrPkObjectManagerClass { GObjectClass parent_class; }; -GType gkr_pk_object_manager_get_type (void) G_GNUC_CONST; +GType gkr_pk_object_manager_get_type (void) G_GNUC_CONST; + +GType gkr_pk_object_manager_type_from_string (const gchar *type); + +GkrPkObjectManager* gkr_pk_object_manager_for_token (void); -GType gkr_pk_object_manager_type_from_string (const gchar *type); +GkrPkObjectManager* gkr_pk_object_manager_for_client (pid_t pid); -GkrPkObjectManager* gkr_pk_object_manager_get (void); +GkrPkObjectManager* gkr_pk_object_manager_instance_for_client (pid_t pid); void gkr_pk_object_manager_register (GkrPkObjectManager *objmgr, GkrPkObject *object); diff --git a/pk/gkr-pk-object-storage.c b/pk/gkr-pk-object-storage.c index c1faad75..2468d749 100644 --- a/pk/gkr-pk-object-storage.c +++ b/pk/gkr-pk-object-storage.c @@ -260,10 +260,12 @@ prepare_object (GkrPkObjectStorage *storage, GQuark location, gkrconstunique unique, GkrParsedType type) { GkrPkObjectStoragePrivate *pv = GKR_PK_OBJECT_STORAGE_GET_PRIVATE (storage); + GkrPkObjectManager *manager; GkrPkObject *object; GType gtype; - object = gkr_pk_object_manager_find_by_unique (NULL, unique); + manager = gkr_pk_object_manager_for_token (); + object = gkr_pk_object_manager_find_by_unique (manager, unique); /* The object already exists just reference it */ if (object) { @@ -285,6 +287,7 @@ prepare_object (GkrPkObjectStorage *storage, GQuark location, } object = g_object_new (gtype, "location", location, "unique", unique, NULL); + gkr_pk_object_manager_register (manager, object); add_object (storage, object); /* Object was reffed */ diff --git a/pk/gkr-pk-object.c b/pk/gkr-pk-object.c index a5844802..c0b9fb6b 100644 --- a/pk/gkr-pk-object.c +++ b/pk/gkr-pk-object.c @@ -147,19 +147,6 @@ gkr_pk_object_init (GkrPkObject *obj) NULL, gkr_pk_attribute_free); } -static GObject* -gkr_pk_object_constructor (GType type, guint n_properties, GObjectConstructParam *properties) -{ - GObject *obj = G_OBJECT_CLASS (gkr_pk_object_parent_class)->constructor (type, n_properties, properties); - if (obj) { - GkrPkObject *xobj = GKR_PK_OBJECT (obj); - if (xobj->location) - gkr_pk_object_manager_register (NULL, xobj); - } - - return obj; -} - static void gkr_pk_object_get_property (GObject *obj, guint prop_id, GValue *value, GParamSpec *pspec) @@ -233,7 +220,6 @@ gkr_pk_object_class_init (GkrPkObjectClass *klass) gobject_class = (GObjectClass*) klass; gkr_pk_object_parent_class = g_type_class_peek_parent (klass); - gobject_class->constructor = gkr_pk_object_constructor; gobject_class->get_property = gkr_pk_object_get_property; gobject_class->set_property = gkr_pk_object_set_property; gobject_class->finalize = gkr_pk_object_finalize; @@ -242,7 +228,7 @@ gkr_pk_object_class_init (GkrPkObjectClass *klass) g_object_class_install_property (gobject_class, PROP_LOCATION, g_param_spec_uint ("location", "Location", "Location of Data", - 0, G_MAXUINT, 0, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + 0, G_MAXUINT, 0, G_PARAM_READWRITE)); g_object_class_install_property (gobject_class, PROP_UNIQUE, g_param_spec_boxed ("unique", "Unique", "Unique Identifier for Data", diff --git a/pk/gkr-pk-privkey.c b/pk/gkr-pk-privkey.c index b9217487..a50217bb 100644 --- a/pk/gkr-pk-privkey.c +++ b/pk/gkr-pk-privkey.c @@ -112,7 +112,8 @@ get_public_key (GkrPkPrivkey *key, gboolean force) if (data) { res = gkr_pkix_der_read_public_key (data, n_data, &s_key); if (res == GKR_PARSE_SUCCESS) { - key->priv->pubkey = gkr_pk_pubkey_instance (obj->location, s_key); + key->priv->pubkey = gkr_pk_pubkey_instance (obj->manager, + obj->location, s_key); goto done; } @@ -141,7 +142,7 @@ get_public_key (GkrPkPrivkey *key, gboolean force) if (!gkr_pk_index_set_binary (obj->location, obj->unique, "public-key", data, n_data)) g_warning ("couldn't write public key to index for: %s", g_quark_to_string (obj->location)); - key->priv->pubkey = gkr_pk_pubkey_instance (0, s_key); + key->priv->pubkey = gkr_pk_pubkey_instance (obj->manager, 0, s_key); goto done; } diff --git a/pk/gkr-pk-pubkey.c b/pk/gkr-pk-pubkey.c index 68edc6d2..9ed8c007 100644 --- a/pk/gkr-pk-pubkey.c +++ b/pk/gkr-pk-pubkey.c @@ -469,7 +469,7 @@ gkr_pk_pubkey_new (GQuark location, gcry_sexp_t s_key) } GkrPkPubkey* -gkr_pk_pubkey_instance (GQuark location, gcry_sexp_t s_key) +gkr_pk_pubkey_instance (GkrPkObjectManager *manager, GQuark location, gcry_sexp_t s_key) { GkrPkObject *pub; gkrunique keyid; @@ -481,7 +481,7 @@ gkr_pk_pubkey_instance (GQuark location, gcry_sexp_t s_key) g_return_val_if_fail (keyid, NULL); /* Try the lookup */ - pub = gkr_pk_object_manager_find_by_id (NULL, GKR_TYPE_PK_PUBKEY, keyid); + pub = gkr_pk_object_manager_find_by_id (manager, GKR_TYPE_PK_PUBKEY, keyid); gkr_unique_free (keyid); if (pub != NULL) { diff --git a/pk/gkr-pk-pubkey.h b/pk/gkr-pk-pubkey.h index 28db0943..ff13c902 100644 --- a/pk/gkr-pk-pubkey.h +++ b/pk/gkr-pk-pubkey.h @@ -56,7 +56,8 @@ GType gkr_pk_pubkey_get_type (void) G_GNUC_CONST; GkrPkObject* gkr_pk_pubkey_new (GQuark location, gcry_sexp_t s_key); -GkrPkPubkey* gkr_pk_pubkey_instance (GQuark location, gcry_sexp_t s_key); +GkrPkPubkey* gkr_pk_pubkey_instance (GkrPkObjectManager* manager, + GQuark location, gcry_sexp_t s_key); gkrconstunique gkr_pk_pubkey_get_keyid (GkrPkPubkey *key); diff --git a/pkcs11/gkr-pkcs11-calls.h b/pkcs11/gkr-pkcs11-calls.h index 8a8f1a52..97649740 100644 --- a/pkcs11/gkr-pkcs11-calls.h +++ b/pkcs11/gkr-pkcs11-calls.h @@ -95,7 +95,7 @@ typedef struct _GkrPkcs11CallInfo { const static GkrPkcs11CallInfo gkr_pkcs11_calls[] = { { PKCS11_CALL_ERROR, "ERROR", NULL, NULL }, - { PKCS11_CALL_C_OpenSession, "C_OpenSession", "ayuu", "" }, + { PKCS11_CALL_C_OpenSession, "C_OpenSession", "ayuuu", "" }, { PKCS11_CALL_C_GetSessionInfo, "C_GetSessionInfo", "", "I" }, { PKCS11_CALL_C_InitPIN, "C_InitPIN", "ay", "" }, { PKCS11_CALL_C_SetPIN, "C_SetPIN", "ayay", "" }, diff --git a/pkcs11/gkr-pkcs11-daemon-session.c b/pkcs11/gkr-pkcs11-daemon-session.c index 0122b485..098cb4f2 100644 --- a/pkcs11/gkr-pkcs11-daemon-session.c +++ b/pkcs11/gkr-pkcs11-daemon-session.c @@ -60,6 +60,7 @@ enum typedef void (*OperationCleanup) (SessionInfo* sinfo); struct _SessionInfo { + pid_t pid; /* Process ID of client */ gboolean valid; /* Session is valid */ gboolean readonly; /* Session is readonly */ @@ -69,8 +70,8 @@ struct _SessionInfo { guint deverror; /* The 'device' error code */ - GHashTable *objects; /* Session objects */ - CK_OBJECT_HANDLE next_handle; /* Increasing counter for session object handles */ + GkrPkObjectManager *manager; /* The object manager for this session */ + GHashTable *objects; /* Objects owned by the session */ }; /* @@ -84,51 +85,18 @@ struct _SessionInfo { */ static void -session_add_object (SessionInfo *sinfo, GkrPkObject *object) +session_take_object (SessionInfo *sinfo, GkrPkObject *object) { - gpointer k; g_assert (sinfo); g_return_if_fail (object->handle == 0); g_return_if_fail (object->location == 0); - object->handle = ++sinfo->next_handle; - k = GUINT_TO_POINTER (object->handle); - - g_assert (!g_hash_table_lookup (sinfo->objects, k)); - g_hash_table_insert (sinfo->objects, k, object); - g_object_ref (object); -} + gkr_pk_object_manager_register (sinfo->manager, object); -static GkrPkObject* -session_lookup_object (SessionInfo *sinfo, CK_OBJECT_HANDLE obj) -{ - return GKR_PK_OBJECT (g_hash_table_lookup (sinfo->objects, GUINT_TO_POINTER (obj))); -} - -typedef struct _SessionFindObjects { - GArray *attrs; - GList *found; -} SessionFindObjects; - -static void -find_each_object (gpointer key, gpointer value, gpointer user_data) -{ - GkrPkObject* obj = GKR_PK_OBJECT (value); - SessionFindObjects *find = (SessionFindObjects*)user_data; - - if (gkr_pk_object_match (obj, find->attrs)) - find->found = g_list_prepend (find->found, obj); -} - -static void -session_find_objects (SessionInfo *sinfo, GArray *attrs, GList **found) -{ - SessionFindObjects find; - find.attrs = attrs; - find.found = NULL; - g_hash_table_foreach (sinfo->objects, find_each_object, &find); - *found = find.found; + /* We assume the ownership */ + g_assert (object->handle); + g_hash_table_insert (sinfo->objects, GUINT_TO_POINTER (object->handle), object); } /* ----------------------------------------------------------------------------- @@ -270,15 +238,18 @@ static CK_RV read_object (GkrPkcs11Message *msg, SessionInfo *sinfo, GkrPkObject **res) { CK_OBJECT_HANDLE obj; + GkrPkObjectManager *manager; if (gkr_pkcs11_message_read_uint32 (msg, &obj) != CKR_OK) return PROTOCOL_ERROR; /* Find the object in question */ if (obj & GKR_PK_OBJECT_IS_PERMANENT) - *res = gkr_pk_object_manager_lookup (NULL, obj); - else - *res = session_lookup_object (sinfo, obj); + manager = gkr_pk_object_manager_for_token (); + else + manager = sinfo->manager; + + *res = gkr_pk_object_manager_lookup (manager, obj); if (!*res) return CKR_OBJECT_HANDLE_INVALID; @@ -314,10 +285,12 @@ session_C_OpenSession (SessionInfo *sinfo, GkrPkcs11Message *req, GkrPkcs11Message *resp) { CK_BYTE_PTR sig = NULL; - CK_ULONG siglen, slotid, flags; + CK_ULONG siglen, slotid, flags, pid; if (!read_byte_array (req, &sig, &siglen)) return PROTOCOL_ERROR; + if (gkr_pkcs11_message_read_uint32 (req, &pid) != CKR_OK) + return PROTOCOL_ERROR; if (gkr_pkcs11_message_read_uint32 (req, &slotid) != CKR_OK) return PROTOCOL_ERROR; if (gkr_pkcs11_message_read_uint32 (req, &flags) != CKR_OK) @@ -334,6 +307,14 @@ session_C_OpenSession (SessionInfo *sinfo, GkrPkcs11Message *req, sinfo->readonly = (flags & CKF_RW_SESSION) ? FALSE : TRUE; sinfo->valid = TRUE; + /* + * TODO: Once we have support for actually pulling out the + * peer's user/pid, we should use that instead of what the + * client tells us. + */ + sinfo->pid = pid; + sinfo->manager = gkr_pk_object_manager_instance_for_client (pid); + return CKR_OK; } @@ -522,10 +503,9 @@ session_C_CreateObject (SessionInfo *sinfo, GkrPkcs11Message *req, * TODO: Eventually we will store and write to the token * storage here, but for now just the session. */ - session_add_object (sinfo, object); + session_take_object (sinfo, object); gkr_pkcs11_message_write_uint32 (resp, object->handle); - g_object_unref (object); } done: @@ -569,26 +549,17 @@ session_C_GetAttributeValue (SessionInfo *sinfo, GkrPkcs11Message *req, { GkrPkObject *object; GArray* attrs; - CK_OBJECT_HANDLE obj; CK_RV soft_ret = CKR_OK; CK_RV ret = CKR_OK; - if (gkr_pkcs11_message_read_uint32 (req, &obj) != CKR_OK) - return PROTOCOL_ERROR; - + ret = read_object (req, sinfo, &object); + if (ret != CKR_OK) + return ret; + if (!(attrs = read_attribute_array (req))) return PROTOCOL_ERROR; - /* If it's a token object then pass handle it elsewhere */ - if (obj & GKR_PK_OBJECT_IS_PERMANENT) - object = gkr_pk_object_manager_lookup (NULL, obj); - else - object = session_lookup_object (sinfo, obj); - - if (!object) - ret = CKR_OBJECT_HANDLE_INVALID; - else - ret = gkr_pk_object_get_attributes (object, attrs); + ret = gkr_pk_object_get_attributes (object, attrs); /* Certain ones aren't real failures */ switch (ret) { @@ -639,7 +610,6 @@ session_C_FindObjectsInit (SessionInfo *sinfo, GkrPkcs11Message *req, GList *l, *objects = NULL; GArray *attrs; gboolean all; - CK_RV ret = CKR_OK; if (sinfo->operation_type) return CKR_OPERATION_ACTIVE; @@ -648,28 +618,28 @@ session_C_FindObjectsInit (SessionInfo *sinfo, GkrPkcs11Message *req, return PROTOCOL_ERROR; all = !gkr_pk_attributes_boolean (attrs, CKA_TOKEN, &token); - + objects = NULL; + /* All or only token objects? */ - if(all || token) - objects = gkr_pk_object_manager_find (NULL, 0, attrs); + if(all || token) { + l = gkr_pk_object_manager_find (gkr_pk_object_manager_for_token (), 0, attrs); + objects = g_list_concat (objects, l); + } /* All or only session objects? */ - if (all || !token) - session_find_objects (sinfo, attrs, &objects); - - - if (ret == CKR_OK) { - for (l = objects; l; l = g_list_next (l)) - g_object_ref (GKR_PK_OBJECT (l->data)); - begin_operation (sinfo, OPERATION_FIND, objects, free_object_list); - } else { - g_list_free (objects); + if (all || !token) { + l = gkr_pk_object_manager_find (sinfo->manager, 0, attrs); + objects = g_list_concat (objects, l); } + for (l = objects; l; l = g_list_next (l)) + g_object_ref (GKR_PK_OBJECT (l->data)); + begin_operation (sinfo, OPERATION_FIND, objects, free_object_list); + gkr_pk_attributes_free (attrs); /* No response */ - return ret; + return CKR_OK; } static CK_RV @@ -1344,6 +1314,8 @@ session_info_new () static void session_info_free (SessionInfo *sinfo) { + if (sinfo->manager) + g_object_unref (sinfo->manager); g_hash_table_destroy (sinfo->objects); g_free (sinfo); } diff --git a/pkcs11/gkr-pkcs11-module.c b/pkcs11/gkr-pkcs11-module.c index fa1f5c92..0757213e 100644 --- a/pkcs11/gkr-pkcs11-module.c +++ b/pkcs11/gkr-pkcs11-module.c @@ -1621,6 +1621,8 @@ gkr_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, ret = gkr_pkcs11_message_write_byte_array (cs->req, (unsigned char*)GKR_PKCS11_HANDSHAKE, GKR_PKCS11_HANDSHAKE_LEN); + if (ret == CKR_OK) + ret = gkr_pkcs11_message_write_uint32 (cs->req, crypto_pid); if (ret == CKR_OK) /* We don't use the slot id yet */ ret = gkr_pkcs11_message_write_uint32 (cs->req, 0); if (ret == CKR_OK) diff --git a/pkix/gkr-pkix-cert.c b/pkix/gkr-pkix-cert.c index 4bda4294..704ad0b1 100644 --- a/pkix/gkr-pkix-cert.c +++ b/pkix/gkr-pkix-cert.c @@ -108,7 +108,7 @@ get_public_key (GkrPkixCert *cert) } g_return_val_if_fail (s_key, NULL); - cert->data->pubkey = gkr_pk_pubkey_instance (obj->location, s_key); + cert->data->pubkey = gkr_pk_pubkey_instance (obj->manager, obj->location, s_key); return cert->data->pubkey; } diff --git a/ssh/gkr-ssh-daemon-ops.c b/ssh/gkr-ssh-daemon-ops.c index 63bf05c4..2efb24db 100644 --- a/ssh/gkr-ssh-daemon-ops.c +++ b/ssh/gkr-ssh-daemon-ops.c @@ -83,8 +83,8 @@ find_private_key (gcry_sexp_t s_key, gboolean manager) data = gkr_unique_get_raw (keyid, &n_data); g_assert (data && n_data); - objects = gkr_pk_object_manager_findv (NULL, GKR_TYPE_PK_PRIVKEY, - CKA_ID, data, n_data, NULL); + objects = gkr_pk_object_manager_findv (gkr_pk_object_manager_for_token (), + GKR_TYPE_PK_PRIVKEY, CKA_ID, data, n_data, NULL); if (objects) { key = GKR_PK_PRIVKEY (objects->data); g_list_free (objects); @@ -218,7 +218,8 @@ op_request_identities (GkrBuffer *req, GkrBuffer *resp) const gchar *label; /* TODO: We should only find the keys that have usage = ssh */ - objects = gkr_pk_object_manager_find (NULL, GKR_TYPE_PK_PRIVKEY, NULL); + objects = gkr_pk_object_manager_find (gkr_pk_object_manager_for_token (), + GKR_TYPE_PK_PRIVKEY, NULL); pubkeys = NULL; get_public_keys (ssh_session_keys, &pubkeys); |