version 1.40, 2019/01/22 12:00:50 |
version 1.41, 2019/01/22 12:03:58 |
|
|
pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, |
pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, |
CK_ULONG user) |
CK_ULONG user) |
{ |
{ |
CK_RV rv; |
struct pkcs11_slotinfo *si; |
CK_FUNCTION_LIST *f; |
CK_FUNCTION_LIST *f; |
|
CK_RV rv; |
CK_SESSION_HANDLE session; |
CK_SESSION_HANDLE session; |
int login_required, ret; |
int login_required, have_pinpad, ret; |
|
|
f = p->function_list; |
f = p->function_list; |
login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; |
si = &p->slotinfo[slotidx]; |
if (pin && login_required && !strlen(pin)) { |
|
|
have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH; |
|
login_required = si->token.flags & CKF_LOGIN_REQUIRED; |
|
|
|
/* fail early before opening session */ |
|
if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) { |
error("pin required"); |
error("pin required"); |
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
} |
} |
if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| |
if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| |
CKF_SERIAL_SESSION, NULL, NULL, &session)) |
CKF_SERIAL_SESSION, NULL, NULL, &session)) != CKR_OK) { |
!= CKR_OK) { |
|
error("C_OpenSession failed: %lu", rv); |
error("C_OpenSession failed: %lu", rv); |
return (-1); |
return (-1); |
} |
} |
if (login_required && pin) { |
if (login_required) { |
rv = f->C_Login(session, user, |
if (have_pinpad && (pin == NULL || strlen(pin) == 0)) { |
(u_char *)pin, strlen(pin)); |
/* defer PIN entry to the reader keypad */ |
|
rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); |
|
} else { |
|
rv = f->C_Login(session, CKU_USER, |
|
(u_char *)pin, strlen(pin)); |
|
} |
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
error("C_Login failed: %lu", rv); |
error("C_Login failed: %lu", rv); |
ret = (rv == CKR_PIN_LOCKED) ? |
ret = (rv == CKR_PIN_LOCKED) ? |
|
|
error("C_CloseSession failed: %lu", rv); |
error("C_CloseSession failed: %lu", rv); |
return (ret); |
return (ret); |
} |
} |
p->slotinfo[slotidx].logged_in = 1; |
si->logged_in = 1; |
} |
} |
p->slotinfo[slotidx].session = session; |
si->session = session; |
return (0); |
return (0); |
} |
} |
|
|