version 1.41, 2019/01/22 12:03:58 |
version 1.42, 2019/02/04 23:37:54 |
|
|
CK_RV rv; |
CK_RV rv; |
CK_SESSION_HANDLE session; |
CK_SESSION_HANDLE session; |
int login_required, have_pinpad, ret; |
int login_required, have_pinpad, ret; |
|
char prompt[1024], *xpin = NULL; |
|
|
f = p->function_list; |
f = p->function_list; |
si = &p->slotinfo[slotidx]; |
si = &p->slotinfo[slotidx]; |
|
|
login_required = si->token.flags & CKF_LOGIN_REQUIRED; |
login_required = si->token.flags & CKF_LOGIN_REQUIRED; |
|
|
/* fail early before opening session */ |
/* fail early before opening session */ |
if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) { |
if (login_required && !have_pinpad && !pkcs11_interactive && |
|
(pin == NULL || strlen(pin) == 0)) { |
error("pin required"); |
error("pin required"); |
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
} |
} |
|
|
/* defer PIN entry to the reader keypad */ |
/* defer PIN entry to the reader keypad */ |
rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); |
rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); |
} else { |
} else { |
|
if (pkcs11_interactive) { |
|
snprintf(prompt, sizeof(prompt), |
|
"Enter PIN for '%s': ", si->token.label); |
|
if ((xpin = read_passphrase(prompt, |
|
RP_ALLOW_EOF)) == NULL) { |
|
debug("%s: no pin specified", |
|
__func__); |
|
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
|
} |
|
pin = xpin; |
|
} |
rv = f->C_Login(session, CKU_USER, |
rv = f->C_Login(session, CKU_USER, |
(u_char *)pin, strlen(pin)); |
(u_char *)pin, strlen(pin)); |
|
if (xpin != NULL) |
|
freezero(xpin, strlen(xpin)); |
} |
} |
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
error("C_Login failed: %lu", rv); |
error("C_Login failed: %lu", rv); |