| version 1.44, 2019/09/02 00:19:25 |
version 1.45, 2019/09/05 10:05:51 |
|
|
| } |
} |
| |
|
| static int |
static int |
| pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) |
pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si, |
| |
CK_USER_TYPE type) |
| { |
{ |
| struct pkcs11_slotinfo *si; |
|
| CK_FUNCTION_LIST *f; |
|
| char *pin = NULL, prompt[1024]; |
char *pin = NULL, prompt[1024]; |
| CK_RV rv; |
CK_RV rv; |
| |
|
| if (!k11->provider || !k11->provider->valid) { |
if (provider == NULL || si == NULL || !provider->valid) { |
| error("no pkcs11 (valid) provider found"); |
error("no pkcs11 (valid) provider found"); |
| return (-1); |
return (-1); |
| } |
} |
| |
|
| f = k11->provider->function_list; |
|
| si = &k11->provider->slotinfo[k11->slotidx]; |
|
| |
|
| if (!pkcs11_interactive) { |
if (!pkcs11_interactive) { |
| error("need pin entry%s", |
error("need pin entry%s", |
| (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? |
(si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? |
|
|
| return (-1); /* bail out */ |
return (-1); /* bail out */ |
| } |
} |
| } |
} |
| rv = f->C_Login(si->session, type, (u_char *)pin, |
rv = provider->function_list->C_Login(si->session, type, (u_char *)pin, |
| (pin != NULL) ? strlen(pin) : 0); |
(pin != NULL) ? strlen(pin) : 0); |
| if (pin != NULL) |
if (pin != NULL) |
| freezero(pin, strlen(pin)); |
freezero(pin, strlen(pin)); |
|
|
| } |
} |
| |
|
| static int |
static int |
| |
pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) |
| |
{ |
| |
if (k11 == NULL || k11->provider == NULL || !k11->provider->valid) { |
| |
error("no pkcs11 (valid) provider found"); |
| |
return (-1); |
| |
} |
| |
|
| |
return pkcs11_login_slot(k11->provider, |
| |
&k11->provider->slotinfo[k11->slotidx], type); |
| |
} |
| |
|
| |
|
| |
static int |
| pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, |
pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, |
| CK_ATTRIBUTE_TYPE type, int *val) |
CK_ATTRIBUTE_TYPE type, int *val) |
| { |
{ |
|
|
| * open session, login with pin and retrieve public |
* open session, login with pin and retrieve public |
| * keys (if keyp is provided) |
* keys (if keyp is provided) |
| */ |
*/ |
| if ((ret = pkcs11_open_session(p, i, pin, user)) == 0) { |
if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 || |
| if (keyp == NULL) |
keyp == NULL) |
| |
continue; |
| |
pkcs11_fetch_keys(p, i, keyp, &nkeys); |
| |
pkcs11_fetch_certs(p, i, keyp, &nkeys); |
| |
if (nkeys == 0 && !p->slotinfo[i].logged_in && |
| |
pkcs11_interactive) { |
| |
/* |
| |
* Some tokens require login before they will |
| |
* expose keys. |
| |
*/ |
| |
if (pkcs11_login_slot(p, &p->slotinfo[i], |
| |
CKU_USER) < 0) { |
| |
error("login failed"); |
| continue; |
continue; |
| |
} |
| pkcs11_fetch_keys(p, i, keyp, &nkeys); |
pkcs11_fetch_keys(p, i, keyp, &nkeys); |
| pkcs11_fetch_certs(p, i, keyp, &nkeys); |
pkcs11_fetch_certs(p, i, keyp, &nkeys); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-pkcs11.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh