version 1.45, 2019/09/05 10:05:51 |
version 1.46, 2019/10/01 10:22:53 |
|
|
CK_FUNCTION_LIST *f; |
CK_FUNCTION_LIST *f; |
CK_RV rv; |
CK_RV rv; |
CK_SESSION_HANDLE session; |
CK_SESSION_HANDLE session; |
int login_required, have_pinpad, ret; |
int login_required, ret; |
char prompt[1024], *xpin = NULL; |
|
|
|
f = p->function_list; |
f = p->function_list; |
si = &p->slotinfo[slotidx]; |
si = &p->slotinfo[slotidx]; |
|
|
have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH; |
|
login_required = si->token.flags & CKF_LOGIN_REQUIRED; |
login_required = si->token.flags & CKF_LOGIN_REQUIRED; |
|
|
/* fail early before opening session */ |
/* fail early before opening session */ |
if (login_required && !have_pinpad && !pkcs11_interactive && |
if (login_required && !pkcs11_interactive && |
(pin == NULL || strlen(pin) == 0)) { |
(pin == NULL || strlen(pin) == 0)) { |
error("pin required"); |
error("pin required"); |
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
|
|
error("C_OpenSession failed: %lu", rv); |
error("C_OpenSession failed: %lu", rv); |
return (-1); |
return (-1); |
} |
} |
if (login_required) { |
if (login_required && pin != NULL && strlen(pin) != 0) { |
if (have_pinpad && (pin == NULL || strlen(pin) == 0)) { |
rv = f->C_Login(session, user, (u_char *)pin, strlen(pin)); |
/* defer PIN entry to the reader keypad */ |
|
rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); |
|
} else { |
|
if (pkcs11_interactive) { |
|
snprintf(prompt, sizeof(prompt), |
|
"Enter PIN for '%s': ", si->token.label); |
|
if ((xpin = read_passphrase(prompt, |
|
RP_ALLOW_EOF)) == NULL) { |
|
debug("%s: no pin specified", |
|
__func__); |
|
return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
|
} |
|
pin = xpin; |
|
} |
|
rv = f->C_Login(session, CKU_USER, |
|
(u_char *)pin, strlen(pin)); |
|
if (xpin != NULL) |
|
freezero(xpin, strlen(xpin)); |
|
} |
|
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
error("C_Login failed: %lu", rv); |
error("C_Login failed: %lu", rv); |
ret = (rv == CKR_PIN_LOCKED) ? |
ret = (rv == CKR_PIN_LOCKED) ? |