Attachment #3327 for bug #3006

View | Details | Raw Unified | Return to bug 3006
Collapse All | Expand All




	CK_FUNCTION_LIST	*f;
	CK_RV			rv;
	CK_SESSION_HANDLE	session;
	int			login_required, ret;
	char			prompt[1024], *xpin = NULL;

	f = p->function_list;
	si = &p->slotinfo[slotidx];

	have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH;
	login_required = si->token.flags & CKF_LOGIN_REQUIRED;

	/* fail early before opening session */
	if (login_required && !pkcs11_interactive &&
	    (pin == NULL || strlen(pin) == 0)) {
		error("pin required");
		return (-SSH_PKCS11_ERR_PIN_REQUIRED);

		error("C_OpenSession failed: %lu", rv);
		return (-1);
	}
	if (login_required && pin != NULL && strlen(pin) != 0) {
		rv = f->C_Login(session, user, (u_char *)pin, strlen(pin));
			/* defer PIN entry to the reader keypad */
			rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
		} else {
			if (pkcs11_interactive) {
				snprintf(prompt, sizeof(prompt),
				    "Enter PIN for '%s': ", si->token.label);
				if ((xpin = read_passphrase(prompt,
				    RP_ALLOW_EOF)) == NULL) {
					debug("%s: no pin specified",
					    __func__);
					return (-SSH_PKCS11_ERR_PIN_REQUIRED);
				}
				pin = xpin;
			}
			rv = f->C_Login(session, CKU_USER,
			    (u_char *)pin, strlen(pin));
			if (xpin != NULL)
				freezero(xpin, strlen(xpin));
		}
		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
			error("C_Login failed: %lu", rv);
			ret = (rv == CKR_PIN_LOCKED) ?

Return to bug 3006

Lines 633-649 pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin, Link Here

(-)a/ssh-pkcs11.c (-25 / +4 lines)
633	CK_FUNCTION_LIST *f;	633	CK_FUNCTION_LIST *f;
634	CK_RV rv;	634	CK_RV rv;
635	CK_SESSION_HANDLE session;	635	CK_SESSION_HANDLE session;
636	int login_required, have_pinpad, ret;	636	int login_required, ret;
637	char prompt[1024], *xpin = NULL;
638		637
639	f = p->function_list;	638	f = p->function_list;
640	si = &p->slotinfo[slotidx];	639	si = &p->slotinfo[slotidx];
641		640
642	have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH;
643	login_required = si->token.flags & CKF_LOGIN_REQUIRED;	641	login_required = si->token.flags & CKF_LOGIN_REQUIRED;
644		642
645	/* fail early before opening session */	643	/* fail early before opening session */
646	if (login_required && !have_pinpad && !pkcs11_interactive &&	644	if (login_required && !pkcs11_interactive &&
647	(pin == NULL \|\| strlen(pin) == 0)) {	645	(pin == NULL \|\| strlen(pin) == 0)) {
648	error("pin required");	646	error("pin required");
649	return (-SSH_PKCS11_ERR_PIN_REQUIRED);	647	return (-SSH_PKCS11_ERR_PIN_REQUIRED);
Lines 653-679 pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin, Link Here
653	error("C_OpenSession failed: %lu", rv);	651	error("C_OpenSession failed: %lu", rv);
654	return (-1);	652	return (-1);
655	}	653	}
656	if (login_required) {	654	if (login_required && pin != NULL && strlen(pin) != 0) {
657	if (have_pinpad && (pin == NULL \|\| strlen(pin) == 0)) {	655	rv = f->C_Login(session, user, (u_char *)pin, strlen(pin));
658	/* defer PIN entry to the reader keypad */
659	rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
660	} else {
661	if (pkcs11_interactive) {
662	snprintf(prompt, sizeof(prompt),
663	"Enter PIN for '%s': ", si->token.label);
664	if ((xpin = read_passphrase(prompt,
665	RP_ALLOW_EOF)) == NULL) {
666	debug("%s: no pin specified",
667	__func__);
668	return (-SSH_PKCS11_ERR_PIN_REQUIRED);
669	}
670	pin = xpin;
671	}
672	rv = f->C_Login(session, CKU_USER,
673	(u_char *)pin, strlen(pin));
674	if (xpin != NULL)
675	freezero(xpin, strlen(xpin));
676	}
677	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {	656	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
678	error("C_Login failed: %lu", rv);	657	error("C_Login failed: %lu", rv);
679	ret = (rv == CKR_PIN_LOCKED) ?	658	ret = (rv == CKR_PIN_LOCKED) ?