Bugzilla – Attachment 3124 Details for
Bug 2652
PKCS11 login skipped if login required and no pin set
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
allow deferring the PIN prompt to reader keyboard
file_2652.txt (text/plain), 1.54 KB, created by
Jakub Jelen
on 2018-02-22 04:43:26 AEDT
(
hide
)
Description:
allow deferring the PIN prompt to reader keyboard
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2018-02-22 04:43:26 AEDT
Size:
1.54 KB
patch
obsolete
>diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c >index c0c37dc2..1587e94b 100644 >--- a/ssh-pkcs11.c >+++ b/ssh-pkcs11.c >@@ -412,14 +412,19 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) > CK_RV rv; > CK_FUNCTION_LIST *f; > CK_SESSION_HANDLE session; >- int login_required; >+ int flags, login_required, have_pinpad; > > f = p->function_list; >- login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; >- if (pin && login_required && !strlen(pin)) { >+ flags = p->slotinfo[slotidx].token.flags; >+ have_pinpad = flags & CKF_PROTECTED_AUTHENTICATION_PATH; >+ login_required = flags & CKF_LOGIN_REQUIRED; >+ >+ /* fail early before opening session */ >+ if (login_required && !have_pinpad && pin && !strlen(pin)) { > error("pin required"); > return (-1); > } >+ > if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| > CKF_SERIAL_SESSION, NULL, NULL, &session)) > != CKR_OK) { >@@ -427,8 +432,13 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) > return (-1); > } > if (login_required && pin) { >- rv = f->C_Login(session, CKU_USER, >- (u_char *)pin, strlen(pin)); >+ if (have_pinpad && !strlen(pin)) { >+ /* defer PIN entry to the reader keypad */ >+ rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); >+ } else { >+ rv = f->C_Login(session, CKU_USER, >+ (u_char *)pin, strlen(pin)); >+ } > if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { > error("C_Login failed: %lu", rv); > if ((rv = f->C_CloseSession(session)) != CKR_OK)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 2652
:
3032
|
3124
|
3125
|
3226