Attachment #3125 for bug #2652




	CK_RV			rv;
	CK_FUNCTION_LIST	*f;
	CK_SESSION_HANDLE	session;
	int			flags, login_required, have_pinpad;

	f = p->function_list;
	flags = p->slotinfo[slotidx].token.flags;
	have_pinpad = flags & CKF_PROTECTED_AUTHENTICATION_PATH;
	login_required = flags & CKF_LOGIN_REQUIRED;

	/* fail early before opening session */
	if (login_required && !have_pinpad && pin && !strlen(pin)) {
		error("pin required");
		return (-1);
	}

	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION|
	    CKF_SERIAL_SESSION, NULL, NULL, &session))
	    != CKR_OK) {
		error("C_OpenSession failed: %lu", rv);
		return (-1);
	}
	if (login_required) {
		if (have_pinpad && (!pin || !strlen(pin))) {
			/* defer PIN entry to the reader keypad */
			rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
		} else {
			rv = f->C_Login(session, CKU_USER,
			    (u_char *)pin, strlen(pin));
		}
		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
			error("C_Login failed: %lu", rv);
			if ((rv = f->C_CloseSession(session)) != CKR_OK)

Return to bug 2652

Lines 362-384 pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin) Link Here

(-)a/ssh-pkcs11.c (-6 / +16 lines)
362	CK_RV rv;	362	CK_RV rv;
363	CK_FUNCTION_LIST *f;	363	CK_FUNCTION_LIST *f;
364	CK_SESSION_HANDLE session;	364	CK_SESSION_HANDLE session;
365	int login_required;	365	int flags, login_required, have_pinpad;
366		366
367	f = p->function_list;	367	f = p->function_list;
368	login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;	368	flags = p->slotinfo[slotidx].token.flags;
369	if (pin && login_required && !strlen(pin)) {	369	have_pinpad = flags & CKF_PROTECTED_AUTHENTICATION_PATH;
		370	login_required = flags & CKF_LOGIN_REQUIRED;
		371
		372	/* fail early before opening session */
		373	if (login_required && !have_pinpad && pin && !strlen(pin)) {
370	error("pin required");	374	error("pin required");
371	return (-1);	375	return (-1);
372	}	376	}
		377
373	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION\|	378	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION\|
374	CKF_SERIAL_SESSION, NULL, NULL, &session))	379	CKF_SERIAL_SESSION, NULL, NULL, &session))
375	!= CKR_OK) {	380	!= CKR_OK) {
376	error("C_OpenSession failed: %lu", rv);	381	error("C_OpenSession failed: %lu", rv);
377	return (-1);	382	return (-1);
378	}	383	}
379	if (login_required && pin) {	384	if (login_required) {
380	rv = f->C_Login(session, CKU_USER,	385	if (have_pinpad && (!pin \|\| !strlen(pin))) {
381	(u_char *)pin, strlen(pin));	386	/* defer PIN entry to the reader keypad */
		387	rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
		388	} else {
		389	rv = f->C_Login(session, CKU_USER,
		390	(u_char *)pin, strlen(pin));
		391	}
382	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {	392	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
383	error("C_Login failed: %lu", rv);	393	error("C_Login failed: %lu", rv);
384	if ((rv = f->C_CloseSession(session)) != CKR_OK)	394	if ((rv = f->C_CloseSession(session)) != CKR_OK)