Bugzilla – Attachment 3125 Details for
Bug 2652
PKCS11 login skipped if login required and no pin set
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch_v2
patch (text/plain), 1.48 KB, created by
Daniel Kucera
on 2018-02-22 08:55:03 AEDT
(
hide
)
Description:
patch_v2
Filename:
MIME Type:
Creator:
Daniel Kucera
Created:
2018-02-22 08:55:03 AEDT
Size:
1.48 KB
patch
obsolete
>diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c >index 65a7b589..ac8785a8 100644 >--- a/ssh-pkcs11.c >+++ b/ssh-pkcs11.c >@@ -362,23 +362,33 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) > CK_RV rv; > CK_FUNCTION_LIST *f; > CK_SESSION_HANDLE session; >- int login_required; >+ int flags, login_required, have_pinpad; > > f = p->function_list; >- login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; >- if (pin && login_required && !strlen(pin)) { >+ flags = p->slotinfo[slotidx].token.flags; >+ have_pinpad = flags & CKF_PROTECTED_AUTHENTICATION_PATH; >+ login_required = flags & CKF_LOGIN_REQUIRED; >+ >+ /* fail early before opening session */ >+ if (login_required && !have_pinpad && pin && !strlen(pin)) { > error("pin required"); > return (-1); > } >+ > if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| > CKF_SERIAL_SESSION, NULL, NULL, &session)) > != CKR_OK) { > error("C_OpenSession failed: %lu", rv); > return (-1); > } >- if (login_required && pin) { >- rv = f->C_Login(session, CKU_USER, >- (u_char *)pin, strlen(pin)); >+ if (login_required) { >+ if (have_pinpad && (!pin || !strlen(pin))) { >+ /* defer PIN entry to the reader keypad */ >+ rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); >+ } else { >+ rv = f->C_Login(session, CKU_USER, >+ (u_char *)pin, strlen(pin)); >+ } > if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { > error("C_Login failed: %lu", rv); > if ((rv = f->C_CloseSession(session)) != CKR_OK)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3125">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2652
:
3032
|
3124
|
3125
|
3226