Attachment #3226 for bug #2652




pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin,
    CK_ULONG user)
{
	struct pkcs11_slotinfo	*si;
	CK_FUNCTION_LIST	*f;
	CK_RV			rv;
	CK_SESSION_HANDLE	session;
	int			login_required, have_pinpad, ret;

	f = p->function_list;
	si = &p->slotinfo[slotidx];

	have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH;
	login_required = si->token.flags & CKF_LOGIN_REQUIRED;

	/* fail early before opening session */
	if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) {
		error("pin required");
		return (-SSH_PKCS11_ERR_PIN_REQUIRED);
	}
	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION|
	    CKF_SERIAL_SESSION, NULL, NULL, &session)) != CKR_OK) {
	    != CKR_OK) {
		error("C_OpenSession failed: %lu", rv);
		return (-1);
	}
	if (login_required) {
		if (have_pinpad && (pin == NULL || strlen(pin) == 0)) {
			/* defer PIN entry to the reader keypad */
			rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
		} else {
			rv = f->C_Login(session, CKU_USER,
			    (u_char *)pin, strlen(pin));
		}
		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
			error("C_Login failed: %lu", rv);
			ret = (rv == CKR_PIN_LOCKED) ?

				error("C_CloseSession failed: %lu", rv);
			return (ret);
		}
		si->logged_in = 1;
	}
	si->session = session;
	return (0);
}


Return to bug 2652

Lines 609-634 static int Link Here

(-)a/ssh-pkcs11.c (-11 / +21 lines)
609	pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin,	609	pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin,
610	CK_ULONG user)	610	CK_ULONG user)
611	{	611	{
612	CK_RV rv;	612	struct pkcs11_slotinfo *si;
613	CK_FUNCTION_LIST *f;	613	CK_FUNCTION_LIST *f;
		614	CK_RV rv;
614	CK_SESSION_HANDLE session;	615	CK_SESSION_HANDLE session;
615	int login_required, ret;	616	int login_required, have_pinpad, ret;
616		617
617	f = p->function_list;	618	f = p->function_list;
618	login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;	619	si = &p->slotinfo[slotidx];
619	if (pin && login_required && !strlen(pin)) {	620
		621	have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH;
		622	login_required = si->token.flags & CKF_LOGIN_REQUIRED;
		623
		624	/* fail early before opening session */
		625	if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) {
620	error("pin required");	626	error("pin required");
621	return (-SSH_PKCS11_ERR_PIN_REQUIRED);	627	return (-SSH_PKCS11_ERR_PIN_REQUIRED);
622	}	628	}
623	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION\|	629	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION\|
624	CKF_SERIAL_SESSION, NULL, NULL, &session))	630	CKF_SERIAL_SESSION, NULL, NULL, &session)) != CKR_OK) {
625	!= CKR_OK) {
626	error("C_OpenSession failed: %lu", rv);	631	error("C_OpenSession failed: %lu", rv);
627	return (-1);	632	return (-1);
628	}	633	}
629	if (login_required && pin) {	634	if (login_required) {
630	rv = f->C_Login(session, user,	635	if (have_pinpad && (pin == NULL \|\| strlen(pin) == 0)) {
631	(u_char *)pin, strlen(pin));	636	/* defer PIN entry to the reader keypad */
		637	rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
		638	} else {
		639	rv = f->C_Login(session, CKU_USER,
		640	(u_char *)pin, strlen(pin));
		641	}
632	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {	642	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
633	error("C_Login failed: %lu", rv);	643	error("C_Login failed: %lu", rv);
634	ret = (rv == CKR_PIN_LOCKED) ?	644	ret = (rv == CKR_PIN_LOCKED) ?
Lines 638-646 pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin, Link Here
638	error("C_CloseSession failed: %lu", rv);	648	error("C_CloseSession failed: %lu", rv);
639	return (ret);	649	return (ret);
640	}	650	}
641	p->slotinfo[slotidx].logged_in = 1;	651	si->logged_in = 1;
642	}	652	}
643	p->slotinfo[slotidx].session = session;	653	si->session = session;
644	return (0);	654	return (0);
645	}	655	}
646		656