Bugzilla – Attachment 3226 Details for
Bug 2652
PKCS11 login skipped if login required and no pin set
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
update patch to post-ECDSA PKCS#11 key merge
bz2652.diff (text/plain), 1.96 KB, created by
Damien Miller
on 2019-01-22 12:58:43 AEDT
(
hide
)
Description:
update patch to post-ECDSA PKCS#11 key merge
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2019-01-22 12:58:43 AEDT
Size:
1.96 KB
patch
obsolete
>diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c >index fd0f970..0159445 100644 >--- a/ssh-pkcs11.c >+++ b/ssh-pkcs11.c >@@ -609,26 +609,36 @@ static int > pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, > CK_ULONG user) > { >- CK_RV rv; >+ struct pkcs11_slotinfo *si; > CK_FUNCTION_LIST *f; >+ CK_RV rv; > CK_SESSION_HANDLE session; >- int login_required, ret; >+ int login_required, have_pinpad, ret; > > f = p->function_list; >- login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; >- if (pin && login_required && !strlen(pin)) { >+ si = &p->slotinfo[slotidx]; >+ >+ have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH; >+ login_required = si->token.flags & CKF_LOGIN_REQUIRED; >+ >+ /* fail early before opening session */ >+ if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) { > error("pin required"); > return (-SSH_PKCS11_ERR_PIN_REQUIRED); > } > if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| >- CKF_SERIAL_SESSION, NULL, NULL, &session)) >- != CKR_OK) { >+ CKF_SERIAL_SESSION, NULL, NULL, &session)) != CKR_OK) { > error("C_OpenSession failed: %lu", rv); > return (-1); > } >- if (login_required && pin) { >- rv = f->C_Login(session, user, >- (u_char *)pin, strlen(pin)); >+ if (login_required) { >+ if (have_pinpad && (pin == NULL || strlen(pin) == 0)) { >+ /* defer PIN entry to the reader keypad */ >+ rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); >+ } else { >+ rv = f->C_Login(session, CKU_USER, >+ (u_char *)pin, strlen(pin)); >+ } > if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { > error("C_Login failed: %lu", rv); > ret = (rv == CKR_PIN_LOCKED) ? >@@ -638,9 +648,9 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, > error("C_CloseSession failed: %lu", rv); > return (ret); > } >- p->slotinfo[slotidx].logged_in = 1; >+ si->logged_in = 1; > } >- p->slotinfo[slotidx].session = session; >+ si->session = session; > return (0); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3226">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2652
:
3032
|
3124
|
3125
| 3226