summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssh-pkcs11.c31
1 files changed, 5 insertions, 26 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index d4053ea8..09f1ea34 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.45 2019/09/05 10:05:51 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.46 2019/10/01 10:22:53 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -633,17 +633,15 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin,
CK_FUNCTION_LIST *f;
CK_RV rv;
CK_SESSION_HANDLE session;
- int login_required, have_pinpad, ret;
- char prompt[1024], *xpin = NULL;
+ int login_required, ret;
f = p->function_list;
si = &p->slotinfo[slotidx];
- have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH;
login_required = si->token.flags & CKF_LOGIN_REQUIRED;
/* fail early before opening session */
- if (login_required && !have_pinpad && !pkcs11_interactive &&
+ if (login_required && !pkcs11_interactive &&
(pin == NULL || strlen(pin) == 0)) {
error("pin required");
return (-SSH_PKCS11_ERR_PIN_REQUIRED);
@@ -653,27 +651,8 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin,
error("C_OpenSession failed: %lu", rv);
return (-1);
}
- if (login_required) {
- if (have_pinpad && (pin == NULL || strlen(pin) == 0)) {
- /* defer PIN entry to the reader keypad */
- rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
- } else {
- if (pkcs11_interactive) {
- snprintf(prompt, sizeof(prompt),
- "Enter PIN for '%s': ", si->token.label);
- if ((xpin = read_passphrase(prompt,
- RP_ALLOW_EOF)) == NULL) {
- debug("%s: no pin specified",
- __func__);
- return (-SSH_PKCS11_ERR_PIN_REQUIRED);
- }
- pin = xpin;
- }
- rv = f->C_Login(session, CKU_USER,
- (u_char *)pin, strlen(pin));
- if (xpin != NULL)
- freezero(xpin, strlen(xpin));
- }
+ if (login_required && pin != NULL && strlen(pin) != 0) {
+ rv = f->C_Login(session, user, (u_char *)pin, strlen(pin));
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
error("C_Login failed: %lu", rv);
ret = (rv == CKR_PIN_LOCKED) ?
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 12:45:52 +0000