Diff

Differences From Artifact [745d36081e]:

To Artifact [345685b667]:


  1114   1114   
  1115   1115   	if (slot->pcsc_card_connected) {
  1116   1116   		SCardDisconnect(slot->pcsc_card, SCARD_LEAVE_CARD);
  1117   1117   	}
  1118   1118   
  1119   1119   	slot->slot_reset = 1;
  1120   1120   	slot->pcsc_card_connected = 0;
  1121         -	slot->token_flags = CKF_LOGIN_REQUIRED;
         1121  +	if (cackey_pin_command == NULL) {
         1122  +		slot->token_flags = CKF_LOGIN_REQUIRED;
         1123  +	} else {
         1124  +		slot->token_flags = 0;
         1125  +	}
  1122   1126   
  1123   1127   	CACKEY_DEBUG_PRINTF("Returning.");
  1124   1128   
  1125   1129   	return;
  1126   1130   }
  1127   1131   
  1128   1132   /*
................................................................................
  2870   2874   			/* End transaction */
  2871   2875   			cackey_end_transaction(slot);
  2872   2876   
  2873   2877   			if (respcode == 0x6982) {
  2874   2878   				CACKEY_DEBUG_PRINTF("Security status not satisified.  Returning NEEDLOGIN");
  2875   2879   
  2876   2880   				cackey_mark_slot_reset(slot);
  2877         -				slot->token_flags = CKF_LOGIN_REQUIRED;
  2878   2881   
  2879   2882   				return(CACKEY_PCSC_E_NEEDLOGIN);
  2880   2883   			}
  2881   2884   
  2882   2885   			if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
  2883   2886   				CACKEY_DEBUG_PRINTF("Token absent.  Returning TOKENABSENT");
  2884   2887   
................................................................................
  3969   3972   }
  3970   3973   
  3971   3974   static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
  3972   3975   	struct cackey_pcsc_identity *pcsc_identities;
  3973   3976   	struct cackey_identity *identities;
  3974   3977   	unsigned long num_ids, id_idx, curr_id_type;
  3975   3978   	unsigned long num_certs, num_dod_certs, cert_idx;
  3976         -	int include_extra_certs = 0;
         3979  +	int include_extra_certs = 0, include_dod_certs;
  3977   3980   
  3978   3981   	CACKEY_DEBUG_PRINTF("Called.");
  3979   3982   
  3980   3983   	if (ids_found == NULL) {
  3981   3984   		CACKEY_DEBUG_PRINTF("Error.  ids_found is NULL");
  3982   3985   
  3983   3986   		return(NULL);
................................................................................
  3991   3994   		include_extra_certs = 1;
  3992   3995   	}
  3993   3996   
  3994   3997   	if (getenv("CACKEY_NO_DOD_CERTS_ON_HW_SLOTS") != NULL) {
  3995   3998   		include_extra_certs = 0;
  3996   3999   	}
  3997   4000   
         4001  +#ifdef CACKEY_NO_EXTRA_CERTS
         4002  +	if (getenv("CACKEY_EXTRA_CERTS") != NULL) {
         4003  +		include_dod_certs = 1;
         4004  +	} else {
         4005  +		include_dod_certs = 0;
         4006  +	}
         4007  +#else
  3998   4008   	if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
  3999         -		num_dod_certs = 0;
         4009  +		include_dod_certs = 0;
  4000   4010   	} else {
         4011  +		include_dod_certs = 1;
         4012  +	}
         4013  +#endif
         4014  +
         4015  +	if (include_dod_certs) {
  4001   4016   		num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
         4017  +	} else {
         4018  +		num_dod_certs = 0;
  4002   4019   	}
  4003   4020   
  4004   4021   	if (slot->internal) {
  4005   4022   		num_ids = cackey_read_dod_identities(NULL, num_dod_certs);
  4006   4023   
  4007   4024   		if (num_ids != 0) {
  4008   4025   			identities = malloc(num_ids * sizeof(*identities));
................................................................................
  4404   4421   						if (slot_reset) {
  4405   4422   							cackey_slots[currslot].active = 1;
  4406   4423   							cackey_slots[currslot].internal = 0;
  4407   4424   							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
  4408   4425   							cackey_slots[currslot].pcsc_card_connected = 0;
  4409   4426   							cackey_slots[currslot].transaction_depth = 0;
  4410   4427   							cackey_slots[currslot].transaction_need_hw_lock = 0;
  4411         -							cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
         4428  +							if (cackey_pin_command == NULL) {
         4429  +								cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
         4430  +							} else {
         4431  +								cackey_slots[currslot].token_flags = 0;
         4432  +							}
  4412   4433   							cackey_slots[currslot].label = NULL;
  4413   4434   
  4414   4435   							cackey_mark_slot_reset(&cackey_slots[currslot]);
  4415   4436   						}
  4416   4437   					} else {
  4417   4438   						/* Artificially increase the number of active slots by what will become active */
  4418   4439   						slot_count++;
................................................................................
  5359   5380   
  5360   5381   		cackey_mutex_unlock(cackey_biglock);
  5361   5382   
  5362   5383   		return(CKR_GENERAL_ERROR);
  5363   5384   	}
  5364   5385   
  5365   5386   	cackey_sessions[hSession].state = CKS_RO_PUBLIC_SESSION;
  5366         -	cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
         5387  +
         5388  +	if (cackey_pin_command == NULL) {
         5389  +		cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
         5390  +	} else {
         5391  +		cackey_slots[slotID].token_flags = 0;
         5392  +	}
  5367   5393   
  5368   5394   	mutex_retval = cackey_mutex_unlock(cackey_biglock);
  5369   5395   	if (mutex_retval != 0) {
  5370   5396   		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
  5371   5397   
  5372   5398   		return(CKR_GENERAL_ERROR);
  5373   5399   	}
................................................................................
  6283   6309   		return(CKR_GENERAL_ERROR);
  6284   6310   	}
  6285   6311   
  6286   6312   	switch (cackey_sessions[hSession].decrypt_mechanism) {
  6287   6313   		case CKM_RSA_PKCS:
  6288   6314   			/* Ask card to decrypt */
  6289   6315   			buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
         6316  +
         6317  +			if (buflen == CACKEY_PCSC_E_NEEDLOGIN && cackey_pin_command != NULL) {
         6318  +				if (C_Login(hSession, CKU_USER, NULL, 0) == CKR_OK) {
         6319  +					buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
         6320  +				}
         6321  +			}
  6290   6322   
  6291   6323   			if (buflen < 0) {
  6292   6324   				/* Decryption failed. */
  6293   6325   				if (buflen == CACKEY_PCSC_E_NEEDLOGIN) {
  6294   6326   					retval = CKR_USER_NOT_LOGGED_IN;
  6295   6327   				} else if (buflen == CACKEY_PCSC_E_TOKENABSENT) {
  6296   6328   					retval = CKR_DEVICE_REMOVED;
................................................................................
  6794   6826   	}
  6795   6827   
  6796   6828   	switch (cackey_sessions[hSession].sign_mechanism) {
  6797   6829   		case CKM_RSA_PKCS:
  6798   6830   			/* Ask card to sign */
  6799   6831   			CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", (void *) cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
  6800   6832   			sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
         6833  +
         6834  +			if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN && cackey_pin_command != NULL) {
         6835  +				if (C_Login(hSession, CKU_USER, NULL, 0) == CKR_OK) {
         6836  +					sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
         6837  +				}
         6838  +			}
  6801   6839   
  6802   6840   			if (sigbuflen < 0) {
  6803   6841   				/* Signing failed. */
  6804   6842   				if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN) {
  6805   6843   					retval = CKR_USER_NOT_LOGGED_IN;
  6806   6844   				} else if (sigbuflen == CACKEY_PCSC_E_TOKENABSENT) {
  6807   6845   					retval = CKR_DEVICE_REMOVED;