Changes On Branch require-login-if-needed

Changes In Branch require-login-if-needed Excluding Merge-Ins

This is equivalent to a diff from b5ecb7c2d6 to 38771da1e8

2015-07-16
16:18
Updated to retry login if it fails with a 6D 00 (wrong instruction) check-in: 4e30511f94 user: rkeene tags: trunk
16:06
Reset the card and rescan for certificates if we get the ISO 7816 error 6D 00 (Wrong instruction) error from the card when trying to verify. Closed-Leaf check-in: 52569c3e74 user: rkeene tags: piv-reset-on-wronginstruction
2015-07-15
20:10
Merged in trunk Leaf check-in: 38771da1e8 user: rkeene tags: require-login-if-needed
20:08
Merged in trunk Closed-Leaf check-in: bab332232a user: rkeene tags: protected-auth-path
20:05
Added support for updating the PIN check-in: b5ecb7c2d6 user: rkeene tags: trunk
18:47
Updated KPS CA Certs check-in: efe7692225 user: rkeene tags: trunk
2015-05-04
16:02
Merged in trunk check-in: 6938f7a82c user: rkeene tags: require-login-if-needed

Modified cackey.c from [3a0d4abad4] to [a802283a94].

922
923
924
925
926
927
928




929
930
931
932
933
934
935
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939







+
+
+
+








	CACKEY_DEBUG_PRINTF("Returning 0x%lx", retval);

	return(retval);
}

/* PC/SC Related Functions */
static cackey_ret cackey_login_required(struct cackey_slot *slot) {
	return(CACKEY_PCSC_E_NEEDLOGIN);
}

/*
 * SYNPOSIS
 *     void cackey_slots_disconnect_all(void);
 *
 * ARGUMENTS
 *     None
 *
1096
1097
1098
1099
1100
1101
1102
1103

1104
1105
1106
1107
1108
1109
1110
1111
1112
1113


1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125


1126


1127
1128
1129











1130
1131
1132
1133
1134
1135
1136
1100
1101
1102
1103
1104
1105
1106

1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136



1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154







-
+










+
+












+
+

+
+
-
-
-
+
+
+
+
+
+
+
+
+
+
+







}

/*
 * SYNPOSIS
 *     void cackey_mark_slot_reset(struct cackey_slot *slot);
 *
 * ARGUMENTS
 *     None
 *     ...
 *
 * RETURN VALUE
 *     None
 *
 * NOTES
 *     This function marks a slot has having been reset, to later be cleaned up.
 *     Cleanup only happens when a PKCS#11 client calls C_FindObjectsInit.
 *
 */
static void cackey_mark_slot_reset(struct cackey_slot *slot) {
	int login_required = -1;

	if (slot == NULL) {
		return;
	}

	CACKEY_DEBUG_PRINTF("Called.");

	if (slot->pcsc_card_connected) {
		SCardDisconnect(slot->pcsc_card, SCARD_LEAVE_CARD);
	}

	slot->slot_reset = 1;
	slot->pcsc_card_connected = 0;
	slot->token_flags = 0;

	if (cackey_pin_command == NULL) {
		login_required = 0;
	}
		slot->token_flags = CKF_LOGIN_REQUIRED;
	} else {
		slot->token_flags = 0;

	if (login_required == -1) {
		if (cackey_login_required(slot) != CACKEY_PCSC_S_OK) {
			login_required = 1;
		} else {
			login_required = 0;
		}
	}

	if (login_required) {
		slot->token_flags |= CKF_LOGIN_REQUIRED;
	}

	CACKEY_DEBUG_PRINTF("Returning.");

	return;
}

2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2989
2990
2991
2992
2993
2994
2995


2996
2997
2998
2999
3000
3001
3002







-
-







					CACKEY_DEBUG_PRINTF("Got \"WRONG CLASS\", this means we are talking to the wrong object (likely because the card went away) -- resetting");
				} else {
					CACKEY_DEBUG_PRINTF("Security status not satisified (respcode = 0x%04x).  Returning NEEDLOGIN", (int) respcode);
				}

				cackey_mark_slot_reset(slot);

				slot->token_flags = CKF_LOGIN_REQUIRED;

				return(CACKEY_PCSC_E_NEEDLOGIN);
			}

			if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
				CACKEY_DEBUG_PRINTF("Token absent.  Returning TOKENABSENT");

				cackey_mark_slot_reset(slot);
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693

4694
4695
4696
4697
4698
4699
4700
4701
4699
4700
4701
4702
4703
4704
4705




4706

4707
4708
4709
4710
4711
4712
4713







-
-
-
-
+
-







						if (slot_reset) {
							cackey_slots[currslot].active = 1;
							cackey_slots[currslot].internal = 0;
							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
							cackey_slots[currslot].pcsc_card_connected = 0;
							cackey_slots[currslot].transaction_depth = 0;
							cackey_slots[currslot].transaction_need_hw_lock = 0;
							if (cackey_pin_command == NULL) {
								cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
							} else {
								cackey_slots[currslot].token_flags = 0;
							cackey_slots[currslot].token_flags = 0;
							}
							cackey_slots[currslot].label = NULL;

							cackey_mark_slot_reset(&cackey_slots[currslot]);
						}
					} else {
						if (!cackey_slots[currslot].active) {
							/* Artificially increase the number of active slots by what will become active */
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5779
5780
5781
5782
5783
5784
5785






5786
5787
5788
5789
5790
5791
5792







-
-
-
-
-
-







		cackey_mutex_unlock(cackey_biglock);

		return(CKR_GENERAL_ERROR);
	}

	cackey_sessions[hSession].state = CKS_RO_PUBLIC_SESSION;

	if (cackey_pin_command == NULL) {
		cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
	} else {
		cackey_slots[slotID].token_flags = 0;
	}

	mutex_retval = cackey_mutex_unlock(cackey_biglock);
	if (mutex_retval != 0) {
		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");

		return(CKR_GENERAL_ERROR);
	}