diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-15 21:32:19 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-15 21:32:19 +0200 |
commit | 3830d1309f4cd15c0394f9a0344b54234723161e (patch) | |
tree | 00e878e7ff633f70e7dab0b5f0b87a05d05389da | |
parent | 3399647148085818f1adcae9fc0ed9e054366de1 (diff) | |
download | gnutls-3830d1309f4cd15c0394f9a0344b54234723161e.tar.gz |
When setting the TRUSTED flag login as security officer.
-rw-r--r-- | lib/includes/gnutls/pkcs11.h | 1 | ||||
-rw-r--r-- | lib/pkcs11.c | 2 | ||||
-rw-r--r-- | src/pkcs11.c | 7 |
3 files changed, 9 insertions, 1 deletions
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 4f2cefd6a4..c1b7981035 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -68,6 +68,7 @@ int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj); #define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ #define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ #define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ +#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */ /** * gnutls_pkcs11_url_type_t: diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 0d9b15c453..764448bf13 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1779,6 +1779,8 @@ pkcs11_obj_flags_to_int (unsigned int flags) if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN) ret_flags |= SESSION_LOGIN; + else if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO) + ret_flags |= SESSION_LOGIN|SESSION_SO; return ret_flags; } diff --git a/src/pkcs11.c b/src/pkcs11.c index 0dc9b58e08..9c0526ae71 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -145,7 +145,12 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, unsigned int obj_flags = 0; if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + { + if (type == PKCS11_TYPE_TRUSTED) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO; + else + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + } pkcs11_common (); |