diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-07-06 20:58:09 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-07-06 20:58:09 +0200 |
| commit | 317ac1ff0139b78fe905da542ba80dd26bbcd4bf (patch) | |
| tree | 91c524b6d8be4bfe6c7a1a8ed51317be4b32ec5c | |
| parent | 875b8bdd306fb105f7f24f27a3627a6626063bba (diff) | |
| download | gnutls-317ac1ff0139b78fe905da542ba80dd26bbcd4bf.tar.gz | |
Added so-login flag to force security office login to the card
| -rw-r--r-- | src/p11tool-args.def | 10 | ||||
| -rw-r--r-- | src/p11tool.c | 5 | ||||
| -rw-r--r-- | src/pkcs11.c | 36 |
3 files changed, 31 insertions, 20 deletions
diff --git a/src/p11tool-args.def b/src/p11tool-args.def index 8a92730c21..eb343b8681 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -129,7 +129,15 @@ flag = { flag = { name = login; - descrip = "Force login to token"; + descrip = "Force (user) login to token"; + disabled; + disable = "no"; + doc = ""; +}; + +flag = { + name = so-login; + descrip = "Force security officer login to token"; disabled; disable = "no"; doc = ""; diff --git a/src/p11tool.c b/src/p11tool.c index fe17e78d29..1317a68543 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -151,7 +151,10 @@ cmd_parser (int argc, char **argv) detailed_url = 1; if (ENABLED_OPT(LOGIN)) - login = 1; + login = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + if (ENABLED_OPT(SO_LOGIN)) + login = GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO; if (HAVE_OPT(LABEL)) { diff --git a/src/pkcs11.c b/src/pkcs11.c index 9b4cd8c853..02fbf235ef 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -34,18 +34,18 @@ #include <common.h> void -pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, +pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login_flags, common_info_st * info) { int ret; unsigned int obj_flags = 0; - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + if (login_flags) + obj_flags = login_flags; if (!batch) { - pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login, + pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login_flags, GNUTLS_PKCS11_URL_LIB, info); ret = read_yesno ("Are you sure you want to delete those objects? (y/N): ", 0); @@ -71,7 +71,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, /* lists certificates from a token */ void -pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, +pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login_flags, unsigned int detailed, common_info_st * info) { gnutls_pkcs11_obj_t *crt_list; @@ -81,8 +81,8 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, int attrs; unsigned int obj_flags = 0; - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + if (login_flags) + obj_flags = login_flags; pkcs11_common (); @@ -175,7 +175,7 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, } void -pkcs11_export (FILE * outfile, const char *url, unsigned int login, +pkcs11_export (FILE * outfile, const char *url, unsigned int login_flags, common_info_st * info) { gnutls_pkcs11_obj_t crt; @@ -185,8 +185,8 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login, size_t size; unsigned int obj_flags = 0; - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + if (login_flags) + obj_flags = login_flags; pkcs11_common (); @@ -396,7 +396,7 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed, void pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, int private, - unsigned int login, common_info_st * info) + unsigned int login_flags, common_info_st * info) { gnutls_x509_crt_t xcrt; gnutls_x509_privkey_t xkey; @@ -405,8 +405,8 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, unsigned int key_usage = 0; gnutls_datum_t *secret_key; - if (login) - flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + if (login_flags) + flags = login_flags; pkcs11_common (); @@ -481,14 +481,14 @@ void pkcs11_generate (FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, unsigned int bits, const char *label, int private, int detailed, - unsigned int login, common_info_st * info) + unsigned int login_flags, common_info_st * info) { int ret; unsigned int flags = 0; gnutls_datum_t pubkey; - if (login) - flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + if (login_flags) + flags = login_flags; pkcs11_common (); @@ -506,7 +506,7 @@ pkcs11_generate (FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, { fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror (ret)); - if (login == 0) + if (login_flags == 0) fprintf(stderr, "Note that --login was not specified and it may be required for generation.\n"); else if (bits != 1024) fprintf (stderr, "Note that several smart cards do not support arbitrary size keys.\nTry --bits 1024 or 2048.\n"); @@ -781,7 +781,7 @@ const char *mech_list[] = { }; void -pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login, +pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login_flags, common_info_st * info) { int ret; |