pkcs11_login: set the correct user type on reauthentication

2 files changed, 11 insertions, 4 deletions

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index dfe78c4fa8..a370199170 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2184,14 +2184,21 @@ pkcs11_login(struct pkcs11_session_info *sinfo,
 	     struct pin_info_st *pin_info,
 	     struct p11_kit_uri *info,
 	     unsigned so,
-	     unsigned force)
+	     unsigned reauth)
 {
 	struct ck_session_info session_info;
 	int attempt = 0, ret;
 	ck_user_type_t user_type;
 	ck_rv_t rv;
 
-	user_type = (so == 0) ? CKU_USER : CKU_SO;
+	if (so == 0) {
+		if (reauth == 0)
+			user_type = CKU_USER;
+		else
+			user_type = CKU_CONTEXT_SPECIFIC;
+	} else
+		user_type = CKU_SO;
+
 	if (so == 0 && (sinfo->tinfo.flags & CKF_LOGIN_REQUIRED) == 0) {
 		gnutls_assert();
 		_gnutls_debug_log("p11: No login required.\n");
@@ -2226,7 +2233,7 @@ pkcs11_login(struct pkcs11_session_info *sinfo,
 		/* Check whether the session is already logged in, and if so, just skip */
 		rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks,
 						       &session_info);
-		if (rv == CKR_OK && force == 0 &&
+		if (rv == CKR_OK && reauth == 0 &&
 		    (session_info.state == CKS_RO_USER_FUNCTIONS
 			|| session_info.state == CKS_RW_USER_FUNCTIONS)) {
 			ret = 0;
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 6c8541d574..82bf367069 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -103,7 +103,7 @@ int pkcs11_get_info(struct p11_kit_uri *info,
 int pkcs11_login(struct pkcs11_session_info *sinfo,
 		 struct pin_info_st *pin_info,
 		 struct p11_kit_uri *info, unsigned so,
-		 unsigned force);
+		 unsigned reauth);
 
 int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry);