Don't try to do PKCS#11 login if session is already logged in.

 * It is possible for new PKCS#11 sessions to be logged in if
   another logged in session already exists.
 * In these cases, don't log in, but detect the condition and
   return success.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

1 files changed, 10 insertions, 0 deletions

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 25939f9ca1..f5e496546d 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1890,6 +1890,7 @@ int
 pkcs11_login (struct ck_function_list * module, ck_session_handle_t pks,
               const struct token_info *tokinfo, struct p11_kit_uri *info, int so)
 {
+  struct ck_session_info session_info;
   int attempt = 0, ret;
   ck_user_type_t user_type;
   ck_rv_t rv;
@@ -1928,6 +1929,15 @@ pkcs11_login (struct ck_function_list * module, ck_session_handle_t pks,
 
       memcpy (&tinfo, &tokinfo->tinfo, sizeof(tinfo));
 
+      /* Check whether the session is already logged in, and if so, just skip */
+      rv = (module)->C_GetSessionInfo (pks, &session_info);
+      if (rv == CKR_OK && (session_info.state == CKS_RO_USER_FUNCTIONS ||
+                           session_info.state == CKS_RW_USER_FUNCTIONS))
+        {
+          ret = 0;
+          goto cleanup;
+        }
+
       /* If login has been attempted once already, check the token
        * status again, the flags might change. */
       if (attempt)