diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-15 15:59:48 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-24 11:04:25 +0200 |
commit | f68a86202bd1aaeb3988566def4374359b211875 (patch) | |
tree | aeeaabaf6a12c9f35315e3a0f4f5f99afb5d3af7 /lib/pkcs11.c | |
parent | 1d5e93dbd69358fe7d66a3a6dd461d7fbb0738ee (diff) | |
download | gnutls-f68a86202bd1aaeb3988566def4374359b211875.tar.gz |
p11tool: fix initialization of security officer's PINtmp-initialize-so-pin-fix
Previously we would call gnutls_pkcs11_token_set_pin() without an
old PIN provided, which will result to the use of C_InitPIN() on the
underlying module. The C_InitPIN() in contrast with C_SetPIN() will
only work for the user and not for the administrator. As such, we
always provide the oldpin for when we change the admin's PIN.
Resolves #561
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/pkcs11.c')
-rw-r--r-- | lib/pkcs11.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 9909127903..1a335ea959 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -35,9 +35,7 @@ #include <pin.h> #include <pkcs11_int.h> -#include <p11-kit/p11-kit.h> #include "pkcs11x.h" -#include <p11-kit/pin.h> #include <system-keys.h> #include "x509/x509_int.h" @@ -2781,10 +2779,10 @@ retrieve_pin_from_callback(const struct pin_info_st *pin_info, return 0; } -static int -retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info, - struct ck_token_info *token_info, int attempts, - ck_user_type_t user_type, struct p11_kit_pin **pin) +int +pkcs11_retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info, + struct ck_token_info *token_info, int attempts, + ck_user_type_t user_type, struct p11_kit_pin **pin) { const char *pinfile; int ret = GNUTLS_E_PKCS11_PIN_ERROR; @@ -2930,8 +2928,8 @@ pkcs11_login(struct pkcs11_session_info *sinfo, } ret = - retrieve_pin(pin_info, info, &tinfo, attempt++, - user_type, &pin); + pkcs11_retrieve_pin(pin_info, info, &tinfo, attempt++, + user_type, &pin); if (ret < 0) { gnutls_assert(); goto cleanup; |