diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-06-17 14:22:02 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-06-17 15:30:19 +0200 |
| commit | 59063788cd62ed6e1684c77785dae762e789753a (patch) | |
| tree | 327d9312c3cc135fe99228d4d626f4b27a84e91f /lib/pkcs11.c | |
| parent | 8b99e806f85cde270bb2402649cf0f628f33f198 (diff) | |
| download | gnutls-59063788cd62ed6e1684c77785dae762e789753a.tar.gz | |
pkcs11: cleanups in pkcs11_login()tmp-safenet-updates-v2
Use pkcs11_rv_to_err() to return the right error code map after
PKCS#11 calls; separate checks for already log in status for SO and
user login.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/pkcs11.c')
| -rw-r--r-- | lib/pkcs11.c | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index b22d8e8e5b..4d7eb69f91 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2596,7 +2596,7 @@ pkcs11_login(struct pkcs11_session_info *sinfo, gnutls_assert(); _gnutls_debug_log ("p11: Protected login failed.\n"); - ret = GNUTLS_E_PKCS11_ERROR; + ret = pkcs11_rv_to_err(rv); goto cleanup; } } @@ -2611,26 +2611,35 @@ pkcs11_login(struct pkcs11_session_info *sinfo, /* Check whether the session is already logged in, and if so, just skip */ rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks, &session_info); - if (rv == CKR_OK && - (session_info.state == CKS_RO_USER_FUNCTIONS - || session_info.state == CKS_RW_USER_FUNCTIONS)) { - ret = 0; - _gnutls_debug_log - ("p11: Already logged in\n"); - goto cleanup; + if (rv == CKR_OK) { + if (flags & SESSION_SO) { + if (session_info.state == CKS_RW_SO_FUNCTIONS) { + ret = 0; + _gnutls_debug_log + ("p11: Already logged in as SO\n"); + goto cleanup; + } + } else if (session_info.state == CKS_RO_USER_FUNCTIONS + || session_info.state == CKS_RW_USER_FUNCTIONS) { + ret = 0; + _gnutls_debug_log + ("p11: Already logged in as user\n"); + goto cleanup; + } } } /* If login has been attempted once already, check the token * status again, the flags might change. */ if (attempt) { - if (pkcs11_get_token_info - (sinfo->module, sinfo->sid, - &tinfo) != CKR_OK) { + rv = pkcs11_get_token_info(sinfo->module, sinfo->sid, + &tinfo); + if (rv != CKR_OK) { gnutls_assert(); _gnutls_debug_log ("p11: GetTokenInfo failed\n"); - ret = GNUTLS_E_PKCS11_ERROR; + + ret = pkcs11_rv_to_err(rv); goto cleanup; } } |