diff options
author | relyea%netscape.com <devnull@localhost> | 2005-09-29 23:44:39 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2005-09-29 23:44:39 +0000 |
commit | a87657cf86d8c5f114993a2d701a0bd5c8794bcc (patch) | |
tree | 79359437a22906a4e9a76585426d25ccf073c5ff /security/nss/lib | |
parent | 9bccd5028145293ab92d466bf767dd539406cbee (diff) | |
download | nss-hg-a87657cf86d8c5f114993a2d701a0bd5c8794bcc.tar.gz |
Bug 119500 PKCS#11 CKF_PROTECTED_AUTHENTICATION_PATH token flag not supported
wtc's review r=wtc
Diffstat (limited to 'security/nss/lib')
-rw-r--r-- | security/nss/lib/pk11wrap/pk11auth.c | 11 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/secmodt.h | 6 |
2 files changed, 9 insertions, 8 deletions
diff --git a/security/nss/lib/pk11wrap/pk11auth.c b/security/nss/lib/pk11wrap/pk11auth.c index c4193ab49..a9bc39943 100644 --- a/security/nss/lib/pk11wrap/pk11auth.c +++ b/security/nss/lib/pk11wrap/pk11auth.c @@ -567,7 +567,7 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) * we can skip our own C_Login call (which would force the token to * try to login again). * - * Applications that don't know about protectedPinAuth will return a + * Applications that don't know about protectedAuthPath will return a * password, which we will ignore and trigger the token to * 'authenticate' itself anyway. Hopefully the blinking display on * the reader, or the flashing light under the thumbprint reader will @@ -579,13 +579,14 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) if (strcmp(password, PK11_PW_RETRY) == 0) { rv = SECWouldBlock; PORT_Free(password); - break; - /* applicaton tried to authenticate and succeeded we're done */ - } else if (strcmp(password, PK11_PW_AUTHENTICATED) == 0) { + continue; + } + /* applicaton tried to authenticate and succeeded we're done */ + if (strcmp(password, PK11_PW_AUTHENTICATED) == 0) { rv = SECSuccess; PORT_Free(password); break; - } + } } rv = pk11_CheckPassword(slot,password); PORT_Memset(password, 0, PORT_Strlen(password)); diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index 9a3da93df..cc63eddc7 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -390,7 +390,7 @@ typedef PRBool (PR_CALLBACK *PK11IsLoggedInFunc)(PK11SlotInfo *slot, void *arg); /* * Special strings the password callback function can return only if - * the slot is an protected pin path slot. + * the slot is an protected auth path slot. */ #define PK11_PW_RETRY "RETRY" /* an failed attempt to authenticate * has already been made, just retry @@ -399,9 +399,9 @@ typedef PRBool (PR_CALLBACK *PK11IsLoggedInFunc)(PK11SlotInfo *slot, void *arg); * has completed. Continue without * another call to C_Login */ /* All other non-null values mean that that NSS could call C_Login to force - * the authentication. The following define is to add applications in + * the authentication. The following define is to aid applications in * documenting that is what it's trying to do */ -#define PK11_PW_TRY "" /* Default: a prompt has been presented +#define PK11_PW_TRY "TRY" /* Default: a prompt has been presented * to the user, initiate a C_Login * to authenticate the token */ |