diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-10-21 15:10:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-10-21 15:16:58 +0200 |
commit | 88984a77d7a07b6570b147700a6922d09c8160a9 (patch) | |
tree | d59dab05ddecbee6d3dc875fcbb282c57988c82e /src | |
parent | 7fc2d925824b23451c99986364e67a703a9eb0aa (diff) | |
download | gnutls-88984a77d7a07b6570b147700a6922d09c8160a9.tar.gz |
p11tool: attempt to auto-login when the token requires it
In operations like generation or writing objects, run as if --login
was given if the token is marked to require login.
Relates #147
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/pkcs11.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/src/pkcs11.c b/src/pkcs11.c index 9a84982494..4017bcb0eb 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -59,10 +59,19 @@ static char *_saved_url = NULL; #define KEEP_LOGIN_FLAGS(flags) (flags & (GNUTLS_PKCS11_OBJ_FLAG_LOGIN|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)) -#define CHECK_LOGIN_FLAG(flags) \ - if ((flags & KEEP_LOGIN_FLAGS(flags)) == 0) \ - fprintf(stderr, \ - "warning: --login was not specified and it may be required for this operation.\n") +#define CHECK_LOGIN_FLAG(url, flags) \ + if ((flags & KEEP_LOGIN_FLAGS(flags)) == 0) { \ + unsigned _tflags; \ + int _r = gnutls_pkcs11_token_get_flags(url, &_tflags); \ + if (_r >= 0 && (_tflags & GNUTLS_PKCS11_TOKEN_LOGIN_REQUIRED)) { \ + flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN; \ + fprintf(stderr, \ + "note: assuming --login for this operation.\n"); \ + } else { \ + fprintf(stderr, \ + "warning: --login was not specified and it may be required for this operation.\n"); \ + } \ + } void @@ -1133,7 +1142,8 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, pkcs11_common(info); FIX(url, outfile, 0, info); - CHECK_LOGIN_FLAG(flags); + + CHECK_LOGIN_FLAG(url, flags); if (label == NULL && info->batch == 0) { label = read_str("warning: The object's label was not specified.\nLabel: "); } @@ -1268,7 +1278,8 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, pkcs11_common(info); FIX(url, outfile, detailed, info); - CHECK_LOGIN_FLAG(flags); + + CHECK_LOGIN_FLAG(url, flags); if (id != NULL) { raw_id_size = sizeof(raw_id); @@ -1322,7 +1333,8 @@ pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int pkcs11_common(info); FIX(url, outfile, detailed, info); - CHECK_LOGIN_FLAG(flags); + + CHECK_LOGIN_FLAG(url, flags); if (outfile == stderr || outfile == stdout) { fprintf(stderr, "warning: no --outfile was specified and the public key will be printed on screen.\n"); @@ -1538,7 +1550,8 @@ void pkcs11_set_val(FILE * outfile, const char *url, int detailed, pkcs11_common(info); FIX(url, outfile, detailed, info); - CHECK_LOGIN_FLAG(flags); + + CHECK_LOGIN_FLAG(url, flags); ret = gnutls_pkcs11_obj_init(&obj); if (ret < 0) { |