diff options
Diffstat (limited to 'lib/pkcs11.c')
-rw-r--r-- | lib/pkcs11.c | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 5785c4c782..b88b5af846 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1345,7 +1345,7 @@ pkcs11_open_session(struct pkcs11_session_info *sinfo, ret = pkcs11_login(sinfo, pin_info, info, - flags, 0); + flags); if (ret < 0) { gnutls_assert(); pkcs11_close_session(sinfo); @@ -1426,7 +1426,7 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input, ret = pkcs11_login(&sinfo, pin_info, - info, flags, 0); + info, flags); if (ret < 0) { gnutls_assert(); return ret; @@ -2556,8 +2556,7 @@ int pkcs11_login(struct pkcs11_session_info *sinfo, struct pin_info_st *pin_info, struct p11_kit_uri *info, - unsigned flags, - unsigned reauth) + unsigned flags) { struct ck_session_info session_info; int attempt = 0, ret; @@ -2569,18 +2568,18 @@ pkcs11_login(struct pkcs11_session_info *sinfo, return 0; } - if (!(flags & SESSION_SO)) { - if (reauth == 0) - user_type = CKU_USER; - else - user_type = CKU_CONTEXT_SPECIFIC; - } else + if (flags & SESSION_SO) { user_type = CKU_SO; + } else if (flags & SESSION_CONTEXT_SPECIFIC) { + user_type = CKU_CONTEXT_SPECIFIC; + } else { + user_type = CKU_USER; + } if (!(flags & (SESSION_FORCE_LOGIN|SESSION_SO)) && !(sinfo->tinfo.flags & CKF_LOGIN_REQUIRED)) { gnutls_assert(); - _gnutls_debug_log("p11: No login required.\n"); + _gnutls_debug_log("p11: No login required in token.\n"); return 0; } @@ -2611,7 +2610,7 @@ pkcs11_login(struct pkcs11_session_info *sinfo, /* Check whether the session is already logged in, and if so, just skip */ rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks, &session_info); - if (rv == CKR_OK && reauth == 0 && + if (rv == CKR_OK && !(flags & SESSION_CONTEXT_SPECIFIC) && (session_info.state == CKS_RO_USER_FUNCTIONS || session_info.state == CKS_RW_USER_FUNCTIONS)) { ret = 0; @@ -2655,15 +2654,14 @@ pkcs11_login(struct pkcs11_session_info *sinfo, login_finished: _gnutls_debug_log("p11: Login result = %s (%lu)\n", (rv==0)?"ok":p11_kit_strerror(rv), rv); - if (rv == CKR_USER_TYPE_INVALID && user_type == CKU_CONTEXT_SPECIFIC) { + if (unlikely(rv == CKR_USER_TYPE_INVALID && user_type == CKU_CONTEXT_SPECIFIC)) { _gnutls_debug_log("p11: Retrying login with CKU_USER\n"); /* PKCS#11 v2.10 don't know about CKU_CONTEXT_SPECIFIC */ user_type = CKU_USER; goto retry_login; } - ret = (rv == CKR_OK - || rv == + ret = (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err(rv); cleanup: |