From 49a33f79c941a18d90a6dada9c32f526b1a5aa9c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 29 May 2017 11:11:24 +0200
Subject: pkcs11: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login

That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
a login will be forced. This allows operation on the safenet HSMs
which do not set that flag.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/pkcs11_int.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/pkcs11_int.h')

diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index bcde4d8ce8..60a1494af6 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -131,6 +131,8 @@ _gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
 #define SESSION_LOGIN (1<<1)
 #define SESSION_SO (1<<2)	/* security officer session */
 #define SESSION_TRUSTED (1<<3) /* session on a marked as trusted (p11-kit) module */
+#define SESSION_FORCE_LOGIN (1<<4) /* force login even when CFK_LOGIN_REQUIRED is not set */
+
 int pkcs11_open_session(struct pkcs11_session_info *sinfo,
 			struct pin_info_st *pin_info,
 			struct p11_kit_uri *info, unsigned int flags);
-- 
cgit v1.2.1