[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_6

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_6_1-11-g2f3

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_6_1-11-g2f3cc82
Date:	Thu, 16 Jun 2011 18:50:42 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2f3cc82fb0b4595248d15fbf561230d9514ddf36

The branch, gnutls_2_12_x has been updated
       via  2f3cc82fb0b4595248d15fbf561230d9514ddf36 (commit)
       via  67528599f406e1d097a79c81cf39c68a2b7eff39 (commit)
      from  f1c371eb1ddc4eeba32473124b9ac2f650defcb4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2f3cc82fb0b4595248d15fbf561230d9514ddf36
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu Jun 16 20:50:31 2011 +0200

    updated news

commit 67528599f406e1d097a79c81cf39c68a2b7eff39
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu Jun 16 20:45:51 2011 +0200

    Corrections on security officer login.

-----------------------------------------------------------------------

Summary of changes:
 NEWS            |   18 +++++++++++++
 lib/pkcs11.c    |    2 +-
 src/Makefile.am |    2 +-
 src/p11common.c |   12 +++++++--
 src/pkcs11.c    |   73 +++----------------------------------------------------
 5 files changed, 33 insertions(+), 74 deletions(-)

diff --git a/NEWS b/NEWS
index e0dda70..edd0730 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,24 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
               2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+* Version 2.12.7 (unreleased)
+
+** p11tool: Require login as security officer if --trusted option is
+provided. Reported by Rickard Bellgrim.
+
+** libgnutls: The CKA_SUBJECT field is specified when copying certificates
+in PKCS #11 smart-cards. Patch by Rickard Bellgrim.
+
+** libgnutls: Write label when writing private keys in PKCS #11 tokens.
+Reported by Rickard Bellgrim.
+
+** libgnutls: Accept CKR_USER_ALREADY_LOGGED_IN as a valid error code
+when logging in to PKCS #11 tokens.
+
+** API and ABI modifications:
+No changes since last version.
+
+
 * Version 2.12.6 (released 2011-06-4)
 
 ** libgnutls: Allow usage of DSA signatures with truncated hash.
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 764448b..ada3c5c 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1779,7 +1779,7 @@ pkcs11_obj_flags_to_int (unsigned int flags)
 
   if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
     ret_flags |= SESSION_LOGIN;
-  else if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
+  if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
     ret_flags |= SESSION_LOGIN|SESSION_SO;
 
   return ret_flags;
diff --git a/src/Makefile.am b/src/Makefile.am
index 32c60b7..9121621 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -108,7 +108,7 @@ libcmd_certtool_la_LIBADD += ../gl/libgnu.la 
$(INET_PTON_LIB)
 
 # p11 tool
 p11tool_gaa_CFLAGS =
-p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c p11tool.h
+p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c p11tool.h 
$(PKCS11_SRCS)
 p11tool_LDADD = ../lib/libgnutls.la 
 p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la
 p11tool_LDADD += $(LTLIBGCRYPT)
diff --git a/src/p11common.c b/src/p11common.c
index f91123f..ae56cf0 100644
--- a/src/p11common.c
+++ b/src/p11common.c
@@ -36,11 +36,17 @@ pin_callback (void *user, int attempt, const char 
*token_url,
               size_t pin_max)
 {
   const char *password;
+  const char * desc;
   int len, cache = 1;
 /* allow caching of PIN */
   static char *cached_url = NULL;
   static char cached_pin[32] = "";
 
+  if (flags & GNUTLS_PKCS11_PIN_SO)
+    desc = "security officer";
+  else
+    desc = "user";
+
   if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
     {
       cache = 0;
@@ -67,10 +73,10 @@ pin_callback (void *user, int attempt, const char 
*token_url,
         }
     }
 
-  printf ("PIN required for token '%s' with URL '%s'\n", token_label,
-          token_url);
+  printf ("Token '%s' with URL '%s' ", token_label, token_url);
+  printf ("requires %s PIN\n", desc);
 
-  password = getpass ("Enter pin: ");
+  password = getpass ("Enter PIN: ");
   if (password == NULL || password[0] == 0)
     {
       fprintf (stderr, "No password given\n");
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 9c0526a..20a076f 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -32,68 +32,7 @@
 #include "certtool-common.h"
 #include <unistd.h>
 #include <string.h>
-
-#define MIN(x,y) ((x)<(y))?(x):(y)
-
-static int
-pin_callback (void *user, int attempt, const char *token_url,
-              const char *token_label, unsigned int flags, char *pin,
-              size_t pin_max)
-{
-  const char *password;
-  int len;
-/* allow caching of PIN */
-  static char *cached_url = NULL;
-  static char cached_pin[32] = "";
-
-  printf ("PIN required for token '%s' with URL '%s'\n", token_label,
-          token_url);
-  if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
-    printf ("*** This is the final try before locking!\n");
-  if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
-    printf ("*** Only few tries left before locking!\n");
-
-  if (flags == 0 && cached_url != NULL)
-    {
-      if (strcmp (cached_url, token_url) == 0)
-        {
-          strcpy (pin, cached_pin);
-          return 0;
-        }
-    }
-
-  password = getpass ("Enter PIN: ");
-  if (password == NULL || password[0] == 0)
-    {
-      fprintf (stderr, "No PIN given\n");
-      exit (1);
-    }
-
-  len = MIN (pin_max, strlen (password));
-  memcpy (pin, password, len);
-  pin[len] = 0;
-
-  /* cache */
-  if (strlen(pin) >= sizeof(cached_pin))
-    {
-      fprintf (stderr, "Too long PIN given\n");
-      exit (1);
-    }
-
-  strcpy (cached_pin, pin);
-  free (cached_url);
-  cached_url = strdup (token_url);
-
-  return 0;
-}
-
-static void
-pkcs11_common (void)
-{
-
-  gnutls_pkcs11_set_pin_function (pin_callback, NULL);
-
-}
+#include <p11common.h>
 
 void
 pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
@@ -145,12 +84,7 @@ pkcs11_list (FILE * outfile, const char *url, int type, 
unsigned int login,
   unsigned int obj_flags = 0;
 
   if (login)
-    {
-      if (type == PKCS11_TYPE_TRUSTED)
-        obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
-      else
-        obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
-    }
+    obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
 
   pkcs11_common ();
 
@@ -567,7 +501,8 @@ pkcs11_write (FILE * outfile, const char *url, const char 
*label, int trusted,
   if (xcrt != NULL)
     {
       if (trusted)
-        flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
+        flags |= 
GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
+
       ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags);
       if (ret < 0)
         {


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_6_1-11-g2f3cc82, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-94-g9a64508
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-103-g27a424c
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-94-g9a64508
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-103-g27a424c
Index(es):
- Date
- Thread