[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_8-7-gb5d1d4

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_8-7-gb5d1d49
Date:	Sun, 14 Aug 2011 13:18:59 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b5d1d49215c4892c933ec21ba86f3e0483639a1f

The branch, gnutls_2_12_x has been updated
       via  b5d1d49215c4892c933ec21ba86f3e0483639a1f (commit)
       via  ecce13d83f7cd3363b553d7a9c20b34a3ad55503 (commit)
      from  13480c88e5846248fd32e21aeed85d94ade455a4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b5d1d49215c4892c933ec21ba86f3e0483639a1f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Aug 14 15:06:06 2011 +0200

    documented fix

commit ecce13d83f7cd3363b553d7a9c20b34a3ad55503
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Aug 14 15:02:33 2011 +0200

    Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously given 
PIN is wrong.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                         |    2 +-
 lib/includes/gnutls/pkcs11.h |   69 +++++++++++++++++++++++++++++++----------
 lib/pkcs11.c                 |    3 ++
 src/p11common.c              |    7 ++++
 4 files changed, 63 insertions(+), 18 deletions(-)

diff --git a/NEWS b/NEWS
index 0e63ba8..b730ca3 100644
--- a/NEWS
+++ b/NEWS
@@ -10,7 +10,7 @@ flags in the callback were not being updated to reflect
 for PIN low count or final try.
 
 ** API and ABI modifications:
-No changes since last version.
+GNUTLS_PKCS11_PIN_WRONG: New flag for PIN callback
 
 
 * Version 2.12.8 (released 2011-08-08)
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index 18e9586..3f23879 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -19,25 +19,60 @@ typedef int (*gnutls_pkcs11_token_callback_t) (void *const 
global_data,
                                                const char *const label,
                                                const unsigned retry);
 
-  /**
-   * gnutls_pkcs11_pin_flag_t:
-   * @GNUTLS_PKCS11_PIN_USER: The PIN for the user.
-   * @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer.
-   * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and 
key like signing.
-   * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking.
-   * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks.
-   *
-   * Enumeration of different PIN flags.
-   */
+/**
+ * gnutls_pkcs11_pin_flag_t:
+ * @GNUTLS_PKCS11_PIN_USER: The PIN for the user.
+ * @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer.
+ * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and 
key like signing.
+ * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking.
+ * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks.
+ * @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct.
+ *
+ * Enumeration of different PIN flags.
+ */
 typedef enum
-{
-  GNUTLS_PKCS11_PIN_USER = (1 << 0),
-  GNUTLS_PKCS11_PIN_SO = (1 << 1),
-  GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
-  GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
-  GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3),
-} gnutls_pkcs11_pin_flag_t;
-
+  {
+    GNUTLS_PKCS11_PIN_USER = (1 << 0),
+    GNUTLS_PKCS11_PIN_SO = (1 << 1),
+    GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
+    GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3),
+    GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
+    GNUTLS_PKCS11_PIN_WRONG = (1 << 5),
+  } gnutls_pkcs11_pin_flag_t;
+
+/**
+ * gnutls_pkcs11_pin_callback_t:
+ * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
+ * @attempt: pin-attempt counter, initially 0.
+ * @token_url: PKCS11 URL.
+ * @token_label: label of PKCS11 token.
+ * @flags: a #gnutls_pkcs11_pin_flag_t flag.
+ * @pin: buffer to hold PIN, of size @pin_max.
+ * @pin_max: size of @pin buffer.
+ *
+ * Callback function type for PKCS#11 PIN entry.  It is set by
+ * gnutls_pkcs11_set_pin_function().
+ *
+ * The callback should provides the PIN code to unlock the token with
+ * label @token_label, specified by the URL @token_url.
+ *
+ * The PIN code, as a NUL-terminated ASCII string, should be copied
+ * into the @pin buffer (of maximum size @pin_max), and return 0 to
+ * indicate success.  Alternatively, the callback may return a
+ * negative gnutls error code to indicate failure and cancel PIN entry
+ * (in which case, the contents of the @pin parameter are ignored).
+ *
+ * When a PIN is required, the callback will be invoked repeatedly
+ * (and indefinitely) until either the returned PIN code is correct,
+ * the callback returns failure, or the token refuses login (e.g. when
+ * the token is locked due to too many incorrect PINs!).  For the
+ * first such invocation, the @attempt counter will have value zero;
+ * it will increase by one for each subsequent attempt.
+ *
+ * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
+ *
+ * Since: 2.12.0
+ **/
 typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt,
                                              const char *token_url,
                                              const char *token_label,
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index fed076b..83fad64 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1848,6 +1848,9 @@ retrieve_pin_for_callback (struct ck_token_info 
*token_info, int attempts,
         flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
     }
 
+  if (attempts > 0)
+    flags |= GNUTLS_PKCS11_PIN_WRONG;
+
   ret = pin_func (pin_data, attempts, (char*)token_str, label,
                   flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
   free (token_str);
diff --git a/src/p11common.c b/src/p11common.c
index 579d489..c301de0 100644
--- a/src/p11common.c
+++ b/src/p11common.c
@@ -58,6 +58,12 @@ pin_callback (void *user, int attempt, const char *token_url,
       cache = 0;
       printf ("*** Only few tries left before locking!\n");
     }
+
+  if (flags & GNUTLS_PKCS11_PIN_WRONG)
+    {
+      cache = 0;
+      printf ("*** Wrong PIN has been provided!\n");
+    }
     
   if (cache > 0 && cached_url != NULL)
     {
@@ -69,6 +75,7 @@ pin_callback (void *user, int attempt, const char *token_url,
               exit (1);
             }
 
+          fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
           strcpy (pin, cached_pin);
           cache--;
           return 0;


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_8-7-gb5d1d49, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-128-g9c93ace
Next by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_8-8-gee28e7f
Previous by thread: [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-128-g9c93ace
Next by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_8-8-gee28e7f
Index(es):
- Date
- Thread