[pkg-opensc-commit] [libp11] 02/67: Added PKCS11_is_logged_in function

Sat Jan 30 05:34:04 UTC 2016

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit b474cb0b2b10cdaf0774c0a89f6441ee28708850
Author: Mikhail Denisenko <denisenk at amazon.com>
Date:   Thu Nov 5 19:44:15 2015 -0500

    Added PKCS11_is_logged_in function
---
 examples/auth.c    | 24 +++++++++++++++++++++++-
 src/libp11.exports |  1 +
 src/libp11.h       | 12 ++++++++++++
 src/p11_slot.c     | 32 ++++++++++++++++++++++++++++++++
 4 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/examples/auth.c b/examples/auth.c
index 6e1a977..53132ce 100644
--- a/examples/auth.c
+++ b/examples/auth.c
@@ -33,7 +33,7 @@ int main(int argc, char *argv[])
 	unsigned char *random = NULL, *signature = NULL;
 
 	char password[20];
-	int rc = 0, fd;
+	int rc = 0, fd, logged_in;
 	unsigned int nslots, ncerts, siglen;
 
 	if (argc < 2) {
@@ -107,6 +107,17 @@ int main(int argc, char *argv[])
 	}
 
  loggedin:
+	/* check if user is logged in */
+	rc = PKCS11_is_logged_in(slot, 0, &logged_in);
+	if (rc != 0) {
+		fprintf(stderr, "PKCS11_is_logged_in failed\n");
+		goto failed;
+	}
+	if (logged_in) {
+		fprintf(stderr, "PKCS11_is_logged_in says user is logged in, expected to be not logged in\n");
+		goto failed;
+	}
+
 	/* perform pkcs #11 login */
 	rc = PKCS11_login(slot, 0, password);
 	memset(password, 0, strlen(password));
@@ -115,6 +126,17 @@ int main(int argc, char *argv[])
 		goto failed;
 	}
 
+	/* check if user is logged in */
+	rc = PKCS11_is_logged_in(slot, 0, &logged_in);
+	if (rc != 0) {
+		fprintf(stderr, "PKCS11_is_logged_in failed\n");
+		goto failed;
+	}
+	if (!logged_in) {
+		fprintf(stderr, "PKCS11_is_logged_in says user is not logged in, expected to be logged in\n");
+		goto failed;
+	}
+
 	/* get all certs */
 	rc = PKCS11_enumerate_certs(slot->token, &certs, &ncerts);
 	if (rc) {
diff --git a/src/libp11.exports b/src/libp11.exports
index 3ed185e..dc7b5d9 100644
--- a/src/libp11.exports
+++ b/src/libp11.exports
@@ -7,6 +7,7 @@ PKCS11_open_session
 PKCS11_enumerate_slots
 PKCS11_release_all_slots
 PKCS11_find_token
+PKCS11_is_logged_in
 PKCS11_login
 PKCS11_logout
 PKCS11_enumerate_keys
diff --git a/src/libp11.h b/src/libp11.h
index 7664ace..574719c 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -208,6 +208,17 @@ PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx,
 			PKCS11_SLOT *slots, unsigned int nslots);
 
 /**
+ * Check if user is already authenticated to a card
+ *
+ * @param slot slot returned by PKCS11_find_token()
+ * @param so kind of login to check: CKU_SO if != 0, otherwise CKU_USER
+ * @param res pointer to return value: 1 if logged in, 0 if not logged in
+ * @retval 0 success
+ * @retval -1 error
+ */
+extern int PKCS11_is_logged_in(PKCS11_SLOT * slot, int so, int * res);
+
+/**
  * Authenticate to the card
  *
  * @param slot slot returned by PKCS11_find_token()
@@ -429,6 +440,7 @@ extern void ERR_load_PKCS11_strings(void);
 #define PKCS11_F_PKCS11_GETATTR			40
 #define PKCS11_F_PKCS11_EC_KEY_SIGN			41
 #define PKCS11_F_PKCS11_EC_KEY_VERIFY		42
+#define PKCS11_F_PKCS11_GETSESSIONINFO		43
 
 #define PKCS11_ERR_BASE				1024
 #define PKCS11_LOAD_MODULE_ERROR		(PKCS11_ERR_BASE+1)
diff --git a/src/p11_slot.c b/src/p11_slot.c
index a43e44c..e433770 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -158,6 +158,38 @@ int PKCS11_reopen_session(PKCS11_SLOT * slot)
 }
 
 /*
+ * Determines if user is authenticated with token
+ */
+int PKCS11_is_logged_in(PKCS11_SLOT * slot, int so, int * res)
+{
+	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
+	PKCS11_CTX *ctx = priv->parent;
+	CK_SESSION_INFO session_info;
+	int rv;
+
+	if (priv->loggedIn) {
+		*res = 1;
+		return 0;
+	}
+	if (!priv->haveSession) {
+		/* SO gets a r/w session by default,
+		 * user gets a r/o session by default. */
+		if (PKCS11_open_session(slot, so))
+			return -1;
+	}
+
+	rv = CRYPTOKI_call(ctx, C_GetSessionInfo(priv->session,
+									&session_info));
+    CRYPTOKI_checkerr(PKCS11_F_PKCS11_GETSESSIONINFO, rv);
+	if (so) {
+		*res = session_info.state == CKS_RW_SO_FUNCTIONS;
+	} else {
+		*res = session_info.state == CKS_RO_USER_FUNCTIONS || session_info.state == CKS_RW_USER_FUNCTIONS;
+	}
+	return 0;
+}
+
+/*
  * Authenticate with the card. relogin should be set if we automatically
  * relogin after a fork.
  */

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

