pkcs11-tool: use CKF_{SO,USER}_PIN_* flags to provide alerts to the user

rebased by @viktorTarasov initial version in PR-795
2016-06-10 10:46:25 +01:00 · 2016-06-10 10:46:25 +01:00 · 1198197586
parent 46d8264f08
commit 1198197586
1 changed files with 34 additions and 9 deletions
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@ -1188,13 +1188,35 @@ static int login(CK_SESSION_HANDLE session, int login_type)
 		pin = opt_pin ? (char *) opt_pin : (char *) opt_puk;

 	if (!pin && !(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) {
-			printf("Logging in to \"%s\".\n", p11_utf8_to_local(info.label, sizeof(info.label)));
-		if (login_type == CKU_SO)
+		printf("Logging in to \"%s\".\n", p11_utf8_to_local(info.label, sizeof(info.label)));
+		if (login_type == CKU_SO)   {
+			if (info.flags & CKF_SO_PIN_COUNT_LOW)
+				printf("WARNING: SO PIN count low\n");
+			if (info.flags & CKF_SO_PIN_FINAL_TRY)
+				printf("WARNING: SO PIN final try\n");
+			if (info.flags & CKF_SO_PIN_LOCKED)
+				printf("WARNING: SO PIN reported locked\n");
+			if (info.flags & CKF_SO_PIN_TO_BE_CHANGED)
+				printf("WARNING: SO PIN has to be changed\n");
+
 			printf("Please enter SO PIN: ");
-		else if (login_type == CKU_USER)
+		}
+		else if (login_type == CKU_USER)   {
+			if (info.flags & CKF_USER_PIN_COUNT_LOW)
+				printf("WARNING: User PIN count low\n");
+			if (info.flags & CKF_USER_PIN_FINAL_TRY)
+				printf("WARNING: User PIN final try\n");
+			if (info.flags & CKF_USER_PIN_LOCKED)
+				printf("WARNING: User PIN reported locked\n");
+			if (info.flags & CKF_USER_PIN_TO_BE_CHANGED)
+				printf("WARNING: User PIN has to be changed\n");
+
 			printf("Please enter User PIN: ");
-		else if (login_type == CKU_CONTEXT_SPECIFIC)
+		}
+		else if (login_type == CKU_CONTEXT_SPECIFIC)   {
 			printf("Please enter context specific PIN: ");
+		}
+
 		r = util_getpass(&pin, &len, stdin);
 		if (r < 0)
 			util_fatal("No PIN entered");
@ -3194,7 +3216,7 @@ static void show_dobj(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 	if (getPRIVATE(sess, obj))
 		printf(" private");
 	if (!getMODIFIABLE(sess, obj) && !getPRIVATE(sess, obj))
-		printf("<empty>\n");
+		printf("<empty>");

 	printf ("\n");
 	suppress_warn = 0;
@ -5076,17 +5098,20 @@ static const char *p11_slot_info_flags(CK_FLAGS value)
 static const char *p11_token_info_flags(CK_FLAGS value)
 {
 	static struct flag_info	slot_flags[] = {
-		{ CKF_RNG, "rng" },
-		{ CKF_WRITE_PROTECTED, "readonly" },
 		{ CKF_LOGIN_REQUIRED, "login required" },
-		{ CKF_USER_PIN_INITIALIZED, "PIN initialized" },
 		{ CKF_PROTECTED_AUTHENTICATION_PATH, "PIN pad present" },
+		{ CKF_RNG, "rng" },
+		{ CKF_SO_PIN_TO_BE_CHANGED, "SO PIN to be changed"},
+		{ CKF_SO_PIN_COUNT_LOW, "SO PIN count low" },
+		{ CKF_SO_PIN_FINAL_TRY, "final SO PIN try" },
+		{ CKF_SO_PIN_LOCKED, "SO PIN locked" },
 		{ CKF_TOKEN_INITIALIZED, "token initialized" },
 		{ CKF_USER_PIN_COUNT_LOW, "user PIN count low" },
 		{ CKF_USER_PIN_FINAL_TRY, "final user PIN try" },
+		{ CKF_USER_PIN_INITIALIZED, "PIN initialized" },
 		{ CKF_USER_PIN_LOCKED, "user PIN locked" },
 		{ CKF_USER_PIN_TO_BE_CHANGED, "user PIN to be changed"},
-		{ CKF_SO_PIN_TO_BE_CHANGED, "SO PIN to be changed"},
+		{ CKF_WRITE_PROTECTED, "readonly" },
 		{ 0, NULL }
 	};