From 4459e146c41ba63efccc2b4d80bb0b1bcb19ec17 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Tue, 4 Nov 2014 21:44:02 +0100 Subject: [PATCH] use util_get_pin in tools --- doc/tools/dnie-tool.xml | 3 +++ doc/tools/pkcs11-tool.1.xml | 17 +++++++++++---- doc/tools/pkcs15-init.1.xml | 16 ++++++++++----- doc/tools/sc-hsm-tool.1.xml | 16 ++++++++++++--- doc/tools/westcos-tool.1.xml | 10 +++++++-- src/tools/dnie-tool.c | 2 +- src/tools/openpgp-tool.c | 4 ++-- src/tools/pkcs11-tool.c | 40 ++++++++++++++++++------------------ src/tools/pkcs15-init.c | 9 ++++---- src/tools/pkcs15-tool.c | 12 +++++------ src/tools/sc-hsm-tool.c | 12 ++++++++--- src/tools/westcos-tool.c | 8 ++++---- 12 files changed, 95 insertions(+), 54 deletions(-) diff --git a/doc/tools/dnie-tool.xml b/doc/tools/dnie-tool.xml index ebc1dcc5..4df384fd 100755 --- a/doc/tools/dnie-tool.xml +++ b/doc/tools/dnie-tool.xml @@ -58,6 +58,9 @@ pin, pin Specify the user pin value to use. + If set to env:VARIABLE, the + value of the environment variable + VARIABLE is used. The default is do not enter pin diff --git a/doc/tools/pkcs11-tool.1.xml b/doc/tools/pkcs11-tool.1.xml index f4e28df6..23d5512e 100644 --- a/doc/tools/pkcs11-tool.1.xml +++ b/doc/tools/pkcs11-tool.1.xml @@ -199,9 +199,15 @@ pin Use the given pin for - token operations. WARNING: Be careful using this option + token operations. If set to + env:VARIABLE, the value of the + environment variable VARIABLE is + used. WARNING: Be careful using this option as other users may be able to read the command line from - the system or if it is embedded in a script. + the system or if it is embedded in a script. If set to + env:VARIABLE, the value of the + environment variable VARIABLE is + used. This option will also set the option. @@ -266,8 +272,11 @@ Use the given pin as the Security Officer PIN for some token operations (token - initialization, user PIN initialization, etc). The same - warning as also applies here. + initialization, user PIN initialization, etc). If set to + env:VARIABLE, the value of the + environment variable VARIABLE is + used. The same warning as also + applies here. diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml index 736b0f9c..c21d35aa 100644 --- a/doc/tools/pkcs15-init.1.xml +++ b/doc/tools/pkcs15-init.1.xml @@ -331,11 +331,17 @@ - These options can be used to specify PIN/PUK values on the command - line. Note that on most operation systems, any user can display - the command line of any process on the system using utilities such - as ps(1). Therefore, you should use these options - only on a secured system, or in an options file specified with + These options can be used to specify PIN/PUK values + on the command line. If set to + env:VARIABLE, the value + of the environment variable + VARIABLE is used. Note + that on most operation systems, any user can + display the command line of any process on the + system using utilities such as + ps(1). Therefore, you should use + these options only on a secured system, or in an + options file specified with . diff --git a/doc/tools/sc-hsm-tool.1.xml b/doc/tools/sc-hsm-tool.1.xml index f65fe7e1..d560540a 100644 --- a/doc/tools/sc-hsm-tool.1.xml +++ b/doc/tools/sc-hsm-tool.1.xml @@ -123,7 +123,10 @@ value - Define SO-PIN for initialization. + Define SO-PIN for initialization. If set to + env:VARIABLE, the value of + the environment variable + VARIABLE is used. @@ -132,7 +135,11 @@ value - Define user PIN for initialization, wrap or unwrap operation. + Define user PIN for initialization, wrap or + unwrap operation. If set to + env:VARIABLE, the value of + the environment variable + VARIABLE is used. @@ -150,7 +157,10 @@ value - Define password for DKEK share encryption. + Define password for DKEK share encryption. If set to + env:VARIABLE, the value of + the environment variable + VARIABLE is used. diff --git a/doc/tools/westcos-tool.1.xml b/doc/tools/westcos-tool.1.xml index e330e859..240128cd 100644 --- a/doc/tools/westcos-tool.1.xml +++ b/doc/tools/westcos-tool.1.xml @@ -118,7 +118,10 @@ value, value - Set value of PIN. + Set value of PIN. If set to + env:VARIABLE, the value of + the environment variable + VARIABLE is used. @@ -127,7 +130,10 @@ value set value of PUK (or value of new PIN for change PIN - command see ). + command see ). If set to + env:VARIABLE, the value of + the environment variable + VARIABLE is used. diff --git a/src/tools/dnie-tool.c b/src/tools/dnie-tool.c index b3db7f55..82db6399 100644 --- a/src/tools/dnie-tool.c +++ b/src/tools/dnie-tool.c @@ -117,7 +117,7 @@ int main(int argc, char* argv[]) opt_wait = 1; break; case 'p': - opt_pin = optarg; + util_get_pin(optarg, &opt_pin); break; case 'i': opt_operation |= OP_GET_IDESP; diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c index b4529ef6..60042bb1 100644 --- a/src/tools/openpgp-tool.c +++ b/src/tools/openpgp-tool.c @@ -113,7 +113,7 @@ static const char *option_help[] = { /* v */ "Verbose operation. Use several times to enable debug output.", /* V */ "Show version number", "Verify PIN (CHV1, CHV2, CHV3...)", - "PIN string. can be: 'env:' to get PIN from the environment, otherwise is used.", + "PIN string", /* d */ "Dump private data object number (i.e. PRIVATE-DO-)" }; @@ -256,7 +256,7 @@ static int decode_options(int argc, char **argv) break; case OPT_PIN: opt_pin++; - util_get_pin(optarg, (const char **) &pin); + util_get_pin(optarg, &pin); break; case 'C': opt_cardinfo++; diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 0a6d936b..fdb27ea5 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -238,10 +238,10 @@ static CK_BYTE opt_object_id[100], new_object_id[100]; static const char * opt_attr_from_file = NULL; static size_t opt_object_id_len = 0, new_object_id_len = 0; static char * opt_object_label = NULL; -static char * opt_pin = NULL; -static char * opt_so_pin = NULL; -static char * opt_puk = NULL; -static char * opt_new_pin = NULL; +static const char * opt_pin = NULL; +static const char * opt_so_pin = NULL; +static const char * opt_puk = NULL; +static const char * opt_new_pin = NULL; static char * opt_application_label = NULL; static char * opt_application_id = NULL; static char * opt_issuer = NULL; @@ -511,7 +511,7 @@ int main(int argc, char * argv[]) opt_output = optarg; break; case 'p': - opt_pin = optarg; + util_get_pin(optarg, &opt_pin); break; case 'c': do_change_pin = 1; @@ -585,10 +585,10 @@ int main(int argc, char * argv[]) opt_subject = optarg; break; case OPT_NEW_PIN: - opt_new_pin = optarg; + util_get_pin(optarg, &opt_new_pin); break; case OPT_PUK: - opt_puk = optarg; + util_get_pin(optarg, &opt_puk); break; case OPT_LOGIN_TYPE: if (!strcmp(optarg, "so")) @@ -603,7 +603,7 @@ int main(int argc, char * argv[]) } break; case OPT_SO_PIN: - opt_so_pin = optarg; + util_get_pin(optarg, &opt_so_pin); break; case OPT_INIT_TOKEN: do_init_token = 1; @@ -1085,11 +1085,11 @@ static int login(CK_SESSION_HANDLE session, int login_type) /* Identify which pin to enter */ if (login_type == CKU_SO) - pin = opt_so_pin; + pin = (char *) opt_so_pin; else if (login_type == CKU_USER) - pin = opt_pin; + pin = (char *) opt_pin; else if (login_type == CKU_CONTEXT_SPECIFIC) - pin = opt_pin ? opt_pin : opt_puk; + pin = opt_pin ? (char *) opt_pin : (char *) opt_puk; if (!pin && !(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) { printf("Logging in to \"%s\".\n", p11_utf8_to_local(info.label, sizeof(info.label))); @@ -1154,7 +1154,7 @@ static void init_token(CK_SLOT_ID slot) util_fatal("Different new SO PINs, exiting\n"); pin_allocated = 1; } else { - new_pin = opt_so_pin; + new_pin = (char *) opt_so_pin; } if (!new_pin || !*new_pin) util_fatal("Invalid SO PIN\n"); @@ -1199,8 +1199,8 @@ static void init_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess) } } - pin = opt_pin; - if (!pin) pin = opt_new_pin; + pin = (char *) opt_pin; + if (!pin) pin = (char *) opt_new_pin; if (!pin) pin = new_pin1; rv = p11->C_InitPIN(sess, (CK_UTF8CHAR *) pin, pin == NULL ? 0 : strlen(pin)); @@ -1243,9 +1243,9 @@ static int change_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess) } else { if (opt_so_pin) - old_pin = opt_so_pin; + old_pin = (char *) opt_so_pin; else - old_pin = opt_pin; + old_pin = (char *) opt_pin; } if (!opt_new_pin) { @@ -1265,7 +1265,7 @@ static int change_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess) return 1; } else { - new_pin = opt_new_pin; + new_pin = (char *) opt_new_pin; } } @@ -1292,9 +1292,9 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type) get_token_info(slot, &info); if (login_type == CKU_CONTEXT_SPECIFIC) - unlock_code = opt_pin ? opt_pin : opt_puk; + unlock_code = opt_pin ? (char *) opt_pin : (char *) opt_puk; else if (login_type == -1) - unlock_code = opt_puk; + unlock_code = (char *) opt_puk; else return 1; @@ -1314,7 +1314,7 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type) unlock_code = unlock_buf; } - new_pin = opt_new_pin; + new_pin = (char *) opt_new_pin; if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) && !new_pin) { printf("Please enter the new PIN: "); r = util_getpass(&new_pin, &len, stdin); diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c index 990a90d2..b3d00581 100644 --- a/src/tools/pkcs15-init.c +++ b/src/tools/pkcs15-init.c @@ -347,7 +347,7 @@ static char * opt_label = NULL; static char * opt_puk_label = NULL; static char * opt_pubkey_label = NULL; static char * opt_cert_label = NULL; -static char * opt_pins[4]; +static const char * opt_pins[4]; static char * opt_serial = NULL; static char * opt_passphrase = NULL; static char * opt_newkey = NULL; @@ -2446,13 +2446,15 @@ handle_option(const struct option *opt) break; case OPT_PIN1: case OPT_PUK1: case OPT_PIN2: case OPT_PUK2: - opt_pins[opt->val & 3] = optarg; + util_get_pin(optarg, &(opt_pins[opt->val & 3])); break; case OPT_SERIAL: opt_serial = optarg; break; case OPT_PASSPHRASE: - opt_passphrase = optarg; + free(opt_passphrase); + opt_passphrase = NULL; + util_get_pin(optarg, &opt_passphrase); break; case OPT_PUBKEY: this_action = ACTION_STORE_PUBKEY; @@ -2844,4 +2846,3 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str) return r; } - diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c index e9fbc3ab..e5689fc0 100644 --- a/src/tools/pkcs15-tool.c +++ b/src/tools/pkcs15-tool.c @@ -52,9 +52,9 @@ static char * opt_data = NULL; static char * opt_pubkey = NULL; static char * opt_outfile = NULL; static char * opt_bind_to_aid = NULL; -static u8 * opt_newpin = NULL; -static u8 * opt_pin = NULL; -static u8 * opt_puk = NULL; +static const u8 * opt_newpin = NULL; +static const u8 * opt_pin = NULL; +static const u8 * opt_puk = NULL; static int verbose = 0; static int opt_no_prompt = 0; @@ -1890,13 +1890,13 @@ int main(int argc, char * const argv[]) opt_reader = optarg; break; case OPT_PIN: - opt_pin = (u8 *) optarg; + util_get_pin(optarg, (const u8 **) &opt_pin); break; case OPT_NEWPIN: - opt_newpin = (u8 *) optarg; + util_get_pin(optarg, (const u8 **) &opt_newpin); break; case OPT_PUK: - opt_puk = (u8 *) optarg; + util_get_pin(optarg, (const u8 **) &opt_puk); break; case 'o': opt_outfile = optarg; diff --git a/src/tools/sc-hsm-tool.c b/src/tools/sc-hsm-tool.c index b2713dd6..2d173a0e 100644 --- a/src/tools/sc-hsm-tool.c +++ b/src/tools/sc-hsm-tool.c @@ -1484,13 +1484,19 @@ int main(int argc, char * const argv[]) action_count++; break; case OPT_PASSWORD: - opt_password = optarg; + free(opt_password); + opt_password = NULL; + util_get_pin(optarg, &opt_password); break; case OPT_SO_PIN: - opt_so_pin = optarg; + free(opt_so_pin); + opt_so_pin = NULL; + util_get_pin(optarg, &opt_so_pin); break; case OPT_PIN: - opt_pin = optarg; + free(opt_pin); + opt_pin = NULL; + util_get_pin(optarg, &opt_pin); break; case OPT_RETRY: opt_retry_counter = atol(optarg); diff --git a/src/tools/westcos-tool.c b/src/tools/westcos-tool.c index 07e5f753..6241d9c4 100644 --- a/src/tools/westcos-tool.c +++ b/src/tools/westcos-tool.c @@ -90,8 +90,8 @@ static int finalize = 0; static int install_pin = 0; static int overwrite = 0; -static char *pin = NULL; -static char *puk = NULL; +static const char *pin = NULL; +static const char *puk = NULL; static char *cert = NULL; static int keylen = 0; @@ -400,10 +400,10 @@ int main(int argc, char *argv[]) install_pin = 1; break; case 'x': - pin = optarg; + util_get_pin(optarg, &pin); break; case 'y': - puk = optarg; + util_get_pin(optarg, &puk); break; case 'n': new_pin = 1;