- when entering new PINs on stdin, make the user re-type the PIN to avoid typos

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@690 c6295689-39f2-0310-b995-f0e70906c6a9
2002-09-30 20:03:10 +00:00 · 2002-09-30 20:03:10 +00:00 · 8db1dcf49b
parent f0d73785fb
commit 8db1dcf49b
1 changed files with 42 additions and 14 deletions
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@ -179,6 +179,10 @@ static char *			action_names[] = {
 	"store certificate"
 };

+/* Flags for read_one_pin */
+#define READ_PIN_OPTIONAL	0x01
+#define READ_PIN_RETYPE		0x02
+
 static struct sc_context *	ctx = NULL;
 static struct sc_card *		card = NULL;
 static struct sc_pkcs15_card *	p15card = NULL;
@ -386,8 +390,10 @@ do_store_pin(struct sc_profile *profile)
 	if (opt_pins[0] == NULL) {
 		sc_pkcs15init_get_pin_info(profile,
 				SC_PKCS15INIT_USER_PIN, &info);
-		read_one_pin(profile, "New user PIN", &info, 0,
-				&opt_pins[0]);
+		if (!read_one_pin(profile, "New user PIN", &info,
+			       	READ_PIN_RETYPE,
+				&opt_pins[0]))
+			goto failed;
 	}
 	if (*opt_pins[0] == '\0') {
 		error("You must specify a PIN\n");
@ -396,8 +402,11 @@ do_store_pin(struct sc_profile *profile)
 	if (opt_pins[1] == NULL) {
 		sc_pkcs15init_get_pin_info(profile,
 				SC_PKCS15INIT_SO_PIN, &info);
-		read_one_pin(profile, "Unlock code for new user PIN",
-				&info, 1, &opt_pins[1]);
+		if (!read_one_pin(profile,
+			       	"Unlock code for new user PIN", &info,
+			       	READ_PIN_RETYPE|READ_PIN_OPTIONAL,
+			       	&opt_pins[1]))
+			goto failed;
 	}

 	memset(&args, 0, sizeof(args));
@ -409,6 +418,9 @@ do_store_pin(struct sc_profile *profile)
 	args.label = opt_objectlabel;

 	return sc_pkcs15init_store_pin(p15card, profile, &args);
+
+failed:	
+	return SC_ERROR_PKCS15INIT;
 }


@ -620,35 +632,51 @@ init_keyargs(struct sc_pkcs15init_prkeyargs *args)
 static int
 read_one_pin(struct sc_profile *profile, const char *name,
 		const struct sc_pkcs15_pin_info *info,
-		int optional, char **out)
+		int flags, char **out)
 {
 	char	*pin;
 	size_t	len;
+       	int	retries = 5;

 	printf("%s required.\n", name);
-	while (1) {
-		pin = getpass("Please enter code: ");
+	while (retries--) {
+		pin = getpass("Please enter PIN: ");
 		len = strlen(pin);
-		if (info == NULL)
-			break;
-		if (len == 0 && optional)
+		if (len == 0 && (flags & READ_PIN_OPTIONAL))
 			return 0;
-		if (len < info->min_length) {
+
+		if (info && len < info->min_length) {
 			error("Password too short (%u characters min)",
 					info->min_length);
 			continue;
 		}
-		if (len > info->stored_length) {
+		if (info && len > info->stored_length) {
 			error("Password too long (%u characters max)",
 					info->stored_length);
 			continue;
 		}

+		*out = strdup(pin);
+		if (flags & READ_PIN_RETYPE) {
+			memset(pin, 0, len);
+			pin = getpass("Please type again to verify: ");
+			if (strcmp(*out, pin)) {
+				fprintf(stderr, "PINs do not match; "
+					       	"please try again.\n");
+				free(*out);
+				*out = NULL;
+				continue;
+			}
+		}
+		memset(pin, 0, len);
 		break;
 	}

-	*out = strdup(pin);
-	memset(pin, 0, len);
+	if (retries < 0) {
+		error("Giving up.");
+		return 0;
+	}
+
 	return 1;
 }