[Bug 2652] PKCS11 login skipped if login required and no pin set

Fri Aug 11 14:54:09 AEST 2017

https://bugzilla.mindrot.org/show_bug.cgi?id=2652

--- Comment #3 from Daniel Kucera <openssh at danman.eu> ---
(In reply to Damien Miller from comment #2)
> Comment on attachment 3032 [details]
> patch
> 
> >diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
> >index d1f750db0..938535638 100644
> >--- a/ssh-pkcs11.c
> >+++ b/ssh-pkcs11.c
> >@@ -366,19 +366,16 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
> > 
> > 	f = p->function_list;
> > 	login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;
> >-	if (pin && login_required && !strlen(pin)) {
> >-		error("pin required");
> >-		return (-1);
> >-	}
> >+
> 
> I'm not sure I understand why this section is removed - could you
> explain it?

Because in my case, the pkcs library says it requires login but if you
don't pass it as argument to C_Login, it will ask for it. Thus we
should not exit with error here.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.