[rs-commit] r83 - in /redwax-tool/trunk: redwax_nss.c redwax_openssl.c redwax_p11kit.c

rs-commit at redwax.eu rs-commit at redwax.eu
Thu Nov 25 15:37:01 CET 2021 

Author: minfrin at redwax.eu
Date: Thu Nov 25 15:37:00 2021
New Revision: 83

Log:
Skip logins where sensible during command completion.

Modified:
    redwax-tool/trunk/redwax_nss.c
    redwax-tool/trunk/redwax_openssl.c
    redwax-tool/trunk/redwax_p11kit.c

Modified: redwax-tool/trunk/redwax_nss.c
==============================================================================
--- redwax-tool/trunk/redwax_nss.c	(original)
+++ redwax-tool/trunk/redwax_nss.c	Thu Nov 25 15:37:00 2021
@@ -215,6 +215,11 @@
 
             int len;
 
+            /* skip command completion */
+            if (r->complete) {
+                break;
+            }
+
             status = apr_password_get(prompt1, buf1, &max);
             if (APR_ENAMETOOLONG == status) {
                 redwax_print_error(r,

Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c	(original)
+++ redwax-tool/trunk/redwax_openssl.c	Thu Nov 25 15:37:00 2021
@@ -1847,6 +1847,11 @@
         apr_crypto_clear(pool, buff, max + 2);
 #endif
 
+        /* skip command completion */
+        if (r->complete) {
+            return NULL;
+        }
+
         ui = UI_new();
         if (ui == NULL) {
             return NULL;

Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c	(original)
+++ redwax-tool/trunk/redwax_p11kit.c	Thu Nov 25 15:37:00 2021
@@ -754,6 +754,11 @@
     if (tokenInfo->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
         /* userPIN is null */
 
+        /* skip all protected login on command completion */
+        if (r->complete) {
+            return APR_SUCCESS;
+        }
+
         while (1) {
 
             ret = module->C_Login(session, CKU_USER, userPIN, userPIN_len);
@@ -786,6 +791,15 @@
 
     /* otherwise grab the PIN from the URL */
     else if (urlPIN) {
+
+        /* skip command completion if any pin problems */
+        if (r->complete
+                && (tokenInfo->flags
+                        & (CKF_USER_PIN_COUNT_LOW | CKF_USER_PIN_FINAL_TRY
+                                | CKF_USER_PIN_LOCKED
+                                | CKF_USER_PIN_TO_BE_CHANGED))) {
+            return APR_SUCCESS;
+        }
 
         userPIN_len = strlen(urlPIN);
         userPIN = apr_pmemdup(pool, urlPIN, userPIN_len);
@@ -810,6 +824,15 @@
 
     /* otherwise see if there is a pinfile */
     else if (secrets) {
+
+        /* skip command completion if any pin problems */
+        if (r->complete
+                && (tokenInfo->flags
+                        & (CKF_USER_PIN_COUNT_LOW | CKF_USER_PIN_FINAL_TRY
+                                | CKF_USER_PIN_LOCKED
+                                | CKF_USER_PIN_TO_BE_CHANGED))) {
+            return APR_SUCCESS;
+        }
 
         /* if a pinfile exists, we try to log in to listed tokens, but we
          * make no attempt to log in to anything not listed - the intention
@@ -857,6 +880,11 @@
 #if HAVE_APR_CRYPTO_CLEAR
         apr_crypto_clear(pool, buf, max + 2);
 #endif
+
+        /* skip command completion */
+        if (r->complete) {
+            return APR_SUCCESS;
+        }
 
         while (1) {

More information about the rs-commit mailing list