X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Fshared%2Fpkcs11-util.c;h=b8863d25257b8ab2618a2a750adca3be295eb2b6;hb=c63ec11bf5c7f9ef68fa5af70b54df1b6fbc0f53;hp=b4a7d86afedeb9485632b51c7cd69b18774e0311;hpb=e1e214c56bf7b369d4924a61db9268ed24e3c973;p=thirdparty%2Fsystemd.git

diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c
index b4a7d86afed..b8863d25257 100644
--- a/src/shared/pkcs11-util.c
+++ b/src/shared/pkcs11-util.c
@@ -211,28 +211,8 @@ int pkcs11_token_login(
 
         for (unsigned tries = 0; tries < 3; tries++) {
                 _cleanup_strv_free_erase_ char **passwords = NULL;
-                _cleanup_free_ char *text = NULL;
                 char **i, *e;
 
-                if (FLAGS_SET(token_info->flags, CKF_USER_PIN_FINAL_TRY))
-                        r = asprintf(&text,
-                                     "Please enter correct PIN for security token '%s' in order to unlock %s (final try):",
-                                     token_label, friendly_name);
-                else if (FLAGS_SET(token_info->flags, CKF_USER_PIN_COUNT_LOW))
-                        r = asprintf(&text,
-                                     "PIN has been entered incorrectly previously, please enter correct PIN for security token '%s' in order to unlock %s:",
-                                     token_label, friendly_name);
-                else if (tries == 0)
-                        r = asprintf(&text,
-                                     "Please enter PIN for security token '%s' in order to unlock %s:",
-                                     token_label, friendly_name);
-                else
-                        r = asprintf(&text,
-                                     "Please enter PIN for security token '%s' in order to unlock %s (try #%u):",
-                                     token_label, friendly_name, tries+1);
-                if (r < 0)
-                        return log_oom();
-
                 e = getenv("PIN");
                 if (e) {
                         passwords = strv_new(e);
@@ -243,6 +223,27 @@ int pkcs11_token_login(
                         if (unsetenv("PIN") < 0)
                                 return log_error_errno(errno, "Failed to unset $PIN: %m");
                 } else {
+                        _cleanup_free_ char *text = NULL;
+
+                        if (FLAGS_SET(token_info->flags, CKF_USER_PIN_FINAL_TRY))
+                                r = asprintf(&text,
+                                             "Please enter correct PIN for security token '%s' in order to unlock %s (final try):",
+                                             token_label, friendly_name);
+                        else if (FLAGS_SET(token_info->flags, CKF_USER_PIN_COUNT_LOW))
+                                r = asprintf(&text,
+                                             "PIN has been entered incorrectly previously, please enter correct PIN for security token '%s' in order to unlock %s:",
+                                             token_label, friendly_name);
+                        else if (tries == 0)
+                                r = asprintf(&text,
+                                             "Please enter PIN for security token '%s' in order to unlock %s:",
+                                             token_label, friendly_name);
+                        else
+                                r = asprintf(&text,
+                                             "Please enter PIN for security token '%s' in order to unlock %s (try #%u):",
+                                             token_label, friendly_name, tries+1);
+                        if (r < 0)
+                                return log_oom();
+
                         /* We never cache PINs, simply because it's fatal if we use wrong PINs, since usually there are only 3 tries */
                         r = ask_password_auto(text, icon_name, id, keyname, until, 0, &passwords);
                         if (r < 0)