From: Nikos Mavrogiannopoulos Date: Sun, 10 Nov 2013 07:23:37 +0000 (+0100) Subject: Allow getting the PIN from the GNUTLS_PKCS11_PIN environment variable. X-Git-Tag: gnutls_3_2_7~78 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d84496c0f44aa86dfce76a80e2f9864c73a2c9b;p=thirdparty%2Fgnutls.git Allow getting the PIN from the GNUTLS_PKCS11_PIN environment variable. --- diff --git a/src/common.c b/src/common.c index 75728985d7..d5a0c33a76 100644 --- a/src/common.c +++ b/src/common.c @@ -961,7 +961,7 @@ pin_callback(void *user, int attempt, const char *token_url, const char *token_label, unsigned int flags, char *pin, size_t pin_max) { - const char *password; + const char *password = NULL; const char *desc; int cache = MAX_CACHE_TRIES; unsigned len; @@ -1007,8 +1007,18 @@ pin_callback(void *user, int attempt, const char *token_url, printf("Token '%s' with URL '%s' ", token_label, token_url); printf("requires %s PIN\n", desc); + + password = getenv("GNUTLS_PKCS11_PIN"); + + if (password == NULL) + password = getpass("Enter PIN: "); + else { + if (flags & GNUTLS_PIN_WRONG) { + fprintf(stderr, "Cannot continue with a wrong password in the environment.\n"); + exit(1); + } + } - password = getpass("Enter PIN: "); if (password == NULL || password[0] == 0) { fprintf(stderr, "No password given\n"); exit(1); diff --git a/src/p11tool-args.def b/src/p11tool-args.def index 9441489725..f8068ba44a 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -7,6 +7,10 @@ and security modules. To use PKCS #11 tokens with gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'. +Alternatively the p11-kit configuration files have to be setup. + +To provide the PIN for all the operations below use the environment variable +GNUTLS_PKCS11_PIN. "; short-usage = "p11tool [options] [url]\np11tool --help for usage instructions.\n";