From: Nikos Mavrogiannopoulos Date: Wed, 2 Jul 2014 11:37:04 +0000 (+0200) Subject: tools: PIN callback will respect batch mode and will not ask for PIN. X-Git-Tag: gnutls_3_3_6~79 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=56fef6bece4153e5bcf623bc0148b5adefaa443e;p=thirdparty%2Fgnutls.git tools: PIN callback will respect batch mode and will not ask for PIN. --- diff --git a/src/certtool.c b/src/certtool.c index a3aeab58c5..960dfdc577 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1080,6 +1080,8 @@ static void cmd_parser(int argc, char **argv) fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret)); exit(1); } + + memset(&cinfo, 0, sizeof(cinfo)); #ifdef ENABLE_PKCS11 if (HAVE_OPT(PROVIDER)) { ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); @@ -1098,14 +1100,13 @@ static void cmd_parser(int argc, char **argv) } } - pkcs11_common(); + pkcs11_common(&cinfo); #endif - memset(&cinfo, 0, sizeof(cinfo)); - if (HAVE_OPT(VERBOSE)) cinfo.verbose = 1; + cinfo.batch = batch; cinfo.cprint = HAVE_OPT(CPRINT); if (HAVE_OPT(LOAD_PRIVKEY)) diff --git a/src/common.c b/src/common.c index 070d06df12..db9d18829e 100644 --- a/src/common.c +++ b/src/common.c @@ -978,6 +978,7 @@ pin_callback(void *user, int attempt, const char *token_url, size_t pin_max) { const char *password = NULL; + common_info_st *info = user; const char *desc; int cache = MAX_CACHE_TRIES; unsigned len; @@ -1027,12 +1028,12 @@ pin_callback(void *user, int attempt, const char *token_url, printf("Token '%s' with URL '%s' ", token_label, token_url); printf("requires %s PIN\n", desc); - + password = getenv(env); if (env == NULL) /* compatibility */ password = getenv("GNUTLS_PIN"); - if (password == NULL) { + if (password == NULL && (info == NULL || info->batch == 0)) { password = getpass("Enter PIN: "); } else { if (flags & GNUTLS_PIN_WRONG) { @@ -1074,8 +1075,9 @@ static int token_callback(void *user, const char *label, const unsigned retry) { char buf[32]; + common_info_st *info = user; - if (retry > 0) { + if (retry > 0 || (info != NULL && info->batch != 0)) { fprintf(stderr, "Could not find token %s\n", label); return -1; } @@ -1086,11 +1088,11 @@ token_callback(void *user, const char *label, const unsigned retry) return 0; } -void pkcs11_common(void) +void pkcs11_common(common_info_st *c) { - gnutls_pkcs11_set_pin_function(pin_callback, NULL); - gnutls_pkcs11_set_token_function(token_callback, NULL); + gnutls_pkcs11_set_pin_function(pin_callback, c); + gnutls_pkcs11_set_token_function(token_callback, c); } diff --git a/src/common.h b/src/common.h index 9d786ce95c..0fb161df9c 100644 --- a/src/common.h +++ b/src/common.h @@ -22,6 +22,7 @@ #include #include +#include #include #include @@ -58,7 +59,6 @@ void print_list(const char *priorities, int verbose); int cert_verify(gnutls_session_t session, const char *hostname, const char *purpose); const char *raw_to_string(const unsigned char *raw, size_t raw_size); -void pkcs11_common(void); int check_command(gnutls_session_t session, const char *str); int @@ -66,7 +66,7 @@ pin_callback(void *user, int attempt, const char *token_url, const char *token_label, unsigned int flags, char *pin, size_t pin_max); -void pkcs11_common(void); +void pkcs11_common(common_info_st *c); #ifdef _WIN32 static int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms) diff --git a/src/danetool.c b/src/danetool.c index d18cef54b0..82904f87df 100644 --- a/src/danetool.c +++ b/src/danetool.c @@ -135,7 +135,7 @@ static void cmd_parser(int argc, char **argv) exit(1); } #ifdef ENABLE_PKCS11 - pkcs11_common(); + pkcs11_common(NULL); #endif memset(&cinfo, 0, sizeof(cinfo)); diff --git a/src/pkcs11.c b/src/pkcs11.c index 08614d41d2..8bfeb02294 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -100,7 +100,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int login_flags, if (login_flags) obj_flags = login_flags; - pkcs11_common(); + pkcs11_common(info); FIX(url, outfile, detailed, info); @@ -190,7 +190,7 @@ pkcs11_export(FILE * outfile, const char *url, unsigned int login_flags, if (login_flags) obj_flags = login_flags; - pkcs11_common(); + pkcs11_common(info); FIX(url, outfile, 0, info); @@ -238,7 +238,7 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int login_flags, if (login_flags) obj_flags = login_flags; - pkcs11_common(); + pkcs11_common(info); FIX(url, outfile, 0, info); @@ -333,7 +333,7 @@ char *get_single_token_url(common_info_st * info) int ret; char *url = NULL, *t = NULL; - pkcs11_common(); + pkcs11_common(info); ret = gnutls_pkcs11_token_get_url(0, 0, &url); if (ret < 0) @@ -359,7 +359,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed, char buf[128]; size_t size; - pkcs11_common(); + pkcs11_common(info); for (i = 0;; i++) { ret = gnutls_pkcs11_token_get_url(i, detailed, &url); @@ -451,7 +451,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, if (login_flags) flags = login_flags; - pkcs11_common(); + pkcs11_common(info); FIX(url, outfile, 0, info); CHECK_LOGIN_FLAG(login_flags); @@ -536,7 +536,7 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, if (login_flags) flags = login_flags; - pkcs11_common(); + pkcs11_common(info); FIX(url, outfile, detailed, info); CHECK_LOGIN_FLAG(login_flags); @@ -583,7 +583,7 @@ pkcs11_init(FILE * outfile, const char *url, const char *label, const char *pin; char so_pin[32]; - pkcs11_common(); + pkcs11_common(info); if (url == NULL) { fprintf(stderr, "error: no token URL given to initialize!\n"); @@ -853,7 +853,7 @@ pkcs11_mechanism_list(FILE * outfile, const char *url, unsigned int login_flags, unsigned long mechanism; const char *str; - pkcs11_common(); + pkcs11_common(info); FIX(url, outfile, 0, info); @@ -886,7 +886,7 @@ pkcs11_get_random(FILE * outfile, const char *url, unsigned bytes, int ret; uint8_t *output; - pkcs11_common(); + pkcs11_common(info); FIX(url, outfile, 0, info); diff --git a/src/serv.c b/src/serv.c index 576c861833..de03c4ee1c 100644 --- a/src/serv.c +++ b/src/serv.c @@ -951,7 +951,7 @@ int main(int argc, char **argv) exit(1); } #ifdef ENABLE_PKCS11 - pkcs11_common(); + pkcs11_common(NULL); #endif /* Note that servers must generate parameters for