tools: PIN callback will respect batch mode and will not ask for PIN.

diff --git a/src/certtool.c b/src/certtool.c
index a3aeab58c5ae4bd6e10b4b5c302afdcadef94898..960dfdc5776fbaa948faef9a5d874c6d7111c242 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1080,6 +1080,8 @@ static void cmd_parser(int argc, char **argv)
                fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
                exit(1);
        }
+
+       memset(&cinfo, 0, sizeof(cinfo));
 #ifdef ENABLE_PKCS11
        if (HAVE_OPT(PROVIDER)) {
                ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
@@ -1098,14 +1100,13 @@ static void cmd_parser(int argc, char **argv)
                }
        }
 
-       pkcs11_common();
+       pkcs11_common(&cinfo);
 #endif
 
-       memset(&cinfo, 0, sizeof(cinfo));
-
        if (HAVE_OPT(VERBOSE))
                cinfo.verbose = 1;
 
+       cinfo.batch = batch;
        cinfo.cprint = HAVE_OPT(CPRINT);
 
        if (HAVE_OPT(LOAD_PRIVKEY))

diff --git a/src/common.c b/src/common.c
index 070d06df12fcec170bbde4175758b3a67a192125..db9d18829efec3fc7b6d4b422913fe221956f306 100644 (file)
--- a/src/common.c
+++ b/src/common.c
@@ -978,6 +978,7 @@ pin_callback(void *user, int attempt, const char *token_url,
             size_t pin_max)
 {
        const char *password = NULL;
+       common_info_st *info = user;
        const char *desc;
        int cache = MAX_CACHE_TRIES;
        unsigned len;
@@ -1027,12 +1028,12 @@ pin_callback(void *user, int attempt, const char *token_url,
 
        printf("Token '%s' with URL '%s' ", token_label, token_url);
        printf("requires %s PIN\n", desc);
-       
+
        password = getenv(env);
        if (env == NULL) /* compatibility */
                password = getenv("GNUTLS_PIN");
 
-       if (password == NULL) {
+       if (password == NULL && (info == NULL || info->batch == 0)) {
                password = getpass("Enter PIN: ");
        } else {
                if (flags & GNUTLS_PIN_WRONG) {
@@ -1074,8 +1075,9 @@ static int
 token_callback(void *user, const char *label, const unsigned retry)
 {
        char buf[32];
+       common_info_st *info = user;
 
-       if (retry > 0) {
+       if (retry > 0 || (info != NULL && info->batch != 0)) {
                fprintf(stderr, "Could not find token %s\n", label);
                return -1;
        }
@@ -1086,11 +1088,11 @@ token_callback(void *user, const char *label, const unsigned retry)
        return 0;
 }
 
-void pkcs11_common(void)
+void pkcs11_common(common_info_st *c)
 {
 
-       gnutls_pkcs11_set_pin_function(pin_callback, NULL);
-       gnutls_pkcs11_set_token_function(token_callback, NULL);
+       gnutls_pkcs11_set_pin_function(pin_callback, c);
+       gnutls_pkcs11_set_token_function(token_callback, c);
 
 }
 

diff --git a/src/common.h b/src/common.h
index 9d786ce95c895ff554bed95df486acc4f6c17e9a..0fb161df9c10949048154bf7023a76c66cf67310 100644 (file)
--- a/src/common.h
+++ b/src/common.h
@@ -22,6 +22,7 @@
 
 #include <config.h>
 #include <gnutls/gnutls.h>
+#include <certtool-common.h>
 
 #include <sys/socket.h>
 #include <netdb.h>
@@ -58,7 +59,6 @@ void print_list(const char *priorities, int verbose);
 int cert_verify(gnutls_session_t session, const char *hostname, const char *purpose);
 
 const char *raw_to_string(const unsigned char *raw, size_t raw_size);
-void pkcs11_common(void);
 int check_command(gnutls_session_t session, const char *str);
 
 int
@@ -66,7 +66,7 @@ pin_callback(void *user, int attempt, const char *token_url,
             const char *token_label, unsigned int flags, char *pin,
             size_t pin_max);
 
-void pkcs11_common(void);
+void pkcs11_common(common_info_st *c);
 
 #ifdef _WIN32
 static int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)

diff --git a/src/danetool.c b/src/danetool.c
index d18cef54b096791f21fb31c713c0f860325b83d9..82904f87df7854ce9b4334a6a87c510d29ff4fcb 100644 (file)
--- a/src/danetool.c
+++ b/src/danetool.c
@@ -135,7 +135,7 @@ static void cmd_parser(int argc, char **argv)
                exit(1);
        }
 #ifdef ENABLE_PKCS11
-       pkcs11_common();
+       pkcs11_common(NULL);
 #endif
 
        memset(&cinfo, 0, sizeof(cinfo));

diff --git a/src/pkcs11.c b/src/pkcs11.c
index 08614d41d247ff8de3050f23fb5e574ac4e675ac..8bfeb0229453c1239c9a13addd24d0f914c0fb4e 100644 (file)
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -100,7 +100,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int login_flags,
 
        if (login_flags) obj_flags = login_flags;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        FIX(url, outfile, detailed, info);
 
@@ -190,7 +190,7 @@ pkcs11_export(FILE * outfile, const char *url, unsigned int login_flags,
 
        if (login_flags) obj_flags = login_flags;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        FIX(url, outfile, 0, info);
 
@@ -238,7 +238,7 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int login_flags,
 
        if (login_flags) obj_flags = login_flags;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        FIX(url, outfile, 0, info);
 
@@ -333,7 +333,7 @@ char *get_single_token_url(common_info_st * info)
        int ret;
        char *url = NULL, *t = NULL;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        ret = gnutls_pkcs11_token_get_url(0, 0, &url);
        if (ret < 0)
@@ -359,7 +359,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed,
        char buf[128];
        size_t size;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        for (i = 0;; i++) {
                ret = gnutls_pkcs11_token_get_url(i, detailed, &url);
@@ -451,7 +451,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 
        if (login_flags) flags = login_flags;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        FIX(url, outfile, 0, info);
        CHECK_LOGIN_FLAG(login_flags);
@@ -536,7 +536,7 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
 
        if (login_flags) flags = login_flags;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        FIX(url, outfile, detailed, info);
        CHECK_LOGIN_FLAG(login_flags);
@@ -583,7 +583,7 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
        const char *pin;
        char so_pin[32];
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        if (url == NULL) {
                fprintf(stderr, "error: no token URL given to initialize!\n");
@@ -853,7 +853,7 @@ pkcs11_mechanism_list(FILE * outfile, const char *url, unsigned int login_flags,
        unsigned long mechanism;
        const char *str;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        FIX(url, outfile, 0, info);
 
@@ -886,7 +886,7 @@ pkcs11_get_random(FILE * outfile, const char *url, unsigned bytes,
        int ret;
        uint8_t *output;
 
-       pkcs11_common();
+       pkcs11_common(info);
 
        FIX(url, outfile, 0, info);
 

diff --git a/src/serv.c b/src/serv.c
index 576c861833e8e46ac041a80b18548f2747481d53..de03c4ee1c375b5d9bacfa41a071719c9d47e23f 100644 (file)
--- a/src/serv.c
+++ b/src/serv.c
@@ -951,7 +951,7 @@ int main(int argc, char **argv)
                exit(1);
        }
 #ifdef ENABLE_PKCS11
-       pkcs11_common();
+       pkcs11_common(NULL);
 #endif
 
        /* Note that servers must generate parameters for