From 079d5ffc207fc2609b9293f9efe4781bed493ee0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 25 May 2016 22:44:42 -0400 Subject: Track PIN changes on libhal master branch. --- p11util.c | 129 +++++++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 99 insertions(+), 30 deletions(-) (limited to 'p11util.c') diff --git a/p11util.c b/p11util.c index db36888..09f1e44 100644 --- a/p11util.c +++ b/p11util.c @@ -47,8 +47,6 @@ #include -#include "p11_common.h" - /* * Apparently the cool kids don't use getpassword() anymore, and there * is no fully portable replacement, so the advice is just to roll @@ -116,6 +114,7 @@ static int getpin_tty(const char *prompt, OPT_FLG('u', "set-user-pin", "set \"user\" PIN") \ OPT_FLG('w', "set-wheel-pin", "set \"wheel\" PIN") \ OPT_FLG('p', "pin-from-stdin", "read PIN from stdin instead of /dev/tty") \ + OPT_FLG('S', "login-as-so", "login as Security Officer") \ OPT_END #define OPT_END @@ -137,10 +136,11 @@ static void usage(const int code, const char *jane) } static void parse_args(int argc, char *argv[], - int *do_set_so_pin, - int *do_set_user_pin, - int *do_set_wheel_pin, - int *read_from_stdin) + int *set_so_pin, + int *set_user_pin, + int *set_wheel_pin, + int *read_from_stdin, + int *login_as_so) { int c; @@ -156,7 +156,7 @@ static void parse_args(int argc, char *argv[], #undef OPT_ARG #undef OPT_FLG - assert(argv && do_set_so_pin && do_set_user_pin && do_set_wheel_pin && read_from_stdin); + assert(argv && set_so_pin && set_user_pin && set_wheel_pin && read_from_stdin && login_as_so); opterr = 0; if (argc == 1) @@ -173,15 +173,19 @@ static void parse_args(int argc, char *argv[], continue; case 's': - *do_set_so_pin = 1; + *set_so_pin = 1; continue; case 'u': - *do_set_user_pin = 1; + *set_user_pin = 1; continue; case 'w': - *do_set_wheel_pin = 1; + *set_wheel_pin = 1; + continue; + + case 'S': + *login_as_so = 1; continue; default: @@ -198,22 +202,22 @@ static void parse_args(int argc, char *argv[], static int set_pin(const hal_user_t user, const int read_from_stdin) { const char *prompt = NULL, *label = NULL; - char pin[P11_MAX_PIN_LENGTH + 1], *p; + char pin[hal_rpc_max_pin_length + 1], *p; switch (user) { case HAL_USER_NORMAL: - prompt = "Enter user PIN: "; + prompt = "Enter new user PIN: "; label = "user"; break; case HAL_USER_SO: - prompt = "Enter SO PIN: "; + prompt = "Enter new SO PIN: "; label = "SO"; break; case HAL_USER_WHEEL: - prompt = "Enter wheel PIN: "; + prompt = "Enter new wheel PIN: "; label = "wheel"; break; @@ -237,11 +241,11 @@ static int set_pin(const hal_user_t user, const int read_from_stdin) const size_t len = strlen(pin); - if (len < P11_MIN_PIN_LENGTH || len > P11_MAX_PIN_LENGTH) { + if (len < hal_rpc_min_pin_length || len > hal_rpc_max_pin_length) { fprintf(stderr, "Unacceptable length %lu for %s PIN, allowed range [%lu, %lu]\n", (unsigned long) len, label, - (unsigned long) P11_MIN_PIN_LENGTH, - (unsigned long) P11_MAX_PIN_LENGTH); + (unsigned long) hal_rpc_min_pin_length, + (unsigned long) hal_rpc_max_pin_length); memset(pin, 0, sizeof(pin)); return 0; } @@ -260,31 +264,96 @@ static int set_pin(const hal_user_t user, const int read_from_stdin) return 1; } +static int login(const int login_as_so, const int read_from_stdin) +{ + const hal_user_t user = login_as_so ? HAL_USER_SO : HAL_USER_WHEEL; + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + char pin[hal_rpc_max_pin_length + 1], *p; + const char *prompt = NULL; + + switch (user) { + + case HAL_USER_SO: + prompt = "Enter current SO PIN: "; + break; + + case HAL_USER_WHEEL: + prompt = "Enter current wheel PIN: "; + break; + + default: + return 0; + } + + if (read_from_stdin) { + if (fgets(pin, sizeof(pin), stdin) == NULL) { + perror("Couldn't read PIN"); + return 0; + } + if ((p = strchr(pin, '\n')) != NULL) + *p = '\0'; + } + + else { + if (!getpin_tty(prompt, pin, sizeof(pin))) + return 0; + } + + const hal_error_t err = hal_rpc_login(client, user, pin, strlen(pin)); + + if (err != HAL_OK) + fprintf(stderr, "Couldn't log in: %s\n", hal_error_string(err)); + + memset(pin, 0, sizeof(pin)); + + return err == HAL_OK; +} + int main(int argc, char *argv[]) { - int do_set_so_pin = 0, do_set_user_pin = 0, do_set_wheel_pin = 0, read_from_stdin = 0; + int set_so_pin = 0, set_user_pin = 0, set_wheel_pin = 0, read_from_stdin = 0, login_as_so = 0; hal_error_t err; + int ok = 0; + + parse_args(argc, argv, &set_so_pin, &set_user_pin, &set_wheel_pin, &read_from_stdin, &login_as_so); + + if ((err = hal_rpc_client_init()) != HAL_OK) { + fprintf(stderr, "Couldn't initialize RPC: %s\n", hal_error_string(err)); + goto fail; + } - parse_args(argc, argv, &do_set_so_pin, &do_set_user_pin, &do_set_wheel_pin, &read_from_stdin); + if (!login(login_as_so, read_from_stdin)) { + fprintf(stderr, "Couldn't log in\n"); + goto fail; + } - if ((err = hal_rpc_client_init()) != HAL_OK) - return fprintf(stderr, "Couldn't initialize RPC: %s\n", hal_error_string(err)), 1; + if (set_wheel_pin && !set_pin(HAL_USER_WHEEL, read_from_stdin)) { + fprintf(stderr, "Couldn't set wheel PIN\n"); + goto fail; + } - if (do_set_wheel_pin && !set_pin(HAL_USER_WHEEL, read_from_stdin)) - return fprintf(stderr, "Couldn't set wheel PIN\n"), 2; + if (set_so_pin && !set_pin(HAL_USER_SO, read_from_stdin)) { + fprintf(stderr, "Couldn't set SO PIN\n"); + goto fail; + } + + if (set_user_pin && !set_pin(HAL_USER_NORMAL, read_from_stdin)) { + fprintf(stderr, "Couldn't set user PIN\n"); + goto fail; + } - if (do_set_so_pin && !set_pin(HAL_USER_SO, read_from_stdin)) - return fprintf(stderr, "Couldn't set SO PIN\n"), 3; + ok = 1; - if (do_set_user_pin && !set_pin(HAL_USER_NORMAL, read_from_stdin)) - return fprintf(stderr, "Couldn't set user PIN\n"), 4; + fail: - if ((err = hal_rpc_client_close()) != HAL_OK) - return fprintf(stderr, "Couldn't shut down RPC: %s\n", hal_error_string(err)), 5; + if ((err = hal_rpc_client_close()) != HAL_OK) { + fprintf(stderr, "Couldn't shut down RPC: %s\n", hal_error_string(err)); + ok = 0; + } - return 0; + return !ok; } /* -- cgit v1.2.3