oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

keep one session around for the whole life of the keyset

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18024 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-09-05 20:51:30 +00:00
parent c6b0e4b61b
commit cf9a110826
1 changed files with 30 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
lib/hx509/ks_p11.c
View File

@@ -41,8 +41,10 @@ RCSID("$Id$");
struct p11_slot { struct p11_slot {
int flags; int flags;
#define P11_SESSION 1 #define P11_SESSION 1
#define P11_LOGIN_REQ 2 #define P11_SESSION_IN_USE 2
#define P11_LOGIN_DONE 4 #define P11_LOGIN_REQ 4
#define P11_LOGIN_DONE 8
CK_SESSION_HANDLE session;
CK_SLOT_ID id; CK_SLOT_ID id;
CK_BBOOL token; CK_BBOOL token;
char *name; char *name;
@@ -367,17 +369,22 @@ p11_get_session(hx509_context context,
hx509_lock lock, hx509_lock lock,
CK_SESSION_HANDLE *psession) CK_SESSION_HANDLE *psession)
{ {
CK_SESSION_HANDLE session;
CK_RV ret; CK_RV ret;
if (slot->flags & P11_SESSION) if (slot->flags & P11_SESSION_IN_USE)
_hx509_abort("slot already in session"); _hx509_abort("slot already in session");
if (slot->flags & P11_SESSION) {
slot->flags |= P11_SESSION_IN_USE;
*psession = slot->session;
return 0;
}
ret = P11FUNC(p, OpenSession, (slot->id, ret = P11FUNC(p, OpenSession, (slot->id,
CKF_SERIAL_SESSION, CKF_SERIAL_SESSION,
NULL, NULL,
NULL, NULL,
&session)); &slot->session));
if (ret != CKR_OK) { if (ret != CKR_OK) {
if (context) if (context)
hx509_set_error_string(context, 0, EINVAL, hx509_set_error_string(context, 0, EINVAL,
@@ -436,7 +443,7 @@ p11_get_session(hx509_context context,
strlcpy(pin, slot->pin, sizeof(pin)); strlcpy(pin, slot->pin, sizeof(pin));
} }
ret = P11FUNC(p, Login, (session, CKU_USER, ret = P11FUNC(p, Login, (slot->session, CKU_USER,
(unsigned char*)pin, strlen(pin))); (unsigned char*)pin, strlen(pin)));
if (ret != CKR_OK) { if (ret != CKR_OK) {
if (context) if (context)
@@ -444,7 +451,7 @@ p11_get_session(hx509_context context,
"Failed to login on slot id %d " "Failed to login on slot id %d "
"with error: 0x%08x", "with error: 0x%08x",
(int)slot->id, ret); (int)slot->id, ret);
p11_put_session(p, slot, session); p11_put_session(p, slot, slot->session);
return EINVAL; return EINVAL;
} }
if (slot->pin == NULL) { if (slot->pin == NULL) {
@@ -453,14 +460,16 @@ p11_get_session(hx509_context context,
if (context) if (context)
hx509_set_error_string(context, 0, ENOMEM, hx509_set_error_string(context, 0, ENOMEM,
"out of memory"); "out of memory");
p11_put_session(p, slot, session); p11_put_session(p, slot, slot->session);
return ENOMEM; return ENOMEM;
} }
} }
} else } else
slot->flags |= P11_LOGIN_DONE; slot->flags |= P11_LOGIN_DONE;
*psession = session; slot->flags |= P11_SESSION_IN_USE;
*psession = slot->session;
return 0; return 0;
} }
@@ -470,15 +479,9 @@ p11_put_session(struct p11_module *p,
struct p11_slot *slot, struct p11_slot *slot,
CK_SESSION_HANDLE session) CK_SESSION_HANDLE session)
{ {
int ret; if ((slot->flags & P11_SESSION_IN_USE) == 0)
if ((slot->flags & P11_SESSION) == 0)
_hx509_abort("slot not in session"); _hx509_abort("slot not in session");
slot->flags &= ~P11_SESSION; slot->flags &= ~P11_SESSION_IN_USE;
ret = P11FUNC(p, CloseSession, (session));
if (ret != CKR_OK)
return EINVAL;
return 0; return 0;
} }
@@ -926,6 +929,16 @@ p11_release_module(struct p11_module *p)
dlclose(p->dl_handle); dlclose(p->dl_handle);
for (i = 0; i < p->num_slots; i++) { for (i = 0; i < p->num_slots; i++) {
if (p->slot->flags & P11_SESSION_IN_USE)
_hx509_abort("pkcs11 module release while session in use");
if (p->slot->flags & P11_SESSION) {
int ret;
ret = P11FUNC(p, CloseSession, (p->slot->session));
if (ret != CKR_OK)
;
}
if (p->slot[i].certs) if (p->slot[i].certs)
hx509_certs_free(&p->slot[i].certs); hx509_certs_free(&p->slot[i].certs);
if (p->slot[i].name) if (p->slot[i].name)