I'm in the process of getting engine_pkcs11 working with
Apache (2.2.17). In order to faciliate that, I needed to
enable a callout for unattended token login to engine_pkcs11.
Here's what I've got for that. Constructive comments welcome
and I'd also like to know how to submit the patch to be included
in a subsequent release?
---------------------------Cut---------------------------------
diff -crB engine_pkcs11-0.1.8/src/engine_pkcs11.c
engine_pkcs11-0.1.8-exec/src/engine_pkcs11.c
*** engine_pkcs11-0.1.8/src/engine_pkcs11.c 2010-01-07 04:09:57.000000000
-0600
--- engine_pkcs11-0.1.8-exec/src/engine_pkcs11.c 2011-02-10
19:03:57.000000000 -0600
***************
*** 710,715 ****
--- 710,739 ----
fail("No pin code was entered");
}
}
+ /* Call out to an external program for the PIN.
+ Similar to apache exec:
+ PIN="exec:/path/to/callout [$options]" */
+ if (strncmp(pin,"exec:",5) == 0) {
+ char *token;
+ FILE *fileptr;
+ char exec_return[1024];
+ memset (exec_return,0x00,sizeof(exec_return));
+ token = strtok(pin,":");
+ token = strtok(NULL,":");
+ fileptr = popen(token, "r");
+ if (fileptr == NULL) {
+ return -1;
+ }
+ while (fgets(exec_return, sizeof(exec_return)-1,
fileptr) != NULL) {
+ }
+ /* Get rid of carrage return from command output */
+ exec_return[strlen(exec_return)-1]='\0';
+ if (exec_return == NULL) {
+ return -1;
+ }
+ pclose(fileptr);
+ pin = strdup(&exec_return);
+ }
/* Now login in with the (possibly NULL) pin */
if (PKCS11_login(slot, 0, pin)) {
---------------------------Cut---------------------------------
R. Marc
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
