I'm in the process of getting engine_pkcs11 working with Apache (2.2.17). In order to faciliate that, I needed to enable a callout for unattended token login to engine_pkcs11.
Here's what I've got for that. Constructive comments welcome and I'd also like to know how to submit the patch to be included in a subsequent release? ---------------------------Cut--------------------------------- diff -crB engine_pkcs11-0.1.8/src/engine_pkcs11.c engine_pkcs11-0.1.8-exec/src/engine_pkcs11.c *** engine_pkcs11-0.1.8/src/engine_pkcs11.c 2010-01-07 04:09:57.000000000 -0600 --- engine_pkcs11-0.1.8-exec/src/engine_pkcs11.c 2011-02-10 19:03:57.000000000 -0600 *************** *** 710,715 **** --- 710,739 ---- fail("No pin code was entered"); } } + /* Call out to an external program for the PIN. + Similar to apache exec: + PIN="exec:/path/to/callout [$options]" */ + if (strncmp(pin,"exec:",5) == 0) { + char *token; + FILE *fileptr; + char exec_return[1024]; + memset (exec_return,0x00,sizeof(exec_return)); + token = strtok(pin,":"); + token = strtok(NULL,":"); + fileptr = popen(token, "r"); + if (fileptr == NULL) { + return -1; + } + while (fgets(exec_return, sizeof(exec_return)-1, fileptr) != NULL) { + } + /* Get rid of carrage return from command output */ + exec_return[strlen(exec_return)-1]='\0'; + if (exec_return == NULL) { + return -1; + } + pclose(fileptr); + pin = strdup(&exec_return); + } /* Now login in with the (possibly NULL) pin */ if (PKCS11_login(slot, 0, pin)) { ---------------------------Cut--------------------------------- R. Marc _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel