Re: [opensc-devel] Exec patch

Douglas E. Engert Fri, 11 Feb 2011 09:38:53 -0800


On 2/10/2011 7:09 PM, Marc Phillips wrote:
> I'm in the process of getting engine_pkcs11 working with
> Apache (2.2.17).  In order to faciliate that, I needed to
> enable a callout for unattended token login to engine_pkcs11.


>
> Here's what I've got for that.  Constructive comments welcome
> and I'd also like to know how to submit the patch to be included
> in a subsequent release?
>

Is there any reason you can not use the ui_method and callback_data?
Its intent was to allow for prompting for a pin using using some
method provied by the caller. For example if using pam.
It could be used to read your file.


> ---------------------------Cut---------------------------------
> diff -crB engine_pkcs11-0.1.8/src/engine_pkcs11.c 
> engine_pkcs11-0.1.8-exec/src/engine_pkcs11.c
> *** engine_pkcs11-0.1.8/src/engine_pkcs11.c     2010-01-07 04:09:57.000000000 
> -0600
> --- engine_pkcs11-0.1.8-exec/src/engine_pkcs11.c        2011-02-10 
> 19:03:57.000000000 -0600
> ***************
> *** 710,715 ****
> --- 710,739 ----
>                                  fail("No pin code was entered");
>                          }
>                  }
> +               /* Call out to an external program for the PIN.
> +                  Similar to apache exec:
> +                  PIN="exec:/path/to/callout [$options]" */
> +               if (strncmp(pin,"exec:",5) == 0) {
> +                         char *token;
> +                         FILE *fileptr;
> +                         char exec_return[1024];
> +                         memset (exec_return,0x00,sizeof(exec_return));
> +                         token = strtok(pin,":");
> +                         token = strtok(NULL,":");
> +                         fileptr = popen(token, "r");
> +                         if (fileptr == NULL) {
> +                                 return -1;
> +                         }
> +                         while (fgets(exec_return, sizeof(exec_return)-1, 
> fileptr) != NULL) {
> +                         }
> +                         /* Get rid of carrage return from command output */
> +                         exec_return[strlen(exec_return)-1]='\0';
> +                         if (exec_return == NULL) {
> +                                 return -1;
> +                         }
> +                         pclose(fileptr);
> +                         pin = strdup(&exec_return);
> +                 }
>
>                  /* Now login in with the (possibly NULL) pin */
>                  if (PKCS11_login(slot, 0, pin)) {
>
> ---------------------------Cut---------------------------------
>
> R. Marc
> _______________________________________________
> opensc-devel mailing list
> [email protected]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

-- 

  Douglas E. Engert  <[email protected]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Exec patch

Reply via email to