/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
* Copyright 2012 Milan Jurik. All rights reserved.
*/
/*
* This file implements the setpin operation for this tool.
* The basic flow of the process is to load the PKCS#11 module,
* finds the soft token, prompt the user for the old PIN (if
* any) and the new PIN, change the token's PIN, and clean up.
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <cryptoutil.h>
#include <security/cryptoki.h>
#include "common.h"
static int
{
int rv = 0;
int numattrs = 0;
return (rv);
numattrs++;
if (token_spec != NULL) {
numattrs++;
}
gettext("Unable to get token passphrase."));
return (PK_ERR_NSS);
}
/* Get the user's new PIN. */
if (rv == CKR_PIN_INCORRECT)
"Passphrases do not match."));
else
"Unable to get and confirm new passphrase."));
return (PK_ERR_NSS);
}
numattrs++;
&newpincred, sizeof (newpincred));
numattrs++;
if (new_pin)
if (old_pin)
return (rv);
}
static int
{
int numattr = 0;
/* If nothing is specified, default is to use softtoken. */
if (token_spec == NULL) {
}
/* find the pin state for the selected token */
return (PK_ERR_PK11);
if (token_name == NULL)
}
/*
* If the token is the softtoken, check if the token flags show the
* PIN has not been set yet. If not then set the old PIN to the
* default "changeme". Otherwise, let user type in the correct old
* PIN to unlock token.
*/
if (pin_state == CKF_USER_PIN_TO_BE_CHANGED &&
NULL) {
return (PK_ERR_PK11);
}
} else {
gettext("Unable to get token passphrase (%s)."),
return (PK_ERR_PK11);
}
}
/* Get the user's new PIN. */
if (rv == CKR_PIN_INCORRECT)
"Passphrases do not match."));
else
"Unable to get and confirm new passphrase (%s)."),
return (PK_ERR_PK11);
}
numattr++;
if (token_name != NULL) {
numattr++;
}
numattr++;
numattr++;
&newpincred, sizeof (newpincred));
numattr++;
if (souser) {
numattr++;
}
/* Clean up. */
return (rv);
}
/*
* Changes the token's PIN.
*/
int
/* ARGSUSED */
{
int opt;
int rv;
extern int optind_av;
extern char *optarg_av;
"T:(token)k:(keystore)d:(dir)"
"p:(prefix)u:(usertype)")) != EOF) {
switch (opt) {
case 'k':
if (kstype == 0)
return (PK_ERR_USAGE);
break;
case 'T': /* token specifier */
if (token_spec)
return (PK_ERR_USAGE);
break;
case 'd':
if (dir)
return (PK_ERR_USAGE);
break;
case 'p':
if (prefix)
return (PK_ERR_USAGE);
break;
case 'u':
break;
default:
return (PK_ERR_USAGE);
}
}
/* No additional args allowed. */
if (argc != 0)
return (PK_ERR_USAGE);
/* Done parsing command line options. */
}
return (rv);
souser = 1;
souser = 0;
else /* Wrong option string */
return (PK_ERR_USAGE);
}
switch (kstype) {
case KMF_KEYSTORE_PK11TOKEN:
break;
case KMF_KEYSTORE_NSS:
break;
default:
gettext("incorrect keystore."));
return (PK_ERR_USAGE);
}
(void) kmf_finalize(handle);
if (rv == KMF_ERR_AUTH_FAILED) {
gettext("Incorrect passphrase."));
return (PK_ERR_SYSTEM);
gettext("Unable to change passphrase."));
return (PK_ERR_SYSTEM);
} else {
}
return (0);
}