setpin.c revision 49e212991a3065f7e499a4b29ae8d8eaf33f3135
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file implements the setpin operation for this tool.
* The basic flow of the process is to load the PKCS#11 module,
* finds the soft token, prompt the user for the old PIN (if
* any) and the new PIN, change the token's PIN, and clean up.
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <cryptoutil.h>
#include <security/cryptoki.h>
#include "common.h"
/*
* Changes the token's PIN.
*/
int
/* ARGSUSED */
{
int opt;
extern int optind_av;
extern char *optarg_av;
char *token_spec = NULL;
char *token_name = NULL;
char full_name[FULL_NAME_LEN];
cryptodebug("inside pk_setpin");
switch (opt) {
case 'T': /* token specifier */
if (token_spec)
return (PK_ERR_USAGE);
break;
default:
return (PK_ERR_USAGE);
break;
}
}
/* If nothing is specified, default is to use softtoken. */
if (token_spec == NULL) {
} else {
/*
* Parse token specifier into token_name, manuf_id, serial_no.
* Token_name is required; manuf_id and serial_no are optional.
*/
&serial_no) < 0)
return (PK_ERR_USAGE);
}
/* No additional args allowed. */
if (argc != 0)
return (PK_ERR_USAGE);
/* Done parsing command line options. */
/* Find the slot with token. */
return (PK_ERR_PK11);
}
/*
* If the token is the softtoken, check if the token flags show the
* PIN has not been set yet. If not then set the old PIN to the
* default "changeme". Otherwise, let user type in the correct old
* PIN to unlock token.
*/
if (pin_state == CKF_USER_PIN_TO_BE_CHANGED &&
cryptodebug("pin_state: first time passphrase is being set");
NULL) {
return (PK_ERR_PK11);
}
} else {
cryptodebug("pin_state: changing an existing pin ");
gettext("Unable to get token passphrase (%s)."),
return (PK_ERR_PK11);
}
}
/* Get the user's new PIN. */
if (rv == CKR_PIN_INCORRECT)
"Passphrases do not match."));
else
"Unable to get and confirm new passphrase (%s)."),
return (PK_ERR_PK11);
}
/* Open a R/W session to the token to change the PIN. */
gettext("Unable to open token session (%s)."),
return (PK_ERR_PK11);
}
/* Change the PIN if possible. */
cryptodebug("calling C_SetPIN");
/* Clean up. */
if (rv == CKR_PIN_INCORRECT)
gettext("Incorrect passphrase."));
else
gettext("Unable to change passphrase (%s)."),
return (PK_ERR_PK11);
}
return (0);
}