setpin.c revision 7711facfe58561dd91d6ece0f5f41150c3956c83
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file implements the setpin operation for this tool.
* The basic flow of the process is to load the PKCS#11 module,
* finds the soft token, prompt the user for the old PIN (if
* any) and the new PIN, change the token's PIN, and clean up.
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <cryptoutil.h>
#include <security/cryptoki.h>
#include "common.h"
/*
* Changes the token's PIN.
*/
int
/* ARGSUSED */
{
char *token_name = NULL;
char full_name[FULL_NAME_LEN];
cryptodebug("inside pk_setpin");
/* Get rid of subcommand word "setpin". */
argc--;
argv++;
/* No additional args allowed. */
if (argc != 0)
return (PK_ERR_USAGE);
/* Done parsing command line options. */
/*
* Token_name, manuf_id, and serial_no are all optional.
* If unspecified, token_name must have a default value
* at least, so set it to the default softtoken value.
*/
if (token_name == NULL)
/* Find the slot with token. */
return (PK_ERR_PK11);
}
/*
* If the token is the softtoken, check if the token flags show the
* PIN has not been set yet. If not then set the old PIN to the
* default "changeme". Otherwise, let user type in the correct old
* PIN to unlock token.
*/
if (pin_state == CKF_USER_PIN_TO_BE_CHANGED &&
cryptodebug("pin_state: first time passphrase is being set");
NULL) {
return (PK_ERR_PK11);
}
} else {
cryptodebug("pin_state: changing an existing pin ");
gettext("Unable to get token passphrase (%s)."),
return (PK_ERR_PK11);
}
}
/* Get the user's new PIN. */
if (rv == CKR_PIN_INCORRECT)
"Passphrases do not match."));
else
"Unable to get and confirm new passphrase (%s)."),
return (PK_ERR_PK11);
}
/* Open a R/W session to the token to change the PIN. */
gettext("Unable to open token session (%s)."),
return (PK_ERR_PK11);
}
/* Change the PIN if possible. */
cryptodebug("calling C_SetPIN");
/* Clean up. */
if (rv == CKR_PIN_INCORRECT)
gettext("Incorrect passphrase."));
else
gettext("Unable to change passphrase (%s)."),
return (PK_ERR_PK11);
}
return (0);
}