From 8b206a59ccfd64eda0017e0c8fa2e19637a95766 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 16 Jan 2008 14:24:33 +0000
Subject: [PATCH] Use HX509_CERTS_UNPROTECT_ALL when there is no pin code.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22463 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/softp11.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/lib/hx509/softp11.c b/lib/hx509/softp11.c
index 8887e1d89..b44666ea1 100644
--- a/lib/hx509/softp11.c
+++ b/lib/hx509/softp11.c
@@ -604,12 +604,15 @@ add_certificate(const char *cert_file,
 {
     hx509_certs certs;
     hx509_lock lock = NULL;
-    int ret;
+    int ret, flags = 0;
 
     struct foo foo;
     foo.id = id;
     foo.label = label;
 
+    if (pin == NULL)
+	flags |= HX509_CERTS_UNPROTECT_ALL;
+
     if (pin) {
 	char *str;
 	asprintf(&str, "PASS:%s", pin);
@@ -621,7 +624,7 @@ add_certificate(const char *cert_file,
 	free(str);
     }
 
-    ret = hx509_certs_init(context, cert_file, 0, lock, &certs);
+    ret = hx509_certs_init(context, cert_file, flags, lock, &certs);
     if (ret) {
 	st_logf("failed to open file %s\n", cert_file);
 	return CKR_GENERAL_ERROR;
@@ -694,6 +697,7 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
     int anchor;
     FILE *f;
     CK_RV ret = CKR_OK;
+    CK_RV failed = CKR_OK;
 
     f = fopen(fn, "r");
     if (f == NULL) {
@@ -745,7 +749,7 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
 	    
 	    ret = add_certificate(cert, pin, id, label);
 	    if (ret)
-		goto out;
+		failed = ret;
 	} else if (strcasecmp("debug", type) == 0) {
 	    char *name;
 
@@ -755,6 +759,9 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
 		continue;
 	    }
 
+	    if (soft_token.logfile)
+		fclose(soft_token.logfile);
+
 	    if (strcasecmp(name, "stdout") == 0)
 		soft_token.logfile = stdout;
 	    else
@@ -769,7 +776,7 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
 out:
     fclose(f);
 
-    return ret;
+    return failed;
 }
 
 static CK_RV
@@ -849,7 +856,6 @@ C_Initialize(CK_VOID_PTR a)
 	soft_token.config_file = fn;
     }
 
-#if 0
     /*
      * XXX this should really fail if the password is missing and the
      * cert-store is protected by a password
@@ -857,7 +863,6 @@ C_Initialize(CK_VOID_PTR a)
     ret = read_conf_file(soft_token.config_file, CKU_USER, NULL);
     if (ret == CKR_OK)
 	soft_token.flags.login_done = 1;
-#endif
 
     return CKR_OK;
 }
-- 
2.11.4.GIT