Skip to content

Commit

Permalink
Make the text of NSS's prompts look like OpenSSL's
Browse files Browse the repository at this point in the history 
When PKINIT is built with NSS, make the text of prompts that we issue to
the user better match the text we use when we build with OpenSSL: ask
for a pass phrase when we're asking about a hardware token, ask for a
password the rest of the time, and take advantage of translations for
requests for a password.
  • Loading branch information
@nalind @greghudson
nalind authored and greghudson committed May 10, 2013
1 parent 2a39ca9 commit 32d3acd
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions src/plugins/preauth/pkinit/pkinit_crypto_nss.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -573,7 +573,7 @@ cmsdump(unsigned char *data, unsigned int length)

/* A password-prompt callback for NSS that calls the libkrb5 callback. */
static char *
crypto_pwfn(const char *what, PRBool retry, void *arg)
crypto_pwfn(const char *what, PRBool is_hardware, PRBool retry, void *arg)
{
int ret;
pkinit_identity_crypto_context id;
Expand Down Expand Up @@ -601,7 +601,10 @@ crypto_pwfn(const char *what, PRBool retry, void *arg)
pkiDebug("out of memory");
return NULL;
}
snprintf(text, text_size, "Password for %s", what);
if (is_hardware)
snprintf(text, text_size, "%s PIN", what);
else
snprintf(text, text_size, "%s %s", _("Pass phrase for"), what);
memset(&prompt, 0, sizeof(prompt));
prompt.prompt = text;
prompt.hidden = 1;
Expand Down Expand Up @@ -646,7 +649,7 @@ crypto_pwfn(const char *what, PRBool retry, void *arg)
static char *
crypto_pwcb(PK11SlotInfo *slot, PRBool retry, void *arg)
{
return crypto_pwfn(PK11_GetTokenName(slot), retry, arg);
return crypto_pwfn(PK11_GetTokenName(slot), PK11_IsHW(slot), retry, arg);
}

/* Make sure we're using our callback, and set up the callback data. */
Expand Down Expand Up @@ -2390,7 +2393,8 @@ crypto_load_pkcs12(krb5_context context,
case SEC_ERROR_BAD_PASSWORD:
pkiDebug("%s: prompting for password for %s\n",
__FUNCTION__, name);
newpass = crypto_pwfn(name, (attempt > 0), id_cryptoctx);
newpass = crypto_pwfn(name, PR_FALSE, (attempt > 0),
id_cryptoctx);
attempt++;
if (newpass != NULL) {
/* convert to 16-bit big-endian */
Expand Down

0 comments on commit 32d3acd

Please sign in to comment.