Allow vendor defined CK_USER_TYPE in C_Login

[space88man]

Thales in Luna HSM 7 SDKs is using vendor-defined CK_USER_TYPEs. Specifically, Thales is using 0x80000001, 0x80000002, 0x80000003 to allow for some role separation in use of keys in the HSM.

This commit allows specifying the user type as an alternative to the default 0x1(CKU_USER).

// extracted from Thales Luna HSM 7 C header files
#define CKU_LIMITED_USER            0x80000001
#define CKU_AUDIT                   0x80000002
#define CKU_LIMITED_CRYPTO_OFFICER  0x80000003

[danni]

Thanks for this PR. Few comments around making this a touch more generic.

Also please make sure the user_type param ends up in the documentation. Look in types.py for where open is defined.

[space88man]

Need a bit of help with Cython...

Tried this and got pkcs11/_pkcs11.pyx:300:51: Coercion from Python not allowed without the GIL. If I don't comment out the cdef CK_USER_TYPE user_type Cython throws pkcs11/_pkcs11.pyx:260:26: 'user_type' redeclared

    def open(self, rw=False, user_pin=None, so_pin=None, user_type=None):
        cdef CK_SLOT_ID slot_id = self.slot.slot_id
        cdef CK_SESSION_HANDLE handle
        cdef CK_FLAGS flags = CKF_SERIAL_SESSION
        # cdef CK_USER_TYPE user_type
        cdef CK_UTF8CHAR *pin_data
        cdef CK_ULONG pin_length

Also pkcs11/_pkcs11.pyx:256:80: Cannot assign type 'long' to 'CK_USER_TYPE'

   # either None or 0 as default value doesn't work
    def open(self, rw=False, user_pin=None, so_pin=None, CK_USER_TYPE user_type=0):
        cdef CK_SLOT_ID slot_id = self.slot.slot_id
        cdef CK_SESSION_HANDLE handle
        cdef CK_FLAGS flags = CKF_SERIAL_SESSION
        # cdef CK_USER_TYPE user_type
        cdef CK_UTF8CHAR *pin_data
        cdef CK_ULONG pin_length

[danni]

Ahh, the problem is you need a cdef type inside of with nogil. That is to say a C type not a Python type. Try renaming cdef user_type to cdef final_user_type or similar, assigning that, and passing it into the nogil block.

[space88man]

bump