17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 590e0e8c4Sizick * Common Development and Distribution License (the "License"). 690e0e8c4Sizick * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*c5866e1dSPeter Shoults * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 237c478bd9Sstevel@tonic-gate */ 247c478bd9Sstevel@tonic-gate 257c478bd9Sstevel@tonic-gate #include <pthread.h> 267c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 277c478bd9Sstevel@tonic-gate #include "softGlobal.h" 287c478bd9Sstevel@tonic-gate #include "softSession.h" 297c478bd9Sstevel@tonic-gate #include "softObject.h" 307c478bd9Sstevel@tonic-gate #include "softKeystore.h" 317c478bd9Sstevel@tonic-gate #include "softKeystoreUtil.h" 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate CK_RV 357c478bd9Sstevel@tonic-gate C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, 367c478bd9Sstevel@tonic-gate CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession) 377c478bd9Sstevel@tonic-gate { 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 427c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate /* 457c478bd9Sstevel@tonic-gate * For legacy reasons, the CKF_SERIAL_SESSION bit must always 467c478bd9Sstevel@tonic-gate * be set. 477c478bd9Sstevel@tonic-gate */ 487c478bd9Sstevel@tonic-gate if (!(flags & CKF_SERIAL_SESSION)) 497c478bd9Sstevel@tonic-gate return (CKR_SESSION_PARALLEL_NOT_SUPPORTED); 507c478bd9Sstevel@tonic-gate 517c478bd9Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID) 527c478bd9Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID); 537c478bd9Sstevel@tonic-gate 547c478bd9Sstevel@tonic-gate if (phSession == NULL) 557c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD); 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate /* 587c478bd9Sstevel@tonic-gate * softtoken has no limit on the number of concurrent sessions 597c478bd9Sstevel@tonic-gate * that the token allows. No need to check to see if the 607c478bd9Sstevel@tonic-gate * token has too many sessions already open. 617c478bd9Sstevel@tonic-gate */ 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate /* Create a new session */ 647c478bd9Sstevel@tonic-gate rv = soft_add_session(flags, pApplication, Notify, phSession); 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate return (rv); 677c478bd9Sstevel@tonic-gate 687c478bd9Sstevel@tonic-gate } 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate CK_RV 717c478bd9Sstevel@tonic-gate C_CloseSession(CK_SESSION_HANDLE hSession) 727c478bd9Sstevel@tonic-gate { 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate CK_RV rv; 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate soft_session_t *session_p; 777c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE; 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 807c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate /* 837c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 847c478bd9Sstevel@tonic-gate * reference count. 857c478bd9Sstevel@tonic-gate */ 867c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 877c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 887c478bd9Sstevel@tonic-gate return (rv); 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 917c478bd9Sstevel@tonic-gate /* 920106fafcShaimay * Set SESSION_IS_CLOSING flag so any access to this 937c478bd9Sstevel@tonic-gate * session will be rejected. 947c478bd9Sstevel@tonic-gate */ 950106fafcShaimay if (session_p->ses_close_sync & SESSION_IS_CLOSING) { 960106fafcShaimay SES_REFRELE(session_p, lock_held); 970106fafcShaimay return (CKR_SESSION_CLOSED); 980106fafcShaimay } 997c478bd9Sstevel@tonic-gate session_p->ses_close_sync |= SESSION_IS_CLOSING; 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate /* 1027c478bd9Sstevel@tonic-gate * Decrement the session reference count. 1037c478bd9Sstevel@tonic-gate * We hold the session lock, and SES_REFRELE() 1047c478bd9Sstevel@tonic-gate * will release the session lock for us. 1057c478bd9Sstevel@tonic-gate */ 1067c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 1077c478bd9Sstevel@tonic-gate 1087c478bd9Sstevel@tonic-gate /* 1097c478bd9Sstevel@tonic-gate * Delete a session by calling soft_delete_session() with 1107c478bd9Sstevel@tonic-gate * a session pointer and a boolean arguments. Boolean 1117c478bd9Sstevel@tonic-gate * value FALSE is used to indicate that the caller does not 112a62b4373Sdarrenm * hold the lock on the global session list and also that 113a62b4373Sdarrenm * this is not a forced session close but an explicit request. 1147c478bd9Sstevel@tonic-gate * 1157c478bd9Sstevel@tonic-gate * soft_delete_session() will reset SESSION_IS_CLOSING 1167c478bd9Sstevel@tonic-gate * flag after it is done. 1177c478bd9Sstevel@tonic-gate */ 118a62b4373Sdarrenm rv = soft_delete_session(session_p, B_FALSE, B_FALSE); 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate if (soft_session_cnt == 0) { 1217c478bd9Sstevel@tonic-gate /* Clean up private token objects from the token object list */ 1227c478bd9Sstevel@tonic-gate soft_delete_all_in_core_token_objects(PRIVATE_TOKEN); 1237c478bd9Sstevel@tonic-gate /* 1247c478bd9Sstevel@tonic-gate * Invalidate public token object handles instead of 1257c478bd9Sstevel@tonic-gate * deleting them. 1267c478bd9Sstevel@tonic-gate */ 1277c478bd9Sstevel@tonic-gate soft_validate_token_objects(B_FALSE); 1287c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex); 1297c478bd9Sstevel@tonic-gate soft_slot.authenticated = 0; 1307c478bd9Sstevel@tonic-gate soft_slot.userpin_change_needed = 0; 1317c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 1327c478bd9Sstevel@tonic-gate } 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate return (rv); 1357c478bd9Sstevel@tonic-gate } 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate CK_RV 1397c478bd9Sstevel@tonic-gate C_CloseAllSessions(CK_SLOT_ID slotID) 1407c478bd9Sstevel@tonic-gate { 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 1457c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 1467c478bd9Sstevel@tonic-gate 1477c478bd9Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID) 1487c478bd9Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID); 1497c478bd9Sstevel@tonic-gate 1507c478bd9Sstevel@tonic-gate /* Acquire the global session list lock */ 1517c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex); 1527c478bd9Sstevel@tonic-gate /* 1537c478bd9Sstevel@tonic-gate * Set all_sessions_closing flag so any access to any 1547c478bd9Sstevel@tonic-gate * existing sessions will be rejected. 1557c478bd9Sstevel@tonic-gate */ 1567c478bd9Sstevel@tonic-gate all_sessions_closing = 1; 1577c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex); 1587c478bd9Sstevel@tonic-gate 1597c478bd9Sstevel@tonic-gate /* Delete all the sessions and release the allocated resources */ 160a62b4373Sdarrenm rv = soft_delete_all_sessions(B_FALSE); 1617c478bd9Sstevel@tonic-gate 1627c478bd9Sstevel@tonic-gate /* Clean up private token objects from the token object list */ 1637c478bd9Sstevel@tonic-gate soft_delete_all_in_core_token_objects(PRIVATE_TOKEN); 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate /* Invalidate public token object handles instead of deleting them */ 1667c478bd9Sstevel@tonic-gate soft_validate_token_objects(B_FALSE); 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex); 1697c478bd9Sstevel@tonic-gate soft_slot.authenticated = 0; 1707c478bd9Sstevel@tonic-gate soft_slot.userpin_change_needed = 0; 1717c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 1727c478bd9Sstevel@tonic-gate 1737c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex); 1747c478bd9Sstevel@tonic-gate /* Reset all_sessions_closing flag. */ 1757c478bd9Sstevel@tonic-gate all_sessions_closing = 0; 1767c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex); 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate return (rv); 1797c478bd9Sstevel@tonic-gate } 1807c478bd9Sstevel@tonic-gate 1817c478bd9Sstevel@tonic-gate CK_RV 1827c478bd9Sstevel@tonic-gate C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo) 1837c478bd9Sstevel@tonic-gate { 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate soft_session_t *session_p; 1867c478bd9Sstevel@tonic-gate CK_RV rv; 1877c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE; 1887c478bd9Sstevel@tonic-gate 1897c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 1907c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate /* 1937c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 1947c478bd9Sstevel@tonic-gate * reference count. 1957c478bd9Sstevel@tonic-gate */ 1967c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 1977c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 1987c478bd9Sstevel@tonic-gate return (rv); 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate if (pInfo == NULL) { 2017c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 2027c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 2037c478bd9Sstevel@tonic-gate goto clean_exit; 2047c478bd9Sstevel@tonic-gate } 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 2077c478bd9Sstevel@tonic-gate 2087c478bd9Sstevel@tonic-gate /* Provide information for the specified session */ 2097c478bd9Sstevel@tonic-gate pInfo->slotID = SOFTTOKEN_SLOTID; 2107c478bd9Sstevel@tonic-gate pInfo->state = session_p->state; 2117c478bd9Sstevel@tonic-gate pInfo->flags = session_p->flags; 2127c478bd9Sstevel@tonic-gate pInfo->ulDeviceError = 0; 2137c478bd9Sstevel@tonic-gate 2147c478bd9Sstevel@tonic-gate clean_exit: 2157c478bd9Sstevel@tonic-gate /* 2167c478bd9Sstevel@tonic-gate * Decrement the session reference count. 2177c478bd9Sstevel@tonic-gate * We hold the session lock, and SES_REFRELE() 2187c478bd9Sstevel@tonic-gate * will release the session lock for us. 2197c478bd9Sstevel@tonic-gate */ 2207c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2217c478bd9Sstevel@tonic-gate 2221c9bd843Sdinak return (rv); 2237c478bd9Sstevel@tonic-gate } 2247c478bd9Sstevel@tonic-gate 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate CK_RV 2277c478bd9Sstevel@tonic-gate C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, 2287c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulOperationStateLen) 2297c478bd9Sstevel@tonic-gate { 2307c478bd9Sstevel@tonic-gate soft_session_t *session_p; 2317c478bd9Sstevel@tonic-gate CK_RV rv; 2327c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 2337c478bd9Sstevel@tonic-gate 2347c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 2357c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 2367c478bd9Sstevel@tonic-gate 2377c478bd9Sstevel@tonic-gate /* 2387c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 2397c478bd9Sstevel@tonic-gate * reference count. 2407c478bd9Sstevel@tonic-gate */ 2417c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 2427c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 2437c478bd9Sstevel@tonic-gate return (rv); 2447c478bd9Sstevel@tonic-gate 2457c478bd9Sstevel@tonic-gate /* 2467c478bd9Sstevel@tonic-gate * Only check if pulOperationStateLen is NULL_PTR. 2477c478bd9Sstevel@tonic-gate * No need to check if pOperationState is NULL_PTR because 2487c478bd9Sstevel@tonic-gate * application might just ask for the length of buffer to hold 2497c478bd9Sstevel@tonic-gate * the OperationState. 2507c478bd9Sstevel@tonic-gate */ 2517c478bd9Sstevel@tonic-gate if (pulOperationStateLen == NULL_PTR) { 2527c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 2537c478bd9Sstevel@tonic-gate goto clean_exit; 2547c478bd9Sstevel@tonic-gate } 2557c478bd9Sstevel@tonic-gate 2567c478bd9Sstevel@tonic-gate rv = soft_get_operationstate(session_p, pOperationState, 2577c478bd9Sstevel@tonic-gate pulOperationStateLen); 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate clean_exit: 2607c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2617c478bd9Sstevel@tonic-gate return (rv); 2627c478bd9Sstevel@tonic-gate 2637c478bd9Sstevel@tonic-gate } 2647c478bd9Sstevel@tonic-gate 2657c478bd9Sstevel@tonic-gate 2667c478bd9Sstevel@tonic-gate CK_RV 2677c478bd9Sstevel@tonic-gate C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, 2687c478bd9Sstevel@tonic-gate CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey, 2697c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hAuthenticationKey) 2707c478bd9Sstevel@tonic-gate { 2717c478bd9Sstevel@tonic-gate soft_session_t *session_p; 2727c478bd9Sstevel@tonic-gate CK_RV rv; 2737c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 2747c478bd9Sstevel@tonic-gate 2757c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 2767c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate /* 2797c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 2807c478bd9Sstevel@tonic-gate * reference count. 2817c478bd9Sstevel@tonic-gate */ 2827c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 2837c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 2847c478bd9Sstevel@tonic-gate return (rv); 2857c478bd9Sstevel@tonic-gate 2867c478bd9Sstevel@tonic-gate if ((pOperationState == NULL_PTR) || 2877c478bd9Sstevel@tonic-gate (ulOperationStateLen == 0)) { 2887c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 2897c478bd9Sstevel@tonic-gate goto clean_exit; 2907c478bd9Sstevel@tonic-gate } 2917c478bd9Sstevel@tonic-gate 2927c478bd9Sstevel@tonic-gate rv = soft_set_operationstate(session_p, pOperationState, 2937c478bd9Sstevel@tonic-gate ulOperationStateLen, hEncryptionKey, hAuthenticationKey); 2947c478bd9Sstevel@tonic-gate 2957c478bd9Sstevel@tonic-gate clean_exit: 2967c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2977c478bd9Sstevel@tonic-gate return (rv); 2987c478bd9Sstevel@tonic-gate } 2997c478bd9Sstevel@tonic-gate 3007c478bd9Sstevel@tonic-gate CK_RV 3017c478bd9Sstevel@tonic-gate C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, 3027c478bd9Sstevel@tonic-gate CK_ULONG ulPinLen) 3037c478bd9Sstevel@tonic-gate { 3047c478bd9Sstevel@tonic-gate 3057c478bd9Sstevel@tonic-gate soft_session_t *session_p, *sp; 3067c478bd9Sstevel@tonic-gate CK_RV rv; 3077c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 3107c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 3117c478bd9Sstevel@tonic-gate 3127c478bd9Sstevel@tonic-gate /* 3137c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 3147c478bd9Sstevel@tonic-gate * reference count. 3157c478bd9Sstevel@tonic-gate */ 3167c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 3177c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 3187c478bd9Sstevel@tonic-gate return (rv); 3197c478bd9Sstevel@tonic-gate 32090e0e8c4Sizick /* Check the load status of keystore */ 321*c5866e1dSPeter Shoults if (!soft_keystore_status(KEYSTORE_LOAD)) { 3227c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3237c478bd9Sstevel@tonic-gate return (CKR_DEVICE_REMOVED); 3247c478bd9Sstevel@tonic-gate } 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gate if (userType != CKU_USER) { 3277c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3287c478bd9Sstevel@tonic-gate return (CKR_USER_TYPE_INVALID); 3297c478bd9Sstevel@tonic-gate } 3307c478bd9Sstevel@tonic-gate 3317c478bd9Sstevel@tonic-gate if ((ulPinLen < MIN_PIN_LEN) || (ulPinLen > MAX_PIN_LEN)) { 3327c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3337c478bd9Sstevel@tonic-gate return (CKR_PIN_LEN_RANGE); 3347c478bd9Sstevel@tonic-gate } 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gate if (pPin == NULL_PTR) { 3377c478bd9Sstevel@tonic-gate /* 3387c478bd9Sstevel@tonic-gate * We don't support CKF_PROTECTED_AUTHENTICATION_PATH 3397c478bd9Sstevel@tonic-gate */ 3407c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3417c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD); 3427c478bd9Sstevel@tonic-gate } 3437c478bd9Sstevel@tonic-gate 3447c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex); 3457c478bd9Sstevel@tonic-gate if (soft_slot.authenticated) { 3467c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 3477c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3487c478bd9Sstevel@tonic-gate return (CKR_USER_ALREADY_LOGGED_IN); 3497c478bd9Sstevel@tonic-gate } 3507c478bd9Sstevel@tonic-gate 3517c478bd9Sstevel@tonic-gate rv = soft_login(pPin, ulPinLen); 3527c478bd9Sstevel@tonic-gate if (rv == CKR_OK) { 3537c478bd9Sstevel@tonic-gate if (soft_slot.userpin_change_needed) { 3547c478bd9Sstevel@tonic-gate /* 3557c478bd9Sstevel@tonic-gate * This is the special case when the PIN is never 3567c478bd9Sstevel@tonic-gate * initialized in the keystore, which will always 3577c478bd9Sstevel@tonic-gate * return CKR_OK with "userpin_change_needed" set. 3587c478bd9Sstevel@tonic-gate */ 3597c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 3607c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3617c478bd9Sstevel@tonic-gate return (rv); 3627c478bd9Sstevel@tonic-gate } 3637c478bd9Sstevel@tonic-gate 3647c478bd9Sstevel@tonic-gate soft_slot.authenticated = 1; 3657c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 3667c478bd9Sstevel@tonic-gate } else { 3677c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 3687c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3697c478bd9Sstevel@tonic-gate return (rv); 3707c478bd9Sstevel@tonic-gate } 3717c478bd9Sstevel@tonic-gate 3727c478bd9Sstevel@tonic-gate /* 3737c478bd9Sstevel@tonic-gate * Load all the private token objects from keystore. 3747c478bd9Sstevel@tonic-gate */ 3757c478bd9Sstevel@tonic-gate rv = soft_get_token_objects_from_keystore(PRI_TOKENOBJS); 3767c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 3777c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3787c478bd9Sstevel@tonic-gate return (rv); 3797c478bd9Sstevel@tonic-gate } 3807c478bd9Sstevel@tonic-gate 3817c478bd9Sstevel@tonic-gate /* Acquire the global session list lock */ 3827c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex); 3837c478bd9Sstevel@tonic-gate 3847c478bd9Sstevel@tonic-gate sp = soft_session_list; 3857c478bd9Sstevel@tonic-gate 3867c478bd9Sstevel@tonic-gate while (sp) { 3877c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&sp->session_mutex); 3887c478bd9Sstevel@tonic-gate 3897c478bd9Sstevel@tonic-gate if (sp->flags & CKF_RW_SESSION) { 3907c478bd9Sstevel@tonic-gate sp->state = CKS_RW_USER_FUNCTIONS; 3917c478bd9Sstevel@tonic-gate } else { 3927c478bd9Sstevel@tonic-gate sp->state = CKS_RO_USER_FUNCTIONS; 3937c478bd9Sstevel@tonic-gate } 3947c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&sp->session_mutex); 3957c478bd9Sstevel@tonic-gate sp = sp->next; 3967c478bd9Sstevel@tonic-gate } 3977c478bd9Sstevel@tonic-gate 3987c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex); 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4017c478bd9Sstevel@tonic-gate return (rv); 4027c478bd9Sstevel@tonic-gate 4037c478bd9Sstevel@tonic-gate } 4047c478bd9Sstevel@tonic-gate 4057c478bd9Sstevel@tonic-gate CK_RV 4067c478bd9Sstevel@tonic-gate C_Logout(CK_SESSION_HANDLE hSession) 4077c478bd9Sstevel@tonic-gate { 4087c478bd9Sstevel@tonic-gate 4097c478bd9Sstevel@tonic-gate soft_session_t *session_p, *sp; 4107c478bd9Sstevel@tonic-gate CK_RV rv; 4117c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 4127c478bd9Sstevel@tonic-gate 4137c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 4147c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 4157c478bd9Sstevel@tonic-gate 4167c478bd9Sstevel@tonic-gate /* 4177c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 4187c478bd9Sstevel@tonic-gate * reference count. 4197c478bd9Sstevel@tonic-gate */ 4207c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 4217c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 4227c478bd9Sstevel@tonic-gate return (rv); 4237c478bd9Sstevel@tonic-gate 4247c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex); 4257c478bd9Sstevel@tonic-gate if (!soft_slot.authenticated) { 4267c478bd9Sstevel@tonic-gate if (!soft_slot.userpin_change_needed) { 4277c478bd9Sstevel@tonic-gate /* 4287c478bd9Sstevel@tonic-gate * Only if the PIN has been initialized in the keystore. 4297c478bd9Sstevel@tonic-gate */ 4307c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 4317c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4327c478bd9Sstevel@tonic-gate return (CKR_USER_NOT_LOGGED_IN); 4337c478bd9Sstevel@tonic-gate } else { 4347c478bd9Sstevel@tonic-gate soft_slot.userpin_change_needed = 0; 4357c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 4367c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4377c478bd9Sstevel@tonic-gate return (CKR_OK); 4387c478bd9Sstevel@tonic-gate } 4397c478bd9Sstevel@tonic-gate } 4407c478bd9Sstevel@tonic-gate 4417c478bd9Sstevel@tonic-gate soft_logout(); 4427c478bd9Sstevel@tonic-gate soft_slot.authenticated = 0; 4437c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex); 4447c478bd9Sstevel@tonic-gate 4457c478bd9Sstevel@tonic-gate /* Acquire the global session list lock */ 4467c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex); 4477c478bd9Sstevel@tonic-gate 4487c478bd9Sstevel@tonic-gate sp = soft_session_list; 4497c478bd9Sstevel@tonic-gate 4507c478bd9Sstevel@tonic-gate while (sp) { 4517c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&sp->session_mutex); 4527c478bd9Sstevel@tonic-gate 4537c478bd9Sstevel@tonic-gate if (sp->flags & CKF_RW_SESSION) { 4547c478bd9Sstevel@tonic-gate sp->state = CKS_RW_PUBLIC_SESSION; 4557c478bd9Sstevel@tonic-gate } else { 4567c478bd9Sstevel@tonic-gate sp->state = CKS_RO_PUBLIC_SESSION; 4577c478bd9Sstevel@tonic-gate } 4587c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&sp->session_mutex); 4597c478bd9Sstevel@tonic-gate sp = sp->next; 4607c478bd9Sstevel@tonic-gate } 4617c478bd9Sstevel@tonic-gate 4627c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex); 4637c478bd9Sstevel@tonic-gate 4647c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4657c478bd9Sstevel@tonic-gate return (rv); 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate } 468