* gp11/gp11-module.c:
* gp11/gp11-session.c:
* gp11/gp11-slot.c: Don't try to keep authenticating when
bad password on protected auth path authentication. Protected
auth path repeats internally as necessary.
* pkcs11/pkcs11g.h:
* pkcs11/gck/gck-attributes.c:
* pkcs11/gck/gck-object.c:
* pkcs11/gck/gck-object.h:
* pkcs11/ssh-store/gck-ssh-module.c:
* pkcs11/ssh-store/gck-ssh-private-key.c:
* pkcs11/ssh-store/gck-ssh-private-key.h:
* pkcs11/ssh-store/gck-ssh-public-key.c:
* pkcs11/ssh-store/gck-ssh-public-key.h: Added CKA_GNOME_UNIQUE
attribute.
* daemon/gkr-daemon.c:
* daemon/Makefile.am:
* daemon/pkcs11/gkr-pkcs11-auth.c: (added)
* daemon/pkcs11/gkr-pkcs11-auth.h: (added)
* daemon/pkcs11/gkr-pkcs11-auth-ep.c: (added)
* daemon/pkcs11/gkr-pkcs11-daemon.c: (added)
* daemon/pkcs11/gkr-pkcs11-daemon.h: (added)
* daemon/pkcs11/Makefile.am:
* daemon/pkix/gkr-pkix-asn1.c:
* daemon/ssh/gkr-ssh-daemon.h: (removed)
* daemon/ssh/gkr-ssh-daemon-io.c: (removed)
* daemon/ssh/gkr-ssh-daemon-ops.c: (removed)
* daemon/ssh/Makefile.am: (removed)
* daemon/ui/gkr-ask-daemon.c:
* pkcs11/ssh-agent/gck-ssh-agent.c:
* pkcs11/ssh-agent/gck-ssh-agent-ops.c: Integrate new modular SSH agent
as the main gnome-keyring-daemon SSH agent.
svn path=/trunk/; revision=1447
info = gp11_slot_get_token_info (slot);
if (info != NULL) {
- if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
- gp11_token_info_free (info);
- *password = NULL;
- return TRUE;
- }
+
+ /*
+ * We'll have tried to login at least once at this point,
+ * with NULL password. This means that CKF_PROTECTED_AUTHENTICATION_PATH
+ * tokens have had their chance and we don't need to prompt for it.
+ */
+
+ if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+ return FALSE;
if (label == NULL)
label = allocated = g_strdup (info->label);
/* Protected authentication path, just go to perform */
if (args->protected_auth) {
args->state = AUTHENTICATE_PERFORM;
- do {
- rv = authenticate_perform (args, base);
- } while (rv == CKR_PIN_INCORRECT);
- return rv;
+ return authenticate_perform (args, base);
}
/* Get the label for a prompt */
ret = _gp11_module_fire_authenticate_slot (module, args->slot, NULL, &args->password);
- /* Call is not complete */
+ /* If authenticate returns TRUE then call is not complete */
ret = !ret;
}