Don't try to keep authenticating when bad password on protected auth path

	* gp11/gp11-module.c:
	* gp11/gp11-session.c:
	* gp11/gp11-slot.c: Don't try to keep authenticating when
	bad password on protected auth path authentication. Protected
	auth path repeats internally as necessary.

	* pkcs11/pkcs11g.h:
	* pkcs11/gck/gck-attributes.c:
	* pkcs11/gck/gck-object.c:
	* pkcs11/gck/gck-object.h:
	* pkcs11/ssh-store/gck-ssh-module.c:
	* pkcs11/ssh-store/gck-ssh-private-key.c:
	* pkcs11/ssh-store/gck-ssh-private-key.h:
	* pkcs11/ssh-store/gck-ssh-public-key.c:
	* pkcs11/ssh-store/gck-ssh-public-key.h: Added CKA_GNOME_UNIQUE
	attribute.

	* daemon/gkr-daemon.c:
	* daemon/Makefile.am:
	* daemon/pkcs11/gkr-pkcs11-auth.c: (added)
	* daemon/pkcs11/gkr-pkcs11-auth.h: (added)
	* daemon/pkcs11/gkr-pkcs11-auth-ep.c: (added)
	* daemon/pkcs11/gkr-pkcs11-daemon.c: (added)
	* daemon/pkcs11/gkr-pkcs11-daemon.h: (added)
	* daemon/pkcs11/Makefile.am:
	* daemon/pkix/gkr-pkix-asn1.c:
	* daemon/ssh/gkr-ssh-daemon.h: (removed)
	* daemon/ssh/gkr-ssh-daemon-io.c: (removed)
	* daemon/ssh/gkr-ssh-daemon-ops.c: (removed)
	* daemon/ssh/Makefile.am: (removed)
	* daemon/ui/gkr-ask-daemon.c:
	* pkcs11/ssh-agent/gck-ssh-agent.c:
	* pkcs11/ssh-agent/gck-ssh-agent-ops.c: Integrate new modular SSH agent
	as the main gnome-keyring-daemon SSH agent.

svn path=/trunk/; revision=1447

diff --git a/gp11/gp11-module.c b/gp11/gp11-module.c
index b26c97b..fe39e75 100644 (file)
--- a/gp11/gp11-module.c
+++ b/gp11/gp11-module.c
@@ -369,11 +369,15 @@ _gp11_module_fire_authenticate_slot (GP11Module *self, GP11Slot *slot, gchar *la
 
        info = gp11_slot_get_token_info (slot);
        if (info != NULL) {
-               if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
-                       gp11_token_info_free (info);
-                       *password = NULL;
-                       return TRUE;
-               }
+
+               /*
+                * We'll have tried to login at least once at this point,
+                * with NULL password. This means that CKF_PROTECTED_AUTHENTICATION_PATH
+                * tokens have had their chance and we don't need to prompt for it.
+                */
+
+               if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+                       return FALSE;
 
                if (label == NULL)
                        label = allocated = g_strdup (info->label);

diff --git a/gp11/gp11-session.c b/gp11/gp11-session.c
index a60cf02..fe84a56 100644 (file)
--- a/gp11/gp11-session.c
+++ b/gp11/gp11-session.c
@@ -1047,10 +1047,7 @@ authenticate_perform (Authenticate *args, GP11Arguments *base)
                /* Protected authentication path, just go to perform */
                if (args->protected_auth) {
                        args->state = AUTHENTICATE_PERFORM;
-                       do {
-                               rv = authenticate_perform (args, base);
-                       } while (rv == CKR_PIN_INCORRECT);
-                       return rv;
+                       return authenticate_perform (args, base);
                }
 
                /* Get the label for a prompt */

diff --git a/gp11/gp11-slot.c b/gp11/gp11-slot.c
index 843b796..ecb45f7 100644 (file)
--- a/gp11/gp11-slot.c
+++ b/gp11/gp11-slot.c
@@ -683,7 +683,7 @@ complete_open_session (OpenSession *args, CK_RV result)
 
                ret = _gp11_module_fire_authenticate_slot (module, args->slot, NULL, &args->password);
 
-               /* Call is not complete */
+               /* If authenticate returns TRUE then call is not complete */
                ret = !ret;
        }