Update ykcs11.c
According to PKCS11 spec CKR_SESSION_READ_ONLY_EXISTS should only be returned by C_Login when SO user is logging in. From spec: If the application calling C_Login has a R/O session open with the token, then it will be unable to log the SO into a session (see [PKCS11-UG] for further details). An attempt to do this will result in the error code CKR_SESSION_READ_ONLY_EXISTS.
This commit is contained in:
+2
-2
@@ -731,8 +731,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
|||||||
return CKR_SESSION_HANDLE_INVALID;
|
return CKR_SESSION_HANDLE_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((session.info.flags & CKF_RW_SESSION) == 0) { // TODO: make macros for these?
|
if (userType == CKU_SO && (session.info.flags & CKF_RW_SESSION) == 0) { // TODO: make macros for these?
|
||||||
DBG("Tried to log-in to a read-only session");
|
DBG("Tried to log-in SO user to a read-only session");
|
||||||
return CKR_SESSION_READ_ONLY_EXISTS;
|
return CKR_SESSION_READ_ONLY_EXISTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user