krb5 commit: Make the text of NSS's prompts look like OpenSSL's

Greg Hudson ghudson at MIT.EDU
Mon May 13 02:00:05 EDT 2013 

https://github.com/krb5/krb5/commit/32d3acdb20b3a770a4f15a69caaed32eaf0be2e4
commit 32d3acdb20b3a770a4f15a69caaed32eaf0be2e4
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Tue Dec 18 17:41:11 2012 -0500

    Make the text of NSS's prompts look like OpenSSL's
    
    When PKINIT is built with NSS, make the text of prompts that we issue to
    the user better match the text we use when we build with OpenSSL: ask
    for a pass phrase when we're asking about a hardware token, ask for a
    password the rest of the time, and take advantage of translations for
    requests for a password.

 src/plugins/preauth/pkinit/pkinit_crypto_nss.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 1aae614..34457a6 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -573,7 +573,7 @@ cmsdump(unsigned char *data, unsigned int length)
 
 /* A password-prompt callback for NSS that calls the libkrb5 callback. */
 static char *
-crypto_pwfn(const char *what, PRBool retry, void *arg)
+crypto_pwfn(const char *what, PRBool is_hardware, PRBool retry, void *arg)
 {
     int ret;
     pkinit_identity_crypto_context id;
@@ -601,7 +601,10 @@ crypto_pwfn(const char *what, PRBool retry, void *arg)
         pkiDebug("out of memory");
         return NULL;
     }
-    snprintf(text, text_size, "Password for %s", what);
+    if (is_hardware)
+        snprintf(text, text_size, "%s PIN", what);
+    else
+        snprintf(text, text_size, "%s %s", _("Pass phrase for"), what);
     memset(&prompt, 0, sizeof(prompt));
     prompt.prompt = text;
     prompt.hidden = 1;
@@ -646,7 +649,7 @@ crypto_pwfn(const char *what, PRBool retry, void *arg)
 static char *
 crypto_pwcb(PK11SlotInfo *slot, PRBool retry, void *arg)
 {
-    return crypto_pwfn(PK11_GetTokenName(slot), retry, arg);
+    return crypto_pwfn(PK11_GetTokenName(slot), PK11_IsHW(slot), retry, arg);
 }
 
 /* Make sure we're using our callback, and set up the callback data. */
@@ -2390,7 +2393,8 @@ crypto_load_pkcs12(krb5_context context,
             case SEC_ERROR_BAD_PASSWORD:
                 pkiDebug("%s: prompting for password for %s\n",
                          __FUNCTION__, name);
-                newpass = crypto_pwfn(name, (attempt > 0), id_cryptoctx);
+                newpass = crypto_pwfn(name, PR_FALSE, (attempt > 0),
+                                      id_cryptoctx);
                 attempt++;
                 if (newpass != NULL) {
                     /* convert to 16-bit big-endian */

More information about the cvs-krb5 mailing list