Patrik Martinsson wrote:
> I just wanted to share a small program I wrote for unlocking pin's
> with your puk.
..
> Any comments, suggestions, improvements, thoughts around this
> method,
> are welcome. (Go easy on the coding-part since I'm not a
> programmer)
The approach seems fine to me. Some things to consider for the
implementation:
* Is there also a limit to the number of unlock attempts? What
happens when the limit is reached?
* Any memory used to store a PIN should IMO be mlock()ed before the
first use.
* Any memory used to store a PIN should IMO be erased as soon as it
is no longer needed.
> /* Handle user input */
> int handle_input(int puk, char *input, CK_SESSION_HANDLE session){
> int i = 0;
> int c = 0;
>
> /* Disable echo */
> struct termios oflags, nflags;
> tcgetattr(fileno(stdin), &oflags);
> nflags = oflags;
> nflags.c_lflag &= ~ECHO;
> nflags.c_lflag |= ECHONL;
>
> if (tcsetattr(fileno(stdin), TCSANOW, &nflags) != 0) {
> printdebug("Terminal", "Echo disabling failed");
> finish(1, session);
> }
>
> /* Scan input */
> if (scanf("%10s", input) != 1){
* I would reuse e.g. the OpenSSH read_passphrase() code instead:
http://anoncvs.mindrot.org/index.cgi/openssh/readpass.c?view=markup#l107
As a bonus it may even allow staying in X if you set up a special
session for the unlock user.
//Peter
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
