From 19aaf573580e52265f57f9b7af7a03bfdfaf71e0 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 19 Jul 2018 11:01:31 +0200 Subject: trust: Clarify C_Login behavior that returns an error --- trust/module.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/trust/module.c b/trust/module.c index 5b73ad7..82a3fdf 100644 --- a/trust/module.c +++ b/trust/module.c @@ -844,6 +844,17 @@ sys_C_Login (CK_SESSION_HANDLE handle, p11_lock (); rv = lookup_session (handle, NULL); + /* Since the trust module is designed as a replacement + * of nssckbi, it works as a general access device as + * described in the table 1.1 of: + * . + * + * That means that the tokens provided by this module + * shall be accessed without login, and if the caller + * tries to login, the attempt should fail with an + * explicit error (otherwise, the caller cannot + * distinguish the user's login status, see also + * C_Logout below). */ if (rv == CKR_OK) rv = CKR_USER_TYPE_INVALID; -- cgit v1.1