From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40547)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <halfline@gmail.com>) id 1VIXEx-0001Cy-K2
	for qemu-devel@nongnu.org; Sun, 08 Sep 2013 01:08:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <halfline@gmail.com>) id 1VIXEs-0002kv-98
	for qemu-devel@nongnu.org; Sun, 08 Sep 2013 01:08:51 -0400
Received: from mail-qc0-x230.google.com ([2607:f8b0:400d:c01::230]:44779)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <halfline@gmail.com>) id 1VIXEs-0002kr-5D
	for qemu-devel@nongnu.org; Sun, 08 Sep 2013 01:08:46 -0400
Received: by mail-qc0-f176.google.com with SMTP id u20so2195148qcx.35
	for <qemu-devel@nongnu.org>; Sat, 07 Sep 2013 22:08:45 -0700 (PDT)
From: Ray Strode <halfline@gmail.com>
Date: Sun,  8 Sep 2013 01:08:37 -0400
Message-Id: <1378616919-18169-1-git-send-email-halfline@gmail.com>
Subject: [Qemu-devel] [PATCH 0/2] Try to fix problem with emulated
	smartcards where invalid PIN succeeds
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Alon Levy <alevy@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>, Robert Relyea <rrelyea@redhat.com>

I started writing a blog post yesterday about virtualized smartcards here:

https://blogs.gnome.org/halfline/2013/09/08/another-smartcard-post/

and while testing what I was writing I noticed an invalid PIN worked when
it shouldn't have. It turns out that typing a valid PIN once in one program in
the guest, is enough to make all future programs asking for the PIN to succeed
regardless of what gets typed in for the PIN.

I did some digging through the libcacard code, and noticed it uses the
NSS PK11_Authenticate function which calls a function that has this comment above it:

    If we're already logged in and this function is called we
    will still prompt for a password, but we will probably succeed
    no matter what the password was.

Also, PK11_Authenticate short-circuits to an early "return SECSuccess" if the token
is already logged in.

The two patches in this series attempt to correct this problem by calling PK11_Logout.
I'm not 100% certain I've placed the PK11_Logout call in the best place, but it does
seeming to fix the issue.