10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
51937Sizick * Common Development and Distribution License (the "License").
61937Sizick * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
22*12256SPeter.Shoults@Sun.COM * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
230Sstevel@tonic-gate */
240Sstevel@tonic-gate
250Sstevel@tonic-gate #include <pthread.h>
260Sstevel@tonic-gate #include <security/cryptoki.h>
270Sstevel@tonic-gate #include "softGlobal.h"
280Sstevel@tonic-gate #include "softSession.h"
290Sstevel@tonic-gate #include "softObject.h"
300Sstevel@tonic-gate #include "softKeystore.h"
310Sstevel@tonic-gate #include "softKeystoreUtil.h"
320Sstevel@tonic-gate
330Sstevel@tonic-gate
340Sstevel@tonic-gate CK_RV
C_OpenSession(CK_SLOT_ID slotID,CK_FLAGS flags,CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession)350Sstevel@tonic-gate C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication,
360Sstevel@tonic-gate CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
370Sstevel@tonic-gate {
380Sstevel@tonic-gate
390Sstevel@tonic-gate CK_RV rv = CKR_OK;
400Sstevel@tonic-gate
410Sstevel@tonic-gate if (!softtoken_initialized)
420Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
430Sstevel@tonic-gate
440Sstevel@tonic-gate /*
450Sstevel@tonic-gate * For legacy reasons, the CKF_SERIAL_SESSION bit must always
460Sstevel@tonic-gate * be set.
470Sstevel@tonic-gate */
480Sstevel@tonic-gate if (!(flags & CKF_SERIAL_SESSION))
490Sstevel@tonic-gate return (CKR_SESSION_PARALLEL_NOT_SUPPORTED);
500Sstevel@tonic-gate
510Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID)
520Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID);
530Sstevel@tonic-gate
540Sstevel@tonic-gate if (phSession == NULL)
550Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
560Sstevel@tonic-gate
570Sstevel@tonic-gate /*
580Sstevel@tonic-gate * softtoken has no limit on the number of concurrent sessions
590Sstevel@tonic-gate * that the token allows. No need to check to see if the
600Sstevel@tonic-gate * token has too many sessions already open.
610Sstevel@tonic-gate */
620Sstevel@tonic-gate
630Sstevel@tonic-gate /* Create a new session */
640Sstevel@tonic-gate rv = soft_add_session(flags, pApplication, Notify, phSession);
650Sstevel@tonic-gate
660Sstevel@tonic-gate return (rv);
670Sstevel@tonic-gate
680Sstevel@tonic-gate }
690Sstevel@tonic-gate
700Sstevel@tonic-gate CK_RV
C_CloseSession(CK_SESSION_HANDLE hSession)710Sstevel@tonic-gate C_CloseSession(CK_SESSION_HANDLE hSession)
720Sstevel@tonic-gate {
730Sstevel@tonic-gate
740Sstevel@tonic-gate CK_RV rv;
750Sstevel@tonic-gate
760Sstevel@tonic-gate soft_session_t *session_p;
770Sstevel@tonic-gate boolean_t lock_held = B_TRUE;
780Sstevel@tonic-gate
790Sstevel@tonic-gate if (!softtoken_initialized)
800Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
810Sstevel@tonic-gate
820Sstevel@tonic-gate /*
830Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
840Sstevel@tonic-gate * reference count.
850Sstevel@tonic-gate */
860Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
870Sstevel@tonic-gate if (rv != CKR_OK)
880Sstevel@tonic-gate return (rv);
890Sstevel@tonic-gate
900Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
910Sstevel@tonic-gate /*
92684Shaimay * Set SESSION_IS_CLOSING flag so any access to this
930Sstevel@tonic-gate * session will be rejected.
940Sstevel@tonic-gate */
95684Shaimay if (session_p->ses_close_sync & SESSION_IS_CLOSING) {
96684Shaimay SES_REFRELE(session_p, lock_held);
97684Shaimay return (CKR_SESSION_CLOSED);
98684Shaimay }
990Sstevel@tonic-gate session_p->ses_close_sync |= SESSION_IS_CLOSING;
1000Sstevel@tonic-gate
1010Sstevel@tonic-gate /*
1020Sstevel@tonic-gate * Decrement the session reference count.
1030Sstevel@tonic-gate * We hold the session lock, and SES_REFRELE()
1040Sstevel@tonic-gate * will release the session lock for us.
1050Sstevel@tonic-gate */
1060Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1070Sstevel@tonic-gate
1080Sstevel@tonic-gate /*
1090Sstevel@tonic-gate * Delete a session by calling soft_delete_session() with
1100Sstevel@tonic-gate * a session pointer and a boolean arguments. Boolean
1110Sstevel@tonic-gate * value FALSE is used to indicate that the caller does not
1121112Sdarrenm * hold the lock on the global session list and also that
1131112Sdarrenm * this is not a forced session close but an explicit request.
1140Sstevel@tonic-gate *
1150Sstevel@tonic-gate * soft_delete_session() will reset SESSION_IS_CLOSING
1160Sstevel@tonic-gate * flag after it is done.
1170Sstevel@tonic-gate */
1181112Sdarrenm rv = soft_delete_session(session_p, B_FALSE, B_FALSE);
1190Sstevel@tonic-gate
1200Sstevel@tonic-gate if (soft_session_cnt == 0) {
1210Sstevel@tonic-gate /* Clean up private token objects from the token object list */
1220Sstevel@tonic-gate soft_delete_all_in_core_token_objects(PRIVATE_TOKEN);
1230Sstevel@tonic-gate /*
1240Sstevel@tonic-gate * Invalidate public token object handles instead of
1250Sstevel@tonic-gate * deleting them.
1260Sstevel@tonic-gate */
1270Sstevel@tonic-gate soft_validate_token_objects(B_FALSE);
1280Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex);
1290Sstevel@tonic-gate soft_slot.authenticated = 0;
1300Sstevel@tonic-gate soft_slot.userpin_change_needed = 0;
1310Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
1320Sstevel@tonic-gate }
1330Sstevel@tonic-gate
1340Sstevel@tonic-gate return (rv);
1350Sstevel@tonic-gate }
1360Sstevel@tonic-gate
1370Sstevel@tonic-gate
1380Sstevel@tonic-gate CK_RV
C_CloseAllSessions(CK_SLOT_ID slotID)1390Sstevel@tonic-gate C_CloseAllSessions(CK_SLOT_ID slotID)
1400Sstevel@tonic-gate {
1410Sstevel@tonic-gate
1420Sstevel@tonic-gate CK_RV rv = CKR_OK;
1430Sstevel@tonic-gate
1440Sstevel@tonic-gate if (!softtoken_initialized)
1450Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
1460Sstevel@tonic-gate
1470Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID)
1480Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID);
1490Sstevel@tonic-gate
1500Sstevel@tonic-gate /* Acquire the global session list lock */
1510Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex);
1520Sstevel@tonic-gate /*
1530Sstevel@tonic-gate * Set all_sessions_closing flag so any access to any
1540Sstevel@tonic-gate * existing sessions will be rejected.
1550Sstevel@tonic-gate */
1560Sstevel@tonic-gate all_sessions_closing = 1;
1570Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex);
1580Sstevel@tonic-gate
1590Sstevel@tonic-gate /* Delete all the sessions and release the allocated resources */
1601112Sdarrenm rv = soft_delete_all_sessions(B_FALSE);
1610Sstevel@tonic-gate
1620Sstevel@tonic-gate /* Clean up private token objects from the token object list */
1630Sstevel@tonic-gate soft_delete_all_in_core_token_objects(PRIVATE_TOKEN);
1640Sstevel@tonic-gate
1650Sstevel@tonic-gate /* Invalidate public token object handles instead of deleting them */
1660Sstevel@tonic-gate soft_validate_token_objects(B_FALSE);
1670Sstevel@tonic-gate
1680Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex);
1690Sstevel@tonic-gate soft_slot.authenticated = 0;
1700Sstevel@tonic-gate soft_slot.userpin_change_needed = 0;
1710Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
1720Sstevel@tonic-gate
1730Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex);
1740Sstevel@tonic-gate /* Reset all_sessions_closing flag. */
1750Sstevel@tonic-gate all_sessions_closing = 0;
1760Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex);
1770Sstevel@tonic-gate
1780Sstevel@tonic-gate return (rv);
1790Sstevel@tonic-gate }
1800Sstevel@tonic-gate
1810Sstevel@tonic-gate CK_RV
C_GetSessionInfo(CK_SESSION_HANDLE hSession,CK_SESSION_INFO_PTR pInfo)1820Sstevel@tonic-gate C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
1830Sstevel@tonic-gate {
1840Sstevel@tonic-gate
1850Sstevel@tonic-gate soft_session_t *session_p;
1860Sstevel@tonic-gate CK_RV rv;
1870Sstevel@tonic-gate boolean_t lock_held = B_TRUE;
1880Sstevel@tonic-gate
1890Sstevel@tonic-gate if (!softtoken_initialized)
1900Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
1910Sstevel@tonic-gate
1920Sstevel@tonic-gate /*
1930Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
1940Sstevel@tonic-gate * reference count.
1950Sstevel@tonic-gate */
1960Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
1970Sstevel@tonic-gate if (rv != CKR_OK)
1980Sstevel@tonic-gate return (rv);
1990Sstevel@tonic-gate
2000Sstevel@tonic-gate if (pInfo == NULL) {
2010Sstevel@tonic-gate lock_held = B_FALSE;
2020Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2030Sstevel@tonic-gate goto clean_exit;
2040Sstevel@tonic-gate }
2050Sstevel@tonic-gate
2060Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
2070Sstevel@tonic-gate
2080Sstevel@tonic-gate /* Provide information for the specified session */
2090Sstevel@tonic-gate pInfo->slotID = SOFTTOKEN_SLOTID;
2100Sstevel@tonic-gate pInfo->state = session_p->state;
2110Sstevel@tonic-gate pInfo->flags = session_p->flags;
2120Sstevel@tonic-gate pInfo->ulDeviceError = 0;
2130Sstevel@tonic-gate
2140Sstevel@tonic-gate clean_exit:
2150Sstevel@tonic-gate /*
2160Sstevel@tonic-gate * Decrement the session reference count.
2170Sstevel@tonic-gate * We hold the session lock, and SES_REFRELE()
2180Sstevel@tonic-gate * will release the session lock for us.
2190Sstevel@tonic-gate */
2200Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2210Sstevel@tonic-gate
2225252Sdinak return (rv);
2230Sstevel@tonic-gate }
2240Sstevel@tonic-gate
2250Sstevel@tonic-gate
2260Sstevel@tonic-gate CK_RV
C_GetOperationState(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pOperationState,CK_ULONG_PTR pulOperationStateLen)2270Sstevel@tonic-gate C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState,
2280Sstevel@tonic-gate CK_ULONG_PTR pulOperationStateLen)
2290Sstevel@tonic-gate {
2300Sstevel@tonic-gate soft_session_t *session_p;
2310Sstevel@tonic-gate CK_RV rv;
2320Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2330Sstevel@tonic-gate
2340Sstevel@tonic-gate if (!softtoken_initialized)
2350Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2360Sstevel@tonic-gate
2370Sstevel@tonic-gate /*
2380Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
2390Sstevel@tonic-gate * reference count.
2400Sstevel@tonic-gate */
2410Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2420Sstevel@tonic-gate if (rv != CKR_OK)
2430Sstevel@tonic-gate return (rv);
2440Sstevel@tonic-gate
2450Sstevel@tonic-gate /*
2460Sstevel@tonic-gate * Only check if pulOperationStateLen is NULL_PTR.
2470Sstevel@tonic-gate * No need to check if pOperationState is NULL_PTR because
2480Sstevel@tonic-gate * application might just ask for the length of buffer to hold
2490Sstevel@tonic-gate * the OperationState.
2500Sstevel@tonic-gate */
2510Sstevel@tonic-gate if (pulOperationStateLen == NULL_PTR) {
2520Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2530Sstevel@tonic-gate goto clean_exit;
2540Sstevel@tonic-gate }
2550Sstevel@tonic-gate
2560Sstevel@tonic-gate rv = soft_get_operationstate(session_p, pOperationState,
2570Sstevel@tonic-gate pulOperationStateLen);
2580Sstevel@tonic-gate
2590Sstevel@tonic-gate clean_exit:
2600Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2610Sstevel@tonic-gate return (rv);
2620Sstevel@tonic-gate
2630Sstevel@tonic-gate }
2640Sstevel@tonic-gate
2650Sstevel@tonic-gate
2660Sstevel@tonic-gate CK_RV
C_SetOperationState(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pOperationState,CK_ULONG ulOperationStateLen,CK_OBJECT_HANDLE hEncryptionKey,CK_OBJECT_HANDLE hAuthenticationKey)2670Sstevel@tonic-gate C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState,
2680Sstevel@tonic-gate CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey,
2690Sstevel@tonic-gate CK_OBJECT_HANDLE hAuthenticationKey)
2700Sstevel@tonic-gate {
2710Sstevel@tonic-gate soft_session_t *session_p;
2720Sstevel@tonic-gate CK_RV rv;
2730Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2740Sstevel@tonic-gate
2750Sstevel@tonic-gate if (!softtoken_initialized)
2760Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2770Sstevel@tonic-gate
2780Sstevel@tonic-gate /*
2790Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
2800Sstevel@tonic-gate * reference count.
2810Sstevel@tonic-gate */
2820Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2830Sstevel@tonic-gate if (rv != CKR_OK)
2840Sstevel@tonic-gate return (rv);
2850Sstevel@tonic-gate
2860Sstevel@tonic-gate if ((pOperationState == NULL_PTR) ||
2870Sstevel@tonic-gate (ulOperationStateLen == 0)) {
2880Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2890Sstevel@tonic-gate goto clean_exit;
2900Sstevel@tonic-gate }
2910Sstevel@tonic-gate
2920Sstevel@tonic-gate rv = soft_set_operationstate(session_p, pOperationState,
2930Sstevel@tonic-gate ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
2940Sstevel@tonic-gate
2950Sstevel@tonic-gate clean_exit:
2960Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2970Sstevel@tonic-gate return (rv);
2980Sstevel@tonic-gate }
2990Sstevel@tonic-gate
3000Sstevel@tonic-gate CK_RV
C_Login(CK_SESSION_HANDLE hSession,CK_USER_TYPE userType,CK_UTF8CHAR_PTR pPin,CK_ULONG ulPinLen)3010Sstevel@tonic-gate C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin,
3020Sstevel@tonic-gate CK_ULONG ulPinLen)
3030Sstevel@tonic-gate {
3040Sstevel@tonic-gate
3050Sstevel@tonic-gate soft_session_t *session_p, *sp;
3060Sstevel@tonic-gate CK_RV rv;
3070Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
3080Sstevel@tonic-gate
3090Sstevel@tonic-gate if (!softtoken_initialized)
3100Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
3110Sstevel@tonic-gate
3120Sstevel@tonic-gate /*
3130Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
3140Sstevel@tonic-gate * reference count.
3150Sstevel@tonic-gate */
3160Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
3170Sstevel@tonic-gate if (rv != CKR_OK)
3180Sstevel@tonic-gate return (rv);
3190Sstevel@tonic-gate
3201937Sizick /* Check the load status of keystore */
321*12256SPeter.Shoults@Sun.COM if (!soft_keystore_status(KEYSTORE_LOAD)) {
3220Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3230Sstevel@tonic-gate return (CKR_DEVICE_REMOVED);
3240Sstevel@tonic-gate }
3250Sstevel@tonic-gate
3260Sstevel@tonic-gate if (userType != CKU_USER) {
3270Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3280Sstevel@tonic-gate return (CKR_USER_TYPE_INVALID);
3290Sstevel@tonic-gate }
3300Sstevel@tonic-gate
3310Sstevel@tonic-gate if ((ulPinLen < MIN_PIN_LEN) || (ulPinLen > MAX_PIN_LEN)) {
3320Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3330Sstevel@tonic-gate return (CKR_PIN_LEN_RANGE);
3340Sstevel@tonic-gate }
3350Sstevel@tonic-gate
3360Sstevel@tonic-gate if (pPin == NULL_PTR) {
3370Sstevel@tonic-gate /*
3380Sstevel@tonic-gate * We don't support CKF_PROTECTED_AUTHENTICATION_PATH
3390Sstevel@tonic-gate */
3400Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3410Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
3420Sstevel@tonic-gate }
3430Sstevel@tonic-gate
3440Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex);
3450Sstevel@tonic-gate if (soft_slot.authenticated) {
3460Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
3470Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3480Sstevel@tonic-gate return (CKR_USER_ALREADY_LOGGED_IN);
3490Sstevel@tonic-gate }
3500Sstevel@tonic-gate
3510Sstevel@tonic-gate rv = soft_login(pPin, ulPinLen);
3520Sstevel@tonic-gate if (rv == CKR_OK) {
3530Sstevel@tonic-gate if (soft_slot.userpin_change_needed) {
3540Sstevel@tonic-gate /*
3550Sstevel@tonic-gate * This is the special case when the PIN is never
3560Sstevel@tonic-gate * initialized in the keystore, which will always
3570Sstevel@tonic-gate * return CKR_OK with "userpin_change_needed" set.
3580Sstevel@tonic-gate */
3590Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
3600Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3610Sstevel@tonic-gate return (rv);
3620Sstevel@tonic-gate }
3630Sstevel@tonic-gate
3640Sstevel@tonic-gate soft_slot.authenticated = 1;
3650Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
3660Sstevel@tonic-gate } else {
3670Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
3680Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3690Sstevel@tonic-gate return (rv);
3700Sstevel@tonic-gate }
3710Sstevel@tonic-gate
3720Sstevel@tonic-gate /*
3730Sstevel@tonic-gate * Load all the private token objects from keystore.
3740Sstevel@tonic-gate */
3750Sstevel@tonic-gate rv = soft_get_token_objects_from_keystore(PRI_TOKENOBJS);
3760Sstevel@tonic-gate if (rv != CKR_OK) {
3770Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3780Sstevel@tonic-gate return (rv);
3790Sstevel@tonic-gate }
3800Sstevel@tonic-gate
3810Sstevel@tonic-gate /* Acquire the global session list lock */
3820Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex);
3830Sstevel@tonic-gate
3840Sstevel@tonic-gate sp = soft_session_list;
3850Sstevel@tonic-gate
3860Sstevel@tonic-gate while (sp) {
3870Sstevel@tonic-gate (void) pthread_mutex_lock(&sp->session_mutex);
3880Sstevel@tonic-gate
3890Sstevel@tonic-gate if (sp->flags & CKF_RW_SESSION) {
3900Sstevel@tonic-gate sp->state = CKS_RW_USER_FUNCTIONS;
3910Sstevel@tonic-gate } else {
3920Sstevel@tonic-gate sp->state = CKS_RO_USER_FUNCTIONS;
3930Sstevel@tonic-gate }
3940Sstevel@tonic-gate (void) pthread_mutex_unlock(&sp->session_mutex);
3950Sstevel@tonic-gate sp = sp->next;
3960Sstevel@tonic-gate }
3970Sstevel@tonic-gate
3980Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex);
3990Sstevel@tonic-gate
4000Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
4010Sstevel@tonic-gate return (rv);
4020Sstevel@tonic-gate
4030Sstevel@tonic-gate }
4040Sstevel@tonic-gate
4050Sstevel@tonic-gate CK_RV
C_Logout(CK_SESSION_HANDLE hSession)4060Sstevel@tonic-gate C_Logout(CK_SESSION_HANDLE hSession)
4070Sstevel@tonic-gate {
4080Sstevel@tonic-gate
4090Sstevel@tonic-gate soft_session_t *session_p, *sp;
4100Sstevel@tonic-gate CK_RV rv;
4110Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
4120Sstevel@tonic-gate
4130Sstevel@tonic-gate if (!softtoken_initialized)
4140Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
4150Sstevel@tonic-gate
4160Sstevel@tonic-gate /*
4170Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
4180Sstevel@tonic-gate * reference count.
4190Sstevel@tonic-gate */
4200Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
4210Sstevel@tonic-gate if (rv != CKR_OK)
4220Sstevel@tonic-gate return (rv);
4230Sstevel@tonic-gate
4240Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_giant_mutex);
4250Sstevel@tonic-gate if (!soft_slot.authenticated) {
4260Sstevel@tonic-gate if (!soft_slot.userpin_change_needed) {
4270Sstevel@tonic-gate /*
4280Sstevel@tonic-gate * Only if the PIN has been initialized in the keystore.
4290Sstevel@tonic-gate */
4300Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
4310Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
4320Sstevel@tonic-gate return (CKR_USER_NOT_LOGGED_IN);
4330Sstevel@tonic-gate } else {
4340Sstevel@tonic-gate soft_slot.userpin_change_needed = 0;
4350Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
4360Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
4370Sstevel@tonic-gate return (CKR_OK);
4380Sstevel@tonic-gate }
4390Sstevel@tonic-gate }
4400Sstevel@tonic-gate
4410Sstevel@tonic-gate soft_logout();
4420Sstevel@tonic-gate soft_slot.authenticated = 0;
4430Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_giant_mutex);
4440Sstevel@tonic-gate
4450Sstevel@tonic-gate /* Acquire the global session list lock */
4460Sstevel@tonic-gate (void) pthread_mutex_lock(&soft_sessionlist_mutex);
4470Sstevel@tonic-gate
4480Sstevel@tonic-gate sp = soft_session_list;
4490Sstevel@tonic-gate
4500Sstevel@tonic-gate while (sp) {
4510Sstevel@tonic-gate (void) pthread_mutex_lock(&sp->session_mutex);
4520Sstevel@tonic-gate
4530Sstevel@tonic-gate if (sp->flags & CKF_RW_SESSION) {
4540Sstevel@tonic-gate sp->state = CKS_RW_PUBLIC_SESSION;
4550Sstevel@tonic-gate } else {
4560Sstevel@tonic-gate sp->state = CKS_RO_PUBLIC_SESSION;
4570Sstevel@tonic-gate }
4580Sstevel@tonic-gate (void) pthread_mutex_unlock(&sp->session_mutex);
4590Sstevel@tonic-gate sp = sp->next;
4600Sstevel@tonic-gate }
4610Sstevel@tonic-gate
4620Sstevel@tonic-gate (void) pthread_mutex_unlock(&soft_sessionlist_mutex);
4630Sstevel@tonic-gate
4640Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
4650Sstevel@tonic-gate return (rv);
4660Sstevel@tonic-gate
4670Sstevel@tonic-gate }
468