[Opendnssec-develop] PIN daemon

Rickard Bellgrim rickard at opendnssec.org
Tue Aug 30 13:07:02 UTC 2011 

>> Would it be possible to implement this as a single PIN callback function using the current infrastructure? I.e., move everything you wrote into a single function?
>
> Perhaps extending the callback API to be able to indicate that it is a
> retry? The current PIN module only save the PIN if we could login with
> it. The PIN callback does not know if the login was successful or not.
> The bad PIN would then propagate to the daemons which would get a
> failed login and quit.

You could have two functions:
hsm_prompt_pin(unsigned int id, const char *repository, void *data, int mode);
hsm_block_pin(unsigned int id, const char *repository, void *data, int mode);

- "id" will have a value between zero and HSM_MAX_SESSIONS. Used for
identifying the repository.
- "repository" is the repository name.
- "data" optional data to send to the callback function.
- "mode" is the type of mode the function should run in.

There are three different modes:
HSM_PIN_FIRST - Used when getting the PIN for the first time.
HSM_PIN_RETRY - Used when we failed to login the first time.
HSM_PIN_SAVE - The latest PIN can be saved for future use. Called
after a successful login.

hsm_prompt_pin() + HSM_PIN_FIRST = Return the PIN from the shared
memory if there is one. If not, then prompt for one.
hsm_prompt_pin() + HSM_PIN_RETRY = Prompt and return a PIN.
hsm_prompt_pin() + HSM_PIN_SAVE = If we have prompted for a PIN, then
save it in the shared memory.

hsm_block_pin() + HSM_PIN_FIRST = Wait until there is a PIN in the
shared memory and then return it.
hsm_block_pin() + HSM_PIN_RETRY = Return the PIN from the shared memory.
hsm_block_pin() + HSM_PIN_SAVE = Nothing to save.

The daemons would initialize libhsm with the hsm_block_pin() and the
other applications would use hsm_prompt_pin().

A PIN will only be saved in memory if we could successfully login.
hsm_block_pin() would in that case never get HSM_PIN_RETRY. It will
only get it if there is an invalid PIN there from a previous run. This
will happen e.g. if the user has changed the PIN in the HSM. The
daemons would in that case always quit. To resolve the situation, the
user should call a program which uses the hsm_prompt_pin(), e.g.
"ods-hsmutil login".

// Rickard

More information about the Opendnssec-develop mailing list