From 2b36bd8c15373bd36a79cd680efdb706a0887955 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Wed, 27 Oct 2010 09:02:31 -0400
Subject: [PATCH 073/150] - don't forget to log in to pkcs11 modules

---
 src/plugins/preauth/pkinit/pkinit_crypto_nss.c |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 69bf762..a507547 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -1753,6 +1753,18 @@ crypto_load_pkcs11(krb5_context context,
 	for (i = 0;
 	     (slot = SECMOD_LookupSlot(module->moduleID, i)) != NULL;
 	     i++) {
+		/* If we have to log in to the token, give it a shot. */
+		if (!PK11_IsLoggedIn(slot,
+		    crypto_pwcb_prep(id_cryptoctx, context)) &&
+		    PK11_NeedLogin(slot) &&
+		    (PK11_Authenticate(slot, PR_TRUE,
+		   		       crypto_pwcb_prep(id_cryptoctx,
+				      			context)) != SECSuccess)) {
+			pkiDebug("%s: error logging into \"%s\":\"%s\", "
+				 "skipping\n",
+				 __FUNCTION__, spec, PK11_GetTokenName(slot));
+			continue;
+		}
 		certs = PK11_ListCertsInSlot(slot);
 		/* Walk the list of certs in the slot. */
 		for (node = CERT_LIST_HEAD(certs);
-- 
1.7.6.4