From 1d4d85770d8cb406bc2e06a1103068842236780d Mon Sep 17 00:00:00 2001
From: Charlie Yin <charlieyinjunhao@hotmail.com>
Date: Fri, 7 Jul 2023 12:08:22 -0700
Subject: [PATCH] Skip calling into slot_login if the slot does not require
 login and PUBKEY_LOGIN_ALWAYS is not set

Signed-off-by: Charlie Yin <charlieyinjunhao@hotmail.com>
---
 src/session.c | 10 ++++++++--
 src/slot.c    |  5 +++++
 src/slot.h    |  1 +
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/session.c b/src/session.c
index 18781295..248f3e3f 100644
--- a/src/session.c
+++ b/src/session.c
@@ -677,6 +677,12 @@ static CK_RV slot_login(P11PROV_SLOT *slot, P11PROV_URI *uri,
     return ret;
 }
 
+static bool check_skip_login(P11PROV_CTX *ctx, P11PROV_SLOT *slot)
+{
+    return p11prov_ctx_login_behavior(ctx) != PUBKEY_LOGIN_ALWAYS
+           && !p11prov_slot_check_req_login(slot);
+}
+
 /* There are three possible ways to call this function.
  * 1. One shot call on a specific slot
  *      slotid must point to a specific slot number
@@ -734,7 +740,7 @@ CK_RV p11prov_get_session(P11PROV_CTX *provctx, CK_SLOT_ID *slotid,
         if (ret != CKR_OK) {
             goto done;
         }
-        if (reqlogin) {
+        if (reqlogin && !check_skip_login(provctx, slot)) {
             ret = slot_login(slot, uri, pw_cb, pw_cbarg, NULL);
             if (ret != CKR_OK) {
                 goto done;
@@ -768,7 +774,7 @@ CK_RV p11prov_get_session(P11PROV_CTX *provctx, CK_SLOT_ID *slotid,
                 /* keep going */
                 continue;
             }
-            if (reqlogin) {
+            if (reqlogin && !check_skip_login(provctx, slot)) {
                 ret = slot_login(slot, uri, pw_cb, pw_cbarg, NULL);
                 if (ret != CKR_OK) {
                     /* keep going */
diff --git a/src/slot.c b/src/slot.c
index e4d318db..b2275083 100644
--- a/src/slot.c
+++ b/src/slot.c
@@ -516,3 +516,8 @@ P11PROV_SESSION_POOL *p11prov_slot_get_session_pool(P11PROV_SLOT *slot)
 {
     return slot->pool;
 }
+
+bool p11prov_slot_check_req_login(P11PROV_SLOT *slot)
+{
+    return slot->token.flags & CKF_LOGIN_REQUIRED;
+}
diff --git a/src/slot.h b/src/slot.h
index 414826aa..9e58db67 100644
--- a/src/slot.h
+++ b/src/slot.h
@@ -28,5 +28,6 @@ CK_RV p11prov_slot_set_bad_pin(P11PROV_SLOT *slot, const char *bad_pin);
 const char *p11prov_slot_get_cached_pin(P11PROV_SLOT *slot);
 CK_RV p11prov_slot_set_cached_pin(P11PROV_SLOT *slot, const char *cached_pin);
 P11PROV_SESSION_POOL *p11prov_slot_get_session_pool(P11PROV_SLOT *slot);
+bool p11prov_slot_check_req_login(P11PROV_SLOT *slot);
 
 #endif /* _SLOT_H */