(This text may need some updates)
You could have two functions:
hsm_prompt_pin(unsigned int id, const char *repository, void *data, int mode);
hsm_block_pin(unsigned int id, const char *repository, void *data, int mode);
- "id" will have a value between zero and HSM_MAX_SESSIONS. Used for
identifying the repository.
- "repository" is the repository name.
- "data" optional data to send to the callback function.
- "mode" is the type of mode the function should run in.
There are three different modes:
HSM_PIN_FIRST - Used when getting the PIN for the first time.
HSM_PIN_RETRY - Used when we failed to login the first time.
HSM_PIN_SAVE - The latest PIN can be saved for future use. Called
after a successful login.
hsm_prompt_pin() + HSM_PIN_FIRST = Return the PIN from the shared
memory if there is one. If not, then prompt for one.
hsm_prompt_pin() + HSM_PIN_RETRY = Prompt and return a PIN.
hsm_prompt_pin() + HSM_PIN_SAVE = If we have prompted for a PIN, then
save it in the shared memory.
hsm_block_pin() + HSM_PIN_FIRST = Wait until there is a PIN in the
shared memory and then return it.
hsm_block_pin() + HSM_PIN_RETRY = Return the PIN from the shared memory.
hsm_block_pin() + HSM_PIN_SAVE = Nothing to save.
The daemons would initialize libhsm with the hsm_block_pin() and the
other applications would use hsm_prompt_pin().
A PIN will only be saved in memory if we could successfully login.
hsm_block_pin() would in that case never get HSM_PIN_RETRY. It will
only get it if there is an invalid PIN there from a previous run. This
will happen e.g. if the user has changed the PIN in the HSM. The
daemons would in that case always quit. To resolve the situation, the
user should call a program which uses the hsm_prompt_pin(), e.g. "ods-hsmutil login".