Yes, Winlogon process calls IDAlly CSP which calls
opensc-pkcs11 module.
--- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote:
>
>
> kamal kumar wrote:
> > Hi,
> > Yes, Two processes are calling opensc-pkcs11
> module.
> > And C_Finalize is called by IdAlly.exe process.
> >
> > Since Winlogon process is not calling C_Finalize
>
> But the Winlogin process calls the Id Ally CSP, that
> calls the PKCS#11, correct?
>
> > and
> > closing all P11 session (P11 session 1, 2 are sill
> > opened), opensc-pkcs11 module keeps the pc/sc
> > connection established by sc_connect_card
> function.
> >
> > I think we need to investigate more throughly on
> this
> > issue.
> >
> > Regards,
> > Kamal.
> >
> >
> >
> >
> > --- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> kamal kumar wrote:
> >>> Hi,
> >>> I slightly differ from Douglas assesments.
> >> C_Finalize
> >>> is not called by winlogon process. It is called
> by
> >>> IDAlly.exe when we login.
> >> So are you saying that there are two processes
> >> calling
> >> opensc_pkcs11.dll, the winlogin(via the IdAlly
> CSP)
> >> and IdAlly.exe?
> >>
> >> Is this some issue with DLLs vs Unix shared libs,
> >> and
> >> the use of things like:
> >> extern struct sc_context *context;
> >> in src/pkcs11/sc_pkcs11.h
> >>
> >>> I think we have to follow
> >>> the number specified in the log entry of
> >>> pkcs11-spy.dll.
> >>>
> >>> If you compare the C_OpenSession log of the
> >> Winlogon
> >>> process occuring after C_Finalize called by
> >> IDAlly.exe
> >>> and compare it corresponding log entry in the
> >>> opensc-debug.log file, you can find that for
> this
> >>> C_OpenSession function, it is not creating new
> >> pc/sc
> >>> session as expected. But using old PC/SC
> session.
> >>>
> >>> opensc-pkcs#11 does not close all the pc/sc
> >> session,
> >>> because not all the session opened by CSP are
> >> closed.
> >>> >From the pkcs11-spy log, it is not closing
> session
> >> 1,
> >>> 2.
> >>>
> >>> Can you please verify the log again and give
> your
> >>> opinion.
> >>>
> >>> Regards,
> >>> Kamal.
> >>>
> >>> --- "Douglas E. Engert" <[EMAIL PROTECTED]>
> wrote:
> >>>
> >>>> Corcoran David wrote:
> >>>>> Hi,
> >>>>>
> >>>>> Is this an issue from the CSP -> OpenSC
> PKCS#11
> >>>> module ?
> >>>>
> >>>> Yes, looks like the CSP calls C_Finalize after
> >> the
> >>>> the card is removed.
> >>>> then when a card is inserted, it does not not
> >> call
> >>>> C_Initialize
> >>>> but calls C_OpenSession. I suspect the problem
> is
> >> in
> >>>> that handles
> >>>> the call when a card is removed, not setting
> some
> >>>> state variable to
> >>>> indicate that C_Initialize needs to be called
> >> again.
> >>>>
> >>>>> We are in the process of making updates so it
> >>>> might be a good time
> >>>>> for us to address this (if it is not already)
>
> >>>> Yes, good time. If you have any thing to
> test,
> >> let
> >>>> me know.
> >>>>
> >>>>> You should be able to work around this in a
> shim
> >>>> pkcs#11 module like
> >>>> > pkcs11spy by abstracting C_OpenSession and
> >>>> determining if the P11 module
> >>>> > was already closed down and calling
> >> C_Initialize
> >>>> again before passing
> >>>> > C_OpenSession through.
> >>>>
> >>>> I am trying to avoid having to write any
> >> additional
> >>>> shims or hacks,
> >>>> especially if you are looking at the code.
> >>>>
> >>>> The current work around is for the user to try
> >>>> again, but this may only work
> >>>> if it is the same cad. (I have not tried using
> a
> >>>> card for a different user.)
> >>>>
> >>>> We are still doing pilots, and PIV cards will
> not
> >> be
> >>>> generally available
> >>>> until at least October. I hope by then
> hopefully
> >> you
> >>>> have a new version of IdAlly.
> >>>>
> >>>>
> >>>>> Thanks,
> >>>>> Dave
> >>>>>
> >>>>> On Jul 13, 2007, at 4:39 PM, Douglas E. Engert
> >>>> wrote:
> >>>>>> More info on this. I think it is an ID Ally
> >> bug.
> >>>>>> Looking at spy and opensc debug logs, It
> looks
> >>>> like
> >>>>>> the CSP is called when a card is removed
> sounds
> >>>> reasonable.
> >>>>>> The Id Ally does C_Initialize,
> C_GetSlotList,
> >>>>>> a loop over the 8 slots for C_GetSlotInfo
> >>>>>> then a C_Finalize.
> >>>>>>
> >>>>>> I then logged off and try to login again.
> >>>>>>
> >>>>>> Rather then another C_Initialize as would be
> >>>> expected
> >>>>>> since C_Finalize was called last, Id Ally
> does
> >> a
> >>>> C_OpenSession.
> >>>>>> The way I read PKCS#11 2.01 under C_Finalize
> it
> >>>> says:
> >>>>>> "C_Finalize is called to indicate that an
> >>>> application is finished
> >>>>>> with the Cryptoki library."
> >>>>>> If IdAlly wants to use the library again, it
> >>>> should call C_Initialize.
> >>>>>> IdAlly tries some other thinks, and gets back
> >> in
> >>>> sync so the next
> >>>>>> login works.
> >>>>>>
> >>>>>> But I would also think OpenSC should give an
> >>>> error if the C_OpenSession
> >>>>>> is called and C_Initialize has not been
> called.
> >>>> But it is not clear if
> >>>>>> Id Ally could get back in sync!
> >>>>>>
> >>>>>>
> >>>>>> kamal kumar wrote:
> >>>>>>> Hi,
> >>>>>>> Today i tried certificate logon in XP with
> PIV
> >>>> card.
>
=== message truncated ===
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today!
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
