On Fri, Jan 16, 2009 at 11:48 PM, Alon Bar-Lev <alon.bar...@gmail.com> wrote: > On 1/16/09, Alon Bar-Lev <alon.bar...@gmail.com> wrote: >> > There are still some options in the example configuration file (one >> > distributed with Ubuntu/Debian by default) that differ from code level >> > settings: >> > hide_empty_tokens (yes in config, no in code) >> > use_caching (true in config, false in code) >> > >> > I don't have any strong opinions about these two, but they should be >> > sorted out as well - so that there would be no functional tunables >> > contradicting code level settings in the *example* configuration file. >> > My suggestion would be changing the example configuration files to >> > state the code defaults.
> At least by playing with some of my installations, the > hide_empty_tokens=yes is quite useful for most users. > So I am for modify the code default. Tried it as well. hide_empty_tokens only matters for PKCS#15-init compatible cards and does not apply to read-only PKCS#15 emulated cards. One part of OpenSC is card initialization so the feature should be exposed (and tested to be functional....), also via PKCS#11. Thus I'm OK with the code default for cards that can be changed. For emulated cards, this option should not matter. I thus propose the attached patch. BTW, am I the only one having problems with opensc-commit list? I have received only 2 mails from it in the past week. -- Martin Paljak mar...@paljak.pri.ee http://martin.paljak.pri.ee GSM:+3725156495
Index: src/pkcs11/framework-pkcs15.c =================================================================== --- src/pkcs11/framework-pkcs15.c (revision 3627) +++ src/pkcs11/framework-pkcs15.c (working copy) @@ -187,7 +187,10 @@ static void pkcs15_init_token_info(struct sc_pkcs15_card *card, CK_TOKEN_INFO_PTR pToken) { strcpy_bp(pToken->manufacturerID, card->manufacturer_id, 32); - strcpy_bp(pToken->model, "PKCS #15 SCard", 16); + if (card->flags & SC_PKCS15_CARD_FLAG_EMULATED) + strcpy_bp(pToken->model, "PKCS#15 emulated", 16); + else + strcpy_bp(pToken->model, "PKCS#15", 16); /* Take the last 16 chars of the serial number (if the are more * than 16). @@ -814,7 +817,7 @@ * If there's only 1 pin and the hide_empty_tokens option is set, * add the public objects to the slot that corresponds to that pin. */ - if (!(auth_count == 1 && sc_pkcs11_conf.hide_empty_tokens)) + if (!(auth_count == 1 && (sc_pkcs11_conf.hide_empty_tokens || (fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED))) slot = NULL; /* Add all the remaining objects */ @@ -837,7 +840,7 @@ /* Create read/write slots */ while (slot_allocate(&slot, p11card) == CKR_OK) { - if (!sc_pkcs11_conf.hide_empty_tokens) { + if (!sc_pkcs11_conf.hide_empty_tokens && !(fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED)) { slot->slot_info.flags |= CKF_TOKEN_PRESENT; pkcs15_init_token_info(fw_data->p15_card, &slot->token_info); strcpy_bp(slot->token_info.label, fw_data->p15_card->label, 32); Index: etc/opensc.conf.in =================================================================== --- etc/opensc.conf.in (revision 3627) +++ etc/opensc.conf.in (working copy) @@ -323,14 +323,14 @@ # Normally, the pkcs11 module will create # the full number of slots defined above by - # num_slots. If there are fewer pins/keys on - # the card, the remaining keys will be empty + # slots_per_card. If there are fewer pins/keys on + # the card, the remaining slots will be empty # (and you will be able to create new objects # within them). - # # Set this option to true to hide these empty # slots. - hide_empty_tokens = yes; + # Default: no; + # hide_empty_tokens = yes; # By default, the OpenSC PKCS#11 module will lock your card # once you authenticate to the card via C_Login.
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel