On Fri, Jan 16, 2009 at 11:48 PM, Alon Bar-Lev <[email protected]> wrote:
> On 1/16/09, Alon Bar-Lev <[email protected]> wrote:
>> > There are still some options in the example configuration file (one
>> > distributed with Ubuntu/Debian by default) that differ from code level
>> > settings:
>> > hide_empty_tokens (yes in config, no in code)
>> > use_caching (true in config, false in code)
>> >
>> > I don't have any strong opinions about these two, but they should be
>> > sorted out as well - so that there would be no functional tunables
>> > contradicting code level settings in the *example* configuration file.
>> > My suggestion would be changing the example configuration files to
>> > state the code defaults.
> At least by playing with some of my installations, the
> hide_empty_tokens=yes is quite useful for most users.
> So I am for modify the code default.
Tried it as well. hide_empty_tokens only matters for PKCS#15-init
compatible cards and does not apply to read-only PKCS#15 emulated
cards.
One part of OpenSC is card initialization so the feature should be
exposed (and tested to be functional....), also via PKCS#11.
Thus I'm OK with the code default for cards that can be changed. For
emulated cards, this option should not matter.
I thus propose the attached patch.
BTW, am I the only one having problems with opensc-commit list? I have
received only 2 mails from it in the past week.
--
Martin Paljak
[email protected]
http://martin.paljak.pri.ee
GSM:+3725156495
Index: src/pkcs11/framework-pkcs15.c
===================================================================
--- src/pkcs11/framework-pkcs15.c (revision 3627)
+++ src/pkcs11/framework-pkcs15.c (working copy)
@@ -187,7 +187,10 @@
static void pkcs15_init_token_info(struct sc_pkcs15_card *card, CK_TOKEN_INFO_PTR pToken)
{
strcpy_bp(pToken->manufacturerID, card->manufacturer_id, 32);
- strcpy_bp(pToken->model, "PKCS #15 SCard", 16);
+ if (card->flags & SC_PKCS15_CARD_FLAG_EMULATED)
+ strcpy_bp(pToken->model, "PKCS#15 emulated", 16);
+ else
+ strcpy_bp(pToken->model, "PKCS#15", 16);
/* Take the last 16 chars of the serial number (if the are more
* than 16).
@@ -814,7 +817,7 @@
* If there's only 1 pin and the hide_empty_tokens option is set,
* add the public objects to the slot that corresponds to that pin.
*/
- if (!(auth_count == 1 && sc_pkcs11_conf.hide_empty_tokens))
+ if (!(auth_count == 1 && (sc_pkcs11_conf.hide_empty_tokens || (fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED)))
slot = NULL;
/* Add all the remaining objects */
@@ -837,7 +840,7 @@
/* Create read/write slots */
while (slot_allocate(&slot, p11card) == CKR_OK) {
- if (!sc_pkcs11_conf.hide_empty_tokens) {
+ if (!sc_pkcs11_conf.hide_empty_tokens && !(fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED)) {
slot->slot_info.flags |= CKF_TOKEN_PRESENT;
pkcs15_init_token_info(fw_data->p15_card, &slot->token_info);
strcpy_bp(slot->token_info.label, fw_data->p15_card->label, 32);
Index: etc/opensc.conf.in
===================================================================
--- etc/opensc.conf.in (revision 3627)
+++ etc/opensc.conf.in (working copy)
@@ -323,14 +323,14 @@
# Normally, the pkcs11 module will create
# the full number of slots defined above by
- # num_slots. If there are fewer pins/keys on
- # the card, the remaining keys will be empty
+ # slots_per_card. If there are fewer pins/keys on
+ # the card, the remaining slots will be empty
# (and you will be able to create new objects
# within them).
- #
# Set this option to true to hide these empty
# slots.
- hide_empty_tokens = yes;
+ # Default: no;
+ # hide_empty_tokens = yes;
# By default, the OpenSC PKCS#11 module will lock your card
# once you authenticate to the card via C_Login.
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
