> >> > >> [opensc-devel] Using Cardmod mini-driver on Vista with Login to AD > >> > >> Douglas E. Engert > >> > >> A : > >> > >> OpenSC-devel > >> > >> 27/01/2011 23:38 > >> > >> Envoyé par : > >> > >> opensc-devel-boun...@lists.opensc-project.org > >> > >> Just an update: > >> I am able to get the opensc-0.12.0 cardmod to work with login on Vista > >> to login to our AD domain. This has required many changes, and there > >> are still many issues... > >> > > > > I've cardmod working on vista/7 not for login but with certutil -SCinfo > > That is the easy part. With login, more then one CardContext is > created for the same card, and kepts the context open during your > session and fopr the next session. Another reason the registry > can not be use to pass the handles.
The use of registry is temporaly, I don't see why the registry can be use in this case since the call to CardAcquireContext set the registry value an immediatly call sc_context_create witch call sc_ctx_detect_reader and the value are take and memorized on structure for future use. At least only one cardhandle can be use with a card so. > > > > >> The changes are large, and still not ready. The 3 changes I > >> discussed on 1/19 are > >> still in this patch. Martin is working on a different version of the > > "don't > >> run sc_ctx_detect_reader" part of this patch. > >> > > > > 'sc_ctx_detect_reader' it's in this function that smartcard context and > > handle > > are set and use after by other pcsc functions. If this not called I'm > > wondering > > how can it work? > > > > > >> Martin, any idea when that will be ready? > > The cardmod code will have to call sc_context_create, then > call sc_ctx_detect_reader. It exactly what happen, cardmod call sc_context_create on CardAcquireContext and sc_context_create call sc_ctx_detect_reader, have you introduce a call sc_ctx_detect_reader in your code, if it is you call two time sc_ctx_detect_reader and it's why this don't work for you. > > >> > >> A CardRSADecrypt function was added as the Kerberos PKINIT protocol used > >> by login. It needs to decrypt returned data. > >> > > > > Good information, can you provide code? > > Yes, I wanted to provide a working patch, and want to see what Martin > does with the detect reader. > > > > >> The handling of the bPinsFreshness was changed in the > > CardDeauthenticateEx > >> routine. Without this change it appears the BaseCSP has a problem. I am > >> not sure how this freshness is supposed to work, but the code in this > > spot > >> did not look correct, and did not work without this change. > >> > > > > It's working for me. > > It looked like a bug in that _VENDOR_SPECIFIC bPinsFreshness is > only referenced once in CardDeauthenticateEx: > CLEAR_PIN(vs->bPinsFreshness, ROLE_USER); > It should be: > vs->cardFiles.file_cardcf.bPinsFreshness &= ~PinId; > CardDeauthenticateEx is called with a PIN_SET. more exactly CLEAR_PIN(vs->cardFiles.file_cardcf, PinId) I use windows 7 and it's working quite differently than windows XP or vista, it's certainly why code work on some computer and not on other... > > > > >> The pkcs15 serial number is now used for the the card serial number. > >> > > > > Ok another great change, can you provide code too please? > > Yes see above. > Regards, François _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
