The change #5421 introduced between 0.12.1-rc1 and 0.12.1 on 5/4/11 by vtarasov breaks the MIT Kerberos login. A spy output is attached.
The code calls C_GetSlotList with tokenPresent=1 which in the past has only returned slots with tokens. But #5421 returns 2 slots, the 0xffffffff virtual slot which does NOT have a token, and slot 1 which has a token. The code then tries C_OpenSession to the virtual slot which does not have a token and fails. I don't understand why this change was made. If the virtual slot does not have a token, it should not be returned if tokenPresent=1. -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444
0: C_GetFunctionList Returned: 0 CKR_OK 1: C_Initialize [in] pInitArgs = 0 Returned: 0 CKR_OK 2: C_GetSlotList [in] tokenPresent = 0x1 [out] pSlotList: Count is 2 [out] *pulCount = 0x2 Returned: 0 CKR_OK 3: C_GetSlotList [in] tokenPresent = 0x1 [out] pSlotList: Slot -1 Slot 1 [out] *pulCount = 0x2 Returned: 0 CKR_OK 4: C_OpenSession [in] slotID = 0xffffffff [in] flags = 0x4 pApplication=0 Notify=0 [out] *phSession = 0x0 Returned: 224 CKR_TOKEN_NOT_PRESENT
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
