Yes, the patch fixes the problem. Please commit it.
Eric,
Since Debian is in the process of accepting 1.12.1,
(I saw your note from 02 Jun 2011 06:33:03 +0000
7 hours ago) and this bug will affect the use of OpenSC
with Kerberos/PKINIT with login or kinit, (and maybe other
applications) I would like to make sure that this patch
also gets in to Debian somehow.
Without this change, the circumvention would appear to be
set plug_and_play=false; in the opensc.conf file. But this
would then turn off the hotplug of tokens that are are
combination of USB reader and card.
On 6/2/2011 3:59 AM, Viktor Tarasov wrote:
Le 02/06/2011 00:07, Douglas E. Engert a écrit :
The change #5421 introduced between 0.12.1-rc1 and 0.12.1
on 5/4/11 by vtarasov breaks the MIT Kerberos login. A spy
output is attached.
The code calls C_GetSlotList with tokenPresent=1 which in
the past has only returned slots with tokens.
But #5421 returns 2 slots, the 0xffffffff virtual slot which
does NOT have a token, and slot 1 which has a token.
The code then tries C_OpenSession to the virtual slot
which does not have a token and fails.
Please, try the attached patch.
I don't understand why this change was made. If the virtual
slot does not have a token, it should not be returned
if tokenPresent=1.
It was done to reduce the number of useless empty slots per reader (default
number is 4),
shown by the applications that use the PKCS#11 module (like Firefox, ...).
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Index: src/pkcs11/pkcs11-global.c
===================================================================
--- src/pkcs11/pkcs11-global.c (révision 5533)
+++ src/pkcs11/pkcs11-global.c (copie de travail)
@@ -400,7 +400,9 @@
* - any slot with token;
* - without token(s), one empty slot per reader;
*/
- if (!slot->reader || (!tokenPresent && slot->reader != prev_reader) || (slot->slot_info.flags & CKF_TOKEN_PRESENT))
+ if ((!tokenPresent && !slot->reader)
+ || (!tokenPresent && slot->reader != prev_reader)
+ || (slot->slot_info.flags & CKF_TOKEN_PRESENT))
found[numMatches++] = slot->id;
prev_reader = slot->reader;
}
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel