Le 02/06/2011 00:07, Douglas E. Engert a écrit :
The change #5421 introduced between 0.12.1-rc1 and 0.12.1
on 5/4/11 by vtarasov breaks the MIT Kerberos login. A spy
output is attached.
The code calls C_GetSlotList with tokenPresent=1 which in
the past has only returned slots with tokens.
But #5421 returns 2 slots, the 0xffffffff virtual slot which
does NOT have a token, and slot 1 which has a token.
The code then tries C_OpenSession to the virtual slot
which does not have a token and fails.
Please, try the attached patch.
I don't understand why this change was made. If the virtual
slot does not have a token, it should not be returned
if tokenPresent=1.
It was done to reduce the number of useless empty slots per reader (default
number is 4),
shown by the applications that use the PKCS#11 module (like Firefox, ...).
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Index: src/pkcs11/pkcs11-global.c
===================================================================
--- src/pkcs11/pkcs11-global.c (révision 5533)
+++ src/pkcs11/pkcs11-global.c (copie de travail)
@@ -400,7 +400,9 @@
* - any slot with token;
* - without token(s), one empty slot per reader;
*/
- if (!slot->reader || (!tokenPresent && slot->reader !=
prev_reader) || (slot->slot_info.flags & CKF_TOKEN_PRESENT))
+ if ((!tokenPresent && !slot->reader)
+ || (!tokenPresent && slot->reader !=
prev_reader)
+ || (slot->slot_info.flags & CKF_TOKEN_PRESENT))
found[numMatches++] = slot->id;
prev_reader = slot->reader;
}
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
