Make PKCS#11 module default slot configuration more sensible:

* Increase default slot count to 16, which equals 4 concurrent readers by default * 2 OpenCT + 2 PC/SC on Linux for example * Rename num_slots to slots_per_card * Rename internal PKCS#11 variables, remove unneeded defines. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3619 c6295689-39f2-0310-b995-f0e70906c6a9
2009-01-16 16:44:35 +00:00 · 2009-01-16 16:44:35 +00:00 · 0876222c5f
parent c6f753dc00
commit 0876222c5f
5 changed files with 42 additions and 52 deletions
--- a/etc/opensc.conf.in
+++ b/etc/opensc.conf.in
@ -302,15 +302,17 @@ app opensc-pkcs11 {
 		# Maximum Number of virtual slots.
 		# If there are more slots than defined here,
 		# the remaining slots will be hidden from PKCS#11.
-		max_virtual_slots = 8;
+		# Default: 16
+		# max_virtual_slots = 32;

 		# Maximum number of slots per smart card.
 		# If the card has fewer keys than defined here,
 		# the remaining number of slots will be empty.
-		num_slots = 4;
+		# Default: 4
+		# slots_per_card = 2;

-		# (max_virtual_slots/num_slots) limits the number of readers
-		# that can be used on the system. Default is then 8/4=2 readers.
+		# (max_virtual_slots/slots_per_card) limits the number of readers
+		# that can be used on the system. Default is then 16/4=4 readers.

 		# Normally, the pkcs11 module will create
 		# the full number of slots defined above by
--- a/src/pkcs11/misc.c
+++ b/src/pkcs11/misc.c
@ -313,34 +313,29 @@ CK_RV attr_find_var(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,

 void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t *ctx)
 {
-	scconf_block *conf_block = NULL, **blocks;
+	scconf_block *conf_block = NULL;
 	int i;
 	
-	for (i = 0; ctx->conf_blocks[i] != NULL; i++) {
-		blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
-				"pkcs11", NULL);
-		conf_block = blocks[0];
-		free(blocks);
-		if (conf_block != NULL)
-			break;
-	}
+	/* Set defaults */
+	conf->max_virtual_slots = 16;
+	conf->slots_per_card = 4;
+	conf->hide_empty_tokens = 0;
+	conf->lock_login = 1;
+	conf->cache_pins = 1;
+	conf->soft_keygen_allowed = 0;

-	if (!conf_block) {
-		/* defaults if there is no "pkcs11" config block */
-		conf->pkcs11_max_virtual_slots = SC_PKCS11_DEF_MAX_VIRTUAL_SLOTS;
-		conf->num_slots = SC_PKCS11_DEF_SLOTS_PER_CARD;
-		conf->hide_empty_tokens = 0;
-		conf->lock_login = 1;
-		conf->cache_pins = 1;
-		conf->soft_keygen_allowed = 0;
+
+	conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
+	if (!conf_block)
 		return;
-	}

 	/* contains the defaults, if there is a "pkcs11" config block */
-	conf->pkcs11_max_virtual_slots = scconf_get_int(conf_block, "max_virtual_slots", SC_PKCS11_DEF_MAX_VIRTUAL_SLOTS);
-	conf->num_slots = scconf_get_int(conf_block, "num_slots", SC_PKCS11_DEF_SLOTS_PER_CARD);
-	conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", 0);
-	conf->lock_login = scconf_get_bool(conf_block, "lock_login", 1);
-	conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", 1);
-	conf->soft_keygen_allowed = scconf_get_bool(conf_block, "soft_keygen_allowed", 0);
+	conf->max_virtual_slots = scconf_get_int(conf_block, "max_virtual_slots", conf->max_virtual_slots);
+	/*XXX: rename the option in 0.12+ */
+	conf->slots_per_card = scconf_get_int(conf_block, "num_slots", conf->slots_per_card);
+	conf->slots_per_card = scconf_get_int(conf_block, "slots_per_card", conf->slots_per_card);
+	conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", conf->hide_empty_tokens);
+	conf->lock_login = scconf_get_bool(conf_block, "lock_login", conf->lock_login);
+	conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", conf->cache_pins);
+	conf->soft_keygen_allowed = scconf_get_bool(conf_block, "soft_keygen_allowed", conf->soft_keygen_allowed);
 }
--- a/src/pkcs11/pkcs11-global.c
+++ b/src/pkcs11/pkcs11-global.c
@ -32,7 +32,7 @@
 sc_context_t *context = NULL;
 struct sc_pkcs11_pool session_pool;
 struct sc_pkcs11_slot *virtual_slots = NULL;
-struct sc_pkcs11_card card_table[SC_PKCS11_MAX_READERS];
+struct sc_pkcs11_card card_table[SC_MAX_READERS];
 struct sc_pkcs11_config sc_pkcs11_conf;
 #if !defined(_WIN32)
 pid_t initialized_pid = (pid_t)-1;
@ -212,16 +212,16 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)

 	first_free_slot = 0;
 	virtual_slots = (struct sc_pkcs11_slot *)malloc(
-		sizeof (*virtual_slots) * sc_pkcs11_conf.pkcs11_max_virtual_slots
+		sizeof (*virtual_slots) * sc_pkcs11_conf.max_virtual_slots
 	);
 	if (virtual_slots == NULL) {
 		rv = CKR_HOST_MEMORY;
 		goto out;
 	}
 	pool_initialize(&session_pool, POOL_TYPE_SESSION);
-	for (i=0; i<sc_pkcs11_conf.pkcs11_max_virtual_slots; i++)
+	for (i=0; i<sc_pkcs11_conf.max_virtual_slots; i++)
 		slot_initialize(i, &virtual_slots[i]);
-	for (i=0; i<SC_PKCS11_MAX_READERS; i++)
+	for (i=0; i<SC_MAX_READERS; i++)
 		card_initialize(i);

 	/* Detect any card, but do not flag "insert" events */
@ -339,7 +339,7 @@ CK_RV C_GetSlotList(CK_BBOOL       tokenPresent,  /* only slots with token prese

 	if (
 		(found = (CK_SLOT_ID_PTR)malloc (
-			sizeof (*found) * sc_pkcs11_conf.pkcs11_max_virtual_slots
+			sizeof (*found) * sc_pkcs11_conf.max_virtual_slots
 		)) == NULL
 	) {
 		rv = CKR_HOST_MEMORY;
@ -353,7 +353,7 @@ CK_RV C_GetSlotList(CK_BBOOL       tokenPresent,  /* only slots with token prese
 	card_detect_all();

 	numMatches = 0;
-	for (i=0; i<sc_pkcs11_conf.pkcs11_max_virtual_slots; i++) {
+	for (i=0; i<sc_pkcs11_conf.max_virtual_slots; i++) {
 		slot = &virtual_slots[i];

 		if (!tokenPresent || (slot->slot_info.flags & CKF_TOKEN_PRESENT))
--- a/src/pkcs11/sc-pkcs11.h
+++ b/src/pkcs11/sc-pkcs11.h
@ -61,10 +61,6 @@ extern CK_RV C_UnloadModule(void *module);
 extern "C" {
 #endif

-#define SC_PKCS11_DEF_MAX_VIRTUAL_SLOTS	8
-#define SC_PKCS11_DEF_SLOTS_PER_CARD	4
-#define SC_PKCS11_MAX_READERS           SC_MAX_READERS
-
 struct sc_pkcs11_session;
 struct sc_pkcs11_slot;
 struct sc_pkcs11_card;
@ -91,8 +87,8 @@ struct sc_pkcs11_pool {
 };

 struct sc_pkcs11_config {
-	unsigned int pkcs11_max_virtual_slots;
-	unsigned int num_slots;
+	unsigned int max_virtual_slots;
+	unsigned int slots_per_card;
 	unsigned char hide_empty_tokens;
 	unsigned char lock_login;
 	unsigned char cache_pins;
@ -338,7 +334,7 @@ typedef struct sc_pkcs11_session sc_pkcs11_session_t;
 extern struct sc_context *context;
 extern struct sc_pkcs11_pool session_pool;
 extern struct sc_pkcs11_slot *virtual_slots;
-extern struct sc_pkcs11_card card_table[SC_PKCS11_MAX_READERS];
+extern struct sc_pkcs11_card card_table[SC_MAX_READERS];
 extern struct sc_pkcs11_config sc_pkcs11_conf;
 extern unsigned int first_free_slot;

--- a/src/pkcs11/slot.c
+++ b/src/pkcs11/slot.c
@ -50,7 +50,7 @@ CK_RV card_initialize(int reader)
 	unsigned int avail;
 	unsigned int i;

-	if (reader < 0 || reader >= SC_PKCS11_MAX_READERS)
+	if (reader < 0 || reader >= SC_MAX_READERS)
 		return CKR_FUNCTION_FAILED;

 	memset(card, 0, sizeof(struct sc_pkcs11_card));
@ -59,13 +59,10 @@ CK_RV card_initialize(int reader)
 	/* Always allocate a fixed slot range to one reader/card.
 	 * Some applications get confused if readers pop up in
 	 * different slots. */
-	if (sc_pkcs11_conf.num_slots == 0)
-		avail = SC_PKCS11_DEF_SLOTS_PER_CARD;
-	else
-		avail = sc_pkcs11_conf.num_slots;
+	avail = sc_pkcs11_conf.slots_per_card;

-	if (first_free_slot + avail > sc_pkcs11_conf.pkcs11_max_virtual_slots)
-		avail = sc_pkcs11_conf.pkcs11_max_virtual_slots - first_free_slot;
+	if (first_free_slot + avail > sc_pkcs11_conf.max_virtual_slots)
+		avail = sc_pkcs11_conf.max_virtual_slots - first_free_slot;
 	card->first_slot = first_free_slot;
 	card->max_slots = avail;
 	card->num_slots = 0;
@ -171,7 +168,7 @@ CK_RV __card_detect_all(int report_events)
 	if (!report_events) {
 		CK_SLOT_ID id;

-		for (id = 0; id < sc_pkcs11_conf.pkcs11_max_virtual_slots; id++)
+		for (id = 0; id < sc_pkcs11_conf.max_virtual_slots; id++)
 			virtual_slots[id].events = 0;
 	}

@ -190,7 +187,7 @@ CK_RV card_removed(int reader)

 	sc_debug(context, "%d: smart card removed\n", reader);

-	for (i=0; i<sc_pkcs11_conf.pkcs11_max_virtual_slots; i++) {
+	for (i=0; i<sc_pkcs11_conf.max_virtual_slots; i++) {
 		if (virtual_slots[i].card &&
 		    virtual_slots[i].card->reader == reader)
 				slot_token_removed(i);
@ -251,7 +248,7 @@ CK_RV slot_get_slot(int id, struct sc_pkcs11_slot **slot)
 	if (context == NULL)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;

-	if (id < 0 || id >= sc_pkcs11_conf.pkcs11_max_virtual_slots)
+	if (id < 0 || id >= sc_pkcs11_conf.max_virtual_slots)
 		return CKR_SLOT_ID_INVALID;
 		
 	*slot = &virtual_slots[id];
@ -336,7 +333,7 @@ CK_RV slot_find_changed(CK_SLOT_ID_PTR idp, int mask)
 	CK_SLOT_ID id;

 	card_detect_all();
-	for (id = 0; id < sc_pkcs11_conf.pkcs11_max_virtual_slots; id++) {
+	for (id = 0; id < sc_pkcs11_conf.max_virtual_slots; id++) {
 		slot = &virtual_slots[id];
 		if ((slot->events & SC_EVENT_CARD_INSERTED)
 		 && !(slot->slot_info.flags & CKF_TOKEN_PRESENT))