Make PKCS#11 module default slot configuration more sensible:
* Increase default slot count to 16, which equals 4 concurrent readers by default * 2 OpenCT + 2 PC/SC on Linux for example * Rename num_slots to slots_per_card * Rename internal PKCS#11 variables, remove unneeded defines. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3619 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
c6f753dc00
commit
0876222c5f
|
@ -302,15 +302,17 @@ app opensc-pkcs11 {
|
|||
# Maximum Number of virtual slots.
|
||||
# If there are more slots than defined here,
|
||||
# the remaining slots will be hidden from PKCS#11.
|
||||
max_virtual_slots = 8;
|
||||
# Default: 16
|
||||
# max_virtual_slots = 32;
|
||||
|
||||
# Maximum number of slots per smart card.
|
||||
# If the card has fewer keys than defined here,
|
||||
# the remaining number of slots will be empty.
|
||||
num_slots = 4;
|
||||
# Default: 4
|
||||
# slots_per_card = 2;
|
||||
|
||||
# (max_virtual_slots/num_slots) limits the number of readers
|
||||
# that can be used on the system. Default is then 8/4=2 readers.
|
||||
# (max_virtual_slots/slots_per_card) limits the number of readers
|
||||
# that can be used on the system. Default is then 16/4=4 readers.
|
||||
|
||||
# Normally, the pkcs11 module will create
|
||||
# the full number of slots defined above by
|
||||
|
|
|
@ -313,34 +313,29 @@ CK_RV attr_find_var(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
|||
|
||||
void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t *ctx)
|
||||
{
|
||||
scconf_block *conf_block = NULL, **blocks;
|
||||
scconf_block *conf_block = NULL;
|
||||
int i;
|
||||
|
||||
for (i = 0; ctx->conf_blocks[i] != NULL; i++) {
|
||||
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
|
||||
"pkcs11", NULL);
|
||||
conf_block = blocks[0];
|
||||
free(blocks);
|
||||
if (conf_block != NULL)
|
||||
break;
|
||||
}
|
||||
/* Set defaults */
|
||||
conf->max_virtual_slots = 16;
|
||||
conf->slots_per_card = 4;
|
||||
conf->hide_empty_tokens = 0;
|
||||
conf->lock_login = 1;
|
||||
conf->cache_pins = 1;
|
||||
conf->soft_keygen_allowed = 0;
|
||||
|
||||
if (!conf_block) {
|
||||
/* defaults if there is no "pkcs11" config block */
|
||||
conf->pkcs11_max_virtual_slots = SC_PKCS11_DEF_MAX_VIRTUAL_SLOTS;
|
||||
conf->num_slots = SC_PKCS11_DEF_SLOTS_PER_CARD;
|
||||
conf->hide_empty_tokens = 0;
|
||||
conf->lock_login = 1;
|
||||
conf->cache_pins = 1;
|
||||
conf->soft_keygen_allowed = 0;
|
||||
|
||||
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
||||
if (!conf_block)
|
||||
return;
|
||||
}
|
||||
|
||||
/* contains the defaults, if there is a "pkcs11" config block */
|
||||
conf->pkcs11_max_virtual_slots = scconf_get_int(conf_block, "max_virtual_slots", SC_PKCS11_DEF_MAX_VIRTUAL_SLOTS);
|
||||
conf->num_slots = scconf_get_int(conf_block, "num_slots", SC_PKCS11_DEF_SLOTS_PER_CARD);
|
||||
conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", 0);
|
||||
conf->lock_login = scconf_get_bool(conf_block, "lock_login", 1);
|
||||
conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", 1);
|
||||
conf->soft_keygen_allowed = scconf_get_bool(conf_block, "soft_keygen_allowed", 0);
|
||||
conf->max_virtual_slots = scconf_get_int(conf_block, "max_virtual_slots", conf->max_virtual_slots);
|
||||
/*XXX: rename the option in 0.12+ */
|
||||
conf->slots_per_card = scconf_get_int(conf_block, "num_slots", conf->slots_per_card);
|
||||
conf->slots_per_card = scconf_get_int(conf_block, "slots_per_card", conf->slots_per_card);
|
||||
conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", conf->hide_empty_tokens);
|
||||
conf->lock_login = scconf_get_bool(conf_block, "lock_login", conf->lock_login);
|
||||
conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", conf->cache_pins);
|
||||
conf->soft_keygen_allowed = scconf_get_bool(conf_block, "soft_keygen_allowed", conf->soft_keygen_allowed);
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
sc_context_t *context = NULL;
|
||||
struct sc_pkcs11_pool session_pool;
|
||||
struct sc_pkcs11_slot *virtual_slots = NULL;
|
||||
struct sc_pkcs11_card card_table[SC_PKCS11_MAX_READERS];
|
||||
struct sc_pkcs11_card card_table[SC_MAX_READERS];
|
||||
struct sc_pkcs11_config sc_pkcs11_conf;
|
||||
#if !defined(_WIN32)
|
||||
pid_t initialized_pid = (pid_t)-1;
|
||||
|
@ -212,16 +212,16 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
|
|||
|
||||
first_free_slot = 0;
|
||||
virtual_slots = (struct sc_pkcs11_slot *)malloc(
|
||||
sizeof (*virtual_slots) * sc_pkcs11_conf.pkcs11_max_virtual_slots
|
||||
sizeof (*virtual_slots) * sc_pkcs11_conf.max_virtual_slots
|
||||
);
|
||||
if (virtual_slots == NULL) {
|
||||
rv = CKR_HOST_MEMORY;
|
||||
goto out;
|
||||
}
|
||||
pool_initialize(&session_pool, POOL_TYPE_SESSION);
|
||||
for (i=0; i<sc_pkcs11_conf.pkcs11_max_virtual_slots; i++)
|
||||
for (i=0; i<sc_pkcs11_conf.max_virtual_slots; i++)
|
||||
slot_initialize(i, &virtual_slots[i]);
|
||||
for (i=0; i<SC_PKCS11_MAX_READERS; i++)
|
||||
for (i=0; i<SC_MAX_READERS; i++)
|
||||
card_initialize(i);
|
||||
|
||||
/* Detect any card, but do not flag "insert" events */
|
||||
|
@ -339,7 +339,7 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese
|
|||
|
||||
if (
|
||||
(found = (CK_SLOT_ID_PTR)malloc (
|
||||
sizeof (*found) * sc_pkcs11_conf.pkcs11_max_virtual_slots
|
||||
sizeof (*found) * sc_pkcs11_conf.max_virtual_slots
|
||||
)) == NULL
|
||||
) {
|
||||
rv = CKR_HOST_MEMORY;
|
||||
|
@ -353,7 +353,7 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese
|
|||
card_detect_all();
|
||||
|
||||
numMatches = 0;
|
||||
for (i=0; i<sc_pkcs11_conf.pkcs11_max_virtual_slots; i++) {
|
||||
for (i=0; i<sc_pkcs11_conf.max_virtual_slots; i++) {
|
||||
slot = &virtual_slots[i];
|
||||
|
||||
if (!tokenPresent || (slot->slot_info.flags & CKF_TOKEN_PRESENT))
|
||||
|
|
|
@ -61,10 +61,6 @@ extern CK_RV C_UnloadModule(void *module);
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define SC_PKCS11_DEF_MAX_VIRTUAL_SLOTS 8
|
||||
#define SC_PKCS11_DEF_SLOTS_PER_CARD 4
|
||||
#define SC_PKCS11_MAX_READERS SC_MAX_READERS
|
||||
|
||||
struct sc_pkcs11_session;
|
||||
struct sc_pkcs11_slot;
|
||||
struct sc_pkcs11_card;
|
||||
|
@ -91,8 +87,8 @@ struct sc_pkcs11_pool {
|
|||
};
|
||||
|
||||
struct sc_pkcs11_config {
|
||||
unsigned int pkcs11_max_virtual_slots;
|
||||
unsigned int num_slots;
|
||||
unsigned int max_virtual_slots;
|
||||
unsigned int slots_per_card;
|
||||
unsigned char hide_empty_tokens;
|
||||
unsigned char lock_login;
|
||||
unsigned char cache_pins;
|
||||
|
@ -338,7 +334,7 @@ typedef struct sc_pkcs11_session sc_pkcs11_session_t;
|
|||
extern struct sc_context *context;
|
||||
extern struct sc_pkcs11_pool session_pool;
|
||||
extern struct sc_pkcs11_slot *virtual_slots;
|
||||
extern struct sc_pkcs11_card card_table[SC_PKCS11_MAX_READERS];
|
||||
extern struct sc_pkcs11_card card_table[SC_MAX_READERS];
|
||||
extern struct sc_pkcs11_config sc_pkcs11_conf;
|
||||
extern unsigned int first_free_slot;
|
||||
|
||||
|
|
|
@ -50,7 +50,7 @@ CK_RV card_initialize(int reader)
|
|||
unsigned int avail;
|
||||
unsigned int i;
|
||||
|
||||
if (reader < 0 || reader >= SC_PKCS11_MAX_READERS)
|
||||
if (reader < 0 || reader >= SC_MAX_READERS)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
memset(card, 0, sizeof(struct sc_pkcs11_card));
|
||||
|
@ -59,13 +59,10 @@ CK_RV card_initialize(int reader)
|
|||
/* Always allocate a fixed slot range to one reader/card.
|
||||
* Some applications get confused if readers pop up in
|
||||
* different slots. */
|
||||
if (sc_pkcs11_conf.num_slots == 0)
|
||||
avail = SC_PKCS11_DEF_SLOTS_PER_CARD;
|
||||
else
|
||||
avail = sc_pkcs11_conf.num_slots;
|
||||
avail = sc_pkcs11_conf.slots_per_card;
|
||||
|
||||
if (first_free_slot + avail > sc_pkcs11_conf.pkcs11_max_virtual_slots)
|
||||
avail = sc_pkcs11_conf.pkcs11_max_virtual_slots - first_free_slot;
|
||||
if (first_free_slot + avail > sc_pkcs11_conf.max_virtual_slots)
|
||||
avail = sc_pkcs11_conf.max_virtual_slots - first_free_slot;
|
||||
card->first_slot = first_free_slot;
|
||||
card->max_slots = avail;
|
||||
card->num_slots = 0;
|
||||
|
@ -171,7 +168,7 @@ CK_RV __card_detect_all(int report_events)
|
|||
if (!report_events) {
|
||||
CK_SLOT_ID id;
|
||||
|
||||
for (id = 0; id < sc_pkcs11_conf.pkcs11_max_virtual_slots; id++)
|
||||
for (id = 0; id < sc_pkcs11_conf.max_virtual_slots; id++)
|
||||
virtual_slots[id].events = 0;
|
||||
}
|
||||
|
||||
|
@ -190,7 +187,7 @@ CK_RV card_removed(int reader)
|
|||
|
||||
sc_debug(context, "%d: smart card removed\n", reader);
|
||||
|
||||
for (i=0; i<sc_pkcs11_conf.pkcs11_max_virtual_slots; i++) {
|
||||
for (i=0; i<sc_pkcs11_conf.max_virtual_slots; i++) {
|
||||
if (virtual_slots[i].card &&
|
||||
virtual_slots[i].card->reader == reader)
|
||||
slot_token_removed(i);
|
||||
|
@ -251,7 +248,7 @@ CK_RV slot_get_slot(int id, struct sc_pkcs11_slot **slot)
|
|||
if (context == NULL)
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
|
||||
if (id < 0 || id >= sc_pkcs11_conf.pkcs11_max_virtual_slots)
|
||||
if (id < 0 || id >= sc_pkcs11_conf.max_virtual_slots)
|
||||
return CKR_SLOT_ID_INVALID;
|
||||
|
||||
*slot = &virtual_slots[id];
|
||||
|
@ -336,7 +333,7 @@ CK_RV slot_find_changed(CK_SLOT_ID_PTR idp, int mask)
|
|||
CK_SLOT_ID id;
|
||||
|
||||
card_detect_all();
|
||||
for (id = 0; id < sc_pkcs11_conf.pkcs11_max_virtual_slots; id++) {
|
||||
for (id = 0; id < sc_pkcs11_conf.max_virtual_slots; id++) {
|
||||
slot = &virtual_slots[id];
|
||||
if ((slot->events & SC_EVENT_CARD_INSERTED)
|
||||
&& !(slot->slot_info.flags & CKF_TOKEN_PRESENT))
|
||||
|
|
Loading…
Reference in New Issue