- Added run-time option pkcs11.cache_pins, default false

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@816 c6295689-39f2-0310-b995-f0e70906c6a9

etc/opensc.conf.example

@@ -178,5 +178,17 @@ app opensc-pkcs11 {
 		# Netscape or Mozilla, this does not happen until
 		# you exit the browser.
 		lock_login = true;
+
+		# Normally, the pkcs11 module will not cache PINs
+		# presented via C_Login. However, some cards
+		# may not work properly with OpenSC; for instance
+		# when you have two keys on your card that get
+		# stored in two different directories.
+		#
+		# In this case, you can turn on PIN caching by setting
+		# cache_pins = true
+		#
+		# Default: false
+		cache_pins = false;
 	}
 }

src/pkcs11/framework-pkcs15.c

@@ -1508,7 +1508,7 @@ cache_pin(void *p, int user, const void *pin, size_t len)
 {
 	struct pkcs15_slot_data *data = (struct pkcs15_slot_data *) p;
 
-	if (user != 0 && user != 1)
+	if ((user != 0 && user != 1) || !sc_pkcs11_conf.cache_pins)
 		return;
 	memset(data->pin + user, 0, sizeof(data->pin[user]));
 	if (len && len <= MAX_CACHE_PIN) {

src/pkcs11/misc.c

@@ -306,6 +306,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, struct sc_context *ct
 	conf->num_slots = SC_PKCS11_MAX_VIRTUAL_SLOTS;
 	conf->hide_empty_slots = 0;
 	conf->lock_login = 1;
+	conf->cache_pins = 0;
 
 	for (i = 0; ctx->conf_blocks[i] != NULL; i++) {
 		blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
@@ -322,4 +323,5 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, struct sc_context *ct
 	conf->num_slots = scconf_get_int(conf_block, "num_slots", conf->num_slots);
 	conf->hide_empty_slots = scconf_get_bool(conf_block, "hide_empty_slots", 0);
 	conf->lock_login = scconf_get_bool(conf_block, "lock_login", 1);
+	conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", 0);
 }

src/pkcs11/sc-pkcs11.h

@@ -82,6 +82,7 @@ struct sc_pkcs11_config {
 	unsigned int num_slots;
 	unsigned char hide_empty_slots;
 	unsigned char lock_login;
+	unsigned char cache_pins;
 };
 
 /*