From 36930668fbbf08f1c684ea91eeb45c325687e10b Mon Sep 17 00:00:00 2001
From: okir <okir@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Fri, 3 Jan 2003 11:09:45 +0000
Subject: [PATCH] - Added run-time option pkcs11.cache_pins, default false

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@816 c6295689-39f2-0310-b995-f0e70906c6a9
---
 etc/opensc.conf.example       | 12 ++++++++++++
 src/pkcs11/framework-pkcs15.c |  2 +-
 src/pkcs11/misc.c             |  2 ++
 src/pkcs11/sc-pkcs11.h        |  1 +
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/etc/opensc.conf.example b/etc/opensc.conf.example
index 1bbb075a..41a2fd11 100644
--- a/etc/opensc.conf.example
+++ b/etc/opensc.conf.example
@@ -178,5 +178,17 @@ app opensc-pkcs11 {
 		# Netscape or Mozilla, this does not happen until
 		# you exit the browser.
 		lock_login = true;
+
+		# Normally, the pkcs11 module will not cache PINs
+		# presented via C_Login. However, some cards
+		# may not work properly with OpenSC; for instance
+		# when you have two keys on your card that get
+		# stored in two different directories.
+		#
+		# In this case, you can turn on PIN caching by setting
+		# cache_pins = true
+		#
+		# Default: false
+		cache_pins = false;
 	}
 }
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 1f4d9326..61e7e374 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -1508,7 +1508,7 @@ cache_pin(void *p, int user, const void *pin, size_t len)
 {
 	struct pkcs15_slot_data *data = (struct pkcs15_slot_data *) p;
 
-	if (user != 0 && user != 1)
+	if ((user != 0 && user != 1) || !sc_pkcs11_conf.cache_pins)
 		return;
 	memset(data->pin + user, 0, sizeof(data->pin[user]));
 	if (len && len <= MAX_CACHE_PIN) {
diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c
index 803ecba0..debe8301 100644
--- a/src/pkcs11/misc.c
+++ b/src/pkcs11/misc.c
@@ -306,6 +306,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, struct sc_context *ct
 	conf->num_slots = SC_PKCS11_MAX_VIRTUAL_SLOTS;
 	conf->hide_empty_slots = 0;
 	conf->lock_login = 1;
+	conf->cache_pins = 0;
 
 	for (i = 0; ctx->conf_blocks[i] != NULL; i++) {
 		blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
@@ -322,4 +323,5 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, struct sc_context *ct
 	conf->num_slots = scconf_get_int(conf_block, "num_slots", conf->num_slots);
 	conf->hide_empty_slots = scconf_get_bool(conf_block, "hide_empty_slots", 0);
 	conf->lock_login = scconf_get_bool(conf_block, "lock_login", 1);
+	conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", 0);
 }
diff --git a/src/pkcs11/sc-pkcs11.h b/src/pkcs11/sc-pkcs11.h
index 8824be11..f2288480 100644
--- a/src/pkcs11/sc-pkcs11.h
+++ b/src/pkcs11/sc-pkcs11.h
@@ -82,6 +82,7 @@ struct sc_pkcs11_config {
 	unsigned int num_slots;
 	unsigned char hide_empty_slots;
 	unsigned char lock_login;
+	unsigned char cache_pins;
 };
 
 /*