giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11: by default do not create slot for the User PUK (thanks to Andreas) 

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3957 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
viktor.tarasov 2010-01-28 14:15:13 +00:00
parent 630eb213f4
commit 9eebe0e1a5
4 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc/opensc.conf.in
View File

@ -395,10 +395,13 @@ app opensc-pkcs11 {
# Default: none
# user_pin_unblock_style = set_pin_in_unlogged_session;
# Disable slot for User PUK
# Create slot for unblocking PIN
# This way PKCS#11 API can be used to change a PIN.
# Warning: causes problems with some applicatoins like
# firefox and thunderbird. Thus turned off by default
#
# Default: false
# disable_user_puk_slot = true;
# create_puk_slot = true;
}
}

2
src/pkcs11/framework-pkcs15.c
View File

@ -854,7 +854,7 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
continue;
/* Ignore unblocking pins */
if (sc_pkcs11_conf.disable_user_puk_slot)
if (!sc_pkcs11_conf.create_puk_slot)
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
continue;

4
src/pkcs11/misc.c
View File

@ -257,7 +257,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
conf->lock_login = 0;
conf->soft_keygen_allowed = 0;
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
conf->disable_user_puk_slot = 0;
conf->create_puk_slot = 0;
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
if (!conf_block)
@ -281,7 +281,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
else if (unblock_style && !strcmp(unblock_style, "init_pin_in_so_session"))
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
conf->disable_user_puk_slot = scconf_get_bool(conf_block, "disable_user_puk_slot", conf->disable_user_puk_slot);
conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d",

2
src/pkcs11/sc-pkcs11.h
View File

@ -79,7 +79,7 @@ struct sc_pkcs11_config {
unsigned char lock_login;
unsigned char soft_keygen_allowed;
unsigned int pin_unblock_style;
unsigned int disable_user_puk_slot;
unsigned int create_puk_slot;
};
/*