From 9eebe0e1a579994366ee6eb502f2b8856da0f4ad Mon Sep 17 00:00:00 2001
From: "viktor.tarasov" <viktor.tarasov@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Thu, 28 Jan 2010 14:15:13 +0000
Subject: [PATCH] pkcs11: by default do not create slot for the User PUK
 (thanks to Andreas)

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3957 c6295689-39f2-0310-b995-f0e70906c6a9
---
 etc/opensc.conf.in            | 7 +++++--
 src/pkcs11/framework-pkcs15.c | 2 +-
 src/pkcs11/misc.c             | 4 ++--
 src/pkcs11/sc-pkcs11.h        | 2 +-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/etc/opensc.conf.in b/etc/opensc.conf.in
index 06d082f0..2bcad42d 100644
--- a/etc/opensc.conf.in
+++ b/etc/opensc.conf.in
@@ -395,10 +395,13 @@ app opensc-pkcs11 {
 		# Default: none
 		# user_pin_unblock_style = set_pin_in_unlogged_session;
 
-		# Disable slot for User PUK
+		# Create slot for unblocking PIN
+		# This way PKCS#11 API can be used to change a PIN.
+		# Warning: causes problems with some applicatoins like
+		# firefox and thunderbird. Thus turned off by default
 		#
 		# Default: false
-		# disable_user_puk_slot = true;
+		# create_puk_slot = true;
 	}
 }
 
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 7c91ca98..b9848154 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -854,7 +854,7 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
 			continue;
 
 		/* Ignore unblocking pins */
-		if (sc_pkcs11_conf.disable_user_puk_slot)
+		if (!sc_pkcs11_conf.create_puk_slot)
 			if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
 				continue;
 
diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c
index 9a47a1a2..ec713ae1 100644
--- a/src/pkcs11/misc.c
+++ b/src/pkcs11/misc.c
@@ -257,7 +257,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
 	conf->lock_login = 0;
 	conf->soft_keygen_allowed = 0;
 	conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
-	conf->disable_user_puk_slot = 0;
+	conf->create_puk_slot = 0;
 
 	conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
 	if (!conf_block)
@@ -281,7 +281,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
 	else if (unblock_style && !strcmp(unblock_style, "init_pin_in_so_session"))
 		conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
 	
-	conf->disable_user_puk_slot = scconf_get_bool(conf_block, "disable_user_puk_slot", conf->disable_user_puk_slot);
+	conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
 
 	sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
 		 "hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d",
diff --git a/src/pkcs11/sc-pkcs11.h b/src/pkcs11/sc-pkcs11.h
index bf754e8e..168410d5 100644
--- a/src/pkcs11/sc-pkcs11.h
+++ b/src/pkcs11/sc-pkcs11.h
@@ -79,7 +79,7 @@ struct sc_pkcs11_config {
 	unsigned char lock_login;
 	unsigned char soft_keygen_allowed;
 	unsigned int pin_unblock_style;
-	unsigned int disable_user_puk_slot;
+	unsigned int create_puk_slot;
 };
 
 /*