pkcs11: by default do not create slot for the User PUK (thanks to Andreas)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3957 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
630eb213f4
commit
9eebe0e1a5
|
@ -395,10 +395,13 @@ app opensc-pkcs11 {
|
||||||
# Default: none
|
# Default: none
|
||||||
# user_pin_unblock_style = set_pin_in_unlogged_session;
|
# user_pin_unblock_style = set_pin_in_unlogged_session;
|
||||||
|
|
||||||
# Disable slot for User PUK
|
# Create slot for unblocking PIN
|
||||||
|
# This way PKCS#11 API can be used to change a PIN.
|
||||||
|
# Warning: causes problems with some applicatoins like
|
||||||
|
# firefox and thunderbird. Thus turned off by default
|
||||||
#
|
#
|
||||||
# Default: false
|
# Default: false
|
||||||
# disable_user_puk_slot = true;
|
# create_puk_slot = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -854,7 +854,7 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* Ignore unblocking pins */
|
/* Ignore unblocking pins */
|
||||||
if (sc_pkcs11_conf.disable_user_puk_slot)
|
if (!sc_pkcs11_conf.create_puk_slot)
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
|
|
@ -257,7 +257,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||||
conf->lock_login = 0;
|
conf->lock_login = 0;
|
||||||
conf->soft_keygen_allowed = 0;
|
conf->soft_keygen_allowed = 0;
|
||||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||||
conf->disable_user_puk_slot = 0;
|
conf->create_puk_slot = 0;
|
||||||
|
|
||||||
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
||||||
if (!conf_block)
|
if (!conf_block)
|
||||||
|
@ -281,7 +281,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||||
else if (unblock_style && !strcmp(unblock_style, "init_pin_in_so_session"))
|
else if (unblock_style && !strcmp(unblock_style, "init_pin_in_so_session"))
|
||||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
|
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
|
||||||
|
|
||||||
conf->disable_user_puk_slot = scconf_get_bool(conf_block, "disable_user_puk_slot", conf->disable_user_puk_slot);
|
conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
|
||||||
|
|
||||||
sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
|
sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
|
||||||
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d",
|
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d",
|
||||||
|
|
|
@ -79,7 +79,7 @@ struct sc_pkcs11_config {
|
||||||
unsigned char lock_login;
|
unsigned char lock_login;
|
||||||
unsigned char soft_keygen_allowed;
|
unsigned char soft_keygen_allowed;
|
||||||
unsigned int pin_unblock_style;
|
unsigned int pin_unblock_style;
|
||||||
unsigned int disable_user_puk_slot;
|
unsigned int create_puk_slot;
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in New Issue