pkcs11: by default do not create slot for the User PUK (thanks to Andreas)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3957 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
630eb213f4
commit
9eebe0e1a5
@ -395,10 +395,13 @@ app opensc-pkcs11 {
|
||||
# Default: none
|
||||
# user_pin_unblock_style = set_pin_in_unlogged_session;
|
||||
|
||||
# Disable slot for User PUK
|
||||
# Create slot for unblocking PIN
|
||||
# This way PKCS#11 API can be used to change a PIN.
|
||||
# Warning: causes problems with some applicatoins like
|
||||
# firefox and thunderbird. Thus turned off by default
|
||||
#
|
||||
# Default: false
|
||||
# disable_user_puk_slot = true;
|
||||
# create_puk_slot = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -854,7 +854,7 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
|
||||
continue;
|
||||
|
||||
/* Ignore unblocking pins */
|
||||
if (sc_pkcs11_conf.disable_user_puk_slot)
|
||||
if (!sc_pkcs11_conf.create_puk_slot)
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||
continue;
|
||||
|
||||
|
@ -257,7 +257,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||
conf->lock_login = 0;
|
||||
conf->soft_keygen_allowed = 0;
|
||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||
conf->disable_user_puk_slot = 0;
|
||||
conf->create_puk_slot = 0;
|
||||
|
||||
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
||||
if (!conf_block)
|
||||
@ -281,7 +281,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||
else if (unblock_style && !strcmp(unblock_style, "init_pin_in_so_session"))
|
||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
|
||||
|
||||
conf->disable_user_puk_slot = scconf_get_bool(conf_block, "disable_user_puk_slot", conf->disable_user_puk_slot);
|
||||
conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
|
||||
|
||||
sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
|
||||
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d",
|
||||
|
@ -79,7 +79,7 @@ struct sc_pkcs11_config {
|
||||
unsigned char lock_login;
|
||||
unsigned char soft_keygen_allowed;
|
||||
unsigned int pin_unblock_style;
|
||||
unsigned int disable_user_puk_slot;
|
||||
unsigned int create_puk_slot;
|
||||
};
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user