Re: [Opensc-devel] Issues connecting to OpenVPN with Smartcard

[Chris J A. <chr...@gm...>]

On 02/19/2013 02:19 AM, Ludovic Rousseau wrote:
> 2013/2/19 Chris J Arges <chr...@gm...>:
>> Ok I've found a workaround that allows me to connect and it is related
>> to OpenSC.
>>
>> It seems that _WIN32 is being defined (on a Linux system) when I build
>> OpenSC from the latest git source. And this was causing an issue in
>> C_Initialize that made it immediately C_Finalize. I used the following
>> patch to hack around this, and now OpenVPN connects using a smartcard
>> via OpenSC.
> 
> _WIN32 is NOT defined.
> What your patch does is to remove code used when _WIN32 is not defined.
> 
> Look at the ! (negation) in:
> #if !defined(_WIN32)
> 
> 

You are correct, sorry about the confusion. This is behaving correctly
and I verified in config.log and grepping.

>> diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
>> index 5652975..bbf897b 100644
>> --- a/src/pkcs11/pkcs11-global.c
>> +++ b/src/pkcs11/pkcs11-global.c
>> @@ -199,6 +199,7 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
>>         sc_context_param_t ctx_opts;
>>
>>         /* Handle fork() exception */
>> +#if 0
>>  #if !defined(_WIN32)
>>         if (current_pid != initialized_pid) {
>>                 C_Finalize(NULL_PTR);
>> @@ -206,6 +207,7 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
>>         initialized_pid = current_pid;
>>         in_finalize = 0;
>>  #endif
>> +#endif
>>
>>         if (context != NULL) {
>>                 sc_log(context, "C_Initialize(): Cryptoki already
>> initialized\n");
>>
>> However, it seems the larger problem would be disabling _WIN32 from
>> being defined on Linux systems. I'm not sure if this is a function of
>> autotool versions or what.
> 
> We need to understanf why the code you removed is causing problems. It
> is supposed to solve problems :-)
> 
I agree.

What I did was instrument this code to print out the pids, I get:
[opensc-pkcs11] pkcs11-global.c:203:C_Initialize: current_pid 4432,
initialized_pid 4417

So they are clearly different, and this makes sense because I think
OpenVPN is forking. Looking at ps I see:
 4417 pts/2    SL+    0:00 /src/openvpn/.libs/lt-openvpn --config
sc.conf --verb
 4432 pts/2    S+     0:00 /src/openvpn/.libs/lt-openvpn --config
sc.conf --verb

> Alon, it looks like you wrote this code. Any idea?
> Maybe call C_Finalize() only if initialized_pid has been set (!= -1)?
> 
> commit 1875a25c4090b261d9eeb419beeb74bae9735650
> Author: alonbl <alonbl@c6295689-39f2-0310-b995-f0e70906c6a9>
> Date:   Thu Mar 6 14:56:31 2008 +0000
> 
>     PKCS#11 "Application and processes" instructs the sequence
>     that should be taken after fork().
>     Applications should call C_Initialize() immediately after fork()
>     to reinitialize the provider.
> 
>     The change monitor the pid that calls C_Initialize(), if it is
>     different than previous C_Finalize() is called.
>

Yes, any suggestions to test that openvpn+opensc is doing this properly
would be good. I can try to trace through the code, but perhaps there is
a more simple test.

Thanks,
--chris