id summary reporter owner description type status priority milestone component version severity resolution keywords cc 14 C_Initalize should be called after each fork alon.barlev@… somebody "Hello, The pkcs11_eventmgr first C_Initialize then becomes a daemon... The PKCS#11 standard states that after fork the user must call C_Initialize again, in order to allow proper library initialization at new process. Also, don't quit on major errors... try to reinitialize. I've sent this a long time ago... Please consider the following patch: {{{ diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.c pam_pkcs11-0.5.3.new/src/common/pkcs11.c --- pam_pkcs11-0.5.3/src/common/pkcs11.c 2005-09-12 09:12:55.000000000 +0000 +++ pam_pkcs11-0.5.3.new/src/common/pkcs11.c 2005-10-05 03:07:30.000000000 +0000 @@ -82,7 +82,9 @@ int init_pkcs11_module(pkcs11_handle_t * /* initialise the module */ rv = h->fl->C_Initialize(NULL); - if (rv != CKR_OK) { + if (rv == CKR_OK) + h->should_finalize = 1; + else if (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { set_error(""C_Initialize() failed: %x"", rv); return -1; } @@ -170,7 +172,8 @@ void release_pkcs11_module(pkcs11_handle { /* finalise pkcs #11 module */ if (h->fl != NULL) - h->fl->C_Finalize(NULL); + if (h->should_finalize) + h->fl->C_Finalize(NULL); /* unload the module */ if (h->module_handle != NULL) dlclose(h->module_handle); diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.h pam_pkcs11-0.5.3.new/src/common/pkcs11.h --- pam_pkcs11-0.5.3/src/common/pkcs11.h 2005-09-12 09:12:55.000000000 +0000 +++ pam_pkcs11-0.5.3.new/src/common/pkcs11.h 2005-10-05 03:07:30.000000000 +0000 @@ -136,6 +136,7 @@ typedef struct { typedef struct { void *module_handle; CK_FUNCTION_LIST_PTR fl; + int should_finalize; slot_t *slots; CK_ULONG slot_count; CK_SESSION_HANDLE session; diff -urNp pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c --- pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c 2005-09-12 09:12:54.000000000 +0000 +++ pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c 2005-10-05 03:11:24.000000000 +0000 @@ -283,15 +283,6 @@ int main(int argc, char *argv[]) { return 1; } - /* open pkcs11 sesion */ - DBG(""initialising pkcs #11 module...""); - rv = ph.fl->C_Initialize(NULL); - if (rv != 0) { - release_pkcs11_module(&ph); - DBG1(""C_Initialize() failed: %d"", rv); - return 1; - } - /* put my self into background if flag is set */ if (daemonize) { DBG(""Going to be daemon...""); @@ -303,6 +294,17 @@ int main(int argc, char *argv[]) { } } + /* open pkcs11 sesion */ + DBG(""initialising pkcs #11 module...""); + rv = ph.fl->C_Initialize(NULL); + if (rv != 0) { + release_pkcs11_module(&ph); + if (ctx) scconf_free(ctx); + DBG1(""C_Initialize() failed: %d"", rv); + return 1; + } + ph.should_finalize = 1; + /* * Wait endlessly for all events in the list of readers * We only stop in case of an error @@ -324,7 +326,9 @@ int main(int argc, char *argv[]) { new_state = get_a_token(); if (new_state == CARD_ERROR) { DBG(""Error trying to get a token""); - break; + rv = ph.fl->C_Finalize(NULL); + rv = ph.fl->C_Initialize(NULL); + continue; } if (old_state == new_state ) { /* state unchanged */ /* on card not present, increase and check expire time */ }}} " defect closed normal milestone1 component1 1.0 normal fixed