IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix PKCS11 helper

Browse Source 
Slots in HSM are not assigned statically, we have to chose proper
slot from token label.

Softhsm i2.2.0 changed this behavior and now slots can change over
time (it is allowed by pkcs11 standard).

Changelog:
* created method get_slot() that returns slot number from
  used label
* replaces usage of slot in __init__ method of P11_Helper
  with label
* slot is dynamically detected from token label before
  session is opened
* pkcs11-util --init-token now uses '--free' instead '--slot'
  which uses first free slot (we don't care about slot numbers
  anymore)

https://pagure.io/freeipa/issue/6692

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Martin Basti
2017-03-29 18:53:11 +02:00
parent e88d5e815e
commit e8f2a415b3
8 changed files with 118 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ipaserver/dnssec/localhsm.py
View File

@@ -89,10 +89,11 @@ class Key(collections.MutableMapping):
def __repr__(self):
return self.__str__()
class LocalHSM(AbstractHSM):
def __init__(self, library, slot, pin):
def __init__(self, library, label, pin):
self.cache_replica_pubkeys = None
self.p11 = _ipap11helper.P11_Helper(slot, pin, library)
self.p11 = _ipap11helper.P11_Helper(label, pin, library)
self.log = logging.getLogger()
def __del__(self):