p11_child: do_card partially fix loop exit condition (redo of #5705)

[assafmo]

This PR fixes the exit condition when searching for a token in p11_child/do_card, specifically in case a token is present in a slot, but there are empty slots before it.

This PR partially fixes issue #5025, thanks to this comment by @sumit-bose: #5025 (comment)

:relnote: p11_child does not stop at the first empty slot when searching for tokens

This PR is a redo of PR #5705, because it was orphaned and changes were requested by the maintainers.

[sumit-bose]

Hi,

thanks for the patch, the commit message is looking good now. ACK

bye,
Sumit

[pbrezina]

Pushed PR: #5746

• master
  • b9f8c2f - p11_child: do_card partially fix loop exit condition when searching for token

[dpward]

FYI this change breaks some existing assumptions in the code after it

When this code is reached:

sssd/src/p11_child/p11_child_openssl.c

Lines 1777 to 1781 in 606daca

	if (modules[c] == NULL) {
	DEBUG(SSSDBG_OP_FAILURE, "No removable slots found.\n");
	ret = EIO;
	goto done;
	}

it will now exit if it did not find a removable slot with a token in it. So the wait_for_card handling right after it will never get executed:

sssd/src/p11_child/p11_child_openssl.c

Lines 1785 to 1797 in 606daca

	if (!(info.flags & CKF_TOKEN_PRESENT)) {
	DEBUG(SSSDBG_TRACE_ALL, "Token not present.\n");
	if (p11_ctx->wait_for_card) {
	ret = wait_for_card(modules[c], &slot_id);
	if (ret != EOK) {
	DEBUG(SSSDBG_OP_FAILURE, "wait_for_card failed.\n");
	goto done;
	}
	} else {
	ret = EIO;
	goto done;
	}
	}

[sumit-bose]

Hi,

thanks for the hint, I have to admit that I didn't test the patch with wait_for_card.

@assafmo, would you like to add a patch that fixes this?

bye,
Sumit

[assafmo]

Honestly I don't feel comfortable tinkering with this coee any more then I did. I can confirm that this patch did solve my issue and I was able to test it on multiple setups.

[dpward]

@assafmo Please see commit a9218fb.