sssd/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch

From 7b647338a40d701c6a5bb51c48c10a31a6b72699 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 30 Jan 2020 13:14:14 +0100
Subject: [PATCH 24/25] p11_child: check if card is present in wait_for_card()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Some implementations of C_WaitForSlotEvent() might return even if no
card was inserted. So it has to be checked if a card is really present.

Resolves: https://pagure.io/SSSD/sssd/issue/4159

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 src/p11_child/p11_child_openssl.c | 47 ++++++++++++++++---------------
 1 file changed, 25 insertions(+), 22 deletions(-)

diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c
index 56601b117..295715612 100644
--- a/src/p11_child/p11_child_openssl.c
+++ b/src/p11_child/p11_child_openssl.c
@@ -1546,35 +1546,38 @@ static errno_t wait_for_card(CK_FUNCTION_LIST *module, CK_SLOT_ID *slot_id)
     CK_RV rv;
     CK_SLOT_INFO info;
 
-    rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL);
-    if (rv != CKR_OK) {
-        if (rv != CKR_FUNCTION_NOT_SUPPORTED) {
+    do {
+        rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL);
+        if (rv != CKR_OK && rv != CKR_FUNCTION_NOT_SUPPORTED) {
             DEBUG(SSSDBG_OP_FAILURE,
                   "C_WaitForSlotEvent failed [%lu][%s].\n",
                   rv, p11_kit_strerror(rv));
             return EIO;
         }
 
-        /* Poor man's wait */
-        do {
+        if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
+            /* Poor man's wait */
             sleep(10);
-            rv = module->C_GetSlotInfo(*slot_id, &info);
-            if (rv != CKR_OK) {
-                DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n");
-                return EIO;
-            }
-            DEBUG(SSSDBG_TRACE_ALL,
-                  "Description [%s] Manufacturer [%s] flags [%lu] "
-                  "removable [%s] token present [%s].\n",
-                  info.slotDescription, info.manufacturerID, info.flags,
-                  (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false",
-                  (info.flags & CKF_TOKEN_PRESENT) ? "true": "false");
-            if ((info.flags & CKF_REMOVABLE_DEVICE)
-                    && (info.flags & CKF_TOKEN_PRESENT)) {
-                break;
-            }
-        } while (true);
-    }
+        }
+
+        rv = module->C_GetSlotInfo(*slot_id, &info);
+        if (rv != CKR_OK) {
+            DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n");
+            return EIO;
+        }
+        DEBUG(SSSDBG_TRACE_ALL,
+              "Description [%s] Manufacturer [%s] flags [%lu] "
+              "removable [%s] token present [%s].\n",
+              info.slotDescription, info.manufacturerID, info.flags,
+              (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false",
+              (info.flags & CKF_TOKEN_PRESENT) ? "true": "false");
+
+        /* Check if really a token is present */
+        if ((info.flags & CKF_REMOVABLE_DEVICE)
+                && (info.flags & CKF_TOKEN_PRESENT)) {
+            break;
+        }
+    } while (true);
 
     return EOK;
 }
-- 
2.20.1