p11-kit: Don't complain about C_Finalize called in wrong process

When C_Finalize is called in the wrong process, it's often because
of a caller unaware of forking. This is a painful area of PKCS#11,
but at least for C_Finalize, lets not complain loudly about it.

diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index bfcd3e5e9445d188c42fca73b2a7f64211cb0937..293ea4d16742d60529ace7171be6cd1f9becb22e 100644 (file)
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -1591,7 +1591,14 @@ managed_C_Finalize (CK_X_FUNCTION_LIST *self,
 
        pid = getpid ();
        if (managed->initialized != pid) {
-               rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+               /*
+                * In theory we should be returning CKR_CRYPTOKI_NOT_INITIALIZED here
+                * but enough callers are not completely aware of their forking.
+                * So we just clean up any state we have, rather than forcing callers
+                * to initialize just to finalize.
+                */
+               p11_debug ("finalizing module in wrong process, skipping C_Finalize");
+               rv = CKR_OK;
 
        } else {
                sessions = managed_steal_sessions_inlock (managed->sessions, false, 0, &count);
@@ -1607,12 +1614,12 @@ managed_C_Finalize (CK_X_FUNCTION_LIST *self,
 
                /* WARNING: reentrancy can occur here */
                rv = finalize_module_inlock_reentrant (managed->mod);
+       }
 
-               if (rv == CKR_OK) {
-                       managed->initialized = 0;
-                       p11_dict_free (managed->sessions);
-                       managed->sessions = NULL;
-               }
+       if (rv == CKR_OK) {
+               managed->initialized = 0;
+               p11_dict_free (managed->sessions);
+               managed->sessions = NULL;
        }
 
        p11_unlock ();