Diff

Differences From Artifact [37c3fd69d4]:

To Artifact [5ad2713a20]:


   876    876   #include "cackey_builtin_certs.h"
   877    877   };
   878    878   
   879    879   /* Protected Authentication Path command */
   880    880   #define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)
   881    881   #define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str
   882    882   static char *cackey_pin_command = NULL;
   883         -static char *cackey_pin_command_xonly = NULL;
   884    883   
   885    884   /* PCSC Global Handles */
   886    885   static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
   887    886   
   888    887   static unsigned long cackey_getversion(void) {
   889    888   	static unsigned long retval = 255;
   890    889   	unsigned long major = 0;
................................................................................
  2453   2452   	}
  2454   2453   
  2455   2454   	if (!slot->slot_reset) {
  2456   2455   		if (slot->cached_certs) {
  2457   2456   			if (certs == NULL) {
  2458   2457   				certs = malloc(sizeof(*certs) * slot->cached_certs_count);
  2459   2458   				*count = slot->cached_certs_count;
  2460         -
  2461   2459   			} else {
  2462   2460   				if (*count > slot->cached_certs_count) {
  2463   2461   					*count = slot->cached_certs_count;
  2464   2462   				}
  2465   2463   			}
  2466   2464   
  2467   2465   			cackey_copy_certs(certs, slot->cached_certs, *count);
................................................................................
  2871   2869   				}
  2872   2870   			}
  2873   2871   
  2874   2872   			/* End transaction */
  2875   2873   			cackey_end_transaction(slot);
  2876   2874   
  2877   2875   			if (respcode == 0x6982 || respcode == 0x6e00) {
  2878         -				CACKEY_DEBUG_PRINTF("Security status not satisified.  Returning NEEDLOGIN");
         2876  +				CACKEY_DEBUG_PRINTF("Security status not satisified (respcode = 0x%04x).  Returning NEEDLOGIN", (int) respcode);
  2879   2877   
  2880   2878   				cackey_mark_slot_reset(slot);
  2881   2879   
  2882   2880   				return(CACKEY_PCSC_E_NEEDLOGIN);
  2883   2881   			}
  2884   2882   
  2885   2883   			if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
................................................................................
  3081   3079   				CACKEY_DEBUG_PRINTF("We recently had a PIV card, so we will attempt to authenticate using the PIV Application key reference");
  3082   3080   
  3083   3081   				key_reference = 0x80;
  3084   3082   				break;
  3085   3083   			default:
  3086   3084   				break;
  3087   3085   		}
         3086  +
         3087  +		cackey_free_certs(pcsc_identities, num_certs, 1);
  3088   3088   	}
  3089   3089   
  3090   3090   	/* Issue PIN Verify */
  3091   3091   	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL);
  3092   3092   
  3093   3093   	if (send_ret != CACKEY_PCSC_S_OK) {
  3094   3094   		if ((response_code & 0x63C0) == 0x63C0) {
................................................................................
  4079   4079   	return(NULL);
  4080   4080   }
  4081   4081   
  4082   4082   CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
  4083   4083   	CK_C_INITIALIZE_ARGS CK_PTR args;
  4084   4084   	uint32_t idx, highest_slot;
  4085   4085   	int mutex_init_ret;
         4086  +	int include_dod_certs;
  4086   4087   
  4087   4088   	CACKEY_DEBUG_PRINTF("Called.");
  4088   4089   
  4089   4090   	if (cackey_initialized) {
  4090   4091   		CACKEY_DEBUG_PRINTF("Error.  Already initialized.");
  4091   4092   
  4092   4093   		return(CKR_CRYPTOKI_ALREADY_INITIALIZED);
................................................................................
  4122   4123   		cackey_slots[idx].transaction_need_hw_lock = 0;
  4123   4124   		cackey_slots[idx].slot_reset = 0;
  4124   4125   		cackey_slots[idx].token_flags = 0;
  4125   4126   		cackey_slots[idx].label = NULL;
  4126   4127   		cackey_slots[idx].internal = 0;
  4127   4128   	}
  4128   4129   
         4130  +#ifdef CACKEY_NO_EXTRA_CERTS
         4131  +	if (getenv("CACKEY_EXTRA_CERTS") != NULL) {
         4132  +		include_dod_certs = 1;
         4133  +	} else {
         4134  +		include_dod_certs = 0;
         4135  +	}
         4136  +#else
  4129   4137   	if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
         4138  +		include_dod_certs = 0;
         4139  +	} else {
         4140  +		include_dod_certs = 1;
         4141  +	}
         4142  +#endif
         4143  +
         4144  +	if (include_dod_certs == 0) {
  4130   4145   		CACKEY_DEBUG_PRINTF("Asked not to include DoD certificates");
  4131   4146   	} else {
  4132   4147   		highest_slot = (sizeof(cackey_slots) / sizeof(cackey_slots[0])) - 1;
  4133   4148   
  4134   4149   		CACKEY_DEBUG_PRINTF("Including DoD certs in slot %lu", (unsigned long) highest_slot);
  4135   4150   
  4136   4151   		cackey_slots[highest_slot].active = 1;
................................................................................
  4154   4169   		cackey_biglock_init = 1;
  4155   4170   	}
  4156   4171   
  4157   4172   	/* Define a command to prompt user for a PIN */
  4158   4173   #ifdef CACKEY_PIN_COMMAND_DEFAULT
  4159   4174   	cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
  4160   4175   #endif
         4176  +
  4161   4177   #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
  4162         -	cackey_pin_command_xonly = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
         4178  +	if (getenv("DISPLAY") != NULL) {
         4179  +		cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
         4180  +	}
  4163   4181   #endif
  4164   4182   
  4165         -	if (getenv("DISPLAY") != NULL) {
  4166         -		cackey_pin_command = cackey_pin_command_xonly;
         4183  +	if (getenv("CACKEY_PIN_COMMAND") != NULL) {
         4184  +		cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
  4167   4185   	}
  4168   4186   
  4169   4187   	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
  4170   4188   		cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");
  4171   4189   	}
  4172   4190   
  4173         -	if (getenv("CACKEY_PIN_COMMAND") != NULL) {
  4174         -		cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
  4175         -	}
  4176         -
  4177   4191   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
  4178   4192   
  4179   4193   	return(CKR_OK);
  4180   4194   }
  4181   4195   
  4182   4196   CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(CK_VOID_PTR pReserved) {
  4183   4197   	uint32_t idx;