Overview
Comment: | Merged in reader filtering |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
30f987961507f6c306d22f250abfb469 |
User & Date: | rkeene on 2015-07-23 18:28:01 |
Other Links: | manifest | tags |
Context
2015-07-23
| ||
20:45 | Fixed a couple of issues found setting up test cases for the AFL fuzzer check-in: 633a24960e user: rkeene tags: trunk | |
18:28 | Merged in reader filtering check-in: 30f9879615 user: rkeene tags: trunk | |
18:27 | Merged in trunk Closed-Leaf check-in: 4092b10f67 user: rkeene tags: reader-filtering | |
18:25 | Updated to reset if signing fails and hope for the best afterwards check-in: b6e428f68c user: rkeene tags: trunk | |
Changes
Modified cackey.c from [029de9965c] to [0922233e4d].
︙ | ︙ | |||
877 878 879 880 881 882 883 884 885 | static int cackey_biglock_init = 0; CK_C_INITIALIZE_ARGS cackey_args; /** Extra certificates to include in token **/ struct cackey_pcsc_identity extra_certs[] = { #include "cackey_builtin_certs.h" }; /* Protected Authentication Path command */ | > > > > | < > > | | 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 | static int cackey_biglock_init = 0; CK_C_INITIALIZE_ARGS cackey_args; /** Extra certificates to include in token **/ struct cackey_pcsc_identity extra_certs[] = { #include "cackey_builtin_certs.h" }; #define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str) #define CACKEY_MACRO_DEFAULT_STR(str) #str /* Protected Authentication Path command */ static char *cackey_pin_command = NULL; /* Reader Exclusion or Include-only */ static char *cackey_readers_include_only = NULL; static char *cackey_readers_exclude = NULL; /* PCSC Global Handles */ static LPSCARDCONTEXT cackey_pcsc_handle = NULL; static unsigned long cackey_getversion(void) { static unsigned long retval = 255; unsigned long major = 0; unsigned long minor = 0; |
︙ | ︙ | |||
3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 | return(CACKEY_PCSC_E_GENERIC); } CACKEY_DEBUG_PRINTF("PIN Change succeeded"); return(CACKEY_PCSC_S_OK); } /* * SYNPOSIS * ... * * ARGUMENTS | > > > | 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349 3350 | return(CACKEY_PCSC_E_GENERIC); } CACKEY_DEBUG_PRINTF("PIN Change succeeded"); return(CACKEY_PCSC_S_OK); /* Disable a warning, since this is only used in debug mode */ tries_remaining = tries_remaining; } /* * SYNPOSIS * ... * * ARGUMENTS |
︙ | ︙ | |||
4455 4456 4457 4458 4459 4460 4461 | } cackey_biglock_init = 1; } /* Define a command to prompt user for a PIN */ #ifdef CACKEY_PIN_COMMAND_DEFAULT | | | | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 | } cackey_biglock_init = 1; } /* Define a command to prompt user for a PIN */ #ifdef CACKEY_PIN_COMMAND_DEFAULT cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT)); #endif #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT if (getenv("DISPLAY") != NULL) { cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT)); } #endif if (getenv("CACKEY_PIN_COMMAND") != NULL) { cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND")); } if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) { cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY")); } #ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT)); #endif #ifdef CACKEY_READERS_EXCLUDE_DEFAULT cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT)); #endif if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) { cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY")); if (cackey_readers_include_only[0] == '\0') { free(cackey_readers_include_only); cackey_readers_include_only = NULL; } } if (getenv("CACKEY_READERS_EXCLUDE") != NULL) { cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE")); if (cackey_readers_exclude[0] == '\0') { free(cackey_readers_exclude); cackey_readers_exclude = NULL; } } CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); return(CKR_OK); } |
︙ | ︙ | |||
4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 | cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1); cackey_slots[idx].cached_certs = NULL; } } cackey_pcsc_disconnect(); cackey_initialized = 0; CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); return(CKR_OK); } | > > > > > > > > > > > > > > > > > > | 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 | cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1); cackey_slots[idx].cached_certs = NULL; } } cackey_pcsc_disconnect(); if (cackey_pin_command != NULL) { free(cackey_pin_command); cackey_pin_command = NULL; } if (cackey_readers_include_only != NULL) { free(cackey_readers_include_only); cackey_readers_include_only = NULL; } if (cackey_readers_exclude != NULL) { free(cackey_readers_exclude); cackey_readers_exclude = NULL; } cackey_initialized = 0; CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); return(CKR_OK); } |
︙ | ︙ | |||
4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 | */ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) { static int first_call = 1; int mutex_retval; int pcsc_connect_ret; CK_ULONG count, slot_count = 0, currslot, slot_idx; char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e; DWORD pcsc_readers_len; LONG scard_listreaders_ret; size_t curr_reader_len; int slot_reset; CACKEY_DEBUG_PRINTF("Called."); if (pulCount == NULL) { CACKEY_DEBUG_PRINTF("Error. pulCount is NULL."); return(CKR_ARGUMENTS_BAD); | > > | 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 | */ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) { static int first_call = 1; int mutex_retval; int pcsc_connect_ret; CK_ULONG count, slot_count = 0, currslot, slot_idx; char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e; char *reader_check_pattern; DWORD pcsc_readers_len; LONG scard_listreaders_ret; size_t curr_reader_len; int slot_reset; int include_reader; CACKEY_DEBUG_PRINTF("Called."); if (pulCount == NULL) { CACKEY_DEBUG_PRINTF("Error. pulCount is NULL."); return(CKR_ARGUMENTS_BAD); |
︙ | ︙ | |||
4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 | if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { CACKEY_DEBUG_PRINTF("Found more readers than slots are available!"); break; } CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot); /* Only update the list of slots if we are actually being asked supply the slot information */ if (pSlotList) { if (slot_reset) { cackey_slots[currslot].active = 1; cackey_slots[currslot].internal = 0; cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers); | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 | if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { CACKEY_DEBUG_PRINTF("Found more readers than slots are available!"); break; } CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot); if (cackey_readers_include_only != NULL) { CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only); include_reader = 0; reader_check_pattern = cackey_readers_include_only; } else if (cackey_readers_exclude != NULL) { CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude); include_reader = 1; reader_check_pattern = cackey_readers_exclude; } else { include_reader = 1; reader_check_pattern = NULL; } if (reader_check_pattern != NULL) { if (strstr(pcsc_readers, reader_check_pattern) != NULL) { CACKEY_DEBUG_PRINTF("This reader matched the pattern."); include_reader = !include_reader; } } if (include_reader != 1) { CACKEY_DEBUG_PRINTF("Skipping this reader."); pcsc_readers += curr_reader_len + 1; continue; } /* Only update the list of slots if we are actually being asked supply the slot information */ if (pSlotList) { if (slot_reset) { cackey_slots[currslot].active = 1; cackey_slots[currslot].internal = 0; cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers); |
︙ | ︙ |
Modified configure.ac from [ff26968020] to [f1a98b3eb3].
︙ | ︙ | |||
181 182 183 184 185 186 187 188 189 190 191 192 193 194 | if ! test "${pincommand}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN]) fi if ! test "${pincommandxonly}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set]) fi dnl Set version script, to limit the scope of symbols DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms) dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker DC_SYNC_RPATH | > > > > > > > > > > > > > > > > > > > > | 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 | if ! test "${pincommand}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN]) fi if ! test "${pincommandxonly}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set]) fi AC_ARG_WITH(readers-include-only, AC_HELP_STRING([--with-readers-include-only=<string>], [Specify a string to match in a reader to include it, all other readers will be excluded. The user may override this with the CACKEY_READERS_INCLUDE_ONLY environment variable.]), [ readers_include_only="${withval}" ], [ readers_include_only="no" ]) AC_ARG_WITH(readers-exclude, AC_HELP_STRING([--with-readers-exclude=<string>], [Specify a string to match in a reader to exclude it, all other readers will be included. The user may override this with the CACKEY_READERS_EXCLUDE environment variable.]), [ readers_exclude="${withval}" ], [ readers_exclude="no" ]) if ! test "${readers_include_only}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_READERS_INCLUDE_ONLY_DEFAULT, [$readers_include_only], [Substring to match to include readers]) fi if ! test "${readers_exclude}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_READERS_EXCLUDE_DEFAULT, [$readers_exclude], [Substring to match to exclude readers]) fi dnl Set version script, to limit the scope of symbols DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms) dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker DC_SYNC_RPATH |
︙ | ︙ |