Check-in [a2a8052958]
Overview
Comment:Added support for reader filtering
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | reader-filtering
Files: files | file ages | folders
SHA1: a2a80529585a8f24c42f615481352f9ba2708bdb
User & Date: rkeene on 2015-07-17 18:54:55
Other Links: branch diff | manifest | tags
Context
2015-07-23
18:27
Merged in trunk Closed-Leaf check-in: 4092b10f67 user: rkeene tags: reader-filtering
2015-07-17
18:54
Added support for reader filtering check-in: a2a8052958 user: rkeene tags: reader-filtering
02:53
Made 0x6d00 wrong instruction handling handling also work for CACs check-in: 9723187878 user: rkeene tags: trunk
Changes

Modified cackey.c from [609a23ada9] to [fd4f0feee5].

877
878
879
880
881
882
883
884



885

886
887


888
889
890
891
892
893
894
895
896
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;

/** Extra certificates to include in token **/
struct cackey_pcsc_identity extra_certs[] = {
#include "cackey_builtin_certs.h"
};




/* Protected Authentication Path command */

#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)
#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str


static char *cackey_pin_command = NULL;

/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;

static unsigned long cackey_getversion(void) {
	static unsigned long retval = 255;
	unsigned long major = 0;
	unsigned long minor = 0;








>
>
>

>
|
<
>
>
|








877
878
879
880
881
882
883
884
885
886
887
888
889
890

891
892
893
894
895
896
897
898
899
900
901
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;

/** Extra certificates to include in token **/
struct cackey_pcsc_identity extra_certs[] = {
#include "cackey_builtin_certs.h"
};

#define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str)
#define CACKEY_MACRO_DEFAULT_STR(str) #str

/* Protected Authentication Path command */
static char *cackey_pin_command = NULL;


/* Reader Exclusion or Include-only */
static char *cackey_readers_include_only = NULL;
static char *cackey_readers_exclude = NULL;

/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;

static unsigned long cackey_getversion(void) {
	static unsigned long retval = 255;
	unsigned long major = 0;
	unsigned long minor = 0;
3322
3323
3324
3325
3326
3327
3328



3329
3330
3331
3332
3333
3334
3335

		return(CACKEY_PCSC_E_GENERIC);
	}

	CACKEY_DEBUG_PRINTF("PIN Change succeeded");

	return(CACKEY_PCSC_S_OK);



}

/*
 * SYNPOSIS
 *     ...
 *
 * ARGUMENTS







>
>
>







3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343

		return(CACKEY_PCSC_E_GENERIC);
	}

	CACKEY_DEBUG_PRINTF("PIN Change succeeded");

	return(CACKEY_PCSC_S_OK);

	/* Disable a warning, since this is only used in debug mode */
	tries_remaining = tries_remaining;
}

/*
 * SYNPOSIS
 *     ...
 *
 * ARGUMENTS
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469




























4470
4471
4472
4473
4474
4475
4476
		}

		cackey_biglock_init = 1;
	}

	/* Define a command to prompt user for a PIN */
#ifdef CACKEY_PIN_COMMAND_DEFAULT
	cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
#endif

#ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
	if (getenv("DISPLAY") != NULL) {
		cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
	}
#endif

	if (getenv("CACKEY_PIN_COMMAND") != NULL) {
		cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
	}

	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
		cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");




























	}

	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}








|




|




|



|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
		}

		cackey_biglock_init = 1;
	}

	/* Define a command to prompt user for a PIN */
#ifdef CACKEY_PIN_COMMAND_DEFAULT
	cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT));
#endif

#ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
	if (getenv("DISPLAY") != NULL) {
		cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT));
	}
#endif

	if (getenv("CACKEY_PIN_COMMAND") != NULL) {
		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND"));
	}

	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
	}

#ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT
	cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT));
#endif

#ifdef CACKEY_READERS_EXCLUDE_DEFAULT
	cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT));
#endif

	if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) {
		cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY"));

		if (cackey_readers_include_only[0] == '\0') {
			free(cackey_readers_include_only);

			cackey_readers_include_only = NULL;
		}
	}

	if (getenv("CACKEY_READERS_EXCLUDE") != NULL) {
		cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE"));

		if (cackey_readers_exclude[0] == '\0') {
			free(cackey_readers_exclude);

			cackey_readers_exclude = NULL;
		}
	}

	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}

4512
4513
4514
4515
4516
4517
4518


















4519
4520
4521
4522
4523
4524
4525
			cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);

			cackey_slots[idx].cached_certs = NULL;
		}
	}

	cackey_pcsc_disconnect();



















	cackey_initialized = 0;

	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
			cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);

			cackey_slots[idx].cached_certs = NULL;
		}
	}

	cackey_pcsc_disconnect();

	if (cackey_pin_command != NULL) {
		free(cackey_pin_command);

		cackey_pin_command = NULL;
	}

	if (cackey_readers_include_only != NULL) {
		free(cackey_readers_include_only);

		cackey_readers_include_only = NULL;
	}

	if (cackey_readers_exclude != NULL) {
		free(cackey_readers_exclude);

		cackey_readers_exclude = NULL;
	}

	cackey_initialized = 0;

	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}
4566
4567
4568
4569
4570
4571
4572

4573
4574
4575
4576

4577
4578
4579
4580
4581
4582
4583
 */
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
	static int first_call = 1;
	int mutex_retval;
	int pcsc_connect_ret;
	CK_ULONG count, slot_count = 0, currslot, slot_idx;
	char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;

	DWORD pcsc_readers_len;
	LONG scard_listreaders_ret;
	size_t curr_reader_len;
	int slot_reset;


	CACKEY_DEBUG_PRINTF("Called.");

	if (pulCount == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");

		return(CKR_ARGUMENTS_BAD);







>




>







4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
 */
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
	static int first_call = 1;
	int mutex_retval;
	int pcsc_connect_ret;
	CK_ULONG count, slot_count = 0, currslot, slot_idx;
	char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
	char *reader_check_pattern;
	DWORD pcsc_readers_len;
	LONG scard_listreaders_ret;
	size_t curr_reader_len;
	int slot_reset;
	int include_reader;

	CACKEY_DEBUG_PRINTF("Called.");

	if (pulCount == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");

		return(CKR_ARGUMENTS_BAD);
4707
4708
4709
4710
4711
4712
4713































4714
4715
4716
4717
4718
4719
4720
					if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
						CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");

						break;
					}

					CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);
































					/* Only update the list of slots if we are actually being asked supply the slot information */
					if (pSlotList) {
						if (slot_reset) {
							cackey_slots[currslot].active = 1;
							cackey_slots[currslot].internal = 0;
							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
					if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
						CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");

						break;
					}

					CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);

					if (cackey_readers_include_only != NULL) {
						CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only);

						include_reader = 0;
						reader_check_pattern = cackey_readers_include_only;
					} else if (cackey_readers_exclude != NULL) {
						CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude);

						include_reader = 1;
						reader_check_pattern = cackey_readers_exclude;
					} else {
						include_reader = 1;
						reader_check_pattern = NULL;
					}

					if (reader_check_pattern != NULL) {
						if (strstr(pcsc_readers, reader_check_pattern) != NULL) {
							CACKEY_DEBUG_PRINTF("This reader matched the pattern.");
						
							include_reader = !include_reader;
						}
					}

					if (include_reader != 1) {
						CACKEY_DEBUG_PRINTF("Skipping this reader.");

						pcsc_readers += curr_reader_len + 1;

						continue;
					}

					/* Only update the list of slots if we are actually being asked supply the slot information */
					if (pSlotList) {
						if (slot_reset) {
							cackey_slots[currslot].active = 1;
							cackey_slots[currslot].internal = 0;
							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);

Modified configure.ac from [ff26968020] to [f1a98b3eb3].

181
182
183
184
185
186
187




















188
189
190
191
192
193
194
195
196
197
198
199
if ! test "${pincommand}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN])
fi

if ! test "${pincommandxonly}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set])
fi





















dnl Set version script, to limit the scope of symbols
DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)

dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH

dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
DC_SYNC_SHLIBOBJS

dnl Produce Makefile
AC_OUTPUT(Makefile libcackey.syms)







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>












181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
if ! test "${pincommand}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN])
fi

if ! test "${pincommandxonly}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set])
fi

AC_ARG_WITH(readers-include-only, AC_HELP_STRING([--with-readers-include-only=<string>], [Specify a string to match in a reader to include it, all other readers will be excluded.  The user may override this with the CACKEY_READERS_INCLUDE_ONLY environment variable.]), [
	readers_include_only="${withval}"
], [
	readers_include_only="no"
])

AC_ARG_WITH(readers-exclude, AC_HELP_STRING([--with-readers-exclude=<string>], [Specify a string to match in a reader to exclude it, all other readers will be included.  The user may override this with the CACKEY_READERS_EXCLUDE environment variable.]), [
	readers_exclude="${withval}"
], [
	readers_exclude="no"
])

if ! test "${readers_include_only}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_READERS_INCLUDE_ONLY_DEFAULT, [$readers_include_only], [Substring to match to include readers])
fi

if ! test "${readers_exclude}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_READERS_EXCLUDE_DEFAULT, [$readers_exclude], [Substring to match to exclude readers])
fi

dnl Set version script, to limit the scope of symbols
DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)

dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH

dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
DC_SYNC_SHLIBOBJS

dnl Produce Makefile
AC_OUTPUT(Makefile libcackey.syms)