Overview
Comment: | Updated to allow the Protected Authentication Path to be set only if an X server display is available |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | protected-auth-path |
Files: | files | file ages | folders |
SHA1: |
b6ea2dbe0a4049570437c0979278caee |
User & Date: | rkeene on 2013-08-14 03:55:08 |
Other Links: | branch diff | manifest | tags |
Context
2013-08-14
| ||
04:15 | Added start of script to ask for PIN via X11 check-in: 20ddc71853 user: rkeene tags: protected-auth-path | |
03:55 | Updated to allow the Protected Authentication Path to be set only if an X server display is available check-in: b6ea2dbe0a user: rkeene tags: protected-auth-path | |
03:48 | Added support for supplying a command to provide a PIN via standard output check-in: b6a0e30bff user: rkeene tags: protected-auth-path | |
Changes
Modified cackey.c from [1675cfdb33] to [b4f00ff994].
︙ | ︙ | |||
867 868 869 870 871 872 873 | /** Extra certificates to include in token **/ struct cackey_pcsc_identity extra_certs[] = { #include "cackey_builtin_certs.h" }; /* Protected Authentication Path command */ | < | | | < | < | 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 | /** Extra certificates to include in token **/ struct cackey_pcsc_identity extra_certs[] = { #include "cackey_builtin_certs.h" }; /* Protected Authentication Path command */ #define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str) #define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str static char *cackey_pin_command = NULL; static char *cackey_pin_command_xonly = NULL; /* PCSC Global Handles */ static LPSCARDCONTEXT cackey_pcsc_handle = NULL; static unsigned long cackey_getversion(void) { static unsigned long retval = 255; unsigned long major = 0; |
︙ | ︙ | |||
4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 | return(CKR_CANT_LOCK); } cackey_biglock_init = 1; } /* Define a command to prompt user for a PIN */ if (getenv("CACKEY_PIN_COMMAND") != NULL) { cackey_pin_command = getenv("CACKEY_PIN_COMMAND"); } CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); return(CKR_OK); | > > > > > > > > > > > > > > > | 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 | return(CKR_CANT_LOCK); } cackey_biglock_init = 1; } /* Define a command to prompt user for a PIN */ #ifdef CACKEY_PIN_COMMAND_DEFAULT cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT); #endif #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT cackey_pin_command_xonly = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT); #endif if (getenv("DISPLAY") != NULL) { cackey_pin_command = cackey_pin_command_xonly; } if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) { cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY"); } if (getenv("CACKEY_PIN_COMMAND") != NULL) { cackey_pin_command = getenv("CACKEY_PIN_COMMAND"); } CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); return(CKR_OK); |
︙ | ︙ |
Modified configure.ac from [0e5526103b] to [34fbe03317].
︙ | ︙ | |||
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 | dnl Option to hard-code a command to run to request a PIN (enabling protected authentication path) AC_ARG_WITH(pin-command, AC_HELP_STRING([--with-pin-command=<command>], [Specify a command to run to request a PIN from the user. The user may override this with the CACKEY_PIN_COMMAND environment variable.]), [ pincommand="${withval}" ], [ pincommand="no" ]) if ! test "${pincommand}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN]) fi dnl Set version script, to limit the scope of symbols DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms) dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker DC_SYNC_RPATH dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last. DC_SYNC_SHLIBOBJS dnl Produce Makefile AC_OUTPUT(Makefile libcackey.syms) | > > > > > > > > > > | 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 | dnl Option to hard-code a command to run to request a PIN (enabling protected authentication path) AC_ARG_WITH(pin-command, AC_HELP_STRING([--with-pin-command=<command>], [Specify a command to run to request a PIN from the user. The user may override this with the CACKEY_PIN_COMMAND environment variable.]), [ pincommand="${withval}" ], [ pincommand="no" ]) AC_ARG_WITH(pin-command-x, AC_HELP_STRING([--with-pin-command-x=<command>], [Same as --with-pin-command, but only sets Protected Authentication Path if the DISPLAY environment variable is set]), [ pincommandxonly="${withval}" ], [ pincommandxonly="no" ]) if ! test "${pincommand}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN]) fi if ! test "${pincommandxonly}" = 'no'; then AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set]) fi dnl Set version script, to limit the scope of symbols DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms) dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker DC_SYNC_RPATH dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last. DC_SYNC_SHLIBOBJS dnl Produce Makefile AC_OUTPUT(Makefile libcackey.syms) |