Changes On Branch reader-filtering

Changes In Branch reader-filtering Excluding Merge-Ins

This is equivalent to a diff from b6e428f68c to 4092b10f67

2015-07-23
18:28
Merged in reader filtering check-in: 30f9879615 user: rkeene tags: trunk
18:27
Merged in trunk Closed-Leaf check-in: 4092b10f67 user: rkeene tags: reader-filtering
18:25
Updated to reset if signing fails and hope for the best afterwards check-in: b6e428f68c user: rkeene tags: trunk
18:24
Updated KPS certificates check-in: fed23dc867 user: rkeene tags: trunk
2015-07-17
18:54
Added support for reader filtering check-in: a2a8052958 user: rkeene tags: reader-filtering

Modified cackey.c from [029de9965c] to [0922233e4d].

877
878
879
880
881
882
883
884



885

886

887
888



889
890
891
892
893
894
895
896
877
878
879
880
881
882
883
884
885
886
887
888
889

890


891
892
893
894
895
896
897
898
899
900
901








+
+
+

+
-
+
-
-
+
+
+








static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;

/** Extra certificates to include in token **/
struct cackey_pcsc_identity extra_certs[] = {
#include "cackey_builtin_certs.h"
};

#define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str)
#define CACKEY_MACRO_DEFAULT_STR(str) #str

/* Protected Authentication Path command */
static char *cackey_pin_command = NULL;
#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)

#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str
static char *cackey_pin_command = NULL;
/* Reader Exclusion or Include-only */
static char *cackey_readers_include_only = NULL;
static char *cackey_readers_exclude = NULL;

/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;

static unsigned long cackey_getversion(void) {
	static unsigned long retval = 255;
	unsigned long major = 0;
	unsigned long minor = 0;
3329
3330
3331
3332
3333
3334
3335



3336
3337
3338
3339
3340
3341
3342
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350







+
+
+








		return(CACKEY_PCSC_E_GENERIC);
	}

	CACKEY_DEBUG_PRINTF("PIN Change succeeded");

	return(CACKEY_PCSC_S_OK);

	/* Disable a warning, since this is only used in debug mode */
	tries_remaining = tries_remaining;
}

/*
 * SYNPOSIS
 *     ...
 *
 * ARGUMENTS
4455
4456
4457
4458
4459
4460
4461
4462

4463
4464
4465
4466
4467

4468
4469
4470
4471
4472

4473
4474
4475
4476





























4477
4478
4479
4480
4481
4482
4483
4463
4464
4465
4466
4467
4468
4469

4470
4471
4472
4473
4474

4475
4476
4477
4478
4479

4480
4481
4482
4483

4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519







-
+




-
+




-
+



-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







		}

		cackey_biglock_init = 1;
	}

	/* Define a command to prompt user for a PIN */
#ifdef CACKEY_PIN_COMMAND_DEFAULT
	cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
	cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT));
#endif

#ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
	if (getenv("DISPLAY") != NULL) {
		cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
		cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT));
	}
#endif

	if (getenv("CACKEY_PIN_COMMAND") != NULL) {
		cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND"));
	}

	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
		cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");
		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
	}

#ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT
	cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT));
#endif

#ifdef CACKEY_READERS_EXCLUDE_DEFAULT
	cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT));
#endif

	if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) {
		cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY"));

		if (cackey_readers_include_only[0] == '\0') {
			free(cackey_readers_include_only);

			cackey_readers_include_only = NULL;
		}
	}

	if (getenv("CACKEY_READERS_EXCLUDE") != NULL) {
		cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE"));

		if (cackey_readers_exclude[0] == '\0') {
			free(cackey_readers_exclude);

			cackey_readers_exclude = NULL;
		}
	}

	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}

4519
4520
4521
4522
4523
4524
4525


















4526
4527
4528
4529
4530
4531
4532
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586







+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







			cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);

			cackey_slots[idx].cached_certs = NULL;
		}
	}

	cackey_pcsc_disconnect();

	if (cackey_pin_command != NULL) {
		free(cackey_pin_command);

		cackey_pin_command = NULL;
	}

	if (cackey_readers_include_only != NULL) {
		free(cackey_readers_include_only);

		cackey_readers_include_only = NULL;
	}

	if (cackey_readers_exclude != NULL) {
		free(cackey_readers_exclude);

		cackey_readers_exclude = NULL;
	}

	cackey_initialized = 0;

	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}
4573
4574
4575
4576
4577
4578
4579

4580
4581
4582
4583

4584
4585
4586
4587
4588
4589
4590
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646







+




+







 */
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
	static int first_call = 1;
	int mutex_retval;
	int pcsc_connect_ret;
	CK_ULONG count, slot_count = 0, currslot, slot_idx;
	char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
	char *reader_check_pattern;
	DWORD pcsc_readers_len;
	LONG scard_listreaders_ret;
	size_t curr_reader_len;
	int slot_reset;
	int include_reader;

	CACKEY_DEBUG_PRINTF("Called.");

	if (pulCount == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");

		return(CKR_ARGUMENTS_BAD);
4714
4715
4716
4717
4718
4719
4720































4721
4722
4723
4724
4725
4726
4727
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814







+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







					if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
						CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");

						break;
					}

					CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);

					if (cackey_readers_include_only != NULL) {
						CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only);

						include_reader = 0;
						reader_check_pattern = cackey_readers_include_only;
					} else if (cackey_readers_exclude != NULL) {
						CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude);

						include_reader = 1;
						reader_check_pattern = cackey_readers_exclude;
					} else {
						include_reader = 1;
						reader_check_pattern = NULL;
					}

					if (reader_check_pattern != NULL) {
						if (strstr(pcsc_readers, reader_check_pattern) != NULL) {
							CACKEY_DEBUG_PRINTF("This reader matched the pattern.");
						
							include_reader = !include_reader;
						}
					}

					if (include_reader != 1) {
						CACKEY_DEBUG_PRINTF("Skipping this reader.");

						pcsc_readers += curr_reader_len + 1;

						continue;
					}

					/* Only update the list of slots if we are actually being asked supply the slot information */
					if (pSlotList) {
						if (slot_reset) {
							cackey_slots[currslot].active = 1;
							cackey_slots[currslot].internal = 0;
							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);

Modified configure.ac from [ff26968020] to [f1a98b3eb3].

181
182
183
184
185
186
187




















188
189
190
191
192
193
194
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214







+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







if ! test "${pincommand}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN])
fi

if ! test "${pincommandxonly}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set])
fi

AC_ARG_WITH(readers-include-only, AC_HELP_STRING([--with-readers-include-only=<string>], [Specify a string to match in a reader to include it, all other readers will be excluded.  The user may override this with the CACKEY_READERS_INCLUDE_ONLY environment variable.]), [
	readers_include_only="${withval}"
], [
	readers_include_only="no"
])

AC_ARG_WITH(readers-exclude, AC_HELP_STRING([--with-readers-exclude=<string>], [Specify a string to match in a reader to exclude it, all other readers will be included.  The user may override this with the CACKEY_READERS_EXCLUDE environment variable.]), [
	readers_exclude="${withval}"
], [
	readers_exclude="no"
])

if ! test "${readers_include_only}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_READERS_INCLUDE_ONLY_DEFAULT, [$readers_include_only], [Substring to match to include readers])
fi

if ! test "${readers_exclude}" = 'no'; then
	AC_DEFINE_UNQUOTED(CACKEY_READERS_EXCLUDE_DEFAULT, [$readers_exclude], [Substring to match to exclude readers])
fi

dnl Set version script, to limit the scope of symbols
DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)

dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH