Check-in [30f9879615]
Overview
Comment:Merged in reader filtering
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:30f987961507f6c306d22f250abfb469abc3adee
User & Date: rkeene on 2015-07-23 18:28:01
Other Links: manifest | tags
Context
2015-07-23
20:45
Fixed a couple of issues found setting up test cases for the AFL fuzzer check-in: 633a24960e user: rkeene tags: trunk
18:28
Merged in reader filtering check-in: 30f9879615 user: rkeene tags: trunk
18:27
Merged in trunk Closed-Leaf check-in: 4092b10f67 user: rkeene tags: reader-filtering
18:25
Updated to reset if signing fails and hope for the best afterwards check-in: b6e428f68c user: rkeene tags: trunk
Changes

Modified cackey.c from [029de9965c] to [0922233e4d].

   877    877   static int cackey_biglock_init = 0;
   878    878   CK_C_INITIALIZE_ARGS cackey_args;
   879    879   
   880    880   /** Extra certificates to include in token **/
   881    881   struct cackey_pcsc_identity extra_certs[] = {
   882    882   #include "cackey_builtin_certs.h"
   883    883   };
          884  +
          885  +#define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str)
          886  +#define CACKEY_MACRO_DEFAULT_STR(str) #str
   884    887   
   885    888   /* Protected Authentication Path command */
   886         -#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)
   887         -#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str
   888    889   static char *cackey_pin_command = NULL;
   889    890   
          891  +/* Reader Exclusion or Include-only */
          892  +static char *cackey_readers_include_only = NULL;
          893  +static char *cackey_readers_exclude = NULL;
          894  +
   890    895   /* PCSC Global Handles */
   891    896   static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
   892    897   
   893    898   static unsigned long cackey_getversion(void) {
   894    899   	static unsigned long retval = 255;
   895    900   	unsigned long major = 0;
   896    901   	unsigned long minor = 0;
................................................................................
  3329   3334   
  3330   3335   		return(CACKEY_PCSC_E_GENERIC);
  3331   3336   	}
  3332   3337   
  3333   3338   	CACKEY_DEBUG_PRINTF("PIN Change succeeded");
  3334   3339   
  3335   3340   	return(CACKEY_PCSC_S_OK);
         3341  +
         3342  +	/* Disable a warning, since this is only used in debug mode */
         3343  +	tries_remaining = tries_remaining;
  3336   3344   }
  3337   3345   
  3338   3346   /*
  3339   3347    * SYNPOSIS
  3340   3348    *     ...
  3341   3349    *
  3342   3350    * ARGUMENTS
................................................................................
  4455   4463   		}
  4456   4464   
  4457   4465   		cackey_biglock_init = 1;
  4458   4466   	}
  4459   4467   
  4460   4468   	/* Define a command to prompt user for a PIN */
  4461   4469   #ifdef CACKEY_PIN_COMMAND_DEFAULT
  4462         -	cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
         4470  +	cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT));
  4463   4471   #endif
  4464   4472   
  4465   4473   #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
  4466   4474   	if (getenv("DISPLAY") != NULL) {
  4467         -		cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
         4475  +		cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT));
  4468   4476   	}
  4469   4477   #endif
  4470   4478   
  4471   4479   	if (getenv("CACKEY_PIN_COMMAND") != NULL) {
  4472         -		cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
         4480  +		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND"));
  4473   4481   	}
  4474   4482   
  4475   4483   	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
  4476         -		cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");
         4484  +		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
         4485  +	}
         4486  +
         4487  +#ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT
         4488  +	cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT));
         4489  +#endif
         4490  +
         4491  +#ifdef CACKEY_READERS_EXCLUDE_DEFAULT
         4492  +	cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT));
         4493  +#endif
         4494  +
         4495  +	if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) {
         4496  +		cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY"));
         4497  +
         4498  +		if (cackey_readers_include_only[0] == '\0') {
         4499  +			free(cackey_readers_include_only);
         4500  +
         4501  +			cackey_readers_include_only = NULL;
         4502  +		}
         4503  +	}
         4504  +
         4505  +	if (getenv("CACKEY_READERS_EXCLUDE") != NULL) {
         4506  +		cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE"));
         4507  +
         4508  +		if (cackey_readers_exclude[0] == '\0') {
         4509  +			free(cackey_readers_exclude);
         4510  +
         4511  +			cackey_readers_exclude = NULL;
         4512  +		}
  4477   4513   	}
  4478   4514   
  4479   4515   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
  4480   4516   
  4481   4517   	return(CKR_OK);
  4482   4518   }
  4483   4519   
................................................................................
  4519   4555   			cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);
  4520   4556   
  4521   4557   			cackey_slots[idx].cached_certs = NULL;
  4522   4558   		}
  4523   4559   	}
  4524   4560   
  4525   4561   	cackey_pcsc_disconnect();
         4562  +
         4563  +	if (cackey_pin_command != NULL) {
         4564  +		free(cackey_pin_command);
         4565  +
         4566  +		cackey_pin_command = NULL;
         4567  +	}
         4568  +
         4569  +	if (cackey_readers_include_only != NULL) {
         4570  +		free(cackey_readers_include_only);
         4571  +
         4572  +		cackey_readers_include_only = NULL;
         4573  +	}
         4574  +
         4575  +	if (cackey_readers_exclude != NULL) {
         4576  +		free(cackey_readers_exclude);
         4577  +
         4578  +		cackey_readers_exclude = NULL;
         4579  +	}
  4526   4580   
  4527   4581   	cackey_initialized = 0;
  4528   4582   
  4529   4583   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
  4530   4584   
  4531   4585   	return(CKR_OK);
  4532   4586   }
................................................................................
  4573   4627    */
  4574   4628   CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
  4575   4629   	static int first_call = 1;
  4576   4630   	int mutex_retval;
  4577   4631   	int pcsc_connect_ret;
  4578   4632   	CK_ULONG count, slot_count = 0, currslot, slot_idx;
  4579   4633   	char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
         4634  +	char *reader_check_pattern;
  4580   4635   	DWORD pcsc_readers_len;
  4581   4636   	LONG scard_listreaders_ret;
  4582   4637   	size_t curr_reader_len;
  4583   4638   	int slot_reset;
         4639  +	int include_reader;
  4584   4640   
  4585   4641   	CACKEY_DEBUG_PRINTF("Called.");
  4586   4642   
  4587   4643   	if (pulCount == NULL) {
  4588   4644   		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");
  4589   4645   
  4590   4646   		return(CKR_ARGUMENTS_BAD);
................................................................................
  4714   4770   					if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
  4715   4771   						CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");
  4716   4772   
  4717   4773   						break;
  4718   4774   					}
  4719   4775   
  4720   4776   					CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);
         4777  +
         4778  +					if (cackey_readers_include_only != NULL) {
         4779  +						CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only);
         4780  +
         4781  +						include_reader = 0;
         4782  +						reader_check_pattern = cackey_readers_include_only;
         4783  +					} else if (cackey_readers_exclude != NULL) {
         4784  +						CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude);
         4785  +
         4786  +						include_reader = 1;
         4787  +						reader_check_pattern = cackey_readers_exclude;
         4788  +					} else {
         4789  +						include_reader = 1;
         4790  +						reader_check_pattern = NULL;
         4791  +					}
         4792  +
         4793  +					if (reader_check_pattern != NULL) {
         4794  +						if (strstr(pcsc_readers, reader_check_pattern) != NULL) {
         4795  +							CACKEY_DEBUG_PRINTF("This reader matched the pattern.");
         4796  +						
         4797  +							include_reader = !include_reader;
         4798  +						}
         4799  +					}
         4800  +
         4801  +					if (include_reader != 1) {
         4802  +						CACKEY_DEBUG_PRINTF("Skipping this reader.");
         4803  +
         4804  +						pcsc_readers += curr_reader_len + 1;
         4805  +
         4806  +						continue;
         4807  +					}
  4721   4808   
  4722   4809   					/* Only update the list of slots if we are actually being asked supply the slot information */
  4723   4810   					if (pSlotList) {
  4724   4811   						if (slot_reset) {
  4725   4812   							cackey_slots[currslot].active = 1;
  4726   4813   							cackey_slots[currslot].internal = 0;
  4727   4814   							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);

Modified configure.ac from [ff26968020] to [f1a98b3eb3].

   181    181   if ! test "${pincommand}" = 'no'; then
   182    182   	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN])
   183    183   fi
   184    184   
   185    185   if ! test "${pincommandxonly}" = 'no'; then
   186    186   	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set])
   187    187   fi
          188  +
          189  +AC_ARG_WITH(readers-include-only, AC_HELP_STRING([--with-readers-include-only=<string>], [Specify a string to match in a reader to include it, all other readers will be excluded.  The user may override this with the CACKEY_READERS_INCLUDE_ONLY environment variable.]), [
          190  +	readers_include_only="${withval}"
          191  +], [
          192  +	readers_include_only="no"
          193  +])
          194  +
          195  +AC_ARG_WITH(readers-exclude, AC_HELP_STRING([--with-readers-exclude=<string>], [Specify a string to match in a reader to exclude it, all other readers will be included.  The user may override this with the CACKEY_READERS_EXCLUDE environment variable.]), [
          196  +	readers_exclude="${withval}"
          197  +], [
          198  +	readers_exclude="no"
          199  +])
          200  +
          201  +if ! test "${readers_include_only}" = 'no'; then
          202  +	AC_DEFINE_UNQUOTED(CACKEY_READERS_INCLUDE_ONLY_DEFAULT, [$readers_include_only], [Substring to match to include readers])
          203  +fi
          204  +
          205  +if ! test "${readers_exclude}" = 'no'; then
          206  +	AC_DEFINE_UNQUOTED(CACKEY_READERS_EXCLUDE_DEFAULT, [$readers_exclude], [Substring to match to exclude readers])
          207  +fi
   188    208   
   189    209   dnl Set version script, to limit the scope of symbols
   190    210   DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)
   191    211   
   192    212   dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
   193    213   DC_SYNC_RPATH
   194    214   
   195    215   dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
   196    216   DC_SYNC_SHLIBOBJS
   197    217   
   198    218   dnl Produce Makefile
   199    219   AC_OUTPUT(Makefile libcackey.syms)