Overview
| Comment: | Added support for reader filtering |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | reader-filtering |
| Files: | files | file ages | folders |
| SHA1: |
a2a80529585a8f24c42f615481352f9b |
| User & Date: | rkeene on 2015-07-17 18:54:55 |
| Other Links: | branch diff | manifest | tags |
Context
|
2015-07-23
| ||
| 18:27 | Merged in trunk Closed-Leaf check-in: 4092b10f67 user: rkeene tags: reader-filtering | |
|
2015-07-17
| ||
| 18:54 | Added support for reader filtering check-in: a2a8052958 user: rkeene tags: reader-filtering | |
| 02:53 | Made 0x6d00 wrong instruction handling handling also work for CACs check-in: 9723187878 user: rkeene tags: trunk | |
Changes
Modified cackey.c from [609a23ada9] to [fd4f0feee5].
| ︙ | ︙ | |||
877 878 879 880 881 882 883 884 885 |
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;
/** Extra certificates to include in token **/
struct cackey_pcsc_identity extra_certs[] = {
#include "cackey_builtin_certs.h"
};
/* Protected Authentication Path command */
| > > > > | < > > | | 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 |
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;
/** Extra certificates to include in token **/
struct cackey_pcsc_identity extra_certs[] = {
#include "cackey_builtin_certs.h"
};
#define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str)
#define CACKEY_MACRO_DEFAULT_STR(str) #str
/* Protected Authentication Path command */
static char *cackey_pin_command = NULL;
/* Reader Exclusion or Include-only */
static char *cackey_readers_include_only = NULL;
static char *cackey_readers_exclude = NULL;
/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
static unsigned long cackey_getversion(void) {
static unsigned long retval = 255;
unsigned long major = 0;
unsigned long minor = 0;
|
| ︙ | ︙ | |||
3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 |
return(CACKEY_PCSC_E_GENERIC);
}
CACKEY_DEBUG_PRINTF("PIN Change succeeded");
return(CACKEY_PCSC_S_OK);
}
/*
* SYNPOSIS
* ...
*
* ARGUMENTS
| > > > | 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 |
return(CACKEY_PCSC_E_GENERIC);
}
CACKEY_DEBUG_PRINTF("PIN Change succeeded");
return(CACKEY_PCSC_S_OK);
/* Disable a warning, since this is only used in debug mode */
tries_remaining = tries_remaining;
}
/*
* SYNPOSIS
* ...
*
* ARGUMENTS
|
| ︙ | ︙ | |||
4448 4449 4450 4451 4452 4453 4454 | } cackey_biglock_init = 1; } /* Define a command to prompt user for a PIN */ #ifdef CACKEY_PIN_COMMAND_DEFAULT | | | | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 |
}
cackey_biglock_init = 1;
}
/* Define a command to prompt user for a PIN */
#ifdef CACKEY_PIN_COMMAND_DEFAULT
cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT));
#endif
#ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
if (getenv("DISPLAY") != NULL) {
cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT));
}
#endif
if (getenv("CACKEY_PIN_COMMAND") != NULL) {
cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND"));
}
if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
}
#ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT
cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT));
#endif
#ifdef CACKEY_READERS_EXCLUDE_DEFAULT
cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT));
#endif
if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) {
cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY"));
if (cackey_readers_include_only[0] == '\0') {
free(cackey_readers_include_only);
cackey_readers_include_only = NULL;
}
}
if (getenv("CACKEY_READERS_EXCLUDE") != NULL) {
cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE"));
if (cackey_readers_exclude[0] == '\0') {
free(cackey_readers_exclude);
cackey_readers_exclude = NULL;
}
}
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
return(CKR_OK);
}
|
| ︙ | ︙ | |||
4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 |
cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);
cackey_slots[idx].cached_certs = NULL;
}
}
cackey_pcsc_disconnect();
cackey_initialized = 0;
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
return(CKR_OK);
}
| > > > > > > > > > > > > > > > > > > | 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 |
cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);
cackey_slots[idx].cached_certs = NULL;
}
}
cackey_pcsc_disconnect();
if (cackey_pin_command != NULL) {
free(cackey_pin_command);
cackey_pin_command = NULL;
}
if (cackey_readers_include_only != NULL) {
free(cackey_readers_include_only);
cackey_readers_include_only = NULL;
}
if (cackey_readers_exclude != NULL) {
free(cackey_readers_exclude);
cackey_readers_exclude = NULL;
}
cackey_initialized = 0;
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
return(CKR_OK);
}
|
| ︙ | ︙ | |||
4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 |
*/
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
static int first_call = 1;
int mutex_retval;
int pcsc_connect_ret;
CK_ULONG count, slot_count = 0, currslot, slot_idx;
char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
DWORD pcsc_readers_len;
LONG scard_listreaders_ret;
size_t curr_reader_len;
int slot_reset;
CACKEY_DEBUG_PRINTF("Called.");
if (pulCount == NULL) {
CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");
return(CKR_ARGUMENTS_BAD);
| > > | 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 |
*/
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
static int first_call = 1;
int mutex_retval;
int pcsc_connect_ret;
CK_ULONG count, slot_count = 0, currslot, slot_idx;
char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
char *reader_check_pattern;
DWORD pcsc_readers_len;
LONG scard_listreaders_ret;
size_t curr_reader_len;
int slot_reset;
int include_reader;
CACKEY_DEBUG_PRINTF("Called.");
if (pulCount == NULL) {
CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");
return(CKR_ARGUMENTS_BAD);
|
| ︙ | ︙ | |||
4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 |
if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");
break;
}
CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);
/* Only update the list of slots if we are actually being asked supply the slot information */
if (pSlotList) {
if (slot_reset) {
cackey_slots[currslot].active = 1;
cackey_slots[currslot].internal = 0;
cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 |
if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");
break;
}
CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);
if (cackey_readers_include_only != NULL) {
CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only);
include_reader = 0;
reader_check_pattern = cackey_readers_include_only;
} else if (cackey_readers_exclude != NULL) {
CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude);
include_reader = 1;
reader_check_pattern = cackey_readers_exclude;
} else {
include_reader = 1;
reader_check_pattern = NULL;
}
if (reader_check_pattern != NULL) {
if (strstr(pcsc_readers, reader_check_pattern) != NULL) {
CACKEY_DEBUG_PRINTF("This reader matched the pattern.");
include_reader = !include_reader;
}
}
if (include_reader != 1) {
CACKEY_DEBUG_PRINTF("Skipping this reader.");
pcsc_readers += curr_reader_len + 1;
continue;
}
/* Only update the list of slots if we are actually being asked supply the slot information */
if (pSlotList) {
if (slot_reset) {
cackey_slots[currslot].active = 1;
cackey_slots[currslot].internal = 0;
cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
|
| ︙ | ︙ |
Modified configure.ac from [ff26968020] to [f1a98b3eb3].
| ︙ | ︙ | |||
181 182 183 184 185 186 187 188 189 190 191 192 193 194 |
if ! test "${pincommand}" = 'no'; then
AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN])
fi
if ! test "${pincommandxonly}" = 'no'; then
AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set])
fi
dnl Set version script, to limit the scope of symbols
DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)
dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH
| > > > > > > > > > > > > > > > > > > > > | 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
if ! test "${pincommand}" = 'no'; then
AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN])
fi
if ! test "${pincommandxonly}" = 'no'; then
AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set])
fi
AC_ARG_WITH(readers-include-only, AC_HELP_STRING([--with-readers-include-only=<string>], [Specify a string to match in a reader to include it, all other readers will be excluded. The user may override this with the CACKEY_READERS_INCLUDE_ONLY environment variable.]), [
readers_include_only="${withval}"
], [
readers_include_only="no"
])
AC_ARG_WITH(readers-exclude, AC_HELP_STRING([--with-readers-exclude=<string>], [Specify a string to match in a reader to exclude it, all other readers will be included. The user may override this with the CACKEY_READERS_EXCLUDE environment variable.]), [
readers_exclude="${withval}"
], [
readers_exclude="no"
])
if ! test "${readers_include_only}" = 'no'; then
AC_DEFINE_UNQUOTED(CACKEY_READERS_INCLUDE_ONLY_DEFAULT, [$readers_include_only], [Substring to match to include readers])
fi
if ! test "${readers_exclude}" = 'no'; then
AC_DEFINE_UNQUOTED(CACKEY_READERS_EXCLUDE_DEFAULT, [$readers_exclude], [Substring to match to exclude readers])
fi
dnl Set version script, to limit the scope of symbols
DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)
dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH
|
| ︙ | ︙ |