Check-in [2e12e46ded]
Overview
Comment:Merged trunk
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | piv
Files: files | file ages | folders
SHA1:2e12e46ded44e178fcdea5917730c82586096f4a
User & Date: rkeene on 2013-08-14 04:49:22
Other Links: manifest | tags
Context
2013-08-14
04:54
Added support for enabling the PROTECTED_AUTHENTICATION_PATH flag for the token if a command to provide the PIN is configured check-in: 8a76f09a85 user: rkeene tags: piv
04:49
Merged trunk check-in: 2e12e46ded user: rkeene tags: piv
04:40
Updated to allow compilation excluding DoD certificates check-in: b6863060d8 user: rkeene tags: trunk
04:22
Merged in trunk check-in: 8c73344738 user: rkeene tags: piv
Changes

Modified cackey.c from [6f86c48f0e] to [13b6e88e7c].

  3956   3956   }
  3957   3957   
  3958   3958   static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
  3959   3959   	struct cackey_pcsc_identity *pcsc_identities;
  3960   3960   	struct cackey_identity *identities;
  3961   3961   	unsigned long num_ids, id_idx, curr_id_type;
  3962   3962   	unsigned long num_certs, num_dod_certs, cert_idx;
  3963         -	int include_extra_certs = 0;
         3963  +	int include_extra_certs = 0, include_dod_certs;
  3964   3964   
  3965   3965   	CACKEY_DEBUG_PRINTF("Called.");
  3966   3966   
  3967   3967   	if (ids_found == NULL) {
  3968   3968   		CACKEY_DEBUG_PRINTF("Error.  ids_found is NULL");
  3969   3969   
  3970   3970   		return(NULL);
................................................................................
  3978   3978   		include_extra_certs = 1;
  3979   3979   	}
  3980   3980   
  3981   3981   	if (getenv("CACKEY_NO_DOD_CERTS_ON_HW_SLOTS") != NULL) {
  3982   3982   		include_extra_certs = 0;
  3983   3983   	}
  3984   3984   
         3985  +#ifdef CACKEY_NO_EXTRA_CERTS
         3986  +	if (getenv("CACKEY_EXTRA_CERTS") != NULL) {
         3987  +		include_dod_certs = 1;
         3988  +	} else {
         3989  +		include_dod_certs = 0;
         3990  +	}
         3991  +#else
  3985   3992   	if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
  3986         -		num_dod_certs = 0;
         3993  +		include_dod_certs = 0;
  3987   3994   	} else {
         3995  +		include_dod_certs = 1;
         3996  +	}
         3997  +#endif
         3998  +
         3999  +	if (include_dod_certs) {
  3988   4000   		num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
         4001  +	} else {
         4002  +		num_dod_certs = 0;
  3989   4003   	}
  3990   4004   
  3991   4005   	if (slot->internal) {
  3992   4006   		num_ids = cackey_read_dod_identities(NULL, num_dod_certs);
  3993   4007   
  3994   4008   		if (num_ids != 0) {
  3995   4009   			identities = malloc(num_ids * sizeof(*identities));

Modified configure.ac from [9a7cfcd810] to [b325ed9a06].

   149    149   ], [
   150    150   	dodcertsonhwslots=no
   151    151   ])
   152    152   
   153    153   if ! test "${dodcertsonhwslots}" = 'no'; then
   154    154   	AC_DEFINE(CACKEY_CARD_SLOT_INCLUDE_EXTRA_CERTS, [1], [Specify that DoD certificates should be made available on hardware token slots])
   155    155   fi
          156  +
          157  +dnl Option to disable DoD certs entirely
          158  +AC_ARG_ENABLE(dod-certs, AC_HELP_STRING([--disable-dod-certs], [Disable including DoD certs entirely.  The user may override this with the CACKEY_EXTRA_CERTS environment variable.]), [
          159  +	dodcerts=$enableval
          160  +], [
          161  +	dodcerts=yes
          162  +])
          163  +
          164  +if test "${dodcerts}" = 'no'; then
          165  +	AC_DEFINE(CACKEY_NO_EXTRA_CERTS, [1], [Specify that DoD certificates should not be made available])
          166  +fi
   156    167   
   157    168   dnl Set version script, to limit the scope of symbols
   158    169   DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)
   159    170   
   160    171   dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
   161    172   DC_SYNC_RPATH
   162    173   
   163    174   dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
   164    175   DC_SYNC_SHLIBOBJS
   165    176   
   166    177   dnl Produce Makefile
   167    178   AC_OUTPUT(Makefile libcackey.syms)