Overview
| Comment: | Added support for reader filtering |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | reader-filtering |
| Files: | files | file ages | folders |
| SHA1: | a2a80529585a8f24c42f615481352f9ba2708bdb |
| User & Date: | rkeene on 2015-07-17 18:54:55 |
| Other Links: | manifest | tags |
Context
|
2015-07-23
| ||
| 18:27 | Merged in trunk Closed-Leaf check-in: 4092b10f67 user: rkeene tags: reader-filtering | |
|
2015-07-17
| ||
| 18:54 | Added support for reader filtering check-in: a2a8052958 user: rkeene tags: reader-filtering | |
| 02:53 | Made 0x6d00 wrong instruction handling handling also work for CACs check-in: 9723187878 user: rkeene tags: trunk | |
Changes
Modified cackey.c from [609a23ada9] to [fd4f0feee5].
877 877 static int cackey_biglock_init = 0; 878 878 CK_C_INITIALIZE_ARGS cackey_args; 879 879 880 880 /** Extra certificates to include in token **/ 881 881 struct cackey_pcsc_identity extra_certs[] = { 882 882 #include "cackey_builtin_certs.h" 883 883 }; 884 + 885 +#define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str) 886 +#define CACKEY_MACRO_DEFAULT_STR(str) #str 884 887 885 888 /* Protected Authentication Path command */ 886 -#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str) 887 -#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str 888 889 static char *cackey_pin_command = NULL; 889 890 891 +/* Reader Exclusion or Include-only */ 892 +static char *cackey_readers_include_only = NULL; 893 +static char *cackey_readers_exclude = NULL; 894 + 890 895 /* PCSC Global Handles */ 891 896 static LPSCARDCONTEXT cackey_pcsc_handle = NULL; 892 897 893 898 static unsigned long cackey_getversion(void) { 894 899 static unsigned long retval = 255; 895 900 unsigned long major = 0; 896 901 unsigned long minor = 0; ................................................................................ 3322 3327 3323 3328 return(CACKEY_PCSC_E_GENERIC); 3324 3329 } 3325 3330 3326 3331 CACKEY_DEBUG_PRINTF("PIN Change succeeded"); 3327 3332 3328 3333 return(CACKEY_PCSC_S_OK); 3334 + 3335 + /* Disable a warning, since this is only used in debug mode */ 3336 + tries_remaining = tries_remaining; 3329 3337 } 3330 3338 3331 3339 /* 3332 3340 * SYNPOSIS 3333 3341 * ... 3334 3342 * 3335 3343 * ARGUMENTS ................................................................................ 4448 4456 } 4449 4457 4450 4458 cackey_biglock_init = 1; 4451 4459 } 4452 4460 4453 4461 /* Define a command to prompt user for a PIN */ 4454 4462 #ifdef CACKEY_PIN_COMMAND_DEFAULT 4455 - cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT); 4463 + cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT)); 4456 4464 #endif 4457 4465 4458 4466 #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT 4459 4467 if (getenv("DISPLAY") != NULL) { 4460 - cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT); 4468 + cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT)); 4461 4469 } 4462 4470 #endif 4463 4471 4464 4472 if (getenv("CACKEY_PIN_COMMAND") != NULL) { 4465 - cackey_pin_command = getenv("CACKEY_PIN_COMMAND"); 4473 + cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND")); 4466 4474 } 4467 4475 4468 4476 if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) { 4469 - cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY"); 4477 + cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY")); 4478 + } 4479 + 4480 +#ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT 4481 + cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT)); 4482 +#endif 4483 + 4484 +#ifdef CACKEY_READERS_EXCLUDE_DEFAULT 4485 + cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT)); 4486 +#endif 4487 + 4488 + if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) { 4489 + cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY")); 4490 + 4491 + if (cackey_readers_include_only[0] == '\0') { 4492 + free(cackey_readers_include_only); 4493 + 4494 + cackey_readers_include_only = NULL; 4495 + } 4496 + } 4497 + 4498 + if (getenv("CACKEY_READERS_EXCLUDE") != NULL) { 4499 + cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE")); 4500 + 4501 + if (cackey_readers_exclude[0] == '\0') { 4502 + free(cackey_readers_exclude); 4503 + 4504 + cackey_readers_exclude = NULL; 4505 + } 4470 4506 } 4471 4507 4472 4508 CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); 4473 4509 4474 4510 return(CKR_OK); 4475 4511 } 4476 4512 ................................................................................ 4512 4548 cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1); 4513 4549 4514 4550 cackey_slots[idx].cached_certs = NULL; 4515 4551 } 4516 4552 } 4517 4553 4518 4554 cackey_pcsc_disconnect(); 4555 + 4556 + if (cackey_pin_command != NULL) { 4557 + free(cackey_pin_command); 4558 + 4559 + cackey_pin_command = NULL; 4560 + } 4561 + 4562 + if (cackey_readers_include_only != NULL) { 4563 + free(cackey_readers_include_only); 4564 + 4565 + cackey_readers_include_only = NULL; 4566 + } 4567 + 4568 + if (cackey_readers_exclude != NULL) { 4569 + free(cackey_readers_exclude); 4570 + 4571 + cackey_readers_exclude = NULL; 4572 + } 4519 4573 4520 4574 cackey_initialized = 0; 4521 4575 4522 4576 CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); 4523 4577 4524 4578 return(CKR_OK); 4525 4579 } ................................................................................ 4566 4620 */ 4567 4621 CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) { 4568 4622 static int first_call = 1; 4569 4623 int mutex_retval; 4570 4624 int pcsc_connect_ret; 4571 4625 CK_ULONG count, slot_count = 0, currslot, slot_idx; 4572 4626 char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e; 4627 + char *reader_check_pattern; 4573 4628 DWORD pcsc_readers_len; 4574 4629 LONG scard_listreaders_ret; 4575 4630 size_t curr_reader_len; 4576 4631 int slot_reset; 4632 + int include_reader; 4577 4633 4578 4634 CACKEY_DEBUG_PRINTF("Called."); 4579 4635 4580 4636 if (pulCount == NULL) { 4581 4637 CACKEY_DEBUG_PRINTF("Error. pulCount is NULL."); 4582 4638 4583 4639 return(CKR_ARGUMENTS_BAD); ................................................................................ 4707 4763 if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { 4708 4764 CACKEY_DEBUG_PRINTF("Found more readers than slots are available!"); 4709 4765 4710 4766 break; 4711 4767 } 4712 4768 4713 4769 CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot); 4770 + 4771 + if (cackey_readers_include_only != NULL) { 4772 + CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only); 4773 + 4774 + include_reader = 0; 4775 + reader_check_pattern = cackey_readers_include_only; 4776 + } else if (cackey_readers_exclude != NULL) { 4777 + CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude); 4778 + 4779 + include_reader = 1; 4780 + reader_check_pattern = cackey_readers_exclude; 4781 + } else { 4782 + include_reader = 1; 4783 + reader_check_pattern = NULL; 4784 + } 4785 + 4786 + if (reader_check_pattern != NULL) { 4787 + if (strstr(pcsc_readers, reader_check_pattern) != NULL) { 4788 + CACKEY_DEBUG_PRINTF("This reader matched the pattern."); 4789 + 4790 + include_reader = !include_reader; 4791 + } 4792 + } 4793 + 4794 + if (include_reader != 1) { 4795 + CACKEY_DEBUG_PRINTF("Skipping this reader."); 4796 + 4797 + pcsc_readers += curr_reader_len + 1; 4798 + 4799 + continue; 4800 + } 4714 4801 4715 4802 /* Only update the list of slots if we are actually being asked supply the slot information */ 4716 4803 if (pSlotList) { 4717 4804 if (slot_reset) { 4718 4805 cackey_slots[currslot].active = 1; 4719 4806 cackey_slots[currslot].internal = 0; 4720 4807 cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
Modified configure.ac from [ff26968020] to [f1a98b3eb3].
181 181 if ! test "${pincommand}" = 'no'; then 182 182 AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN]) 183 183 fi 184 184 185 185 if ! test "${pincommandxonly}" = 'no'; then 186 186 AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set]) 187 187 fi 188 + 189 +AC_ARG_WITH(readers-include-only, AC_HELP_STRING([--with-readers-include-only=<string>], [Specify a string to match in a reader to include it, all other readers will be excluded. The user may override this with the CACKEY_READERS_INCLUDE_ONLY environment variable.]), [ 190 + readers_include_only="${withval}" 191 +], [ 192 + readers_include_only="no" 193 +]) 194 + 195 +AC_ARG_WITH(readers-exclude, AC_HELP_STRING([--with-readers-exclude=<string>], [Specify a string to match in a reader to exclude it, all other readers will be included. The user may override this with the CACKEY_READERS_EXCLUDE environment variable.]), [ 196 + readers_exclude="${withval}" 197 +], [ 198 + readers_exclude="no" 199 +]) 200 + 201 +if ! test "${readers_include_only}" = 'no'; then 202 + AC_DEFINE_UNQUOTED(CACKEY_READERS_INCLUDE_ONLY_DEFAULT, [$readers_include_only], [Substring to match to include readers]) 203 +fi 204 + 205 +if ! test "${readers_exclude}" = 'no'; then 206 + AC_DEFINE_UNQUOTED(CACKEY_READERS_EXCLUDE_DEFAULT, [$readers_exclude], [Substring to match to exclude readers]) 207 +fi 188 208 189 209 dnl Set version script, to limit the scope of symbols 190 210 DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms) 191 211 192 212 dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker 193 213 DC_SYNC_RPATH 194 214 195 215 dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last. 196 216 DC_SYNC_SHLIBOBJS 197 217 198 218 dnl Produce Makefile 199 219 AC_OUTPUT(Makefile libcackey.syms)