Check-in [a2a8052958]
Overview
Comment:Added support for reader filtering
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | reader-filtering
Files: files | file ages | folders
SHA1:a2a80529585a8f24c42f615481352f9ba2708bdb
User & Date: rkeene on 2015-07-17 18:54:55
Other Links: manifest | tags
Context
2015-07-23
18:27
Merged in trunk Closed-Leaf check-in: 4092b10f67 user: rkeene tags: reader-filtering
2015-07-17
18:54
Added support for reader filtering check-in: a2a8052958 user: rkeene tags: reader-filtering
02:53
Made 0x6d00 wrong instruction handling handling also work for CACs check-in: 9723187878 user: rkeene tags: trunk
Changes

Modified cackey.c from [609a23ada9] to [fd4f0feee5].

   877    877   static int cackey_biglock_init = 0;
   878    878   CK_C_INITIALIZE_ARGS cackey_args;
   879    879   
   880    880   /** Extra certificates to include in token **/
   881    881   struct cackey_pcsc_identity extra_certs[] = {
   882    882   #include "cackey_builtin_certs.h"
   883    883   };
          884  +
          885  +#define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str)
          886  +#define CACKEY_MACRO_DEFAULT_STR(str) #str
   884    887   
   885    888   /* Protected Authentication Path command */
   886         -#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)
   887         -#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str
   888    889   static char *cackey_pin_command = NULL;
   889    890   
          891  +/* Reader Exclusion or Include-only */
          892  +static char *cackey_readers_include_only = NULL;
          893  +static char *cackey_readers_exclude = NULL;
          894  +
   890    895   /* PCSC Global Handles */
   891    896   static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
   892    897   
   893    898   static unsigned long cackey_getversion(void) {
   894    899   	static unsigned long retval = 255;
   895    900   	unsigned long major = 0;
   896    901   	unsigned long minor = 0;
................................................................................
  3322   3327   
  3323   3328   		return(CACKEY_PCSC_E_GENERIC);
  3324   3329   	}
  3325   3330   
  3326   3331   	CACKEY_DEBUG_PRINTF("PIN Change succeeded");
  3327   3332   
  3328   3333   	return(CACKEY_PCSC_S_OK);
         3334  +
         3335  +	/* Disable a warning, since this is only used in debug mode */
         3336  +	tries_remaining = tries_remaining;
  3329   3337   }
  3330   3338   
  3331   3339   /*
  3332   3340    * SYNPOSIS
  3333   3341    *     ...
  3334   3342    *
  3335   3343    * ARGUMENTS
................................................................................
  4448   4456   		}
  4449   4457   
  4450   4458   		cackey_biglock_init = 1;
  4451   4459   	}
  4452   4460   
  4453   4461   	/* Define a command to prompt user for a PIN */
  4454   4462   #ifdef CACKEY_PIN_COMMAND_DEFAULT
  4455         -	cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
         4463  +	cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT));
  4456   4464   #endif
  4457   4465   
  4458   4466   #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
  4459   4467   	if (getenv("DISPLAY") != NULL) {
  4460         -		cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
         4468  +		cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT));
  4461   4469   	}
  4462   4470   #endif
  4463   4471   
  4464   4472   	if (getenv("CACKEY_PIN_COMMAND") != NULL) {
  4465         -		cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
         4473  +		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND"));
  4466   4474   	}
  4467   4475   
  4468   4476   	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
  4469         -		cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");
         4477  +		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
         4478  +	}
         4479  +
         4480  +#ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT
         4481  +	cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT));
         4482  +#endif
         4483  +
         4484  +#ifdef CACKEY_READERS_EXCLUDE_DEFAULT
         4485  +	cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT));
         4486  +#endif
         4487  +
         4488  +	if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) {
         4489  +		cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY"));
         4490  +
         4491  +		if (cackey_readers_include_only[0] == '\0') {
         4492  +			free(cackey_readers_include_only);
         4493  +
         4494  +			cackey_readers_include_only = NULL;
         4495  +		}
         4496  +	}
         4497  +
         4498  +	if (getenv("CACKEY_READERS_EXCLUDE") != NULL) {
         4499  +		cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE"));
         4500  +
         4501  +		if (cackey_readers_exclude[0] == '\0') {
         4502  +			free(cackey_readers_exclude);
         4503  +
         4504  +			cackey_readers_exclude = NULL;
         4505  +		}
  4470   4506   	}
  4471   4507   
  4472   4508   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
  4473   4509   
  4474   4510   	return(CKR_OK);
  4475   4511   }
  4476   4512   
................................................................................
  4512   4548   			cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);
  4513   4549   
  4514   4550   			cackey_slots[idx].cached_certs = NULL;
  4515   4551   		}
  4516   4552   	}
  4517   4553   
  4518   4554   	cackey_pcsc_disconnect();
         4555  +
         4556  +	if (cackey_pin_command != NULL) {
         4557  +		free(cackey_pin_command);
         4558  +
         4559  +		cackey_pin_command = NULL;
         4560  +	}
         4561  +
         4562  +	if (cackey_readers_include_only != NULL) {
         4563  +		free(cackey_readers_include_only);
         4564  +
         4565  +		cackey_readers_include_only = NULL;
         4566  +	}
         4567  +
         4568  +	if (cackey_readers_exclude != NULL) {
         4569  +		free(cackey_readers_exclude);
         4570  +
         4571  +		cackey_readers_exclude = NULL;
         4572  +	}
  4519   4573   
  4520   4574   	cackey_initialized = 0;
  4521   4575   
  4522   4576   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
  4523   4577   
  4524   4578   	return(CKR_OK);
  4525   4579   }
................................................................................
  4566   4620    */
  4567   4621   CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
  4568   4622   	static int first_call = 1;
  4569   4623   	int mutex_retval;
  4570   4624   	int pcsc_connect_ret;
  4571   4625   	CK_ULONG count, slot_count = 0, currslot, slot_idx;
  4572   4626   	char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
         4627  +	char *reader_check_pattern;
  4573   4628   	DWORD pcsc_readers_len;
  4574   4629   	LONG scard_listreaders_ret;
  4575   4630   	size_t curr_reader_len;
  4576   4631   	int slot_reset;
         4632  +	int include_reader;
  4577   4633   
  4578   4634   	CACKEY_DEBUG_PRINTF("Called.");
  4579   4635   
  4580   4636   	if (pulCount == NULL) {
  4581   4637   		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");
  4582   4638   
  4583   4639   		return(CKR_ARGUMENTS_BAD);
................................................................................
  4707   4763   					if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
  4708   4764   						CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");
  4709   4765   
  4710   4766   						break;
  4711   4767   					}
  4712   4768   
  4713   4769   					CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);
         4770  +
         4771  +					if (cackey_readers_include_only != NULL) {
         4772  +						CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only);
         4773  +
         4774  +						include_reader = 0;
         4775  +						reader_check_pattern = cackey_readers_include_only;
         4776  +					} else if (cackey_readers_exclude != NULL) {
         4777  +						CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude);
         4778  +
         4779  +						include_reader = 1;
         4780  +						reader_check_pattern = cackey_readers_exclude;
         4781  +					} else {
         4782  +						include_reader = 1;
         4783  +						reader_check_pattern = NULL;
         4784  +					}
         4785  +
         4786  +					if (reader_check_pattern != NULL) {
         4787  +						if (strstr(pcsc_readers, reader_check_pattern) != NULL) {
         4788  +							CACKEY_DEBUG_PRINTF("This reader matched the pattern.");
         4789  +						
         4790  +							include_reader = !include_reader;
         4791  +						}
         4792  +					}
         4793  +
         4794  +					if (include_reader != 1) {
         4795  +						CACKEY_DEBUG_PRINTF("Skipping this reader.");
         4796  +
         4797  +						pcsc_readers += curr_reader_len + 1;
         4798  +
         4799  +						continue;
         4800  +					}
  4714   4801   
  4715   4802   					/* Only update the list of slots if we are actually being asked supply the slot information */
  4716   4803   					if (pSlotList) {
  4717   4804   						if (slot_reset) {
  4718   4805   							cackey_slots[currslot].active = 1;
  4719   4806   							cackey_slots[currslot].internal = 0;
  4720   4807   							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);

Modified configure.ac from [ff26968020] to [f1a98b3eb3].

   181    181   if ! test "${pincommand}" = 'no'; then
   182    182   	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_DEFAULT, [$pincommand], [Command to run to prompt user for PIN])
   183    183   fi
   184    184   
   185    185   if ! test "${pincommandxonly}" = 'no'; then
   186    186   	AC_DEFINE_UNQUOTED(CACKEY_PIN_COMMAND_XONLY_DEFAULT, [$pincommandxonly], [Command to run to prompt user for PIN only if DISPLAY environment variable is set])
   187    187   fi
          188  +
          189  +AC_ARG_WITH(readers-include-only, AC_HELP_STRING([--with-readers-include-only=<string>], [Specify a string to match in a reader to include it, all other readers will be excluded.  The user may override this with the CACKEY_READERS_INCLUDE_ONLY environment variable.]), [
          190  +	readers_include_only="${withval}"
          191  +], [
          192  +	readers_include_only="no"
          193  +])
          194  +
          195  +AC_ARG_WITH(readers-exclude, AC_HELP_STRING([--with-readers-exclude=<string>], [Specify a string to match in a reader to exclude it, all other readers will be included.  The user may override this with the CACKEY_READERS_EXCLUDE environment variable.]), [
          196  +	readers_exclude="${withval}"
          197  +], [
          198  +	readers_exclude="no"
          199  +])
          200  +
          201  +if ! test "${readers_include_only}" = 'no'; then
          202  +	AC_DEFINE_UNQUOTED(CACKEY_READERS_INCLUDE_ONLY_DEFAULT, [$readers_include_only], [Substring to match to include readers])
          203  +fi
          204  +
          205  +if ! test "${readers_exclude}" = 'no'; then
          206  +	AC_DEFINE_UNQUOTED(CACKEY_READERS_EXCLUDE_DEFAULT, [$readers_exclude], [Substring to match to exclude readers])
          207  +fi
   188    208   
   189    209   dnl Set version script, to limit the scope of symbols
   190    210   DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)
   191    211   
   192    212   dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
   193    213   DC_SYNC_RPATH
   194    214   
   195    215   dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
   196    216   DC_SYNC_SHLIBOBJS
   197    217   
   198    218   dnl Produce Makefile
   199    219   AC_OUTPUT(Makefile libcackey.syms)