Overview
| Comment: | Updated to allow the user to specify (via environment variables) whether or not to include the DoD certificates on the hardware slot tokens |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | dodcerts-on-seperate-slot |
| Files: | files | file ages | folders |
| SHA1: | b957a3fa2eb1a0b34e41ce4381477de4923a414d |
| User & Date: | rkeene on 2012-07-21 06:50:25 |
| Other Links: | manifest | tags |
Context
|
2012-07-21
| ||
| 06:54 | Updated test for --enable-dod-certs-on-hw-slots configure option check-in: ba2bf716e9 user: rkeene tags: dodcerts-on-seperate-slot | |
| 06:50 | Updated to allow the user to specify (via environment variables) whether or not to include the DoD certificates on the hardware slot tokens check-in: b957a3fa2e user: rkeene tags: dodcerts-on-seperate-slot | |
| 06:19 | Protected access to cackey_slots with mutex check-in: 90faf75892 user: rkeene tags: dodcerts-on-seperate-slot | |
Changes
Modified cackey.c from [8e07ff4bd1] to [0661f619de].
3408 3408 3409 3409 cackey_free_certs(identities[id_idx].pcsc_identity, 1, 1); 3410 3410 } 3411 3411 } 3412 3412 3413 3413 free(identities); 3414 3414 } 3415 + 3416 +static unsigned long cackey_read_dod_identities(struct cackey_identity *identities, unsigned long id_idx, unsigned long num_dod_certs) { 3417 + unsigned long cert_idx; 3418 + 3419 + for (cert_idx = 0; cert_idx < num_dod_certs; cert_idx++) { 3420 + identities[id_idx].pcsc_identity = NULL; 3421 + identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count); 3422 + id_idx++; 3423 + 3424 + identities[id_idx].pcsc_identity = NULL; 3425 + identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count); 3426 + id_idx++; 3427 + 3428 + identities[id_idx].pcsc_identity = NULL; 3429 + identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count); 3430 + id_idx++; 3431 + } 3432 + 3433 + return(id_idx); 3434 +} 3415 3435 3416 3436 static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) { 3417 3437 struct cackey_pcsc_identity *pcsc_identities; 3418 3438 struct cackey_identity *identities; 3419 3439 unsigned long num_ids, id_idx, curr_id_type; 3420 3440 unsigned long num_certs, num_dod_certs, cert_idx; 3441 + int include_extra_certs = 0; 3421 3442 3422 3443 CACKEY_DEBUG_PRINTF("Called."); 3423 3444 3424 3445 if (ids_found == NULL) { 3425 3446 CACKEY_DEBUG_PRINTF("Error. ids_found is NULL"); 3426 3447 3427 3448 return(NULL); 3428 3449 } 3429 3450 3430 - if (slot->internal) { 3431 - /* Add DoD Certificates and Netscape Trust Objects */ 3451 +#ifdef CACKEY_CARD_SLOT_INCLUDE_EXTRA_CERTS 3452 + include_extra_certs = 1; 3453 +#endif 3454 + 3455 + if (getenv("CACKEY_DOD_CERTS_ON_HW_SLOTS") != NULL) { 3456 + include_extra_certs = 1; 3457 + } 3458 + 3459 + if (getenv("CACKEY_NO_DOD_CERTS_ON_HW_SLOTS") != NULL) { 3460 + include_extra_certs = 0; 3461 + } 3462 + 3463 + if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) { 3464 + num_dod_certs = 0; 3465 + } else { 3432 3466 num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]); 3467 + } 3433 3468 3434 - num_ids = num_dod_certs * 3; 3469 + if (slot->internal) { 3470 + num_ids = num_dod_certs; 3435 3471 3436 - identities = malloc(num_ids * sizeof(*identities)); 3472 + if (num_ids != 0) { 3473 + identities = malloc(num_ids * sizeof(*identities)); 3437 3474 3438 - id_idx = 0; 3439 - for (cert_idx = 0; cert_idx < num_dod_certs; cert_idx++) { 3440 - identities[id_idx].pcsc_identity = NULL; 3441 - identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count); 3442 - id_idx++; 3443 - 3444 - identities[id_idx].pcsc_identity = NULL; 3445 - identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count); 3446 - id_idx++; 3447 - 3448 - identities[id_idx].pcsc_identity = NULL; 3449 - identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count); 3450 - id_idx++; 3475 + cackey_read_dod_identities(identities, 0, num_dod_certs); 3476 + } else { 3477 + identities = NULL; 3451 3478 } 3452 3479 3453 3480 *ids_found = num_ids; 3454 3481 3455 3482 return(identities); 3456 3483 } 3457 3484 3458 3485 pcsc_identities = cackey_read_certs(slot, NULL, &num_certs); 3459 3486 if (pcsc_identities != NULL) { 3460 3487 /* Convert number of Certs to number of objects */ 3461 3488 num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs; 3489 + 3490 + if (include_extra_certs) { 3491 + num_ids += num_dod_certs; 3492 + } 3462 3493 3463 3494 identities = malloc(num_ids * sizeof(*identities)); 3464 3495 3465 3496 /* Add certificates, public keys, and private keys from the smartcard */ 3466 3497 id_idx = 0; 3467 3498 for (cert_idx = 0; cert_idx < num_certs; cert_idx++) { 3468 3499 for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) { ................................................................................ 3473 3504 3474 3505 identities[id_idx].pcsc_identity->certificate = malloc(pcsc_identities[cert_idx].certificate_len); 3475 3506 memcpy(identities[id_idx].pcsc_identity->certificate, pcsc_identities[cert_idx].certificate, pcsc_identities[cert_idx].certificate_len); 3476 3507 3477 3508 id_idx++; 3478 3509 } 3479 3510 } 3511 + 3512 + if (include_extra_certs) { 3513 + CACKEY_DEBUG_PRINTF("Including DoD Certificates on hardware slot"); 3514 + 3515 + cackey_read_dod_identities(identities, id_idx, num_dod_certs); 3516 + } 3480 3517 3481 3518 cackey_free_certs(pcsc_identities, num_certs, 1); 3482 3519 3483 3520 *ids_found = num_ids; 3484 3521 3485 3522 return(identities); 3486 3523 } 3524 + 3487 3525 3488 3526 *ids_found = 0; 3489 3527 return(NULL); 3490 3528 } 3491 3529 3492 3530 CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { 3493 3531 CK_C_INITIALIZE_ARGS CK_PTR args;
Modified configure.ac from [8952b0e3fb] to [86141e7a07].
138 138 AC_MSG_RESULT(okay) 139 139 ], [ 140 140 AC_MSG_RESULT(failed) 141 141 142 142 AC_MSG_FAILURE([simple PC/SC program failed]) 143 143 ] 144 144 ) 145 + 146 +dnl Option to enable DoD certs on hardware slot 147 +AC_ARG_ENABLE(dod-certs-on-hw-slots, AC_HELP_STRING([--enable-dod-certs-on-hw-slots], [Specify that DoD certificates should be made available on hardware token slots]), [ 148 + AC_DEFINE(CACKEY_CARD_SLOT_INCLUDE_EXTRA_CERTS, [1], [Specify that DoD certificates should be made available on hardware token slots]) 149 +]) 145 150 146 151 dnl Set version script, to limit the scope of symbols 147 152 DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms) 148 153 149 154 dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker 150 155 DC_SYNC_RPATH 151 156 152 157 dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last. 153 158 DC_SYNC_SHLIBOBJS 154 159 155 160 dnl Produce Makefile 156 161 AC_OUTPUT(Makefile libcackey.syms)