security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-11 22:52:47 +01:00
Code Activity

scd: Add code to check whether app switching is possible.

Browse Source 
* scd/app.c (check_conflict): Fold into ...
(check_application_conflict): this and adjust callers.  Return a
different error code if it is possible to switch apps.
--

Right now this change does nothing visible.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-06-21 11:41:58 +02:00
parent 91e2931caa
commit 1b78e4951e
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 34 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scd/app-common.h
View File

@ -228,7 +228,7 @@ char *app_get_serialno (app_t app);
void app_dump_state (void); void app_dump_state (void);
void application_notify_card_reset (int slot); void application_notify_card_reset (int slot);
gpg_error_t check_application_conflict (const char *name, card_t card); gpg_error_t check_application_conflict (card_t card, const char *name);
gpg_error_t card_reset (card_t card, ctrl_t ctrl, int send_reset); gpg_error_t card_reset (card_t card, ctrl_t ctrl, int send_reset);
gpg_error_t select_application (ctrl_t ctrl, const char *name, card_t *r_app, gpg_error_t select_application (ctrl_t ctrl, const char *name, card_t *r_app,
int scan, const unsigned char *serialno_bin, int scan, const unsigned char *serialno_bin,

43
scd/app.c
View File

@ -235,15 +235,23 @@ is_app_allowed (const char *name)
} }
static gpg_error_t /* This function is mainly used by the serialno command to check for
check_conflict (card_t card, const char *name) * an application conflict which may appear if the serialno command is
* used to request a specific application and the connection has
* already done a select_application. Return values are:
* 0 - No conflict
* GPG_ERR_FALSE - Another application is in use but it is possible
* to switch to the requested application.
* other code - Switching is not possible.
*/
gpg_error_t
check_application_conflict (card_t card, const char *name)
{ {
if (!card || !name) if (!card || !name)
return 0; return 0;
if (!card->app) if (!card->app)
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); /* Should not happen. */ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); /* Should not happen. */
/* FIXME: Needs changes for app switching. */
if (!card->app->apptype if (!card->app->apptype
|| !ascii_strcasecmp (strapptype (card->app->apptype), name)) || !ascii_strcasecmp (strapptype (card->app->apptype), name))
return 0; return 0;
@ -251,6 +259,22 @@ check_conflict (card_t card, const char *name)
if (card->app->apptype == APPTYPE_UNDEFINED) if (card->app->apptype == APPTYPE_UNDEFINED)
return 0; return 0;
if (card->cardtype == CARDTYPE_YUBIKEY)
{
if (card->app->apptype == APPTYPE_OPENPGP)
{
/* Current app is OpenPGP. */
if (!ascii_strcasecmp (name, "piv"))
return gpg_error (GPG_ERR_FALSE); /* Switching allowed. */
}
else if (card->app->apptype == APPTYPE_PIV)
{
/* Current app is PIV. */
if (!ascii_strcasecmp (name, "openpgp"))
return gpg_error (GPG_ERR_FALSE); /* Switching allowed. */
}
}
log_info ("application '%s' in use - can't switch\n", log_info ("application '%s' in use - can't switch\n",
strapptype (card->app->apptype)); strapptype (card->app->apptype));
@ -258,17 +282,6 @@ check_conflict (card_t card, const char *name)
} }
/* This function is used by the serialno command to check for an
application conflict which may appear if the serialno command is
used to request a specific application and the connection has
already done a select_application. */
gpg_error_t
check_application_conflict (const char *name, card_t card)
{
return check_conflict (card, name);
}
gpg_error_t gpg_error_t
card_reset (card_t card, ctrl_t ctrl, int send_reset) card_reset (card_t card, ctrl_t ctrl, int send_reset)
{ {
@ -607,7 +620,7 @@ select_application (ctrl_t ctrl, const char *name, card_t *r_card,
if (card) if (card)
{ {
err = check_conflict (card, name); err = check_application_conflict (card, name);
if (!err) if (!err)
{ {
/* Note: We do not use card_ref as we are already locked. */ /* Note: We do not use card_ref as we are already locked. */

9
scd/command.c
View File

@ -220,7 +220,8 @@ open_card (ctrl_t ctrl)
/* Explicitly open a card for a specific use of APPTYPE or SERIALNO. */ /* Explicitly open a card for a specific use of APPTYPE or SERIALNO. */
static gpg_error_t static gpg_error_t
open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno) open_card_with_request (ctrl_t ctrl,
const char *apptypestr, const char *serialno)
{ {
gpg_error_t err; gpg_error_t err;
unsigned char *serialno_bin = NULL; unsigned char *serialno_bin = NULL;
@ -231,8 +232,8 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
need to check that the client didn't requested a specific need to check that the client didn't requested a specific
application different from the one in use before we continue. */ application different from the one in use before we continue. */
/* FIXME: Extend to allow switching between apps. */ /* FIXME: Extend to allow switching between apps. */
if (apptype && ctrl->card_ctx) if (apptypestr && ctrl->card_ctx)
return check_application_conflict (apptype, ctrl->card_ctx); return check_application_conflict (ctrl->card_ctx, apptypestr);
/* Re-scan USB devices. Release CARD, before the scan. */ /* Re-scan USB devices. Release CARD, before the scan. */
/* FIXME: Is a card_unref sufficient or do we need to deallocate? */ /* FIXME: Is a card_unref sufficient or do we need to deallocate? */
@ -242,7 +243,7 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
if (serialno) if (serialno)
serialno_bin = hex_to_buffer (serialno, &serialno_bin_len); serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
err = select_application (ctrl, apptype, &ctrl->card_ctx, 1, err = select_application (ctrl, apptypestr, &ctrl->card_ctx, 1,
serialno_bin, serialno_bin_len); serialno_bin, serialno_bin_len);
xfree (serialno_bin); xfree (serialno_bin);