security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

Changed the scdaemon to handle concurrent sessions. Adjusted

Browse source 
gpg-agent accordingly. Code cleanups.
This commit is contained in:
Werner Koch 2005-05-18 10:48:06 +00:00
parent a5c4c4bf12
commit 4237a9cc7f
27 changed files with 1093 additions and 644 deletions
Download patch file Download diff file Expand all files Collapse all files

36
scd/ChangeLog
View file

@ -1,3 +1,39 @@
2005-05-17 Werner Koch <wk@g10code.com>
* scdaemon.c: Removed non-pth code paths.
(create_socket_name, create_server_socket): New. Taken from
../agent/gpg-agent.
(cleanup): Changed to adjust for SOCKET_NAME now being malloced.
(ticker_thread): Always use pth_event_occurred; it is again
defined for all decent PTH versions.
(handle_connections): New. Based on the gpg-agent code.
(start_connection_thread): Ditto.
(ticker_thread): Removed.
(cleanup_sh): Removed.
(main): Run the handler for the pipe server in a separate
thread. This replaces the old ticker thread.
(scd_get_socket_name): New.
* command.c (cmd_getinfo): New command GETINFO.
(scd_command_handler): Renamed argument and changed code to use an
already connected FD.
2005-05-15 Werner Koch <wk@g10code.com>
* app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c
* app-openpgp.c: Change most function return types from int to
gpg_error_t.
* command.c (pin_cb): Ditto.
* sc-copykeys.c (pincb): Ditto.
* app.c (lock_reader, unlock_reader): New. Changed call handler
wrappers to make use of these functions.
2005-05-07 Werner Koch <wk@g10code.com>
* ccid-driver.c (do_close_reader): Don't do a reset before close.
Some folks reported that it makes the SCR335 hang less often.
Look at the source on how to re-enable it.
2005-04-27 Werner Koch <wk@g10code.com>
* app-p15.c (micardo_mse): New.

4
scd/apdu.c
View file

@ -20,6 +20,10 @@
* $Id$
*/
/* NOTE: This module is also used by other software, thus the use of
the macro USE_GNU_PTH is mandatory. For GnuPG this macro is
guaranteed to be defined true. */
#include <config.h>
#include <errno.h>
#include <stdio.h>

101
scd/app-common.h
View file

@ -46,56 +46,56 @@ struct app_ctx_s {
struct app_local_s *app_local; /* Local to the application. */
struct {
void (*deinit) (app_t app);
int (*learn_status) (app_t app, ctrl_t ctrl);
int (*readcert) (app_t app, const char *certid,
gpg_error_t (*learn_status) (app_t app, ctrl_t ctrl);
gpg_error_t (*readcert) (app_t app, const char *certid,
unsigned char **cert, size_t *certlen);
int (*readkey) (app_t app, const char *certid,
gpg_error_t (*readkey) (app_t app, const char *certid,
unsigned char **pk, size_t *pklen);
int (*getattr) (app_t app, ctrl_t ctrl, const char *name);
int (*setattr) (app_t app, const char *name,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*getattr) (app_t app, ctrl_t ctrl, const char *name);
gpg_error_t (*setattr) (app_t app, const char *name,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const unsigned char *value, size_t valuelen);
int (*sign) (app_t app,
gpg_error_t (*sign) (app_t app,
const char *keyidstr, int hashalgo,
int (pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen );
int (*auth) (app_t app, const char *keyidstr,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*auth) (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen);
int (*decipher) (app_t app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t (*decipher) (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen);
int (*genkey) (app_t app, ctrl_t ctrl,
gpg_error_t (*genkey) (app_t app, ctrl_t ctrl,
const char *keynostr, unsigned int flags,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
int (*change_pin) (app_t app, ctrl_t ctrl,
gpg_error_t (*change_pin) (app_t app, ctrl_t ctrl,
const char *chvnostr, int reset_mode,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
int (*check_pin) (app_t app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t (*check_pin) (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
} fnc;
};
#if GNUPG_MAJOR_VERSION == 1
int app_select_openpgp (app_t app);
int app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
int app_openpgp_storekey (app_t app, int keyno,
gpg_error_t app_select_openpgp (app_t app);
gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
gpg_error_t app_openpgp_storekey (app_t app, int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
#else
/*-- app-help.c --*/
@ -107,72 +107,73 @@ size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff);
gpg_error_t select_application (ctrl_t ctrl, int slot, const char *name,
app_t *r_app);
void release_application (app_t app);
int app_munge_serialno (app_t app);
int app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
int app_write_learn_status (app_t app, ctrl_t ctrl);
int app_readcert (app_t app, const char *certid,
gpg_error_t app_munge_serialno (app_t app);
gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl);
gpg_error_t app_readcert (app_t app, const char *certid,
unsigned char **cert, size_t *certlen);
int app_readkey (app_t app, const char *keyid,
gpg_error_t app_readkey (app_t app, const char *keyid,
unsigned char **pk, size_t *pklen);
int app_getattr (app_t app, ctrl_t ctrl, const char *name);
int app_setattr (app_t app, const char *name,
int (*pincb)(void*, const char *, char **),
gpg_error_t app_getattr (app_t app, ctrl_t ctrl, const char *name);
gpg_error_t app_setattr (app_t app, const char *name,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const unsigned char *value, size_t valuelen);
int app_sign (app_t app, const char *keyidstr, int hashalgo,
int (pincb)(void*, const char *, char **),
gpg_error_t app_sign (app_t app, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen );
int app_auth (app_t app, const char *keyidstr,
int (*pincb)(void*, const char *, char **),
gpg_error_t app_auth (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen);
int app_decipher (app_t app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t app_decipher (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen );
int app_genkey (app_t app, ctrl_t ctrl,
gpg_error_t app_genkey (app_t app, ctrl_t ctrl,
const char *keynostr, unsigned int flags,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
int app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer);
int app_change_pin (app_t app, ctrl_t ctrl,
gpg_error_t app_get_challenge (app_t app, size_t nbytes,
unsigned char *buffer);
gpg_error_t app_change_pin (app_t app, ctrl_t ctrl,
const char *chvnostr, int reset_mode,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
int app_check_pin (app_t app, const char *keyidstr,
int (*pincb)(void*, const char *, char **),
gpg_error_t app_check_pin (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
/*-- app-openpgp.c --*/
int app_select_openpgp (app_t app);
gpg_error_t app_select_openpgp (app_t app);
int app_openpgp_cardinfo (app_t app,
gpg_error_t app_openpgp_cardinfo (app_t app,
char **serialno,
char **disp_name,
char **pubkey_url,
unsigned char **fpr1,
unsigned char **fpr2,
unsigned char **fpr3);
int app_openpgp_storekey (app_t app, int keyno,
gpg_error_t app_openpgp_storekey (app_t app, int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
int app_openpgp_readkey (app_t app, int keyno,
gpg_error_t app_openpgp_readkey (app_t app, int keyno,
unsigned char **m, size_t *mlen,
unsigned char **e, size_t *elen);
/*-- app-nks.c --*/
int app_select_nks (app_t app);
gpg_error_t app_select_nks (app_t app);
/*-- app-dinsig.c --*/
int app_select_dinsig (app_t app);
gpg_error_t app_select_dinsig (app_t app);
/*-- app-p15.c --*/
gpg_error_t app_select_p15 (app_t app);

20
scd/app-dinsig.c
View file

@ -85,7 +85,7 @@
#include "tlv.h"
static int
static gpg_error_t
do_learn_status (app_t app, ctrl_t ctrl)
{
gpg_error_t err;
@ -162,7 +162,7 @@ do_learn_status (app_t app, ctrl_t ctrl)
FIXME: This needs some cleanups and caching with do_learn_status.
*/
static int
static gpg_error_t
do_readcert (app_t app, const char *certid,
unsigned char **cert, size_t *certlen)
{
@ -273,9 +273,9 @@ do_readcert (app_t app, const char *certid,
/* Verify the PIN if required. */
static int
static gpg_error_t
verify_pin (app_t app,
int (pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
if (!app->did_chv1 || app->force_chv1 )
@ -326,12 +326,12 @@ verify_pin (app_t app,
If a PIN is required the PINCB will be used to ask for the PIN;
that callback should return the PIN in an allocated buffer and
store that in the 3rd argument. */
static int
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
int (pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
{
static unsigned char sha1_prefix[15] = /* Object ID is 1.3.14.3.2.26 */
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
@ -397,7 +397,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
/* Select the DINSIG application on the card in SLOT. This function
must be used before any other DINSIG application functions. */
int
gpg_error_t
app_select_dinsig (APP app)
{
static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 };

24
scd/app-nks.c
View file

@ -117,7 +117,7 @@ keygripstr_from_pk_file (int slot, int fid, char *r_gripstr)
static int
static gpg_error_t
do_learn_status (APP app, CTRL ctrl)
{
gpg_error_t err;
@ -175,7 +175,7 @@ do_learn_status (APP app, CTRL ctrl)
the CERTINFO status lines) and return it in the freshly allocated
buffer put into CERT and the length of the certificate put into
CERTLEN. */
static int
static gpg_error_t
do_readcert (app_t app, const char *certid,
unsigned char **cert, size_t *certlen)
{
@ -299,9 +299,9 @@ do_readcert (app_t app, const char *certid,
/* Verify the PIN if required. */
static int
static gpg_error_t
verify_pin (app_t app,
int (pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
/* Note that force_chv1 is never set but we do it here anyway so
@ -357,12 +357,12 @@ verify_pin (app_t app,
If a PIN is required the PINCB will be used to ask for the PIN;
that callback should return the PIN in an allocated buffer and
store that in the 3rd argument. */
static int
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
int (pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
{
static unsigned char sha1_prefix[15] = /* Object ID is 1.3.14.3.2.26 */
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
@ -435,9 +435,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
If a PIN is required the PINCB will be used to ask for the PIN; it
should return the PIN in an allocated buffer and put it into PIN. */
static int
static gpg_error_t
do_decipher (app_t app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
@ -485,7 +485,7 @@ do_decipher (app_t app, const char *keyidstr,
/* Select the NKS 2.0 application on the card in SLOT. */
int
gpg_error_t
app_select_nks (APP app)
{
static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x03, 0x01, 0x02 };

58
scd/app-openpgp.c
View file

@ -547,7 +547,7 @@ parse_login_data (app_t app)
}
/* Note, that FPR must be at least 20 bytes. */
static int
static gpg_error_t
store_fpr (int slot, int keynumber, u32 timestamp,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen,
@ -671,7 +671,7 @@ send_key_data (ctrl_t ctrl, const char *name,
/* Implement the GETATTR command. This is similar to the LEARN
command but returns just one value via the status interface. */
static int
static gpg_error_t
do_getattr (app_t app, ctrl_t ctrl, const char *name)
{
static struct {
@ -1168,7 +1168,7 @@ send_keypair_info (app_t app, ctrl_t ctrl, int keyno)
/* Handle the LEARN command for OpenPGP. */
static int
static gpg_error_t
do_learn_status (app_t app, ctrl_t ctrl)
{
do_getattr (app, ctrl, "EXTCAP");
@ -1204,7 +1204,7 @@ do_learn_status (app_t app, ctrl_t ctrl)
its length (for assertions) at PKLEN; the caller must release that
buffer. On error PK and PKLEN are not changed and an error code is
returned. */
static int
static gpg_error_t
do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
{
gpg_error_t err;
@ -1236,9 +1236,9 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
/* Verify CHV2 if required. Depending on the configuration of the
card CHV1 will also be verified. */
static int
static gpg_error_t
verify_chv2 (app_t app,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc = 0;
@ -1292,9 +1292,9 @@ verify_chv2 (app_t app,
}
/* Verify CHV3 if required. */
static int
static gpg_error_t
verify_chv3 (app_t app,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc = 0;
@ -1366,9 +1366,9 @@ verify_chv3 (app_t app,
/* Handle the SETATTR operation. All arguments are already basically
checked. */
static int
static gpg_error_t
do_setattr (app_t app, const char *name,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const unsigned char *value, size_t valuelen)
{
@ -1434,9 +1434,9 @@ do_setattr (app_t app, const char *name,
/* Handle the PASSWD command. */
static int
static gpg_error_t
do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc = 0;
@ -1525,9 +1525,9 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
/* Handle the GENKEY command. */
static int
static gpg_error_t
do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc;
@ -1691,7 +1691,7 @@ get_sig_counter (app_t app)
return ul;
}
static int
static gpg_error_t
compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
{
const unsigned char *fpr;
@ -1731,7 +1731,7 @@ compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
the key on the card has been replaced but the shadow information
known to gpg was not updated. If there is no fingerprint we
assume that this is okay. */
static int
static gpg_error_t
check_against_given_fingerprint (app_t app, const char *fpr, int keyno)
{
unsigned char tmp[20];
@ -1762,9 +1762,9 @@ check_against_given_fingerprint (app_t app, const char *fpr, int keyno)
GPG_ERR_WRONG_CARD to indicate that the card currently present does
not match the one required for the requested action (e.g. the
serial number does not match). */
static int
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
@ -1911,9 +1911,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
GPG_ERR_WRONG_CARD to indicate that the card currently present does
not match the one required for the requested action (e.g. the
serial number does not match). */
static int
static gpg_error_t
do_auth (app_t app, const char *keyidstr,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
@ -1974,9 +1974,9 @@ do_auth (app_t app, const char *keyidstr,
}
static int
static gpg_error_t
do_decipher (app_t app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
@ -2040,9 +2040,9 @@ do_decipher (app_t app, const char *keyidstr,
There is a special mode if the keyidstr is "<serialno>[CHV3]" with
the "[CHV3]" being a literal string: The Admin Pin is checked if
and only if the retry counter is still at 3. */
static int
static gpg_error_t
do_check_pin (app_t app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
unsigned char tmp_sn[20];
@ -2124,7 +2124,7 @@ do_check_pin (app_t app, const char *keyidstr,
/* Select the OpenPGP application on the card in SLOT. This function
must be used before any other OpenPGP application functions. */
int
gpg_error_t
app_select_openpgp (app_t app)
{
static char const aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
@ -2237,7 +2237,7 @@ leave:
LEARN command returns. All parameters return allocated strings or
buffers or NULL if the data object is not available. All returned
values are sanitized. */
int
gpg_error_t
app_openpgp_cardinfo (app_t app,
char **serialno,
char **disp_name,
@ -2327,13 +2327,13 @@ app_openpgp_cardinfo (app_t app,
create the fingerprint. M, MLEN is the RSA modulus and E, ELEN the
RSA public exponent. This function silently overwrites an existing
key.*/
int
gpg_error_t
app_openpgp_storekey (app_t app, int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen,
int (*pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc;
@ -2377,7 +2377,7 @@ app_openpgp_storekey (app_t app, int keyno,
/* Utility function for external tools: Read the public RSA key at
KEYNO and return modulus and exponent in (M,MLEN) and (E,ELEN). */
int
gpg_error_t
app_openpgp_readkey (app_t app, int keyno, unsigned char **m, size_t *mlen,
unsigned char **e, size_t *elen)
{

8
scd/app-p15.c
View file

@ -2366,7 +2366,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
/* This is the handler for the LEARN command. */
static int /* FIXME: change this to gpg_error_t */
static gpg_error_t
do_learn_status (app_t app, ctrl_t ctrl)
{
gpg_error_t err;
@ -2513,7 +2513,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
buffer to be stored at R_CERT and its length at R_CERTLEN. A error
code will be returned on failure and R_CERT and R_CERTLEN will be
set to NULL/0. */
static int /* FIXME: change this to gpg_error_t */
static gpg_error_t
do_readcert (app_t app, const char *certid,
unsigned char **r_cert, size_t *r_certlen)
{
@ -2629,9 +2629,9 @@ micardo_mse (app_t app, unsigned short fid)
If a PIN is required, the PINCB will be used to ask for the PIN;
that callback should return the PIN in an allocated buffer and
store that as the 3rd argument. */
static int
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
int (pincb)(void*, const char *, char **),
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )

339
scd/app.c
View file

@ -23,7 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
# include <pth.h>
#include "scdaemon.h"
#include "app-common.h"
@ -31,7 +31,72 @@
#include "iso7816.h"
#include "tlv.h"
/* This table is used to keep track of locks on a per reader base.
The index into the table is the slot number of the reader. The
mutex will be initialized on demand (one of the advantages of a
userland threading system). */
static struct
{
int initialized;
pth_mutex_t lock;
} lock_table[10];
/* Lock the reader associated with the APP context. This function
shall be used right before calling any of the actual application
functions to serialize access to the reader. We do this always
even if the reader is not actually used. This allows an actual
application to assume that it never shares a reader (while
performing one command). Returns 0 on success; only then the
unlock_reader function must be called after returning from the
handler. */
static gpg_error_t
lock_reader (app_t app)
{
gpg_error_t err;
int slot = app->slot;
if (slot < 0 || slot >= DIM (lock_table))
return gpg_error (app->slot<0? GPG_ERR_INV_VALUE : GPG_ERR_RESOURCE_LIMIT);
if (!lock_table[slot].initialized)
{
if (!pth_mutex_init (&lock_table[slot].lock))
{
err = gpg_error_from_errno (errno);
log_error ("error initializing mutex: %s\n", strerror (errno));
return err;
}
lock_table[slot].initialized = 1;
}
if (!pth_mutex_acquire (&lock_table[slot].lock, 0, NULL))
{
err = gpg_error_from_errno (errno);
log_error ("failed to acquire APP lock for slot %d: %s\n",
slot, strerror (errno));
return err;
}
return 0;
}
/* Release a lock on the reader. See lock_reader(). */
static void
unlock_reader (app_t app)
{
int slot = app->slot;
if (slot < 0 || slot >= DIM (lock_table)
|| !lock_table[slot].initialized)
log_bug ("unlock_reader called for invalid slot %d\n", slot);
if (!pth_mutex_release (&lock_table[slot].lock))
log_error ("failed to release APP lock for slot %d: %s\n",
slot, strerror (errno));
}
/* Check wether the application NAME is allowed. This does not mean
we have support for it though. */
static int
@ -54,7 +119,7 @@ is_app_allowed (const char *name)
gpg_error_t
select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
{
int rc;
gpg_error_t err;
app_t app;
unsigned char *result = NULL;
size_t resultlen;
@ -63,22 +128,26 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
app = xtrycalloc (1, sizeof *app);
if (!app)
{
rc = gpg_error_from_errno (errno);
log_info ("error allocating context: %s\n", gpg_strerror (rc));
return rc;
err = gpg_error_from_errno (errno);
log_info ("error allocating context: %s\n", gpg_strerror (err));
return err;
}
app->slot = slot;
err = lock_reader (app);
if (err)
return err;
/* Fixme: We should now first check whether a card is at all
present. */
/* Try to read the GDO file first to get a default serial number. */
rc = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
if (!rc)
rc = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
if (!rc)
rc = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
if (!rc)
err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
if (!err)
err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
if (!err)
err = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
if (!err)
{
size_t n;
const unsigned char *p;
@ -104,8 +173,8 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
memmove (result, p, n);
app->serialno = result;
app->serialnolen = n;
rc = app_munge_serialno (app);
if (rc)
err = app_munge_serialno (app);
if (err)
goto leave;
}
else
@ -114,38 +183,40 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
}
/* For certain error codes, there is no need to try more. */
if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
goto leave;
/* Figure out the application to use. */
rc = gpg_error (GPG_ERR_NOT_FOUND);
err = gpg_error (GPG_ERR_NOT_FOUND);
if (rc && is_app_allowed ("openpgp") && (!name || !strcmp (name, "openpgp")))
rc = app_select_openpgp (app);
if (rc && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
rc = app_select_nks (app);
if (rc && is_app_allowed ("p15") && (!name || !strcmp (name, "p15")))
rc = app_select_p15 (app);
if (rc && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
rc = app_select_dinsig (app);
if (rc && name)
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
if (err && is_app_allowed ("openpgp")
&& (!name || !strcmp (name, "openpgp")))
err = app_select_openpgp (app);
if (err && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
err = app_select_nks (app);
if (err && is_app_allowed ("p15") && (!name || !strcmp (name, "p15")))
err = app_select_p15 (app);
if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
err = app_select_dinsig (app);
if (err && name)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
leave:
if (rc)
if (err)
{
if (name)
log_info ("can't select application `%s': %s\n",
name, gpg_strerror (rc));
name, gpg_strerror (err));
else
log_info ("no supported card application found: %s\n",
gpg_strerror (rc));
gpg_strerror (err));
xfree (app);
return rc;
return err;
}
app->initialized = 1;
unlock_reader (app);
*r_app = app;
return 0;
}
@ -181,7 +252,7 @@ release_application (app_t app)
All other serial number not starting with FF are used as they are.
*/
int
gpg_error_t
app_munge_serialno (app_t app)
{
if (app->serialnolen && app->serialno[0] == 0xff)
@ -208,7 +279,7 @@ app_munge_serialno (app_t app)
no update time is available the returned value is 0. Caller must
free SERIAL unless the function returns an error. If STAMP is not
of interest, NULL may be passed. */
int
gpg_error_t
app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
{
unsigned char *buf, *p;
@ -234,9 +305,11 @@ app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
/* Write out the application specifig status lines for the LEARN
command. */
int
app_write_learn_status (APP app, CTRL ctrl)
gpg_error_t
app_write_learn_status (app_t app, CTRL ctrl)
{
gpg_error_t err;
if (!app)
return gpg_error (GPG_ERR_INV_VALUE);
if (!app->initialized)
@ -247,8 +320,12 @@ app_write_learn_status (APP app, CTRL ctrl)
if (app->apptype)
send_status_info (ctrl, "APPTYPE",
app->apptype, strlen (app->apptype), NULL, 0);
return app->fnc.learn_status (app, ctrl);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.learn_status (app, ctrl);
unlock_reader (app);
return err;
}
@ -256,18 +333,24 @@ app_write_learn_status (APP app, CTRL ctrl)
the CERTINFO status lines) and return it in the freshly allocated
buffer put into CERT and the length of the certificate put into
CERTLEN. */
int
gpg_error_t
app_readcert (app_t app, const char *certid,
unsigned char **cert, size_t *certlen)
{
gpg_error_t err;
if (!app)
return gpg_error (GPG_ERR_INV_VALUE);
if (!app->initialized)
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.readcert)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
return app->fnc.readcert (app, certid, cert, certlen);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.readcert (app, certid, cert, certlen);
unlock_reader (app);
return err;
}
@ -278,9 +361,11 @@ app_readcert (app_t app, const char *certid,
code returned.
This function might not be supported by all applications. */
int
gpg_error_t
app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
{
gpg_error_t err;
if (pk)
*pk = NULL;
if (pklen)
@ -292,15 +377,21 @@ app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.readkey)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
return app->fnc.readkey (app, keyid, pk, pklen);
err = lock_reader (app);
if (err)
return err;
err= app->fnc.readkey (app, keyid, pk, pklen);
unlock_reader (app);
return err;
}
/* Perform a GETATTR operation. */
int
app_getattr (APP app, CTRL ctrl, const char *name)
gpg_error_t
app_getattr (app_t app, CTRL ctrl, const char *name)
{
gpg_error_t err;
if (!app || !name || !*name)
return gpg_error (GPG_ERR_INV_VALUE);
if (!app->initialized)
@ -328,36 +419,48 @@ app_getattr (APP app, CTRL ctrl, const char *name)
if (!app->fnc.getattr)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
return app->fnc.getattr (app, ctrl, name);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.getattr (app, ctrl, name);
unlock_reader (app);
return err;
}
/* Perform a SETATTR operation. */
int
app_setattr (APP app, const char *name,
int (*pincb)(void*, const char *, char **),
gpg_error_t
app_setattr (app_t app, const char *name,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const unsigned char *value, size_t valuelen)
{
gpg_error_t err;
if (!app || !name || !*name || !value)
return gpg_error (GPG_ERR_INV_VALUE);
if (!app->initialized)
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.setattr)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
return app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
unlock_reader (app);
return err;
}
/* Create the signature and return the allocated result in OUTDATA.
If a PIN is required the PINCB will be used to ask for the PIN; it
should return the PIN in an allocated buffer and put it into PIN. */
int
app_sign (APP app, const char *keyidstr, int hashalgo,
int (pincb)(void*, const char *, char **),
gpg_error_t
app_sign (app_t app, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
{
int rc;
gpg_error_t err;
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
return gpg_error (GPG_ERR_INV_VALUE);
@ -365,27 +468,31 @@ app_sign (APP app, const char *keyidstr, int hashalgo,
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.sign)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = app->fnc.sign (app, keyidstr, hashalgo,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.sign (app, keyidstr, hashalgo,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
unlock_reader (app);
if (opt.verbose)
log_info ("operation sign result: %s\n", gpg_strerror (rc));
return rc;
log_info ("operation sign result: %s\n", gpg_strerror (err));
return err;
}
/* Create the signature using the INTERNAL AUTHENTICATE command and
return the allocated result in OUTDATA. If a PIN is required the
PINCB will be used to ask for the PIN; it should return the PIN in
an allocated buffer and put it into PIN. */
int
app_auth (APP app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t
app_auth (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
{
int rc;
gpg_error_t err;
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
return gpg_error (GPG_ERR_INV_VALUE);
@ -393,27 +500,31 @@ app_auth (APP app, const char *keyidstr,
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.auth)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = app->fnc.auth (app, keyidstr,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.auth (app, keyidstr,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
unlock_reader (app);
if (opt.verbose)
log_info ("operation auth result: %s\n", gpg_strerror (rc));
return rc;
log_info ("operation auth result: %s\n", gpg_strerror (err));
return err;
}
/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
If a PIN is required the PINCB will be used to ask for the PIN; it
should return the PIN in an allocated buffer and put it into PIN. */
int
app_decipher (APP app, const char *keyidstr,
int (pincb)(void*, const char *, char **),
gpg_error_t
app_decipher (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen )
{
int rc;
gpg_error_t err;
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
return gpg_error (GPG_ERR_INV_VALUE);
@ -421,23 +532,27 @@ app_decipher (APP app, const char *keyidstr,
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.decipher)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = app->fnc.decipher (app, keyidstr,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.decipher (app, keyidstr,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
unlock_reader (app);
if (opt.verbose)
log_info ("operation decipher result: %s\n", gpg_strerror (rc));
return rc;
log_info ("operation decipher result: %s\n", gpg_strerror (err));
return err;
}
/* Perform a SETATTR operation. */
int
app_genkey (APP app, CTRL ctrl, const char *keynostr, unsigned int flags,
int (*pincb)(void*, const char *, char **),
gpg_error_t
app_genkey (app_t app, CTRL ctrl, const char *keynostr, unsigned int flags,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc;
gpg_error_t err;
if (!app || !keynostr || !*keynostr || !pincb)
return gpg_error (GPG_ERR_INV_VALUE);
@ -445,35 +560,46 @@ app_genkey (APP app, CTRL ctrl, const char *keynostr, unsigned int flags,
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.genkey)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg);
unlock_reader (app);
if (opt.verbose)
log_info ("operation genkey result: %s\n", gpg_strerror (rc));
return rc;
log_info ("operation genkey result: %s\n", gpg_strerror (err));
return err;
}
/* Perform a GET CHALLENGE operation. This fucntion is special as it
directly accesses the card without any application specific
wrapper. */
int
app_get_challenge (APP app, size_t nbytes, unsigned char *buffer)
gpg_error_t
app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer)
{
gpg_error_t err;
if (!app || !nbytes || !buffer)
return gpg_error (GPG_ERR_INV_VALUE);
if (!app->initialized)
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
return iso7816_get_challenge (app->slot, nbytes, buffer);
err = lock_reader (app);
if (err)
return err;
err = iso7816_get_challenge (app->slot, nbytes, buffer);
unlock_reader (app);
return err;
}
/* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */
int
app_change_pin (APP app, CTRL ctrl, const char *chvnostr, int reset_mode,
int (*pincb)(void*, const char *, char **),
gpg_error_t
app_change_pin (app_t app, CTRL ctrl, const char *chvnostr, int reset_mode,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc;
gpg_error_t err;
if (!app || !chvnostr || !*chvnostr || !pincb)
return gpg_error (GPG_ERR_INV_VALUE);
@ -481,22 +607,27 @@ app_change_pin (APP app, CTRL ctrl, const char *chvnostr, int reset_mode,
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.change_pin)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode, pincb, pincb_arg);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode,
pincb, pincb_arg);
unlock_reader (app);
if (opt.verbose)
log_info ("operation change_pin result: %s\n", gpg_strerror (rc));
return rc;
log_info ("operation change_pin result: %s\n", gpg_strerror (err));
return err;
}
/* Perform a VERIFY operation without doing anything lese. This may
be used to initialze a the PIN cache for long lasting other
operations. Its use is highly application dependent. */
int
app_check_pin (APP app, const char *keyidstr,
int (*pincb)(void*, const char *, char **),
gpg_error_t
app_check_pin (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc;
gpg_error_t err;
if (!app || !keyidstr || !*keyidstr || !pincb)
return gpg_error (GPG_ERR_INV_VALUE);
@ -504,9 +635,13 @@ app_check_pin (APP app, const char *keyidstr,
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!app->fnc.check_pin)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg);
err = lock_reader (app);
if (err)
return err;
err = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg);
unlock_reader (app);
if (opt.verbose)
log_info ("operation check_pin result: %s\n", gpg_strerror (rc));
return rc;
log_info ("operation check_pin result: %s\n", gpg_strerror (err));
return err;
}

9
scd/ccid-driver.c
View file

@ -986,7 +986,8 @@ do_close_reader (ccid_driver_t handle)
}
if (handle->idev)
{
usb_reset (handle->idev);
if (getenv ("GNUPG_CCID_DRIVER_RESET_BEFORE_CLOSE"))
usb_reset (handle->idev);
usb_release_interface (handle->idev, handle->ifc_no);
usb_close (handle->idev);
handle->idev = NULL;
@ -1274,7 +1275,7 @@ ccid_poll (ccid_driver_t handle)
}
/* Note that this function won't return the error codes NO_CARD or
/* Note that this fucntion won't return the error codes NO_CARD or
CARD_INACTIVE */
int
ccid_slot_status (ccid_driver_t handle, int *statusbits)
@ -1303,12 +1304,12 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits)
{
if (!retries)
{
fprintf (stderr, "CALLING USB_CLEAR_HALT\n");
DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
usb_clear_halt (handle->idev, handle->ep_bulk_in);
usb_clear_halt (handle->idev, handle->ep_bulk_out);
}
else
fprintf (stderr, "RETRYING AGIAN\n");
DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
retries++;
goto retry;
}

43
scd/command.c
View file

@ -122,7 +122,7 @@ has_option (const char *line, const char *name)
/* Reset the card and free the application context. With DO_CLOSE set
to true and this is the last session with a reference to teh
to true and this is the last session with a reference to the
reader, close the reader and don't do just a reset. */
static void
do_reset (ctrl_t ctrl, int do_close)
@ -647,7 +647,7 @@ cmd_setdata (assuan_context_t ctx, char *line)
static int
static gpg_error_t
pin_cb (void *opaque, const char *info, char **retstr)
{
assuan_context_t ctx = opaque;
@ -1171,6 +1171,34 @@ cmd_unlock (assuan_context_t ctx, char *line)
}
/* GETINFO <what>
Multi purpose command to return certain information.
Supported values of WHAT are:
socket_name - Return the name of the socket.
*/
static int
cmd_getinfo (assuan_context_t ctx, char *line)
{
int rc = 0;
if (!strcmp (line, "socket_name"))
{
const char *s = scd_get_socket_name ();
if (s)
rc = assuan_send_data (ctx, s, strlen (s));
else
rc = gpg_error (GPG_ERR_NO_DATA);
}
else
rc = set_error (Parameter_Error, "unknown value for WHAT");
return rc;
}
@ -1200,6 +1228,7 @@ register_commands (assuan_context_t ctx)
{ "CHECKPIN", cmd_checkpin },
{ "LOCK", cmd_lock },
{ "UNLOCK", cmd_unlock },
{ "GETINFO", cmd_getinfo },
{ NULL }
};
int i, rc;
@ -1218,10 +1247,10 @@ register_commands (assuan_context_t ctx)
}
/* Startup the server. If LISTEN_FD is given as -1, this is simple
piper server, otherwise it is a regular server */
/* Startup the server. If FD is given as -1 this is simple pipe
server, otherwise it is a regular server. */
void
scd_command_handler (int listen_fd)
scd_command_handler (int fd)
{
int rc;
assuan_context_t ctx;
@ -1230,7 +1259,7 @@ scd_command_handler (int listen_fd)
memset (&ctrl, 0, sizeof ctrl);
scd_init_default_ctrl (&ctrl);
if (listen_fd == -1)
if (fd == -1)
{
int filedes[2];
@ -1240,7 +1269,7 @@ scd_command_handler (int listen_fd)
}
else
{
rc = assuan_init_socket_server (&ctx, listen_fd);
rc = assuan_init_connected_socket_server (&ctx, fd);
}
if (rc)
{

2
scd/sc-copykeys.c
View file

@ -483,7 +483,7 @@ query_card (APP app)
/* Callback function to ask for a PIN. */
static int
static gpg_error_t
pincb (void *arg, const char *prompt, char **pinvalue)
{
char *pin = xstrdup ("12345678");

495
scd/scdaemon.c
View file

@ -1,5 +1,5 @@
/* scdaemon.c - The GnuPG Smartcard Daemon
* Copyright (C) 2001, 2002, 2004 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2004, 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -35,9 +35,7 @@
#endif /*HAVE_W32_SYSTEM*/
#include <unistd.h>
#include <signal.h>
#ifdef USE_GNU_PTH
# include <pth.h>
#endif
#include <pth.h>
#define JNLIB_NEED_LOG_LOGV
#include "scdaemon.h"
@ -76,6 +74,7 @@ enum cmd_and_opt_values
oNoGrab,
oLogFile,
oServer,
oMultiServer,
oDaemon,
oBatch,
oReaderPort,
@ -110,6 +109,8 @@ static ARGPARSE_OPTS opts[] = {
{ oDebugWait,"debug-wait",1, "@"},
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
{ oMultiServer, "multi-server", 0,
N_("allow additional connections in server mode")},
{ oReaderPort, "reader-port", 2, N_("|N|connect to reader at port N")},
{ octapiDriver, "ctapi-driver", 2, N_("|NAME|use NAME as ct-API driver")},
{ opcscDriver, "pcsc-driver", 2, N_("|NAME|use NAME as PC/SC driver")},
@ -140,8 +141,6 @@ static ARGPARSE_OPTS opts[] = {
#endif
static volatile int caught_fatal_sig = 0;
/* Flag to indicate that a shutdown was requested. */
static int shutdown_pending;
@ -149,16 +148,21 @@ static int shutdown_pending;
static int maybe_setuid = 1;
/* Name of the communication socket */
static char socket_name[128];
static char *socket_name;
static char *create_socket_name (int use_standard_socket,
char *standard_name, char *template);
static int create_server_socket (int is_standard_name, const char *name);
static void *start_connection_thread (void *arg);
static void handle_connections (int listen_fd);
#ifdef USE_GNU_PTH
/* Pth wrapper function definitions. */
GCRY_THREAD_OPTION_PTH_IMPL;
static void *ticker_thread (void *arg);
#endif /*USE_GNU_PTH*/
static const char *
my_strusage (int level)
{
@ -265,7 +269,7 @@ set_debug (const char *level)
static void
cleanup (void)
{
if (*socket_name)
if (socket_name && *socket_name)
{
char *p;
@ -282,27 +286,6 @@ cleanup (void)
}
static RETSIGTYPE
cleanup_sh (int sig)
{
if (caught_fatal_sig)
raise (sig);
caught_fatal_sig = 1;
/* gcry_control( GCRYCTL_TERM_SECMEM );*/
cleanup ();
#ifndef HAVE_DOSISH_SYSTEM
{ /* reset action to default action and raise signal again */
struct sigaction nact;
nact.sa_handler = SIG_DFL;
sigemptyset( &nact.sa_mask );
nact.sa_flags = 0;
sigaction( sig, &nact, NULL);
}
#endif
raise( sig );
}
int
main (int argc, char **argv )
@ -322,6 +305,7 @@ main (int argc, char **argv )
int greeting = 0;
int nogreeting = 0;
int pipe_server = 0;
int multi_server = 0;
int is_daemon = 0;
int nodetach = 0;
int csh_style = 0;
@ -343,14 +327,12 @@ main (int argc, char **argv )
/* Libgcrypt requires us to register the threading model first.
Note that this will also do the pth_init. */
#ifdef USE_GNU_PTH
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err)
{
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
gpg_strerror (err));
}
#endif /*USE_GNU_PTH*/
/* Check that the libraries are suitable. Do it here because
the option parsing may need services of the library */
@ -481,6 +463,7 @@ main (int argc, char **argv )
case oCsh: csh_style = 1; break;
case oSh: csh_style = 0; break;
case oServer: pipe_server = 1; break;
case oMultiServer: multi_server = 1; break;
case oDaemon: is_daemon = 1; break;
case oReaderPort: opt.reader_port = pargs.r.ret_str; break;
@ -598,24 +581,49 @@ main (int argc, char **argv )
log_set_prefix (NULL, 1|2|4);
}
if (pipe_server)
{ /* This is the simple pipe based server */
#ifdef USE_GNU_PTH
{
/* This is the simple pipe based server */
pth_attr_t tattr;
int fd = -1;
{
struct sigaction sa;
sa.sa_handler = SIG_IGN;
sigemptyset (&sa.sa_mask);
sa.sa_flags = 0;
sigaction (SIGPIPE, &sa, NULL);
}
/* In multi server mode we need to listen on an additional
socket. Create that socket now before starting the handler
for the pipe connection. This allows that handler to send
back the name of that socket. */
if (multi_server)
{
socket_name = create_socket_name (0,
"S.scdaemon",
"/tmp/gpg-XXXXXX/S.scdaemon");
fd = create_server_socket (0, socket_name);
}
tattr = pth_attr_new();
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
pth_attr_set (tattr, PTH_ATTR_NAME, "ticker");
pth_attr_set (tattr, PTH_ATTR_NAME, "pipe-connection");
if (!pth_spawn (tattr, ticker_thread, NULL))
if (!pth_spawn (tattr, start_connection_thread, (void*)(-1)))
{
log_error ("error spawning ticker thread: %s\n", strerror (errno));
log_error ("error spawning pipe connection handler: %s\n",
strerror (errno) );
scd_exit (2);
}
#endif /*USE_GNU_PTH*/
scd_command_handler (-1);
handle_connections (fd);
if (fd != -1)
close (fd);
}
else if (!is_daemon)
{
@ -623,87 +631,17 @@ main (int argc, char **argv )
" to run the program in the background\n"));
}
else
{ /* regular server mode */
{ /* Regular server mode */
int fd;
pid_t pid;
int i;
int len;
struct sockaddr_un serv_addr;
char *p;
/* fixme: if there is already a running gpg-agent we should
share the same directory - and vice versa */
*socket_name = 0;
snprintf (socket_name, DIM(socket_name)-1,
"/tmp/gpg-XXXXXX/S.scdaemon");
socket_name[DIM(socket_name)-1] = 0;
p = strrchr (socket_name, '/');
if (!p)
BUG ();
*p = 0;;
/* Create the socket. */
socket_name = create_socket_name (0,
"S.scdaemon",
"/tmp/gpg-XXXXXX/S.scdaemon");
#ifndef HAVE_W32_SYSTEM
if (!mkdtemp(socket_name))
{
log_error ("can't create directory `%s': %s\n",
socket_name, strerror(errno) );
exit (1);
}
#endif
*p = '/';
if (strchr (socket_name, ':') )
{
log_error ("colons are not allowed in the socket name\n");
exit (1);
}
if (strlen (socket_name)+1 >= sizeof serv_addr.sun_path )
{
log_error ("name of socket to long\n");
exit (1);
}
#ifdef HAVE_W32_SYSTEM
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
#else
fd = socket (AF_UNIX, SOCK_STREAM, 0);
#endif
if (fd == -1)
{
log_error ("can't create socket: %s\n", strerror(errno) );
exit (1);
}
memset (&serv_addr, 0, sizeof serv_addr);
serv_addr.sun_family = AF_UNIX;
strcpy (serv_addr.sun_path, socket_name);
len = (offsetof (struct sockaddr_un, sun_path)
+ strlen(serv_addr.sun_path) + 1);
if (
#ifdef HAVE_W32_SYSTEM
_w32_sock_bind
#else
bind
#endif
(fd, (struct sockaddr*)&serv_addr, len) == -1)
{
log_error ("error binding socket to `%s': %s\n",
serv_addr.sun_path, strerror (errno) );
close (fd);
exit (1);
}
if (listen (fd, 5 ) == -1)
{
log_error ("listen() failed: %s\n", strerror (errno));
close (fd);
exit (1);
}
if (opt.verbose)
log_info ("listening on socket `%s'\n", socket_name );
fd = create_server_socket (0, socket_name);
fflush (NULL);
@ -746,7 +684,7 @@ main (int argc, char **argv )
}
else
{
/* print the environment string, so that the caller can use
/* Print the environment string, so that the caller can use
shell's eval to set it */
if (csh_style)
{
@ -763,14 +701,15 @@ main (int argc, char **argv )
/* NOTREACHED */
} /* end parent */
/* this is the child */
/* This is the child. */
/* detach from tty and put process into a new session */
/* Detach from tty and put process into a new session. */
if (!nodetach )
{ /* close stdin, stdout and stderr unless it is the log stream */
{
/* Close stdin, stdout and stderr unless it is the log stream. */
for (i=0; i <= 2; i++)
{
if ( log_get_fd () != i)
if ( log_test_fd (i) && i != fd)
close (i);
}
if (setsid() == -1)
@ -781,23 +720,13 @@ main (int argc, char **argv )
}
}
/* setup signals */
{
struct sigaction oact, nact;
struct sigaction sa;
nact.sa_handler = cleanup_sh;
sigemptyset (&nact.sa_mask);
nact.sa_flags = 0;
sigaction (SIGHUP, NULL, &oact);
if (oact.sa_handler != SIG_IGN)
sigaction (SIGHUP, &nact, NULL);
sigaction( SIGTERM, NULL, &oact );
if (oact.sa_handler != SIG_IGN)
sigaction (SIGTERM, &nact, NULL);
nact.sa_handler = SIG_IGN;
sigaction (SIGPIPE, &nact, NULL);
sigaction (SIGINT, &nact, NULL);
sa.sa_handler = SIG_IGN;
sigemptyset (&sa.sa_mask);
sa.sa_flags = 0;
sigaction (SIGPIPE, &sa, NULL);
}
if (chdir("/"))
@ -808,7 +737,7 @@ main (int argc, char **argv )
#endif /*!HAVE_W32_SYSTEM*/
scd_command_handler (fd);
handle_connections (fd);
close (fd);
}
@ -840,13 +769,22 @@ scd_exit (int rc)
void
scd_init_default_ctrl (CTRL ctrl)
scd_init_default_ctrl (ctrl_t ctrl)
{
ctrl->reader_slot = -1;
}
#ifdef USE_GNU_PTH
/* Return the name of the socket to be used to connect to this
process. If no socket is available, return NULL. */
const char *
scd_get_socket_name ()
{
if (socket_name && *socket_name)
return socket_name;
return NULL;
}
static void
handle_signal (int signo)
@ -897,18 +835,175 @@ handle_signal (int signo)
}
}
static void
handle_tick (void)
{
scd_update_reader_status_file ();
}
static void *
ticker_thread (void *dummy_arg)
/* Create a name for the socket. With USE_STANDARD_SOCKET given as
true using STANDARD_NAME in the home directory or if given has
false from the mkdir type name TEMPLATE. In the latter case a
unique name in a unique new directory will be created. In both
cases check for valid characters as well as against a maximum
allowed length for a unix domain socket is done. The function
terminates the process in case of an error. Retunrs: Pointer to an
allcoated string with the absolute name of the socket used. */
static char *
create_socket_name (int use_standard_socket,
char *standard_name, char *template)
{
pth_event_t sigs_ev, time_ev = NULL;
char *name, *p;
if (use_standard_socket)
name = make_filename (opt.homedir, standard_name, NULL);
else
{
name = xstrdup (template);
p = strrchr (name, '/');
if (!p)
BUG ();
*p = 0;
if (!mkdtemp (name))
{
log_error (_("can't create directory `%s': %s\n"),
name, strerror (errno));
scd_exit (2);
}
*p = '/';
}
if (strchr (name, PATHSEP_C))
{
log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S);
scd_exit (2);
}
if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) )
{
log_error (_("name of socket too long\n"));
scd_exit (2);
}
return name;
}
/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates
whether a non-random socket is used. Returns the file descriptor
or terminates the process in case of an error. */
static int
create_server_socket (int is_standard_name, const char *name)
{
struct sockaddr_un *serv_addr;
socklen_t len;
int fd;
int rc;
#ifdef HAVE_W32_SYSTEM
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
#else
fd = socket (AF_UNIX, SOCK_STREAM, 0);
#endif
if (fd == -1)
{
log_error (_("can't create socket: %s\n"), strerror (errno));
scd_exit (2);
}
serv_addr = xmalloc (sizeof (*serv_addr));
memset (serv_addr, 0, sizeof *serv_addr);
serv_addr->sun_family = AF_UNIX;
assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
strcpy (serv_addr->sun_path, name);
len = (offsetof (struct sockaddr_un, sun_path)
+ strlen (serv_addr->sun_path) + 1);
#ifdef HAVE_W32_SYSTEM
rc = _w32_sock_bind (fd, (struct sockaddr*) serv_addr, len);
if (is_standard_name && rc == -1 )
{
remove (name);
rc = bind (fd, (struct sockaddr*) serv_addr, len);
}
#else
rc = bind (fd, (struct sockaddr*) serv_addr, len);
if (is_standard_name && rc == -1 && errno == EADDRINUSE)
{
remove (name);
rc = bind (fd, (struct sockaddr*) serv_addr, len);
}
#endif
if (rc == -1)
{
log_error (_("error binding socket to `%s': %s\n"),
serv_addr->sun_path, strerror (errno));
close (fd);
scd_exit (2);
}
if (listen (fd, 5 ) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));
close (fd);
scd_exit (2);
}
if (opt.verbose)
log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
return fd;
}
/* This is the standard connection thread's main function. */
static void *
start_connection_thread (void *arg)
{
int fd = (int)arg;
if (opt.verbose)
log_info (_("handler for fd %d started\n"), fd);
scd_command_handler (fd);
if (opt.verbose)
log_info (_("handler for fd %d terminated\n"), fd);
/* If this thread is the pipe connection thread, flag that a
shutdown is required. With the next ticker event and given that
no other connections are running the shutdown will then
happen. */
if (fd == -1)
shutdown_pending = 1;
return NULL;
}
/* Connection handler loop. Wait for connection requests and spawn a
thread after accepting a connection. LISTEN_FD is allowed to be -1
in which case this code will only do regular timeouts and handle
signals. */
static void
handle_connections (int listen_fd)
{
pth_attr_t tattr;
pth_event_t ev, time_ev;
sigset_t sigs;
int signo;
struct sockaddr_un paddr;
socklen_t plen;
fd_set fdset, read_fdset;
int ret;
int fd;
tattr = pth_attr_new();
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
pth_attr_set (tattr, PTH_ATTR_NAME, "scd-connections");
#ifndef HAVE_W32_SYSTEM /* fixme */
sigemptyset (&sigs );
@ -917,43 +1012,101 @@ ticker_thread (void *dummy_arg)
sigaddset (&sigs, SIGUSR2);
sigaddset (&sigs, SIGINT);
sigaddset (&sigs, SIGTERM);
sigs_ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
#else
sigs_ev = NULL;
ev = NULL;
#endif
while (!shutdown_pending)
time_ev = NULL;
FD_ZERO (&fdset);
if (listen_fd != -1)
FD_SET (listen_fd, &fdset);
for (;;)
{
if (!time_ev)
if (shutdown_pending)
{
time_ev = pth_event (PTH_EVENT_TIME, pth_timeout (2, 0));
if (time_ev)
pth_event_concat (sigs_ev, time_ev, NULL);
if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
break; /* ready */
/* Do not accept anymore connections but wait for existing
connections to terminate. We do this by clearing out all
file descriptors to wait for, so that the select will be
used to just wait on a signal or timeout event. */
FD_ZERO (&fdset);
}
/* Create a timeout event if needed. */
if (!time_ev)
time_ev = pth_event (PTH_EVENT_TIME, pth_timeout (2, 0));
/* POSIX says that fd_set should be implemented as a structure,
thus a simple assignment is fine to copy the entire set. */
read_fdset = fdset;
if (time_ev)
pth_event_concat (ev, time_ev, NULL);
ret = pth_select_ev (FD_SETSIZE, &read_fdset, NULL, NULL, NULL, ev);
if (time_ev)
pth_event_isolate (time_ev);
if (ret == -1)
{
if (pth_event_occurred (ev)
|| (time_ev && pth_event_occurred (time_ev)))
{
if (pth_event_occurred (ev))
handle_signal (signo);
if (time_ev && pth_event_occurred (time_ev))
{
pth_event_free (time_ev, PTH_FREE_ALL);
time_ev = NULL;
handle_tick ();
}
continue;
}
log_error (_("pth_select failed: %s - waiting 1s\n"),
strerror (errno));
pth_sleep (1);
continue;
}
if (pth_event_occurred (ev))
{
handle_signal (signo);
}
if (pth_wait (sigs_ev) < 1)
continue;
if (
#ifdef PTH_STATUS_OCCURRED /* This is Pth 2 */
pth_event_status (sigs_ev) == PTH_STATUS_OCCURRED
#else
pth_event_occurred (sigs_ev)
#endif
)
handle_signal (signo);
/* Always run the ticker. */
if (!shutdown_pending)
if (time_ev && pth_event_occurred (time_ev))
{
pth_event_isolate (sigs_ev);
pth_event_free (time_ev, PTH_FREE_ALL);
time_ev = NULL;
handle_tick ();
}
if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
{
plen = sizeof paddr;
fd = pth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
if (fd == -1)
{
log_error ("accept failed: %s\n", strerror (errno));
}
else if (!pth_spawn (tattr, start_connection_thread, (void*)fd))
{
log_error ("error spawning connection handler: %s\n",
strerror (errno) );
close (fd);
}
fd = -1;
}
}
pth_event_free (sigs_ev, PTH_FREE_ALL);
return NULL;
pth_event_free (ev, PTH_FREE_ALL);
if (time_ev)
pth_event_free (time_ev, PTH_FREE_ALL);
cleanup ();
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
}
#endif /*USE_GNU_PTH*/

3
scd/scdaemon.h
View file

@ -99,7 +99,8 @@ typedef struct app_ctx_s *app_t;
/*-- scdaemon.c --*/
void scd_exit (int rc);
void scd_init_default_ctrl (CTRL ctrl);
void scd_init_default_ctrl (ctrl_t ctrl);
const char *scd_get_socket_name (void);
/*-- command.c --*/
void scd_command_handler (int);