mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Changed the scdaemon to handle concurrent sessions. Adjusted
gpg-agent accordingly. Code cleanups.
This commit is contained in:
parent
a5c4c4bf12
commit
4237a9cc7f
@ -1,3 +1,8 @@
|
||||
2005-05-15 Werner Koch <wk@g10code.com>
|
||||
|
||||
* configure.ac: Remove option --disable-threads; require the use
|
||||
of GNU Pth.
|
||||
|
||||
2005-04-27 Werner Koch <wk@g10code.com>
|
||||
|
||||
* configure.ac: Removed OpenSC detection and options.
|
||||
|
4
NEWS
4
NEWS
@ -1,8 +1,10 @@
|
||||
Noteworthy changes in version 1.9.17
|
||||
-------------------------------------------------
|
||||
|
||||
* GNU Pth is now a hard requirement.
|
||||
|
||||
* [scdaemon] Support for OpenSC has been removed. Instead a new and
|
||||
starightforward pkcs#15 modules has been written. As of now it
|
||||
straightforward pkcs#15 modules has been written. As of now it
|
||||
does allows only signing using TCOS cards but we are going to
|
||||
enhance it to match all the old capabilities.
|
||||
|
||||
|
14
TODO
14
TODO
@ -35,6 +35,9 @@ might want to have an agent context for each service request
|
||||
to do that while changing gpgsm to allow concurrent operations.
|
||||
** support the anyPolicy semantic
|
||||
** Check that we are really following the verification procedures in rfc3280.
|
||||
** Implement a --card-status command.
|
||||
This is useful to check whether a card is supported at all.
|
||||
|
||||
|
||||
* sm/keydb.c
|
||||
** Check file permissions
|
||||
@ -54,10 +57,6 @@ might want to have an agent context for each service request
|
||||
** Don't use stdio to return results.
|
||||
** Support DSA
|
||||
|
||||
* agent/divert-scd.c
|
||||
Remove the agent_reset_scd kludge. We will do this after Scdaemon
|
||||
has been changed to allow multiple sessions. Currently in progress.
|
||||
|
||||
* Move pkcs-1 encoding into libgcrypt.
|
||||
|
||||
* Use a MAC to protect sensitive files.
|
||||
@ -90,10 +89,3 @@ might want to have an agent context for each service request
|
||||
This means we can't reread a configuration
|
||||
** No card status notifications.
|
||||
|
||||
|
||||
* scd/
|
||||
** Release the card after use so that gpg 1.4 is able to access it
|
||||
This won't be a sufficient change. we need to change gpg 1.4 to make
|
||||
use of the agent. Work is underway.
|
||||
|
||||
|
||||
|
@ -1,3 +1,19 @@
|
||||
2005-05-18 Werner Koch <wk@g10code.com>
|
||||
|
||||
* divert-scd.c (ask_for_card): Removed the card reset kludge.
|
||||
|
||||
2005-05-17 Werner Koch <wk@g10code.com>
|
||||
|
||||
* call-scd.c (unlock_scd): Add new arg CTRL. Changed all callers.
|
||||
(start_scd): Reoworked to allow for additional connections.
|
||||
* agent.h (ctrl_t): Add local data for the SCdaemon.
|
||||
* command.c (start_command_handler): Release SERVER_LOCAL.
|
||||
|
||||
* gpg-agent.c (create_server_socket): Use xmalloc.
|
||||
(main): Removed option --disable-pth a dummy. Removed non-pth
|
||||
code path.
|
||||
(cleanup_sh): Removed. Not needed anymore.
|
||||
|
||||
2005-05-05 Moritz Schulte <moritz@g10code.com>
|
||||
|
||||
* command-ssh.c (ssh_key_to_buffer): Rename to ...
|
||||
|
@ -99,10 +99,19 @@ struct {
|
||||
#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
|
||||
|
||||
struct server_local_s;
|
||||
struct scd_local_s;
|
||||
|
||||
/* Collection of data per session (aka connection). */
|
||||
struct server_control_s {
|
||||
|
||||
/* Private data of the server (command.c). */
|
||||
struct server_local_s *server_local;
|
||||
|
||||
/* Private data of the SCdaemon (call-scd.c). */
|
||||
struct scd_local_s *scd_local;
|
||||
|
||||
int connection_fd; /* -1 or an identifier for the current connection. */
|
||||
|
||||
char *display;
|
||||
char *ttyname;
|
||||
char *ttytype;
|
||||
|
387
agent/call-scd.c
387
agent/call-scd.c
@ -18,12 +18,6 @@
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
|
||||
/* Fixme: For now we have serialized all access to the scdaemon which
|
||||
make sense becuase the scdaemon can't handle concurrent connections
|
||||
right now. We should however keep a list of connections and lock
|
||||
just that connection - it migth make sense to implemtn parts of
|
||||
this in Assuan.*/
|
||||
|
||||
#include <config.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
@ -37,9 +31,7 @@
|
||||
#ifndef HAVE_W32_SYSTEM
|
||||
#include <sys/wait.h>
|
||||
#endif
|
||||
#ifdef USE_GNU_PTH
|
||||
# include <pth.h>
|
||||
#endif
|
||||
#include <pth.h>
|
||||
|
||||
#include "agent.h"
|
||||
#include <assuan.h>
|
||||
@ -50,24 +42,20 @@
|
||||
#define MAX_OPEN_FDS 20
|
||||
#endif
|
||||
|
||||
static ASSUAN_CONTEXT scd_ctx = NULL;
|
||||
#ifdef USE_GNU_PTH
|
||||
static pth_mutex_t scd_lock;
|
||||
#endif
|
||||
/* We need to keep track of the connection currently using the SCD.
|
||||
For a pipe server this is all a NOP because the connection will
|
||||
always have the connection indicator -1. agent_reset_scd releases
|
||||
the active connection; i.e. sets it back to -1, so that a new
|
||||
connection can start using the SCD. If we eventually allow
|
||||
multiple SCD session we will either make scdaemon multi-threaded or
|
||||
fork of a new scdaemon and let it see how it can get access to a
|
||||
reader.
|
||||
*/
|
||||
static int active_connection_fd = -1;
|
||||
static int active_connection = 0;
|
||||
/* Definition of module local data of the CTRL structure. */
|
||||
struct scd_local_s
|
||||
{
|
||||
assuan_context_t ctx; /* NULL or session context for the SCdaemon
|
||||
used with this connection. */
|
||||
int locked; /* This flag is used to assert proper use of
|
||||
start_scd and unlock_scd. */
|
||||
|
||||
};
|
||||
|
||||
|
||||
/* Callback parameter for learn card */
|
||||
struct learn_parm_s {
|
||||
struct learn_parm_s
|
||||
{
|
||||
void (*kpinfo_cb)(void*, const char *);
|
||||
void *kpinfo_cb_arg;
|
||||
void (*certinfo_cb)(void*, const char *);
|
||||
@ -76,13 +64,39 @@ struct learn_parm_s {
|
||||
void *sinfo_cb_arg;
|
||||
};
|
||||
|
||||
struct inq_needpin_s {
|
||||
ASSUAN_CONTEXT ctx;
|
||||
struct inq_needpin_s
|
||||
{
|
||||
assuan_context_t ctx;
|
||||
int (*getpin_cb)(void *, const char *, char*, size_t);
|
||||
void *getpin_cb_arg;
|
||||
};
|
||||
|
||||
|
||||
/* A Mutex used inside the start_scd function. */
|
||||
static pth_mutex_t start_scd_lock;
|
||||
|
||||
/* A malloced string with the name of the socket to be used for
|
||||
additional connections. May be NULL if not provided by
|
||||
SCdaemon. */
|
||||
static char *socket_name;
|
||||
|
||||
/* The context of the primary connection. This is also used as a flag
|
||||
to indicate whether the scdaemon has been started. */
|
||||
static assuan_context_t primary_scd_ctx;
|
||||
|
||||
/* To allow reuse of the primary connection, the following flag is set
|
||||
to true if the primary context has been reset and is not in use by
|
||||
any connection. */
|
||||
static int primary_scd_ctx_reusable;
|
||||
|
||||
|
||||
|
||||
/* Local prototypes. */
|
||||
static assuan_error_t membuf_data_cb (void *opaque,
|
||||
const void *buffer, size_t length);
|
||||
|
||||
|
||||
|
||||
|
||||
/* This function must be called once to initialize this module. This
|
||||
has to be done before a second thread is spawned. We can't do the
|
||||
@ -91,27 +105,35 @@ struct inq_needpin_s {
|
||||
void
|
||||
initialize_module_call_scd (void)
|
||||
{
|
||||
#ifdef USE_GNU_PTH
|
||||
static int initialized;
|
||||
|
||||
if (!initialized)
|
||||
if (pth_mutex_init (&scd_lock))
|
||||
{
|
||||
if (!pth_mutex_init (&start_scd_lock))
|
||||
log_fatal ("error initializing mutex: %s\n", strerror (errno));
|
||||
initialized = 1;
|
||||
#endif /*USE_GNU_PTH*/
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* The unlock_scd function shall be called after having accessed the
|
||||
SCD. It is currently not very useful but gives an opportunity to
|
||||
keep track of connections currently calling SCD. Note that the
|
||||
"lock" operation is done by the start_scd() function which must be
|
||||
called and error checked before any SCD operation. CTRL is the
|
||||
usual connection context and RC the error code to be passed trhough
|
||||
the function. */
|
||||
static int
|
||||
unlock_scd (int rc)
|
||||
unlock_scd (ctrl_t ctrl, int rc)
|
||||
{
|
||||
#ifdef USE_GNU_PTH
|
||||
if (!pth_mutex_release (&scd_lock))
|
||||
if (ctrl->scd_local->locked != 1)
|
||||
{
|
||||
log_error ("failed to release the SCD lock\n");
|
||||
log_error ("unlock_scd: invalid lock count (%d)\n",
|
||||
ctrl->scd_local->locked);
|
||||
if (!rc)
|
||||
rc = gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
#endif /*USE_GNU_PTH*/
|
||||
ctrl->scd_local->locked = 0;
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -125,68 +147,115 @@ atfork_cb (void *opaque, int where)
|
||||
}
|
||||
|
||||
|
||||
/* Fork off the SCdaemon if this has not already been done. Note that
|
||||
this fucntion alos locks the daemon. */
|
||||
/* Fork off the SCdaemon if this has not already been done. Lock the
|
||||
daemon and make sure that a proper context has been setup in CTRL.
|
||||
Thsi fucntion might also lock the daemon, which means that the
|
||||
caller must call unlock_scd after this fucntion has returned
|
||||
success and the actual Assuan transaction been done. */
|
||||
static int
|
||||
start_scd (ctrl_t ctrl)
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err = 0;
|
||||
const char *pgmname;
|
||||
ASSUAN_CONTEXT ctx;
|
||||
const char *argv[3];
|
||||
assuan_context_t ctx;
|
||||
const char *argv[4];
|
||||
int no_close_list[3];
|
||||
int i;
|
||||
int rc;
|
||||
|
||||
if (opt.disable_scdaemon)
|
||||
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||
|
||||
#ifdef USE_GNU_PTH
|
||||
if (!pth_mutex_acquire (&scd_lock, 0, NULL))
|
||||
/* If this is the first call for this session, setup the local data
|
||||
structure. */
|
||||
if (!ctrl->scd_local)
|
||||
{
|
||||
log_error ("failed to acquire the SCD lock\n");
|
||||
ctrl->scd_local = xtrycalloc (1, sizeof *ctrl->scd_local);
|
||||
if (!ctrl->scd_local)
|
||||
return gpg_error_from_errno (errno);
|
||||
}
|
||||
|
||||
|
||||
/* Assert that the lock count is as expected. */
|
||||
if (ctrl->scd_local->locked)
|
||||
{
|
||||
log_error ("start_scd: invalid lock count (%d)\n",
|
||||
ctrl->scd_local->locked);
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
#endif
|
||||
ctrl->scd_local->locked++;
|
||||
|
||||
if (scd_ctx)
|
||||
/* If we already have a context, we better do a sanity check now to
|
||||
see whether it has accidently died. This avoids annoying
|
||||
timeouts and hung connections. */
|
||||
if (ctrl->scd_local->ctx)
|
||||
{
|
||||
pid_t pid;
|
||||
|
||||
/* If we are not the connection currently using the SCD, return
|
||||
an error. */
|
||||
if (!active_connection)
|
||||
{
|
||||
active_connection_fd = ctrl->connection_fd;
|
||||
active_connection = 1;
|
||||
}
|
||||
else if (ctrl->connection_fd != active_connection_fd)
|
||||
return unlock_scd (gpg_error (GPG_ERR_CONFLICT));
|
||||
|
||||
/* Okay, we already started the scdaemon and it is used by us.*/
|
||||
|
||||
/* We better do a sanity check now to see whether it has
|
||||
accidently died. */
|
||||
#ifndef HAVE_W32_SYSTEM
|
||||
pid = assuan_get_pid (scd_ctx);
|
||||
pid = assuan_get_pid (ctrl->scd_local->ctx);
|
||||
if (pid != (pid_t)(-1) && pid
|
||||
&& ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
|
||||
{
|
||||
assuan_disconnect (scd_ctx);
|
||||
scd_ctx = NULL;
|
||||
assuan_disconnect (ctrl->scd_local->ctx);
|
||||
ctrl->scd_local->ctx = NULL;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
return 0;
|
||||
return 0; /* Okay, the context is fine. */
|
||||
}
|
||||
|
||||
/* We need to protect the lowwing code. */
|
||||
if (!pth_mutex_acquire (&start_scd_lock, 0, NULL))
|
||||
{
|
||||
log_error ("failed to acquire the start_scd lock: %s\n",
|
||||
strerror (errno));
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
|
||||
/* Check whether the pipe server has already been started and in
|
||||
this case either reuse a lingering pipe connection or establish a
|
||||
new socket based one. */
|
||||
if (primary_scd_ctx && primary_scd_ctx_reusable)
|
||||
{
|
||||
ctx = primary_scd_ctx;
|
||||
primary_scd_ctx_reusable = 0;
|
||||
if (opt.verbose)
|
||||
log_info ("new connection to SCdaemon established (reusing)\n");
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (socket_name)
|
||||
{
|
||||
rc = assuan_socket_connect (&ctx, socket_name, 0);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("can't connect to socket `%s': %s\n",
|
||||
socket_name, assuan_strerror (rc));
|
||||
err = gpg_error (GPG_ERR_NO_SCDAEMON);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (opt.verbose)
|
||||
log_info ("new connection to SCdaemon established\n");
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (primary_scd_ctx)
|
||||
{
|
||||
log_info ("SCdaemon is running but won't accept further connections\n");
|
||||
err = gpg_error (GPG_ERR_NO_SCDAEMON);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* Nope, it has not been started. Fire it up now. */
|
||||
if (opt.verbose)
|
||||
log_info ("no running SCdaemon - starting it\n");
|
||||
|
||||
if (fflush (NULL))
|
||||
{
|
||||
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
|
||||
err = gpg_error (gpg_err_code_from_errno (errno));
|
||||
log_error ("error flushing pending output: %s\n", strerror (errno));
|
||||
return unlock_scd (tmperr);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (!opt.scdaemon_program || !*opt.scdaemon_program)
|
||||
@ -198,7 +267,8 @@ start_scd (ctrl_t ctrl)
|
||||
|
||||
argv[0] = pgmname;
|
||||
argv[1] = "--server";
|
||||
argv[2] = NULL;
|
||||
argv[2] = "--multi-server";
|
||||
argv[3] = NULL;
|
||||
|
||||
i=0;
|
||||
if (!opt.running_detached)
|
||||
@ -216,30 +286,68 @@ start_scd (ctrl_t ctrl)
|
||||
{
|
||||
log_error ("can't connect to the SCdaemon: %s\n",
|
||||
assuan_strerror (rc));
|
||||
return unlock_scd (gpg_error (GPG_ERR_NO_SCDAEMON));
|
||||
err = gpg_error (GPG_ERR_NO_SCDAEMON);
|
||||
goto leave;
|
||||
}
|
||||
scd_ctx = ctx;
|
||||
active_connection_fd = ctrl->connection_fd;
|
||||
active_connection = 1;
|
||||
|
||||
if (opt.verbose)
|
||||
log_debug ("first connection to SCdaemon established\n");
|
||||
|
||||
/* Get the name of the additional socket opened by scdaemon. */
|
||||
{
|
||||
membuf_t data;
|
||||
unsigned char *databuf;
|
||||
size_t datalen;
|
||||
|
||||
xfree (socket_name);
|
||||
socket_name = NULL;
|
||||
init_membuf (&data, 256);
|
||||
assuan_transact (ctx, "GETINFO socket_name",
|
||||
membuf_data_cb, &data, NULL, NULL, NULL, NULL);
|
||||
|
||||
databuf = get_membuf (&data, &datalen);
|
||||
if (databuf && datalen)
|
||||
{
|
||||
socket_name = xtrymalloc (datalen + 1);
|
||||
if (!socket_name)
|
||||
log_error ("warning: can't store socket name: %s\n",
|
||||
strerror (errno));
|
||||
else
|
||||
{
|
||||
memcpy (socket_name, databuf, datalen);
|
||||
socket_name[datalen] = 0;
|
||||
if (DBG_ASSUAN)
|
||||
log_debug ("connection to SCdaemon established\n");
|
||||
log_debug ("additional connections at `%s'\n", socket_name);
|
||||
}
|
||||
}
|
||||
xfree (databuf);
|
||||
}
|
||||
|
||||
/* Tell the scdaemon that we want him to send us an event signal.
|
||||
But only do this if we are running as a regular sever and not
|
||||
simply as a pipe server. */
|
||||
/* Fixme: gpg-agent does not use this signal yet. */
|
||||
/* if (ctrl->connection_fd != -1) */
|
||||
/* { */
|
||||
/* #ifndef HAVE_W32_SYSTEM */
|
||||
/* char buf[100]; */
|
||||
/* Tell the scdaemon we want him to send us an event signal. */
|
||||
#ifndef HAVE_W32_SYSTEM
|
||||
{
|
||||
char buf[100];
|
||||
|
||||
/* sprintf (buf, "OPTION event-signal=%d", SIGUSR2); */
|
||||
/* assuan_transact (scd_ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL); */
|
||||
/* #endif */
|
||||
/* } */
|
||||
sprintf (buf, "OPTION event-signal=%d", SIGUSR2);
|
||||
assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
primary_scd_ctx = ctx;
|
||||
primary_scd_ctx_reusable = 0;
|
||||
|
||||
leave:
|
||||
if (err)
|
||||
{
|
||||
unlock_scd (ctrl, err);
|
||||
}
|
||||
else
|
||||
{
|
||||
ctrl->scd_local->ctx = ctx;
|
||||
}
|
||||
if (!pth_mutex_release (&start_scd_lock))
|
||||
log_error ("failed to release the start_scd lock: %s\n", strerror (errno));
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
@ -248,25 +356,28 @@ start_scd (ctrl_t ctrl)
|
||||
int
|
||||
agent_reset_scd (ctrl_t ctrl)
|
||||
{
|
||||
int rc = 0;
|
||||
|
||||
#ifdef USE_GNU_PTH
|
||||
if (!pth_mutex_acquire (&scd_lock, 0, NULL))
|
||||
if (ctrl->scd_local)
|
||||
{
|
||||
log_error ("failed to acquire the SCD lock for reset\n");
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
if (ctrl->scd_local->ctx)
|
||||
{
|
||||
/* We can't disconnect the primary context becuase libassuan
|
||||
does a waitpid on it and thus the system would hang.
|
||||
Instead we send a reset and keep that connection for
|
||||
reuse. */
|
||||
if (ctrl->scd_local->ctx == primary_scd_ctx)
|
||||
{
|
||||
if (!assuan_transact (primary_scd_ctx, "RESET",
|
||||
NULL, NULL, NULL, NULL, NULL, NULL))
|
||||
primary_scd_ctx_reusable = 1;
|
||||
}
|
||||
#endif
|
||||
if (active_connection && active_connection_fd == ctrl->connection_fd)
|
||||
{
|
||||
if (scd_ctx)
|
||||
rc = assuan_transact (scd_ctx, "RESET", NULL, NULL,
|
||||
NULL, NULL, NULL, NULL);
|
||||
active_connection_fd = -1;
|
||||
active_connection = 0;
|
||||
else
|
||||
assuan_disconnect (ctrl->scd_local->ctx);
|
||||
}
|
||||
xfree (ctrl->scd_local);
|
||||
ctrl->scd_local = NULL;
|
||||
}
|
||||
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -360,13 +471,13 @@ agent_card_learn (ctrl_t ctrl,
|
||||
parm.certinfo_cb_arg = certinfo_cb_arg;
|
||||
parm.sinfo_cb = sinfo_cb;
|
||||
parm.sinfo_cb_arg = sinfo_cb_arg;
|
||||
rc = assuan_transact (scd_ctx, "LEARN --force",
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, "LEARN --force",
|
||||
NULL, NULL, NULL, NULL,
|
||||
learn_status_cb, &parm);
|
||||
if (rc)
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
|
||||
return unlock_scd (0);
|
||||
return unlock_scd (ctrl, 0);
|
||||
}
|
||||
|
||||
|
||||
@ -414,16 +525,16 @@ agent_card_serialno (ctrl_t ctrl, char **r_serialno)
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
rc = assuan_transact (scd_ctx, "SERIALNO",
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, "SERIALNO",
|
||||
NULL, NULL, NULL, NULL,
|
||||
get_serialno_cb, &serialno);
|
||||
if (rc)
|
||||
{
|
||||
xfree (serialno);
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
}
|
||||
*r_serialno = serialno;
|
||||
return unlock_scd (0);
|
||||
return unlock_scd (ctrl, 0);
|
||||
}
|
||||
|
||||
|
||||
@ -495,31 +606,32 @@ agent_card_pksign (ctrl_t ctrl,
|
||||
return rc;
|
||||
|
||||
if (indatalen*2 + 50 > DIM(line))
|
||||
return unlock_scd (gpg_error (GPG_ERR_GENERAL));
|
||||
return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
|
||||
|
||||
sprintf (line, "SETDATA ");
|
||||
p = line + strlen (line);
|
||||
for (i=0; i < indatalen ; i++, p += 2 )
|
||||
sprintf (p, "%02X", indata[i]);
|
||||
rc = assuan_transact (scd_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, line,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
if (rc)
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
|
||||
init_membuf (&data, 1024);
|
||||
inqparm.ctx = scd_ctx;
|
||||
inqparm.ctx = ctrl->scd_local->ctx;
|
||||
inqparm.getpin_cb = getpin_cb;
|
||||
inqparm.getpin_cb_arg = getpin_cb_arg;
|
||||
snprintf (line, DIM(line)-1,
|
||||
ctrl->use_auth_call? "PKAUTH %s":"PKSIGN %s", keyid);
|
||||
line[DIM(line)-1] = 0;
|
||||
rc = assuan_transact (scd_ctx, line,
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, line,
|
||||
membuf_data_cb, &data,
|
||||
inq_needpin, &inqparm,
|
||||
NULL, NULL);
|
||||
if (rc)
|
||||
{
|
||||
xfree (get_membuf (&data, &len));
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
}
|
||||
sigbuf = get_membuf (&data, &sigbuflen);
|
||||
|
||||
@ -531,7 +643,7 @@ agent_card_pksign (ctrl_t ctrl,
|
||||
{
|
||||
gpg_error_t tmperr = out_of_core ();
|
||||
xfree (*r_buf);
|
||||
return unlock_scd (tmperr);
|
||||
return unlock_scd (ctrl, tmperr);
|
||||
}
|
||||
p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" );
|
||||
sprintf (p, "%u:", (unsigned int)sigbuflen);
|
||||
@ -542,7 +654,7 @@ agent_card_pksign (ctrl_t ctrl,
|
||||
xfree (sigbuf);
|
||||
|
||||
assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
|
||||
return unlock_scd (0);
|
||||
return unlock_scd (ctrl, 0);
|
||||
}
|
||||
|
||||
/* Decipher INDATA using the current card. Note that the returned value is */
|
||||
@ -567,36 +679,37 @@ agent_card_pkdecrypt (ctrl_t ctrl,
|
||||
|
||||
/* FIXME: use secure memory where appropriate */
|
||||
if (indatalen*2 + 50 > DIM(line))
|
||||
return unlock_scd (gpg_error (GPG_ERR_GENERAL));
|
||||
return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
|
||||
|
||||
sprintf (line, "SETDATA ");
|
||||
p = line + strlen (line);
|
||||
for (i=0; i < indatalen ; i++, p += 2 )
|
||||
sprintf (p, "%02X", indata[i]);
|
||||
rc = assuan_transact (scd_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, line,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
if (rc)
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
|
||||
init_membuf (&data, 1024);
|
||||
inqparm.ctx = scd_ctx;
|
||||
inqparm.ctx = ctrl->scd_local->ctx;
|
||||
inqparm.getpin_cb = getpin_cb;
|
||||
inqparm.getpin_cb_arg = getpin_cb_arg;
|
||||
snprintf (line, DIM(line)-1, "PKDECRYPT %s", keyid);
|
||||
line[DIM(line)-1] = 0;
|
||||
rc = assuan_transact (scd_ctx, line,
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, line,
|
||||
membuf_data_cb, &data,
|
||||
inq_needpin, &inqparm,
|
||||
NULL, NULL);
|
||||
if (rc)
|
||||
{
|
||||
xfree (get_membuf (&data, &len));
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
}
|
||||
*r_buf = get_membuf (&data, r_buflen);
|
||||
if (!*r_buf)
|
||||
return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
|
||||
return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
|
||||
|
||||
return unlock_scd (0);
|
||||
return unlock_scd (ctrl, 0);
|
||||
}
|
||||
|
||||
|
||||
@ -619,20 +732,20 @@ agent_card_readcert (ctrl_t ctrl,
|
||||
init_membuf (&data, 1024);
|
||||
snprintf (line, DIM(line)-1, "READCERT %s", id);
|
||||
line[DIM(line)-1] = 0;
|
||||
rc = assuan_transact (scd_ctx, line,
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, line,
|
||||
membuf_data_cb, &data,
|
||||
NULL, NULL,
|
||||
NULL, NULL);
|
||||
if (rc)
|
||||
{
|
||||
xfree (get_membuf (&data, &len));
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
}
|
||||
*r_buf = get_membuf (&data, r_buflen);
|
||||
if (!*r_buf)
|
||||
return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
|
||||
return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
|
||||
|
||||
return unlock_scd (0);
|
||||
return unlock_scd (ctrl, 0);
|
||||
}
|
||||
|
||||
|
||||
@ -655,26 +768,26 @@ agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf)
|
||||
init_membuf (&data, 1024);
|
||||
snprintf (line, DIM(line)-1, "READKEY %s", id);
|
||||
line[DIM(line)-1] = 0;
|
||||
rc = assuan_transact (scd_ctx, line,
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, line,
|
||||
membuf_data_cb, &data,
|
||||
NULL, NULL,
|
||||
NULL, NULL);
|
||||
if (rc)
|
||||
{
|
||||
xfree (get_membuf (&data, &len));
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
}
|
||||
*r_buf = get_membuf (&data, &buflen);
|
||||
if (!*r_buf)
|
||||
return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
|
||||
return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
|
||||
|
||||
if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
|
||||
{
|
||||
xfree (*r_buf); *r_buf = NULL;
|
||||
return unlock_scd (gpg_error (GPG_ERR_INV_VALUE));
|
||||
return unlock_scd (ctrl, gpg_error (GPG_ERR_INV_VALUE));
|
||||
}
|
||||
|
||||
return unlock_scd (0);
|
||||
return unlock_scd (ctrl, 0);
|
||||
}
|
||||
|
||||
|
||||
@ -744,7 +857,7 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
err = map_assuan_err (assuan_transact (scd_ctx, line,
|
||||
err = map_assuan_err (assuan_transact (ctrl->scd_local->ctx, line,
|
||||
NULL, NULL, NULL, NULL,
|
||||
card_getattr_cb, &parm));
|
||||
if (!err && parm.error)
|
||||
@ -758,7 +871,7 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
|
||||
else
|
||||
xfree (parm.data);
|
||||
|
||||
return unlock_scd (err);
|
||||
return unlock_scd (ctrl, err);
|
||||
}
|
||||
|
||||
|
||||
@ -810,19 +923,19 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
inqparm.ctx = scd_ctx;
|
||||
inqparm.ctx = ctrl->scd_local->ctx;
|
||||
inqparm.getpin_cb = getpin_cb;
|
||||
inqparm.getpin_cb_arg = getpin_cb_arg;
|
||||
rc = assuan_transact (scd_ctx, cmdline,
|
||||
rc = assuan_transact (ctrl->scd_local->ctx, cmdline,
|
||||
pass_data_thru, assuan_context,
|
||||
inq_needpin, &inqparm,
|
||||
pass_status_thru, assuan_context);
|
||||
if (rc)
|
||||
{
|
||||
return unlock_scd (map_assuan_err (rc));
|
||||
return unlock_scd (ctrl, map_assuan_err (rc));
|
||||
}
|
||||
|
||||
return unlock_scd (0);
|
||||
return unlock_scd (ctrl, 0);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1061,5 +1061,6 @@ start_command_handler (int listen_fd, int fd)
|
||||
free (ctrl.lc_ctype);
|
||||
if (ctrl.lc_messages)
|
||||
free (ctrl.lc_messages);
|
||||
xfree (ctrl.server_local);
|
||||
}
|
||||
|
||||
|
@ -108,13 +108,6 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
|
||||
|
||||
if (!rc)
|
||||
{
|
||||
/* We better reset the SCD now. This is kludge required
|
||||
because the scdaemon is currently not always able to
|
||||
detect the presence of a card. With a fully working
|
||||
scdaemon this would not be required; i.e. the pkcs#15
|
||||
support does not require it because OpenSC correclty
|
||||
detects a present card. */
|
||||
agent_reset_scd (ctrl);
|
||||
if (asprintf (&desc,
|
||||
"%s:%%0A%%0A"
|
||||
" \"%.*s\"",
|
||||
|
@ -37,9 +37,7 @@
|
||||
#endif /*HAVE_W32_SYSTEM*/
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
#ifdef USE_GNU_PTH
|
||||
# include <pth.h>
|
||||
#endif
|
||||
#include <pth.h>
|
||||
|
||||
#define JNLIB_NEED_LOG_LOGV
|
||||
#include "agent.h"
|
||||
@ -83,7 +81,6 @@ enum cmd_and_opt_values
|
||||
oLCctype,
|
||||
oLCmessages,
|
||||
oScdaemonProgram,
|
||||
oDisablePth,
|
||||
oDefCacheTTL,
|
||||
oMaxCacheTTL,
|
||||
oUseStandardSocket,
|
||||
@ -120,7 +117,6 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
|
||||
{ oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")},
|
||||
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
|
||||
{ oDisablePth, "disable-pth", 0, N_("do not allow multiple connections")},
|
||||
{ oUseStandardSocket, "use-standard-socket", 0,
|
||||
N_("use a standard location for the socket")},
|
||||
{ oNoUseStandardSocket, "no-use-standard-socket", 0, "@"},
|
||||
@ -157,7 +153,6 @@ static ARGPARSE_OPTS opts[] = {
|
||||
#define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
|
||||
#define MAX_CACHE_TTL (120*60) /* 2 hours */
|
||||
|
||||
static volatile int caught_fatal_sig = 0;
|
||||
|
||||
/* flag to indicate that a shutdown was requested */
|
||||
static int shutdown_pending;
|
||||
@ -190,10 +185,11 @@ static const char *debug_level;
|
||||
static char *current_logfile;
|
||||
|
||||
/* The handle_tick() function may test whether a parent is still
|
||||
runing. We record the PID of the parent here or -1 if it should be
|
||||
running. We record the PID of the parent here or -1 if it should be
|
||||
watched. */
|
||||
static pid_t parent_pid = (pid_t)(-1);
|
||||
|
||||
|
||||
/*
|
||||
Local prototypes.
|
||||
*/
|
||||
@ -203,17 +199,15 @@ static char *create_socket_name (int use_standard_socket,
|
||||
static int create_server_socket (int is_standard_name, const char *name);
|
||||
static void create_directories (void);
|
||||
|
||||
#ifdef USE_GNU_PTH
|
||||
static void handle_connections (int listen_fd, int listen_fd_ssh);
|
||||
/* Pth wrapper function definitions. */
|
||||
GCRY_THREAD_OPTION_PTH_IMPL;
|
||||
#endif /*USE_GNU_PTH*/
|
||||
|
||||
static int check_for_running_agent (int);
|
||||
|
||||
/* Pth wrapper function definitions. */
|
||||
GCRY_THREAD_OPTION_PTH_IMPL;
|
||||
|
||||
|
||||
|
||||
|
||||
/*
|
||||
Functions.
|
||||
*/
|
||||
@ -351,28 +345,6 @@ cleanup (void)
|
||||
}
|
||||
|
||||
|
||||
static RETSIGTYPE
|
||||
cleanup_sh (int sig)
|
||||
{
|
||||
if (caught_fatal_sig)
|
||||
raise (sig);
|
||||
caught_fatal_sig = 1;
|
||||
|
||||
/* gcry_control( GCRYCTL_TERM_SECMEM );*/
|
||||
cleanup ();
|
||||
|
||||
#ifndef HAVE_DOSISH_SYSTEM
|
||||
{ /* reset action to default action and raise signal again */
|
||||
struct sigaction nact;
|
||||
nact.sa_handler = SIG_DFL;
|
||||
sigemptyset( &nact.sa_mask );
|
||||
nact.sa_flags = 0;
|
||||
sigaction( sig, &nact, NULL);
|
||||
}
|
||||
#endif
|
||||
raise( sig );
|
||||
}
|
||||
|
||||
|
||||
/* Handle options which are allowed to be reset after program start.
|
||||
Return true when the current option in PARGS could be handled and
|
||||
@ -462,7 +434,6 @@ main (int argc, char **argv )
|
||||
int csh_style = 0;
|
||||
char *logfile = NULL;
|
||||
int debug_wait = 0;
|
||||
int disable_pth = 0;
|
||||
int gpgconf_list = 0;
|
||||
int standard_socket = 0;
|
||||
gpg_error_t err;
|
||||
@ -481,14 +452,12 @@ main (int argc, char **argv )
|
||||
|
||||
/* Libgcrypt requires us to register the threading model first.
|
||||
Note that this will also do the pth_init. */
|
||||
#ifdef USE_GNU_PTH
|
||||
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
|
||||
if (err)
|
||||
{
|
||||
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
|
||||
gpg_strerror (err));
|
||||
}
|
||||
#endif /*USE_GNU_PTH*/
|
||||
|
||||
|
||||
/* Check that the libraries are suitable. Do it here because
|
||||
@ -634,7 +603,6 @@ main (int argc, char **argv )
|
||||
case oSh: csh_style = 0; break;
|
||||
case oServer: pipe_server = 1; break;
|
||||
case oDaemon: is_daemon = 1; break;
|
||||
case oDisablePth: disable_pth = 1; break;
|
||||
|
||||
case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
|
||||
case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
|
||||
@ -983,45 +951,17 @@ main (int argc, char **argv )
|
||||
exit (1);
|
||||
}
|
||||
|
||||
#endif /*!HAVE_W32_SYSTEM*/
|
||||
|
||||
|
||||
#ifdef USE_GNU_PTH
|
||||
if (!disable_pth)
|
||||
{
|
||||
#ifndef HAVE_W32_SYSTEM /* FIXME */
|
||||
struct sigaction sa;
|
||||
|
||||
sa.sa_handler = SIG_IGN;
|
||||
sigemptyset (&sa.sa_mask);
|
||||
sa.sa_flags = 0;
|
||||
sigaction (SIGPIPE, &sa, NULL);
|
||||
#endif
|
||||
}
|
||||
#endif /*!HAVE_W32_SYSTEM*/
|
||||
|
||||
handle_connections (fd, opt.ssh_support ? fd_ssh : -1);
|
||||
}
|
||||
else
|
||||
#endif /*!USE_GNU_PTH*/
|
||||
/* setup signals */
|
||||
{
|
||||
#ifndef HAVE_W32_SYSTEM /* FIXME */
|
||||
struct sigaction oact, nact;
|
||||
|
||||
nact.sa_handler = cleanup_sh;
|
||||
sigemptyset (&nact.sa_mask);
|
||||
nact.sa_flags = 0;
|
||||
|
||||
sigaction (SIGHUP, NULL, &oact);
|
||||
if (oact.sa_handler != SIG_IGN)
|
||||
sigaction (SIGHUP, &nact, NULL);
|
||||
sigaction( SIGTERM, NULL, &oact );
|
||||
if (oact.sa_handler != SIG_IGN)
|
||||
sigaction (SIGTERM, &nact, NULL);
|
||||
nact.sa_handler = SIG_IGN;
|
||||
sigaction (SIGPIPE, &nact, NULL);
|
||||
sigaction (SIGINT, &nact, NULL);
|
||||
#endif
|
||||
start_command_handler (fd, -1);
|
||||
}
|
||||
close (fd);
|
||||
}
|
||||
|
||||
@ -1127,7 +1067,7 @@ reread_configuration (void)
|
||||
|
||||
|
||||
/* Create a name for the socket. With USE_STANDARD_SOCKET given as
|
||||
true ising STANDARD_NAME in the home directory or if given has
|
||||
true using STANDARD_NAME in the home directory or if given has
|
||||
false from the mkdir type name TEMPLATE. In the latter case a
|
||||
unique name in a unique new directory will be created. In both
|
||||
cases check for valid characters as well as against a maximum
|
||||
@ -1195,7 +1135,7 @@ create_server_socket (int is_standard_name, const char *name)
|
||||
agent_exit (2);
|
||||
}
|
||||
|
||||
serv_addr = malloc (sizeof (*serv_addr)); /* FIXME. */
|
||||
serv_addr = xmalloc (sizeof (*serv_addr));
|
||||
memset (serv_addr, 0, sizeof *serv_addr);
|
||||
serv_addr->sun_family = AF_UNIX;
|
||||
assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
|
||||
@ -1325,7 +1265,6 @@ create_directories (void)
|
||||
|
||||
|
||||
|
||||
#ifdef USE_GNU_PTH
|
||||
/* This is the worker for the ticker. It is called every few seconds
|
||||
and may only do fast operations. */
|
||||
static void
|
||||
@ -1581,7 +1520,6 @@ handle_connections (int listen_fd, int listen_fd_ssh)
|
||||
cleanup ();
|
||||
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
|
||||
}
|
||||
#endif /*USE_GNU_PTH*/
|
||||
|
||||
|
||||
/* Figure out whether an agent is available and running. Prints an
|
||||
|
11
configure.ac
11
configure.ac
@ -541,10 +541,6 @@ fi
|
||||
AC_SUBST(PTH_CFLAGS)
|
||||
AC_SUBST(PTH_LIBS)
|
||||
|
||||
AC_ARG_ENABLE(threads,
|
||||
AC_HELP_STRING([--disable-threads],[allow building without Pth support])
|
||||
)
|
||||
|
||||
|
||||
dnl Must check for network library requirements before doing link tests
|
||||
dnl for ldap, for example. If ldap libs are static (or dynamic and without
|
||||
@ -1106,17 +1102,14 @@ fi
|
||||
if test "$missing_pth" = "yes"; then
|
||||
AC_MSG_NOTICE([[
|
||||
***
|
||||
*** It is strongly suggested to build with support for the
|
||||
*** It is now required to build with support for the
|
||||
*** GNU Portable Threads Library (Pth). Please install this
|
||||
*** library first or use --disable-threads to allow building
|
||||
*** anyway. The library is for example available at
|
||||
*** library first. The library is for example available at
|
||||
*** ftp://ftp.gnu.org/gnu/pth/
|
||||
*** On a Debian GNU/Linux system you can install it using
|
||||
*** apt-get install libpth-dev
|
||||
***]])
|
||||
if test "$enable_threads" != "no"; then
|
||||
die=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$die" = "yes"; then
|
||||
|
@ -1,3 +1,7 @@
|
||||
2005-05-17 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpg-agent.texi (Agent Options): Removed --disable-pth.
|
||||
|
||||
2005-04-27 Werner Koch <wk@g10code.com>
|
||||
|
||||
* tools.texi (symcryptrun): Added.
|
||||
|
@ -253,11 +253,6 @@ should in general not be used to avaoid X-sniffing attacks.
|
||||
Append all logging output to @var{file}. This is very helpful in
|
||||
seeing what the agent actually does.
|
||||
|
||||
@item --disable-pth
|
||||
@opindex disable-pth
|
||||
Don't allow multiple connections. This option is in general not very
|
||||
useful.
|
||||
|
||||
@anchor{option --allow-mark-trusted}
|
||||
@item --allow-mark-trusted
|
||||
@opindex allow-mark-trusted
|
||||
|
@ -722,6 +722,16 @@ directory stated through the environment variable @env{GNUPGHOME} or
|
||||
(on W32 systems) by means on the Registry entry
|
||||
@var{HKCU\Software\GNU\GnuPG:HomeDir}.
|
||||
|
||||
|
||||
@item -S
|
||||
@itemx --raw-socket @var{name}
|
||||
@opindex S
|
||||
@opindex raw-socket
|
||||
Connect to socket @var{name} assuming this is an Assuan style server.
|
||||
Do not run any special initializations or environment checks. This may
|
||||
be used to directly connect to any Assuan style socket server.
|
||||
|
||||
|
||||
@end table
|
||||
|
||||
@c
|
||||
|
@ -1,3 +1,39 @@
|
||||
2005-05-17 Werner Koch <wk@g10code.com>
|
||||
|
||||
* scdaemon.c: Removed non-pth code paths.
|
||||
(create_socket_name, create_server_socket): New. Taken from
|
||||
../agent/gpg-agent.
|
||||
(cleanup): Changed to adjust for SOCKET_NAME now being malloced.
|
||||
(ticker_thread): Always use pth_event_occurred; it is again
|
||||
defined for all decent PTH versions.
|
||||
(handle_connections): New. Based on the gpg-agent code.
|
||||
(start_connection_thread): Ditto.
|
||||
(ticker_thread): Removed.
|
||||
(cleanup_sh): Removed.
|
||||
(main): Run the handler for the pipe server in a separate
|
||||
thread. This replaces the old ticker thread.
|
||||
(scd_get_socket_name): New.
|
||||
* command.c (cmd_getinfo): New command GETINFO.
|
||||
(scd_command_handler): Renamed argument and changed code to use an
|
||||
already connected FD.
|
||||
|
||||
2005-05-15 Werner Koch <wk@g10code.com>
|
||||
|
||||
* app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c
|
||||
* app-openpgp.c: Change most function return types from int to
|
||||
gpg_error_t.
|
||||
* command.c (pin_cb): Ditto.
|
||||
* sc-copykeys.c (pincb): Ditto.
|
||||
|
||||
* app.c (lock_reader, unlock_reader): New. Changed call handler
|
||||
wrappers to make use of these functions.
|
||||
|
||||
2005-05-07 Werner Koch <wk@g10code.com>
|
||||
|
||||
* ccid-driver.c (do_close_reader): Don't do a reset before close.
|
||||
Some folks reported that it makes the SCR335 hang less often.
|
||||
Look at the source on how to re-enable it.
|
||||
|
||||
2005-04-27 Werner Koch <wk@g10code.com>
|
||||
|
||||
* app-p15.c (micardo_mse): New.
|
||||
|
@ -20,6 +20,10 @@
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
/* NOTE: This module is also used by other software, thus the use of
|
||||
the macro USE_GNU_PTH is mandatory. For GnuPG this macro is
|
||||
guaranteed to be defined true. */
|
||||
|
||||
#include <config.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
|
101
scd/app-common.h
101
scd/app-common.h
@ -46,56 +46,56 @@ struct app_ctx_s {
|
||||
struct app_local_s *app_local; /* Local to the application. */
|
||||
struct {
|
||||
void (*deinit) (app_t app);
|
||||
int (*learn_status) (app_t app, ctrl_t ctrl);
|
||||
int (*readcert) (app_t app, const char *certid,
|
||||
gpg_error_t (*learn_status) (app_t app, ctrl_t ctrl);
|
||||
gpg_error_t (*readcert) (app_t app, const char *certid,
|
||||
unsigned char **cert, size_t *certlen);
|
||||
int (*readkey) (app_t app, const char *certid,
|
||||
gpg_error_t (*readkey) (app_t app, const char *certid,
|
||||
unsigned char **pk, size_t *pklen);
|
||||
int (*getattr) (app_t app, ctrl_t ctrl, const char *name);
|
||||
int (*setattr) (app_t app, const char *name,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*getattr) (app_t app, ctrl_t ctrl, const char *name);
|
||||
gpg_error_t (*setattr) (app_t app, const char *name,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const unsigned char *value, size_t valuelen);
|
||||
int (*sign) (app_t app,
|
||||
gpg_error_t (*sign) (app_t app,
|
||||
const char *keyidstr, int hashalgo,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen );
|
||||
int (*auth) (app_t app, const char *keyidstr,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*auth) (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen);
|
||||
int (*decipher) (app_t app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*decipher) (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen);
|
||||
int (*genkey) (app_t app, ctrl_t ctrl,
|
||||
gpg_error_t (*genkey) (app_t app, ctrl_t ctrl,
|
||||
const char *keynostr, unsigned int flags,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
int (*change_pin) (app_t app, ctrl_t ctrl,
|
||||
gpg_error_t (*change_pin) (app_t app, ctrl_t ctrl,
|
||||
const char *chvnostr, int reset_mode,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
int (*check_pin) (app_t app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*check_pin) (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
} fnc;
|
||||
|
||||
};
|
||||
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
int app_select_openpgp (app_t app);
|
||||
int app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
|
||||
int app_openpgp_storekey (app_t app, int keyno,
|
||||
gpg_error_t app_select_openpgp (app_t app);
|
||||
gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
|
||||
gpg_error_t app_openpgp_storekey (app_t app, int keyno,
|
||||
unsigned char *template, size_t template_len,
|
||||
time_t created_at,
|
||||
const unsigned char *m, size_t mlen,
|
||||
const unsigned char *e, size_t elen,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
#else
|
||||
/*-- app-help.c --*/
|
||||
@ -107,72 +107,73 @@ size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff);
|
||||
gpg_error_t select_application (ctrl_t ctrl, int slot, const char *name,
|
||||
app_t *r_app);
|
||||
void release_application (app_t app);
|
||||
int app_munge_serialno (app_t app);
|
||||
int app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
|
||||
int app_write_learn_status (app_t app, ctrl_t ctrl);
|
||||
int app_readcert (app_t app, const char *certid,
|
||||
gpg_error_t app_munge_serialno (app_t app);
|
||||
gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
|
||||
gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl);
|
||||
gpg_error_t app_readcert (app_t app, const char *certid,
|
||||
unsigned char **cert, size_t *certlen);
|
||||
int app_readkey (app_t app, const char *keyid,
|
||||
gpg_error_t app_readkey (app_t app, const char *keyid,
|
||||
unsigned char **pk, size_t *pklen);
|
||||
int app_getattr (app_t app, ctrl_t ctrl, const char *name);
|
||||
int app_setattr (app_t app, const char *name,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t app_getattr (app_t app, ctrl_t ctrl, const char *name);
|
||||
gpg_error_t app_setattr (app_t app, const char *name,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const unsigned char *value, size_t valuelen);
|
||||
int app_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t app_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen );
|
||||
int app_auth (app_t app, const char *keyidstr,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t app_auth (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen);
|
||||
int app_decipher (app_t app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t app_decipher (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen );
|
||||
int app_genkey (app_t app, ctrl_t ctrl,
|
||||
gpg_error_t app_genkey (app_t app, ctrl_t ctrl,
|
||||
const char *keynostr, unsigned int flags,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
int app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer);
|
||||
int app_change_pin (app_t app, ctrl_t ctrl,
|
||||
gpg_error_t app_get_challenge (app_t app, size_t nbytes,
|
||||
unsigned char *buffer);
|
||||
gpg_error_t app_change_pin (app_t app, ctrl_t ctrl,
|
||||
const char *chvnostr, int reset_mode,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
int app_check_pin (app_t app, const char *keyidstr,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t app_check_pin (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
|
||||
|
||||
/*-- app-openpgp.c --*/
|
||||
int app_select_openpgp (app_t app);
|
||||
gpg_error_t app_select_openpgp (app_t app);
|
||||
|
||||
int app_openpgp_cardinfo (app_t app,
|
||||
gpg_error_t app_openpgp_cardinfo (app_t app,
|
||||
char **serialno,
|
||||
char **disp_name,
|
||||
char **pubkey_url,
|
||||
unsigned char **fpr1,
|
||||
unsigned char **fpr2,
|
||||
unsigned char **fpr3);
|
||||
int app_openpgp_storekey (app_t app, int keyno,
|
||||
gpg_error_t app_openpgp_storekey (app_t app, int keyno,
|
||||
unsigned char *template, size_t template_len,
|
||||
time_t created_at,
|
||||
const unsigned char *m, size_t mlen,
|
||||
const unsigned char *e, size_t elen,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg);
|
||||
int app_openpgp_readkey (app_t app, int keyno,
|
||||
gpg_error_t app_openpgp_readkey (app_t app, int keyno,
|
||||
unsigned char **m, size_t *mlen,
|
||||
unsigned char **e, size_t *elen);
|
||||
/*-- app-nks.c --*/
|
||||
int app_select_nks (app_t app);
|
||||
gpg_error_t app_select_nks (app_t app);
|
||||
|
||||
/*-- app-dinsig.c --*/
|
||||
int app_select_dinsig (app_t app);
|
||||
gpg_error_t app_select_dinsig (app_t app);
|
||||
|
||||
/*-- app-p15.c --*/
|
||||
gpg_error_t app_select_p15 (app_t app);
|
||||
|
@ -85,7 +85,7 @@
|
||||
#include "tlv.h"
|
||||
|
||||
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_learn_status (app_t app, ctrl_t ctrl)
|
||||
{
|
||||
gpg_error_t err;
|
||||
@ -162,7 +162,7 @@ do_learn_status (app_t app, ctrl_t ctrl)
|
||||
|
||||
FIXME: This needs some cleanups and caching with do_learn_status.
|
||||
*/
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_readcert (app_t app, const char *certid,
|
||||
unsigned char **cert, size_t *certlen)
|
||||
{
|
||||
@ -273,9 +273,9 @@ do_readcert (app_t app, const char *certid,
|
||||
|
||||
|
||||
/* Verify the PIN if required. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
verify_pin (app_t app,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
if (!app->did_chv1 || app->force_chv1 )
|
||||
@ -326,9 +326,9 @@ verify_pin (app_t app,
|
||||
If a PIN is required the PINCB will be used to ask for the PIN;
|
||||
that callback should return the PIN in an allocated buffer and
|
||||
store that in the 3rd argument. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
@ -397,7 +397,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
|
||||
/* Select the DINSIG application on the card in SLOT. This function
|
||||
must be used before any other DINSIG application functions. */
|
||||
int
|
||||
gpg_error_t
|
||||
app_select_dinsig (APP app)
|
||||
{
|
||||
static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 };
|
||||
|
@ -117,7 +117,7 @@ keygripstr_from_pk_file (int slot, int fid, char *r_gripstr)
|
||||
|
||||
|
||||
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_learn_status (APP app, CTRL ctrl)
|
||||
{
|
||||
gpg_error_t err;
|
||||
@ -175,7 +175,7 @@ do_learn_status (APP app, CTRL ctrl)
|
||||
the CERTINFO status lines) and return it in the freshly allocated
|
||||
buffer put into CERT and the length of the certificate put into
|
||||
CERTLEN. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_readcert (app_t app, const char *certid,
|
||||
unsigned char **cert, size_t *certlen)
|
||||
{
|
||||
@ -299,9 +299,9 @@ do_readcert (app_t app, const char *certid,
|
||||
|
||||
|
||||
/* Verify the PIN if required. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
verify_pin (app_t app,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
/* Note that force_chv1 is never set but we do it here anyway so
|
||||
@ -357,9 +357,9 @@ verify_pin (app_t app,
|
||||
If a PIN is required the PINCB will be used to ask for the PIN;
|
||||
that callback should return the PIN in an allocated buffer and
|
||||
store that in the 3rd argument. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
@ -435,9 +435,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
|
||||
If a PIN is required the PINCB will be used to ask for the PIN; it
|
||||
should return the PIN in an allocated buffer and put it into PIN. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_decipher (app_t app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
@ -485,7 +485,7 @@ do_decipher (app_t app, const char *keyidstr,
|
||||
|
||||
|
||||
/* Select the NKS 2.0 application on the card in SLOT. */
|
||||
int
|
||||
gpg_error_t
|
||||
app_select_nks (APP app)
|
||||
{
|
||||
static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x03, 0x01, 0x02 };
|
||||
|
@ -547,7 +547,7 @@ parse_login_data (app_t app)
|
||||
}
|
||||
|
||||
/* Note, that FPR must be at least 20 bytes. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
store_fpr (int slot, int keynumber, u32 timestamp,
|
||||
const unsigned char *m, size_t mlen,
|
||||
const unsigned char *e, size_t elen,
|
||||
@ -671,7 +671,7 @@ send_key_data (ctrl_t ctrl, const char *name,
|
||||
|
||||
/* Implement the GETATTR command. This is similar to the LEARN
|
||||
command but returns just one value via the status interface. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
||||
{
|
||||
static struct {
|
||||
@ -1168,7 +1168,7 @@ send_keypair_info (app_t app, ctrl_t ctrl, int keyno)
|
||||
|
||||
|
||||
/* Handle the LEARN command for OpenPGP. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_learn_status (app_t app, ctrl_t ctrl)
|
||||
{
|
||||
do_getattr (app, ctrl, "EXTCAP");
|
||||
@ -1204,7 +1204,7 @@ do_learn_status (app_t app, ctrl_t ctrl)
|
||||
its length (for assertions) at PKLEN; the caller must release that
|
||||
buffer. On error PK and PKLEN are not changed and an error code is
|
||||
returned. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
|
||||
{
|
||||
gpg_error_t err;
|
||||
@ -1236,9 +1236,9 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
|
||||
|
||||
/* Verify CHV2 if required. Depending on the configuration of the
|
||||
card CHV1 will also be verified. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
verify_chv2 (app_t app,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc = 0;
|
||||
@ -1292,9 +1292,9 @@ verify_chv2 (app_t app,
|
||||
}
|
||||
|
||||
/* Verify CHV3 if required. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
verify_chv3 (app_t app,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc = 0;
|
||||
@ -1366,9 +1366,9 @@ verify_chv3 (app_t app,
|
||||
|
||||
/* Handle the SETATTR operation. All arguments are already basically
|
||||
checked. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_setattr (app_t app, const char *name,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const unsigned char *value, size_t valuelen)
|
||||
{
|
||||
@ -1434,9 +1434,9 @@ do_setattr (app_t app, const char *name,
|
||||
|
||||
|
||||
/* Handle the PASSWD command. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc = 0;
|
||||
@ -1525,9 +1525,9 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
|
||||
|
||||
|
||||
/* Handle the GENKEY command. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc;
|
||||
@ -1691,7 +1691,7 @@ get_sig_counter (app_t app)
|
||||
return ul;
|
||||
}
|
||||
|
||||
static int
|
||||
static gpg_error_t
|
||||
compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
|
||||
{
|
||||
const unsigned char *fpr;
|
||||
@ -1731,7 +1731,7 @@ compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
|
||||
the key on the card has been replaced but the shadow information
|
||||
known to gpg was not updated. If there is no fingerprint we
|
||||
assume that this is okay. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
check_against_given_fingerprint (app_t app, const char *fpr, int keyno)
|
||||
{
|
||||
unsigned char tmp[20];
|
||||
@ -1762,9 +1762,9 @@ check_against_given_fingerprint (app_t app, const char *fpr, int keyno)
|
||||
GPG_ERR_WRONG_CARD to indicate that the card currently present does
|
||||
not match the one required for the requested action (e.g. the
|
||||
serial number does not match). */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
@ -1911,9 +1911,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
GPG_ERR_WRONG_CARD to indicate that the card currently present does
|
||||
not match the one required for the requested action (e.g. the
|
||||
serial number does not match). */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_auth (app_t app, const char *keyidstr,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
@ -1974,9 +1974,9 @@ do_auth (app_t app, const char *keyidstr,
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_decipher (app_t app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
@ -2040,9 +2040,9 @@ do_decipher (app_t app, const char *keyidstr,
|
||||
There is a special mode if the keyidstr is "<serialno>[CHV3]" with
|
||||
the "[CHV3]" being a literal string: The Admin Pin is checked if
|
||||
and only if the retry counter is still at 3. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_check_pin (app_t app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
unsigned char tmp_sn[20];
|
||||
@ -2124,7 +2124,7 @@ do_check_pin (app_t app, const char *keyidstr,
|
||||
|
||||
/* Select the OpenPGP application on the card in SLOT. This function
|
||||
must be used before any other OpenPGP application functions. */
|
||||
int
|
||||
gpg_error_t
|
||||
app_select_openpgp (app_t app)
|
||||
{
|
||||
static char const aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
|
||||
@ -2237,7 +2237,7 @@ leave:
|
||||
LEARN command returns. All parameters return allocated strings or
|
||||
buffers or NULL if the data object is not available. All returned
|
||||
values are sanitized. */
|
||||
int
|
||||
gpg_error_t
|
||||
app_openpgp_cardinfo (app_t app,
|
||||
char **serialno,
|
||||
char **disp_name,
|
||||
@ -2327,13 +2327,13 @@ app_openpgp_cardinfo (app_t app,
|
||||
create the fingerprint. M, MLEN is the RSA modulus and E, ELEN the
|
||||
RSA public exponent. This function silently overwrites an existing
|
||||
key.*/
|
||||
int
|
||||
gpg_error_t
|
||||
app_openpgp_storekey (app_t app, int keyno,
|
||||
unsigned char *template, size_t template_len,
|
||||
time_t created_at,
|
||||
const unsigned char *m, size_t mlen,
|
||||
const unsigned char *e, size_t elen,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc;
|
||||
@ -2377,7 +2377,7 @@ app_openpgp_storekey (app_t app, int keyno,
|
||||
|
||||
/* Utility function for external tools: Read the public RSA key at
|
||||
KEYNO and return modulus and exponent in (M,MLEN) and (E,ELEN). */
|
||||
int
|
||||
gpg_error_t
|
||||
app_openpgp_readkey (app_t app, int keyno, unsigned char **m, size_t *mlen,
|
||||
unsigned char **e, size_t *elen)
|
||||
{
|
||||
|
@ -2366,7 +2366,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
|
||||
|
||||
|
||||
/* This is the handler for the LEARN command. */
|
||||
static int /* FIXME: change this to gpg_error_t */
|
||||
static gpg_error_t
|
||||
do_learn_status (app_t app, ctrl_t ctrl)
|
||||
{
|
||||
gpg_error_t err;
|
||||
@ -2513,7 +2513,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
|
||||
buffer to be stored at R_CERT and its length at R_CERTLEN. A error
|
||||
code will be returned on failure and R_CERT and R_CERTLEN will be
|
||||
set to NULL/0. */
|
||||
static int /* FIXME: change this to gpg_error_t */
|
||||
static gpg_error_t
|
||||
do_readcert (app_t app, const char *certid,
|
||||
unsigned char **r_cert, size_t *r_certlen)
|
||||
{
|
||||
@ -2629,9 +2629,9 @@ micardo_mse (app_t app, unsigned short fid)
|
||||
If a PIN is required, the PINCB will be used to ask for the PIN;
|
||||
that callback should return the PIN in an allocated buffer and
|
||||
store that as the 3rd argument. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
|
321
scd/app.c
321
scd/app.c
@ -23,7 +23,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
# include <pth.h>
|
||||
|
||||
#include "scdaemon.h"
|
||||
#include "app-common.h"
|
||||
@ -31,6 +31,71 @@
|
||||
#include "iso7816.h"
|
||||
#include "tlv.h"
|
||||
|
||||
/* This table is used to keep track of locks on a per reader base.
|
||||
The index into the table is the slot number of the reader. The
|
||||
mutex will be initialized on demand (one of the advantages of a
|
||||
userland threading system). */
|
||||
static struct
|
||||
{
|
||||
int initialized;
|
||||
pth_mutex_t lock;
|
||||
} lock_table[10];
|
||||
|
||||
|
||||
/* Lock the reader associated with the APP context. This function
|
||||
shall be used right before calling any of the actual application
|
||||
functions to serialize access to the reader. We do this always
|
||||
even if the reader is not actually used. This allows an actual
|
||||
application to assume that it never shares a reader (while
|
||||
performing one command). Returns 0 on success; only then the
|
||||
unlock_reader function must be called after returning from the
|
||||
handler. */
|
||||
static gpg_error_t
|
||||
lock_reader (app_t app)
|
||||
{
|
||||
gpg_error_t err;
|
||||
int slot = app->slot;
|
||||
|
||||
if (slot < 0 || slot >= DIM (lock_table))
|
||||
return gpg_error (app->slot<0? GPG_ERR_INV_VALUE : GPG_ERR_RESOURCE_LIMIT);
|
||||
|
||||
if (!lock_table[slot].initialized)
|
||||
{
|
||||
if (!pth_mutex_init (&lock_table[slot].lock))
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error ("error initializing mutex: %s\n", strerror (errno));
|
||||
return err;
|
||||
}
|
||||
lock_table[slot].initialized = 1;
|
||||
}
|
||||
|
||||
if (!pth_mutex_acquire (&lock_table[slot].lock, 0, NULL))
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error ("failed to acquire APP lock for slot %d: %s\n",
|
||||
slot, strerror (errno));
|
||||
return err;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Release a lock on the reader. See lock_reader(). */
|
||||
static void
|
||||
unlock_reader (app_t app)
|
||||
{
|
||||
int slot = app->slot;
|
||||
|
||||
if (slot < 0 || slot >= DIM (lock_table)
|
||||
|| !lock_table[slot].initialized)
|
||||
log_bug ("unlock_reader called for invalid slot %d\n", slot);
|
||||
|
||||
if (!pth_mutex_release (&lock_table[slot].lock))
|
||||
log_error ("failed to release APP lock for slot %d: %s\n",
|
||||
slot, strerror (errno));
|
||||
|
||||
}
|
||||
|
||||
/* Check wether the application NAME is allowed. This does not mean
|
||||
we have support for it though. */
|
||||
@ -54,7 +119,7 @@ is_app_allowed (const char *name)
|
||||
gpg_error_t
|
||||
select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
app_t app;
|
||||
unsigned char *result = NULL;
|
||||
size_t resultlen;
|
||||
@ -63,22 +128,26 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
|
||||
app = xtrycalloc (1, sizeof *app);
|
||||
if (!app)
|
||||
{
|
||||
rc = gpg_error_from_errno (errno);
|
||||
log_info ("error allocating context: %s\n", gpg_strerror (rc));
|
||||
return rc;
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_info ("error allocating context: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
app->slot = slot;
|
||||
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
/* Fixme: We should now first check whether a card is at all
|
||||
present. */
|
||||
|
||||
/* Try to read the GDO file first to get a default serial number. */
|
||||
rc = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
|
||||
if (!rc)
|
||||
rc = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
|
||||
if (!rc)
|
||||
rc = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
|
||||
if (!rc)
|
||||
err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
|
||||
if (!err)
|
||||
err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
|
||||
if (!err)
|
||||
err = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
|
||||
if (!err)
|
||||
{
|
||||
size_t n;
|
||||
const unsigned char *p;
|
||||
@ -104,8 +173,8 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
|
||||
memmove (result, p, n);
|
||||
app->serialno = result;
|
||||
app->serialnolen = n;
|
||||
rc = app_munge_serialno (app);
|
||||
if (rc)
|
||||
err = app_munge_serialno (app);
|
||||
if (err)
|
||||
goto leave;
|
||||
}
|
||||
else
|
||||
@ -114,38 +183,40 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
|
||||
}
|
||||
|
||||
/* For certain error codes, there is no need to try more. */
|
||||
if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
|
||||
if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
|
||||
goto leave;
|
||||
|
||||
|
||||
/* Figure out the application to use. */
|
||||
rc = gpg_error (GPG_ERR_NOT_FOUND);
|
||||
err = gpg_error (GPG_ERR_NOT_FOUND);
|
||||
|
||||
if (rc && is_app_allowed ("openpgp") && (!name || !strcmp (name, "openpgp")))
|
||||
rc = app_select_openpgp (app);
|
||||
if (rc && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
|
||||
rc = app_select_nks (app);
|
||||
if (rc && is_app_allowed ("p15") && (!name || !strcmp (name, "p15")))
|
||||
rc = app_select_p15 (app);
|
||||
if (rc && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
|
||||
rc = app_select_dinsig (app);
|
||||
if (rc && name)
|
||||
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||
if (err && is_app_allowed ("openpgp")
|
||||
&& (!name || !strcmp (name, "openpgp")))
|
||||
err = app_select_openpgp (app);
|
||||
if (err && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
|
||||
err = app_select_nks (app);
|
||||
if (err && is_app_allowed ("p15") && (!name || !strcmp (name, "p15")))
|
||||
err = app_select_p15 (app);
|
||||
if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
|
||||
err = app_select_dinsig (app);
|
||||
if (err && name)
|
||||
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||
|
||||
leave:
|
||||
if (rc)
|
||||
if (err)
|
||||
{
|
||||
if (name)
|
||||
log_info ("can't select application `%s': %s\n",
|
||||
name, gpg_strerror (rc));
|
||||
name, gpg_strerror (err));
|
||||
else
|
||||
log_info ("no supported card application found: %s\n",
|
||||
gpg_strerror (rc));
|
||||
gpg_strerror (err));
|
||||
xfree (app);
|
||||
return rc;
|
||||
return err;
|
||||
}
|
||||
|
||||
app->initialized = 1;
|
||||
unlock_reader (app);
|
||||
*r_app = app;
|
||||
return 0;
|
||||
}
|
||||
@ -181,7 +252,7 @@ release_application (app_t app)
|
||||
|
||||
All other serial number not starting with FF are used as they are.
|
||||
*/
|
||||
int
|
||||
gpg_error_t
|
||||
app_munge_serialno (app_t app)
|
||||
{
|
||||
if (app->serialnolen && app->serialno[0] == 0xff)
|
||||
@ -208,7 +279,7 @@ app_munge_serialno (app_t app)
|
||||
no update time is available the returned value is 0. Caller must
|
||||
free SERIAL unless the function returns an error. If STAMP is not
|
||||
of interest, NULL may be passed. */
|
||||
int
|
||||
gpg_error_t
|
||||
app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
|
||||
{
|
||||
unsigned char *buf, *p;
|
||||
@ -234,9 +305,11 @@ app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
|
||||
|
||||
/* Write out the application specifig status lines for the LEARN
|
||||
command. */
|
||||
int
|
||||
app_write_learn_status (APP app, CTRL ctrl)
|
||||
gpg_error_t
|
||||
app_write_learn_status (app_t app, CTRL ctrl)
|
||||
{
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
if (!app->initialized)
|
||||
@ -247,8 +320,12 @@ app_write_learn_status (APP app, CTRL ctrl)
|
||||
if (app->apptype)
|
||||
send_status_info (ctrl, "APPTYPE",
|
||||
app->apptype, strlen (app->apptype), NULL, 0);
|
||||
|
||||
return app->fnc.learn_status (app, ctrl);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.learn_status (app, ctrl);
|
||||
unlock_reader (app);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
@ -256,18 +333,24 @@ app_write_learn_status (APP app, CTRL ctrl)
|
||||
the CERTINFO status lines) and return it in the freshly allocated
|
||||
buffer put into CERT and the length of the certificate put into
|
||||
CERTLEN. */
|
||||
int
|
||||
gpg_error_t
|
||||
app_readcert (app_t app, const char *certid,
|
||||
unsigned char **cert, size_t *certlen)
|
||||
{
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
if (!app->initialized)
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.readcert)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
|
||||
return app->fnc.readcert (app, certid, cert, certlen);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.readcert (app, certid, cert, certlen);
|
||||
unlock_reader (app);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
@ -278,9 +361,11 @@ app_readcert (app_t app, const char *certid,
|
||||
code returned.
|
||||
|
||||
This function might not be supported by all applications. */
|
||||
int
|
||||
gpg_error_t
|
||||
app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
|
||||
{
|
||||
gpg_error_t err;
|
||||
|
||||
if (pk)
|
||||
*pk = NULL;
|
||||
if (pklen)
|
||||
@ -292,15 +377,21 @@ app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.readkey)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
|
||||
return app->fnc.readkey (app, keyid, pk, pklen);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err= app->fnc.readkey (app, keyid, pk, pklen);
|
||||
unlock_reader (app);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
/* Perform a GETATTR operation. */
|
||||
int
|
||||
app_getattr (APP app, CTRL ctrl, const char *name)
|
||||
gpg_error_t
|
||||
app_getattr (app_t app, CTRL ctrl, const char *name)
|
||||
{
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !name || !*name)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
if (!app->initialized)
|
||||
@ -328,36 +419,48 @@ app_getattr (APP app, CTRL ctrl, const char *name)
|
||||
|
||||
if (!app->fnc.getattr)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
return app->fnc.getattr (app, ctrl, name);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.getattr (app, ctrl, name);
|
||||
unlock_reader (app);
|
||||
return err;
|
||||
}
|
||||
|
||||
/* Perform a SETATTR operation. */
|
||||
int
|
||||
app_setattr (APP app, const char *name,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t
|
||||
app_setattr (app_t app, const char *name,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const unsigned char *value, size_t valuelen)
|
||||
{
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !name || !*name || !value)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
if (!app->initialized)
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.setattr)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
return app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
|
||||
unlock_reader (app);
|
||||
return err;
|
||||
}
|
||||
|
||||
/* Create the signature and return the allocated result in OUTDATA.
|
||||
If a PIN is required the PINCB will be used to ask for the PIN; it
|
||||
should return the PIN in an allocated buffer and put it into PIN. */
|
||||
int
|
||||
app_sign (APP app, const char *keyidstr, int hashalgo,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t
|
||||
app_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
@ -365,27 +468,31 @@ app_sign (APP app, const char *keyidstr, int hashalgo,
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.sign)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
rc = app->fnc.sign (app, keyidstr, hashalgo,
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.sign (app, keyidstr, hashalgo,
|
||||
pincb, pincb_arg,
|
||||
indata, indatalen,
|
||||
outdata, outdatalen);
|
||||
unlock_reader (app);
|
||||
if (opt.verbose)
|
||||
log_info ("operation sign result: %s\n", gpg_strerror (rc));
|
||||
return rc;
|
||||
log_info ("operation sign result: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
/* Create the signature using the INTERNAL AUTHENTICATE command and
|
||||
return the allocated result in OUTDATA. If a PIN is required the
|
||||
PINCB will be used to ask for the PIN; it should return the PIN in
|
||||
an allocated buffer and put it into PIN. */
|
||||
int
|
||||
app_auth (APP app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t
|
||||
app_auth (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
@ -393,27 +500,31 @@ app_auth (APP app, const char *keyidstr,
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.auth)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
rc = app->fnc.auth (app, keyidstr,
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.auth (app, keyidstr,
|
||||
pincb, pincb_arg,
|
||||
indata, indatalen,
|
||||
outdata, outdatalen);
|
||||
unlock_reader (app);
|
||||
if (opt.verbose)
|
||||
log_info ("operation auth result: %s\n", gpg_strerror (rc));
|
||||
return rc;
|
||||
log_info ("operation auth result: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
|
||||
If a PIN is required the PINCB will be used to ask for the PIN; it
|
||||
should return the PIN in an allocated buffer and put it into PIN. */
|
||||
int
|
||||
app_decipher (APP app, const char *keyidstr,
|
||||
int (pincb)(void*, const char *, char **),
|
||||
gpg_error_t
|
||||
app_decipher (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen )
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
@ -421,23 +532,27 @@ app_decipher (APP app, const char *keyidstr,
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.decipher)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
rc = app->fnc.decipher (app, keyidstr,
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.decipher (app, keyidstr,
|
||||
pincb, pincb_arg,
|
||||
indata, indatalen,
|
||||
outdata, outdatalen);
|
||||
unlock_reader (app);
|
||||
if (opt.verbose)
|
||||
log_info ("operation decipher result: %s\n", gpg_strerror (rc));
|
||||
return rc;
|
||||
log_info ("operation decipher result: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
/* Perform a SETATTR operation. */
|
||||
int
|
||||
app_genkey (APP app, CTRL ctrl, const char *keynostr, unsigned int flags,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t
|
||||
app_genkey (app_t app, CTRL ctrl, const char *keynostr, unsigned int flags,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !keynostr || !*keynostr || !pincb)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
@ -445,35 +560,46 @@ app_genkey (APP app, CTRL ctrl, const char *keynostr, unsigned int flags,
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.genkey)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
rc = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg);
|
||||
unlock_reader (app);
|
||||
if (opt.verbose)
|
||||
log_info ("operation genkey result: %s\n", gpg_strerror (rc));
|
||||
return rc;
|
||||
log_info ("operation genkey result: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
/* Perform a GET CHALLENGE operation. This fucntion is special as it
|
||||
directly accesses the card without any application specific
|
||||
wrapper. */
|
||||
int
|
||||
app_get_challenge (APP app, size_t nbytes, unsigned char *buffer)
|
||||
gpg_error_t
|
||||
app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer)
|
||||
{
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !nbytes || !buffer)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
if (!app->initialized)
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
return iso7816_get_challenge (app->slot, nbytes, buffer);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = iso7816_get_challenge (app->slot, nbytes, buffer);
|
||||
unlock_reader (app);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */
|
||||
int
|
||||
app_change_pin (APP app, CTRL ctrl, const char *chvnostr, int reset_mode,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t
|
||||
app_change_pin (app_t app, CTRL ctrl, const char *chvnostr, int reset_mode,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !chvnostr || !*chvnostr || !pincb)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
@ -481,22 +607,27 @@ app_change_pin (APP app, CTRL ctrl, const char *chvnostr, int reset_mode,
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.change_pin)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
rc = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode, pincb, pincb_arg);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode,
|
||||
pincb, pincb_arg);
|
||||
unlock_reader (app);
|
||||
if (opt.verbose)
|
||||
log_info ("operation change_pin result: %s\n", gpg_strerror (rc));
|
||||
return rc;
|
||||
log_info ("operation change_pin result: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
/* Perform a VERIFY operation without doing anything lese. This may
|
||||
be used to initialze a the PIN cache for long lasting other
|
||||
operations. Its use is highly application dependent. */
|
||||
int
|
||||
app_check_pin (APP app, const char *keyidstr,
|
||||
int (*pincb)(void*, const char *, char **),
|
||||
gpg_error_t
|
||||
app_check_pin (app_t app, const char *keyidstr,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg)
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
|
||||
if (!app || !keyidstr || !*keyidstr || !pincb)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
@ -504,9 +635,13 @@ app_check_pin (APP app, const char *keyidstr,
|
||||
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
|
||||
if (!app->fnc.check_pin)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
rc = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg);
|
||||
err = lock_reader (app);
|
||||
if (err)
|
||||
return err;
|
||||
err = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg);
|
||||
unlock_reader (app);
|
||||
if (opt.verbose)
|
||||
log_info ("operation check_pin result: %s\n", gpg_strerror (rc));
|
||||
return rc;
|
||||
log_info ("operation check_pin result: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
|
@ -986,6 +986,7 @@ do_close_reader (ccid_driver_t handle)
|
||||
}
|
||||
if (handle->idev)
|
||||
{
|
||||
if (getenv ("GNUPG_CCID_DRIVER_RESET_BEFORE_CLOSE"))
|
||||
usb_reset (handle->idev);
|
||||
usb_release_interface (handle->idev, handle->ifc_no);
|
||||
usb_close (handle->idev);
|
||||
@ -1274,7 +1275,7 @@ ccid_poll (ccid_driver_t handle)
|
||||
}
|
||||
|
||||
|
||||
/* Note that this function won't return the error codes NO_CARD or
|
||||
/* Note that this fucntion won't return the error codes NO_CARD or
|
||||
CARD_INACTIVE */
|
||||
int
|
||||
ccid_slot_status (ccid_driver_t handle, int *statusbits)
|
||||
@ -1303,12 +1304,12 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits)
|
||||
{
|
||||
if (!retries)
|
||||
{
|
||||
fprintf (stderr, "CALLING USB_CLEAR_HALT\n");
|
||||
DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
|
||||
usb_clear_halt (handle->idev, handle->ep_bulk_in);
|
||||
usb_clear_halt (handle->idev, handle->ep_bulk_out);
|
||||
}
|
||||
else
|
||||
fprintf (stderr, "RETRYING AGIAN\n");
|
||||
DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
|
||||
retries++;
|
||||
goto retry;
|
||||
}
|
||||
|
@ -122,7 +122,7 @@ has_option (const char *line, const char *name)
|
||||
|
||||
|
||||
/* Reset the card and free the application context. With DO_CLOSE set
|
||||
to true and this is the last session with a reference to teh
|
||||
to true and this is the last session with a reference to the
|
||||
reader, close the reader and don't do just a reset. */
|
||||
static void
|
||||
do_reset (ctrl_t ctrl, int do_close)
|
||||
@ -647,7 +647,7 @@ cmd_setdata (assuan_context_t ctx, char *line)
|
||||
|
||||
|
||||
|
||||
static int
|
||||
static gpg_error_t
|
||||
pin_cb (void *opaque, const char *info, char **retstr)
|
||||
{
|
||||
assuan_context_t ctx = opaque;
|
||||
@ -1171,6 +1171,34 @@ cmd_unlock (assuan_context_t ctx, char *line)
|
||||
}
|
||||
|
||||
|
||||
/* GETINFO <what>
|
||||
|
||||
Multi purpose command to return certain information.
|
||||
Supported values of WHAT are:
|
||||
|
||||
socket_name - Return the name of the socket.
|
||||
|
||||
*/
|
||||
|
||||
static int
|
||||
cmd_getinfo (assuan_context_t ctx, char *line)
|
||||
{
|
||||
int rc = 0;
|
||||
|
||||
if (!strcmp (line, "socket_name"))
|
||||
{
|
||||
const char *s = scd_get_socket_name ();
|
||||
|
||||
if (s)
|
||||
rc = assuan_send_data (ctx, s, strlen (s));
|
||||
else
|
||||
rc = gpg_error (GPG_ERR_NO_DATA);
|
||||
}
|
||||
else
|
||||
rc = set_error (Parameter_Error, "unknown value for WHAT");
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1200,6 +1228,7 @@ register_commands (assuan_context_t ctx)
|
||||
{ "CHECKPIN", cmd_checkpin },
|
||||
{ "LOCK", cmd_lock },
|
||||
{ "UNLOCK", cmd_unlock },
|
||||
{ "GETINFO", cmd_getinfo },
|
||||
{ NULL }
|
||||
};
|
||||
int i, rc;
|
||||
@ -1218,10 +1247,10 @@ register_commands (assuan_context_t ctx)
|
||||
}
|
||||
|
||||
|
||||
/* Startup the server. If LISTEN_FD is given as -1, this is simple
|
||||
piper server, otherwise it is a regular server */
|
||||
/* Startup the server. If FD is given as -1 this is simple pipe
|
||||
server, otherwise it is a regular server. */
|
||||
void
|
||||
scd_command_handler (int listen_fd)
|
||||
scd_command_handler (int fd)
|
||||
{
|
||||
int rc;
|
||||
assuan_context_t ctx;
|
||||
@ -1230,7 +1259,7 @@ scd_command_handler (int listen_fd)
|
||||
memset (&ctrl, 0, sizeof ctrl);
|
||||
scd_init_default_ctrl (&ctrl);
|
||||
|
||||
if (listen_fd == -1)
|
||||
if (fd == -1)
|
||||
{
|
||||
int filedes[2];
|
||||
|
||||
@ -1240,7 +1269,7 @@ scd_command_handler (int listen_fd)
|
||||
}
|
||||
else
|
||||
{
|
||||
rc = assuan_init_socket_server (&ctx, listen_fd);
|
||||
rc = assuan_init_connected_socket_server (&ctx, fd);
|
||||
}
|
||||
if (rc)
|
||||
{
|
||||
|
@ -483,7 +483,7 @@ query_card (APP app)
|
||||
|
||||
|
||||
/* Callback function to ask for a PIN. */
|
||||
static int
|
||||
static gpg_error_t
|
||||
pincb (void *arg, const char *prompt, char **pinvalue)
|
||||
{
|
||||
char *pin = xstrdup ("12345678");
|
||||
|
485
scd/scdaemon.c
485
scd/scdaemon.c
@ -1,5 +1,5 @@
|
||||
/* scdaemon.c - The GnuPG Smartcard Daemon
|
||||
* Copyright (C) 2001, 2002, 2004 Free Software Foundation, Inc.
|
||||
* Copyright (C) 2001, 2002, 2004, 2005 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -35,9 +35,7 @@
|
||||
#endif /*HAVE_W32_SYSTEM*/
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
#ifdef USE_GNU_PTH
|
||||
# include <pth.h>
|
||||
#endif
|
||||
#include <pth.h>
|
||||
|
||||
#define JNLIB_NEED_LOG_LOGV
|
||||
#include "scdaemon.h"
|
||||
@ -76,6 +74,7 @@ enum cmd_and_opt_values
|
||||
oNoGrab,
|
||||
oLogFile,
|
||||
oServer,
|
||||
oMultiServer,
|
||||
oDaemon,
|
||||
oBatch,
|
||||
oReaderPort,
|
||||
@ -110,6 +109,8 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oDebugWait,"debug-wait",1, "@"},
|
||||
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
|
||||
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
|
||||
{ oMultiServer, "multi-server", 0,
|
||||
N_("allow additional connections in server mode")},
|
||||
{ oReaderPort, "reader-port", 2, N_("|N|connect to reader at port N")},
|
||||
{ octapiDriver, "ctapi-driver", 2, N_("|NAME|use NAME as ct-API driver")},
|
||||
{ opcscDriver, "pcsc-driver", 2, N_("|NAME|use NAME as PC/SC driver")},
|
||||
@ -140,8 +141,6 @@ static ARGPARSE_OPTS opts[] = {
|
||||
#endif
|
||||
|
||||
|
||||
static volatile int caught_fatal_sig = 0;
|
||||
|
||||
/* Flag to indicate that a shutdown was requested. */
|
||||
static int shutdown_pending;
|
||||
|
||||
@ -149,16 +148,21 @@ static int shutdown_pending;
|
||||
static int maybe_setuid = 1;
|
||||
|
||||
/* Name of the communication socket */
|
||||
static char socket_name[128];
|
||||
static char *socket_name;
|
||||
|
||||
|
||||
static char *create_socket_name (int use_standard_socket,
|
||||
char *standard_name, char *template);
|
||||
static int create_server_socket (int is_standard_name, const char *name);
|
||||
|
||||
static void *start_connection_thread (void *arg);
|
||||
static void handle_connections (int listen_fd);
|
||||
|
||||
#ifdef USE_GNU_PTH
|
||||
/* Pth wrapper function definitions. */
|
||||
GCRY_THREAD_OPTION_PTH_IMPL;
|
||||
|
||||
static void *ticker_thread (void *arg);
|
||||
#endif /*USE_GNU_PTH*/
|
||||
|
||||
|
||||
static const char *
|
||||
my_strusage (int level)
|
||||
{
|
||||
@ -265,7 +269,7 @@ set_debug (const char *level)
|
||||
static void
|
||||
cleanup (void)
|
||||
{
|
||||
if (*socket_name)
|
||||
if (socket_name && *socket_name)
|
||||
{
|
||||
char *p;
|
||||
|
||||
@ -282,27 +286,6 @@ cleanup (void)
|
||||
}
|
||||
|
||||
|
||||
static RETSIGTYPE
|
||||
cleanup_sh (int sig)
|
||||
{
|
||||
if (caught_fatal_sig)
|
||||
raise (sig);
|
||||
caught_fatal_sig = 1;
|
||||
|
||||
/* gcry_control( GCRYCTL_TERM_SECMEM );*/
|
||||
cleanup ();
|
||||
|
||||
#ifndef HAVE_DOSISH_SYSTEM
|
||||
{ /* reset action to default action and raise signal again */
|
||||
struct sigaction nact;
|
||||
nact.sa_handler = SIG_DFL;
|
||||
sigemptyset( &nact.sa_mask );
|
||||
nact.sa_flags = 0;
|
||||
sigaction( sig, &nact, NULL);
|
||||
}
|
||||
#endif
|
||||
raise( sig );
|
||||
}
|
||||
|
||||
int
|
||||
main (int argc, char **argv )
|
||||
@ -322,6 +305,7 @@ main (int argc, char **argv )
|
||||
int greeting = 0;
|
||||
int nogreeting = 0;
|
||||
int pipe_server = 0;
|
||||
int multi_server = 0;
|
||||
int is_daemon = 0;
|
||||
int nodetach = 0;
|
||||
int csh_style = 0;
|
||||
@ -343,14 +327,12 @@ main (int argc, char **argv )
|
||||
|
||||
/* Libgcrypt requires us to register the threading model first.
|
||||
Note that this will also do the pth_init. */
|
||||
#ifdef USE_GNU_PTH
|
||||
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
|
||||
if (err)
|
||||
{
|
||||
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
|
||||
gpg_strerror (err));
|
||||
}
|
||||
#endif /*USE_GNU_PTH*/
|
||||
|
||||
/* Check that the libraries are suitable. Do it here because
|
||||
the option parsing may need services of the library */
|
||||
@ -481,6 +463,7 @@ main (int argc, char **argv )
|
||||
case oCsh: csh_style = 1; break;
|
||||
case oSh: csh_style = 0; break;
|
||||
case oServer: pipe_server = 1; break;
|
||||
case oMultiServer: multi_server = 1; break;
|
||||
case oDaemon: is_daemon = 1; break;
|
||||
|
||||
case oReaderPort: opt.reader_port = pargs.r.ret_str; break;
|
||||
@ -598,24 +581,49 @@ main (int argc, char **argv )
|
||||
log_set_prefix (NULL, 1|2|4);
|
||||
}
|
||||
|
||||
|
||||
if (pipe_server)
|
||||
{ /* This is the simple pipe based server */
|
||||
#ifdef USE_GNU_PTH
|
||||
{
|
||||
/* This is the simple pipe based server */
|
||||
pth_attr_t tattr;
|
||||
int fd = -1;
|
||||
|
||||
{
|
||||
struct sigaction sa;
|
||||
|
||||
sa.sa_handler = SIG_IGN;
|
||||
sigemptyset (&sa.sa_mask);
|
||||
sa.sa_flags = 0;
|
||||
sigaction (SIGPIPE, &sa, NULL);
|
||||
}
|
||||
|
||||
/* In multi server mode we need to listen on an additional
|
||||
socket. Create that socket now before starting the handler
|
||||
for the pipe connection. This allows that handler to send
|
||||
back the name of that socket. */
|
||||
if (multi_server)
|
||||
{
|
||||
socket_name = create_socket_name (0,
|
||||
"S.scdaemon",
|
||||
"/tmp/gpg-XXXXXX/S.scdaemon");
|
||||
|
||||
fd = create_server_socket (0, socket_name);
|
||||
}
|
||||
|
||||
tattr = pth_attr_new();
|
||||
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
|
||||
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
|
||||
pth_attr_set (tattr, PTH_ATTR_NAME, "ticker");
|
||||
pth_attr_set (tattr, PTH_ATTR_NAME, "pipe-connection");
|
||||
|
||||
if (!pth_spawn (tattr, ticker_thread, NULL))
|
||||
if (!pth_spawn (tattr, start_connection_thread, (void*)(-1)))
|
||||
{
|
||||
log_error ("error spawning ticker thread: %s\n", strerror (errno));
|
||||
log_error ("error spawning pipe connection handler: %s\n",
|
||||
strerror (errno) );
|
||||
scd_exit (2);
|
||||
}
|
||||
#endif /*USE_GNU_PTH*/
|
||||
scd_command_handler (-1);
|
||||
|
||||
handle_connections (fd);
|
||||
if (fd != -1)
|
||||
close (fd);
|
||||
}
|
||||
else if (!is_daemon)
|
||||
{
|
||||
@ -623,87 +631,17 @@ main (int argc, char **argv )
|
||||
" to run the program in the background\n"));
|
||||
}
|
||||
else
|
||||
{ /* regular server mode */
|
||||
{ /* Regular server mode */
|
||||
int fd;
|
||||
pid_t pid;
|
||||
int i;
|
||||
int len;
|
||||
struct sockaddr_un serv_addr;
|
||||
char *p;
|
||||
|
||||
/* fixme: if there is already a running gpg-agent we should
|
||||
share the same directory - and vice versa */
|
||||
*socket_name = 0;
|
||||
snprintf (socket_name, DIM(socket_name)-1,
|
||||
/* Create the socket. */
|
||||
socket_name = create_socket_name (0,
|
||||
"S.scdaemon",
|
||||
"/tmp/gpg-XXXXXX/S.scdaemon");
|
||||
socket_name[DIM(socket_name)-1] = 0;
|
||||
p = strrchr (socket_name, '/');
|
||||
if (!p)
|
||||
BUG ();
|
||||
*p = 0;;
|
||||
|
||||
#ifndef HAVE_W32_SYSTEM
|
||||
if (!mkdtemp(socket_name))
|
||||
{
|
||||
log_error ("can't create directory `%s': %s\n",
|
||||
socket_name, strerror(errno) );
|
||||
exit (1);
|
||||
}
|
||||
#endif
|
||||
*p = '/';
|
||||
|
||||
if (strchr (socket_name, ':') )
|
||||
{
|
||||
log_error ("colons are not allowed in the socket name\n");
|
||||
exit (1);
|
||||
}
|
||||
if (strlen (socket_name)+1 >= sizeof serv_addr.sun_path )
|
||||
{
|
||||
log_error ("name of socket to long\n");
|
||||
exit (1);
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_W32_SYSTEM
|
||||
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
|
||||
#else
|
||||
fd = socket (AF_UNIX, SOCK_STREAM, 0);
|
||||
#endif
|
||||
if (fd == -1)
|
||||
{
|
||||
log_error ("can't create socket: %s\n", strerror(errno) );
|
||||
exit (1);
|
||||
}
|
||||
|
||||
memset (&serv_addr, 0, sizeof serv_addr);
|
||||
serv_addr.sun_family = AF_UNIX;
|
||||
strcpy (serv_addr.sun_path, socket_name);
|
||||
len = (offsetof (struct sockaddr_un, sun_path)
|
||||
+ strlen(serv_addr.sun_path) + 1);
|
||||
|
||||
if (
|
||||
#ifdef HAVE_W32_SYSTEM
|
||||
_w32_sock_bind
|
||||
#else
|
||||
bind
|
||||
#endif
|
||||
(fd, (struct sockaddr*)&serv_addr, len) == -1)
|
||||
{
|
||||
log_error ("error binding socket to `%s': %s\n",
|
||||
serv_addr.sun_path, strerror (errno) );
|
||||
close (fd);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
if (listen (fd, 5 ) == -1)
|
||||
{
|
||||
log_error ("listen() failed: %s\n", strerror (errno));
|
||||
close (fd);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
if (opt.verbose)
|
||||
log_info ("listening on socket `%s'\n", socket_name );
|
||||
fd = create_server_socket (0, socket_name);
|
||||
|
||||
|
||||
fflush (NULL);
|
||||
@ -746,7 +684,7 @@ main (int argc, char **argv )
|
||||
}
|
||||
else
|
||||
{
|
||||
/* print the environment string, so that the caller can use
|
||||
/* Print the environment string, so that the caller can use
|
||||
shell's eval to set it */
|
||||
if (csh_style)
|
||||
{
|
||||
@ -763,14 +701,15 @@ main (int argc, char **argv )
|
||||
/* NOTREACHED */
|
||||
} /* end parent */
|
||||
|
||||
/* this is the child */
|
||||
/* This is the child. */
|
||||
|
||||
/* detach from tty and put process into a new session */
|
||||
/* Detach from tty and put process into a new session. */
|
||||
if (!nodetach )
|
||||
{ /* close stdin, stdout and stderr unless it is the log stream */
|
||||
{
|
||||
/* Close stdin, stdout and stderr unless it is the log stream. */
|
||||
for (i=0; i <= 2; i++)
|
||||
{
|
||||
if ( log_get_fd () != i)
|
||||
if ( log_test_fd (i) && i != fd)
|
||||
close (i);
|
||||
}
|
||||
if (setsid() == -1)
|
||||
@ -781,23 +720,13 @@ main (int argc, char **argv )
|
||||
}
|
||||
}
|
||||
|
||||
/* setup signals */
|
||||
{
|
||||
struct sigaction oact, nact;
|
||||
struct sigaction sa;
|
||||
|
||||
nact.sa_handler = cleanup_sh;
|
||||
sigemptyset (&nact.sa_mask);
|
||||
nact.sa_flags = 0;
|
||||
|
||||
sigaction (SIGHUP, NULL, &oact);
|
||||
if (oact.sa_handler != SIG_IGN)
|
||||
sigaction (SIGHUP, &nact, NULL);
|
||||
sigaction( SIGTERM, NULL, &oact );
|
||||
if (oact.sa_handler != SIG_IGN)
|
||||
sigaction (SIGTERM, &nact, NULL);
|
||||
nact.sa_handler = SIG_IGN;
|
||||
sigaction (SIGPIPE, &nact, NULL);
|
||||
sigaction (SIGINT, &nact, NULL);
|
||||
sa.sa_handler = SIG_IGN;
|
||||
sigemptyset (&sa.sa_mask);
|
||||
sa.sa_flags = 0;
|
||||
sigaction (SIGPIPE, &sa, NULL);
|
||||
}
|
||||
|
||||
if (chdir("/"))
|
||||
@ -808,7 +737,7 @@ main (int argc, char **argv )
|
||||
|
||||
#endif /*!HAVE_W32_SYSTEM*/
|
||||
|
||||
scd_command_handler (fd);
|
||||
handle_connections (fd);
|
||||
|
||||
close (fd);
|
||||
}
|
||||
@ -840,13 +769,22 @@ scd_exit (int rc)
|
||||
|
||||
|
||||
void
|
||||
scd_init_default_ctrl (CTRL ctrl)
|
||||
scd_init_default_ctrl (ctrl_t ctrl)
|
||||
{
|
||||
ctrl->reader_slot = -1;
|
||||
}
|
||||
|
||||
|
||||
#ifdef USE_GNU_PTH
|
||||
/* Return the name of the socket to be used to connect to this
|
||||
process. If no socket is available, return NULL. */
|
||||
const char *
|
||||
scd_get_socket_name ()
|
||||
{
|
||||
if (socket_name && *socket_name)
|
||||
return socket_name;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
handle_signal (int signo)
|
||||
@ -897,18 +835,175 @@ handle_signal (int signo)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
handle_tick (void)
|
||||
{
|
||||
scd_update_reader_status_file ();
|
||||
}
|
||||
|
||||
static void *
|
||||
ticker_thread (void *dummy_arg)
|
||||
|
||||
/* Create a name for the socket. With USE_STANDARD_SOCKET given as
|
||||
true using STANDARD_NAME in the home directory or if given has
|
||||
false from the mkdir type name TEMPLATE. In the latter case a
|
||||
unique name in a unique new directory will be created. In both
|
||||
cases check for valid characters as well as against a maximum
|
||||
allowed length for a unix domain socket is done. The function
|
||||
terminates the process in case of an error. Retunrs: Pointer to an
|
||||
allcoated string with the absolute name of the socket used. */
|
||||
static char *
|
||||
create_socket_name (int use_standard_socket,
|
||||
char *standard_name, char *template)
|
||||
{
|
||||
pth_event_t sigs_ev, time_ev = NULL;
|
||||
char *name, *p;
|
||||
|
||||
if (use_standard_socket)
|
||||
name = make_filename (opt.homedir, standard_name, NULL);
|
||||
else
|
||||
{
|
||||
name = xstrdup (template);
|
||||
p = strrchr (name, '/');
|
||||
if (!p)
|
||||
BUG ();
|
||||
*p = 0;
|
||||
if (!mkdtemp (name))
|
||||
{
|
||||
log_error (_("can't create directory `%s': %s\n"),
|
||||
name, strerror (errno));
|
||||
scd_exit (2);
|
||||
}
|
||||
*p = '/';
|
||||
}
|
||||
|
||||
if (strchr (name, PATHSEP_C))
|
||||
{
|
||||
log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S);
|
||||
scd_exit (2);
|
||||
}
|
||||
if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) )
|
||||
{
|
||||
log_error (_("name of socket too long\n"));
|
||||
scd_exit (2);
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates
|
||||
whether a non-random socket is used. Returns the file descriptor
|
||||
or terminates the process in case of an error. */
|
||||
static int
|
||||
create_server_socket (int is_standard_name, const char *name)
|
||||
{
|
||||
struct sockaddr_un *serv_addr;
|
||||
socklen_t len;
|
||||
int fd;
|
||||
int rc;
|
||||
|
||||
#ifdef HAVE_W32_SYSTEM
|
||||
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
|
||||
#else
|
||||
fd = socket (AF_UNIX, SOCK_STREAM, 0);
|
||||
#endif
|
||||
if (fd == -1)
|
||||
{
|
||||
log_error (_("can't create socket: %s\n"), strerror (errno));
|
||||
scd_exit (2);
|
||||
}
|
||||
|
||||
serv_addr = xmalloc (sizeof (*serv_addr));
|
||||
memset (serv_addr, 0, sizeof *serv_addr);
|
||||
serv_addr->sun_family = AF_UNIX;
|
||||
assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
|
||||
strcpy (serv_addr->sun_path, name);
|
||||
len = (offsetof (struct sockaddr_un, sun_path)
|
||||
+ strlen (serv_addr->sun_path) + 1);
|
||||
|
||||
#ifdef HAVE_W32_SYSTEM
|
||||
rc = _w32_sock_bind (fd, (struct sockaddr*) serv_addr, len);
|
||||
if (is_standard_name && rc == -1 )
|
||||
{
|
||||
remove (name);
|
||||
rc = bind (fd, (struct sockaddr*) serv_addr, len);
|
||||
}
|
||||
#else
|
||||
rc = bind (fd, (struct sockaddr*) serv_addr, len);
|
||||
if (is_standard_name && rc == -1 && errno == EADDRINUSE)
|
||||
{
|
||||
remove (name);
|
||||
rc = bind (fd, (struct sockaddr*) serv_addr, len);
|
||||
}
|
||||
#endif
|
||||
if (rc == -1)
|
||||
{
|
||||
log_error (_("error binding socket to `%s': %s\n"),
|
||||
serv_addr->sun_path, strerror (errno));
|
||||
close (fd);
|
||||
scd_exit (2);
|
||||
}
|
||||
|
||||
if (listen (fd, 5 ) == -1)
|
||||
{
|
||||
log_error (_("listen() failed: %s\n"), strerror (errno));
|
||||
close (fd);
|
||||
scd_exit (2);
|
||||
}
|
||||
|
||||
if (opt.verbose)
|
||||
log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* This is the standard connection thread's main function. */
|
||||
static void *
|
||||
start_connection_thread (void *arg)
|
||||
{
|
||||
int fd = (int)arg;
|
||||
|
||||
if (opt.verbose)
|
||||
log_info (_("handler for fd %d started\n"), fd);
|
||||
|
||||
scd_command_handler (fd);
|
||||
|
||||
if (opt.verbose)
|
||||
log_info (_("handler for fd %d terminated\n"), fd);
|
||||
|
||||
/* If this thread is the pipe connection thread, flag that a
|
||||
shutdown is required. With the next ticker event and given that
|
||||
no other connections are running the shutdown will then
|
||||
happen. */
|
||||
if (fd == -1)
|
||||
shutdown_pending = 1;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/* Connection handler loop. Wait for connection requests and spawn a
|
||||
thread after accepting a connection. LISTEN_FD is allowed to be -1
|
||||
in which case this code will only do regular timeouts and handle
|
||||
signals. */
|
||||
static void
|
||||
handle_connections (int listen_fd)
|
||||
{
|
||||
pth_attr_t tattr;
|
||||
pth_event_t ev, time_ev;
|
||||
sigset_t sigs;
|
||||
int signo;
|
||||
struct sockaddr_un paddr;
|
||||
socklen_t plen;
|
||||
fd_set fdset, read_fdset;
|
||||
int ret;
|
||||
int fd;
|
||||
|
||||
tattr = pth_attr_new();
|
||||
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
|
||||
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
|
||||
pth_attr_set (tattr, PTH_ATTR_NAME, "scd-connections");
|
||||
|
||||
#ifndef HAVE_W32_SYSTEM /* fixme */
|
||||
sigemptyset (&sigs );
|
||||
@ -917,43 +1012,101 @@ ticker_thread (void *dummy_arg)
|
||||
sigaddset (&sigs, SIGUSR2);
|
||||
sigaddset (&sigs, SIGINT);
|
||||
sigaddset (&sigs, SIGTERM);
|
||||
sigs_ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
|
||||
ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
|
||||
#else
|
||||
sigs_ev = NULL;
|
||||
ev = NULL;
|
||||
#endif
|
||||
time_ev = NULL;
|
||||
|
||||
while (!shutdown_pending)
|
||||
FD_ZERO (&fdset);
|
||||
if (listen_fd != -1)
|
||||
FD_SET (listen_fd, &fdset);
|
||||
|
||||
for (;;)
|
||||
{
|
||||
if (!time_ev)
|
||||
if (shutdown_pending)
|
||||
{
|
||||
time_ev = pth_event (PTH_EVENT_TIME, pth_timeout (2, 0));
|
||||
if (time_ev)
|
||||
pth_event_concat (sigs_ev, time_ev, NULL);
|
||||
if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
|
||||
break; /* ready */
|
||||
|
||||
/* Do not accept anymore connections but wait for existing
|
||||
connections to terminate. We do this by clearing out all
|
||||
file descriptors to wait for, so that the select will be
|
||||
used to just wait on a signal or timeout event. */
|
||||
FD_ZERO (&fdset);
|
||||
}
|
||||
|
||||
if (pth_wait (sigs_ev) < 1)
|
||||
continue;
|
||||
/* Create a timeout event if needed. */
|
||||
if (!time_ev)
|
||||
time_ev = pth_event (PTH_EVENT_TIME, pth_timeout (2, 0));
|
||||
|
||||
if (
|
||||
#ifdef PTH_STATUS_OCCURRED /* This is Pth 2 */
|
||||
pth_event_status (sigs_ev) == PTH_STATUS_OCCURRED
|
||||
#else
|
||||
pth_event_occurred (sigs_ev)
|
||||
#endif
|
||||
)
|
||||
handle_signal (signo);
|
||||
/* POSIX says that fd_set should be implemented as a structure,
|
||||
thus a simple assignment is fine to copy the entire set. */
|
||||
read_fdset = fdset;
|
||||
|
||||
/* Always run the ticker. */
|
||||
if (!shutdown_pending)
|
||||
if (time_ev)
|
||||
pth_event_concat (ev, time_ev, NULL);
|
||||
ret = pth_select_ev (FD_SETSIZE, &read_fdset, NULL, NULL, NULL, ev);
|
||||
if (time_ev)
|
||||
pth_event_isolate (time_ev);
|
||||
|
||||
if (ret == -1)
|
||||
{
|
||||
if (pth_event_occurred (ev)
|
||||
|| (time_ev && pth_event_occurred (time_ev)))
|
||||
{
|
||||
if (pth_event_occurred (ev))
|
||||
handle_signal (signo);
|
||||
if (time_ev && pth_event_occurred (time_ev))
|
||||
{
|
||||
pth_event_isolate (sigs_ev);
|
||||
pth_event_free (time_ev, PTH_FREE_ALL);
|
||||
time_ev = NULL;
|
||||
handle_tick ();
|
||||
}
|
||||
continue;
|
||||
}
|
||||
log_error (_("pth_select failed: %s - waiting 1s\n"),
|
||||
strerror (errno));
|
||||
pth_sleep (1);
|
||||
continue;
|
||||
}
|
||||
|
||||
pth_event_free (sigs_ev, PTH_FREE_ALL);
|
||||
return NULL;
|
||||
if (pth_event_occurred (ev))
|
||||
{
|
||||
handle_signal (signo);
|
||||
}
|
||||
|
||||
if (time_ev && pth_event_occurred (time_ev))
|
||||
{
|
||||
pth_event_free (time_ev, PTH_FREE_ALL);
|
||||
time_ev = NULL;
|
||||
handle_tick ();
|
||||
}
|
||||
|
||||
if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
|
||||
{
|
||||
plen = sizeof paddr;
|
||||
fd = pth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
|
||||
if (fd == -1)
|
||||
{
|
||||
log_error ("accept failed: %s\n", strerror (errno));
|
||||
}
|
||||
else if (!pth_spawn (tattr, start_connection_thread, (void*)fd))
|
||||
{
|
||||
log_error ("error spawning connection handler: %s\n",
|
||||
strerror (errno) );
|
||||
close (fd);
|
||||
}
|
||||
fd = -1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
pth_event_free (ev, PTH_FREE_ALL);
|
||||
if (time_ev)
|
||||
pth_event_free (time_ev, PTH_FREE_ALL);
|
||||
cleanup ();
|
||||
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
|
||||
}
|
||||
#endif /*USE_GNU_PTH*/
|
||||
|
||||
|
||||
|
@ -99,7 +99,8 @@ typedef struct app_ctx_s *app_t;
|
||||
|
||||
/*-- scdaemon.c --*/
|
||||
void scd_exit (int rc);
|
||||
void scd_init_default_ctrl (CTRL ctrl);
|
||||
void scd_init_default_ctrl (ctrl_t ctrl);
|
||||
const char *scd_get_socket_name (void);
|
||||
|
||||
/*-- command.c --*/
|
||||
void scd_command_handler (int);
|
||||
|
@ -39,6 +39,7 @@ enum cmd_and_opt_values
|
||||
aNull = 0,
|
||||
oQuiet = 'q',
|
||||
oVerbose = 'v',
|
||||
oRawSocket = 'S',
|
||||
|
||||
oNoVerbose = 500,
|
||||
oHomedir,
|
||||
@ -55,6 +56,7 @@ static ARGPARSE_OPTS opts[] =
|
||||
{ oVerbose, "verbose", 0, N_("verbose") },
|
||||
{ oQuiet, "quiet", 0, N_("quiet") },
|
||||
{ oHex, "hex", 0, N_("print data out hex encoded") },
|
||||
{ oRawSocket, "raw-socket", 2, N_("|NAME|connect to Assuan socket NAME")},
|
||||
|
||||
/* hidden options */
|
||||
{ oNoVerbose, "no-verbose", 0, "@"},
|
||||
@ -70,6 +72,7 @@ struct
|
||||
int quiet; /* Be extra quiet. */
|
||||
const char *homedir; /* Configuration directory name */
|
||||
int hex; /* Print data lines in hex format. */
|
||||
const char *raw_socket; /* Name of socket to connect in raw mode. */
|
||||
} opt;
|
||||
|
||||
|
||||
@ -159,6 +162,7 @@ main (int argc, char **argv)
|
||||
case oNoVerbose: opt.verbose = 0; break;
|
||||
case oHomedir: opt.homedir = pargs.r.ret_str; break;
|
||||
case oHex: opt.hex = 1; break;
|
||||
case oRawSocket: opt.raw_socket = pargs.r.ret_str; break;
|
||||
|
||||
default: pargs.err = 2; break;
|
||||
}
|
||||
@ -169,6 +173,20 @@ main (int argc, char **argv)
|
||||
|
||||
fname = argc ? *argv : NULL;
|
||||
|
||||
if (opt.raw_socket)
|
||||
{
|
||||
rc = assuan_socket_connect (&ctx, opt.raw_socket, 0);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("can't connect to socket `%s': %s\n",
|
||||
opt.raw_socket, assuan_strerror (rc));
|
||||
exit (1);
|
||||
}
|
||||
|
||||
if (opt.verbose)
|
||||
log_info ("connection to socket `%s' established\n", opt.raw_socket);
|
||||
}
|
||||
else
|
||||
ctx = start_agent ();
|
||||
line = NULL;
|
||||
linesize = 0;
|
||||
|
Loading…
x
Reference in New Issue
Block a user