scd: New option --pcsc-shared.

* scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (cache_pin): Bypass in shared mode. (verify_chv2: Do not auto verify chv1 in shared mode. * scd/app-piv.c (cache_pin): By pass caceh in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users.
2025-07-03 22:56:33 +02:00 · 2021-03-12 09:21:57 +01:00 · 2021-03-12 09:21:57 +01:00 · 5732e7a8e9
commit 5732e7a8e9
parent 95156ef9bf
6 changed files with 23 additions and 4 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -2483,10 +2483,15 @@ chvno_to_keyref (int chvno)
 static void
 cache_pin (app_t app, ctrl_t ctrl, int chvno, const char *pin)
 {
-  const char *keyref = chvno_to_keyref (chvno);
+  const char *keyref;

+  if (opt.pcsc_shared)
+    return;
+
+  keyref = chvno_to_keyref (chvno);
  if (!keyref)
    return;
+
  switch (APP_CARD(app)->cardtype)
    {
    case CARDTYPE_YUBIKEY: break;
@ -2707,7 +2712,7 @@ verify_chv2 (app_t app, ctrl_t ctrl,
        return rc;
      app->did_chv2 = 1;

-      if (!app->did_chv1 && !app->force_chv1 && pinvalue)
+      if (!app->did_chv1 && !app->force_chv1 && pinvalue && !opt.pcsc_shared)
        {
          /* For convenience we verify CHV1 here too.  We do this only if
             the card is not configured to require a verification before