mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
scd: New option --pcsc-shared.
* scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (cache_pin): Bypass in shared mode. (verify_chv2: Do not auto verify chv1 in shared mode. * scd/app-piv.c (cache_pin): By pass caceh in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users.
This commit is contained in:
parent
95156ef9bf
commit
5732e7a8e9
@ -226,6 +226,12 @@ Append all logging output to @var{file}. This is very helpful in
|
|||||||
seeing what the agent actually does. Use @file{socket://} to log to
|
seeing what the agent actually does. Use @file{socket://} to log to
|
||||||
socket.
|
socket.
|
||||||
|
|
||||||
|
@item --pcsc-shared
|
||||||
|
@opindex pcsc-shared
|
||||||
|
Use shared mode to access the card via PC/SC. This is a somewhat
|
||||||
|
dangerous option because Scdaemon assumes exclusivbe access to teh
|
||||||
|
card and for example caches certain information from the card. Use
|
||||||
|
this option only if you know what you are doing.
|
||||||
|
|
||||||
@item --pcsc-driver @var{library}
|
@item --pcsc-driver @var{library}
|
||||||
@opindex pcsc-driver
|
@opindex pcsc-driver
|
||||||
|
@ -732,7 +732,8 @@ pcsc_get_status (int slot, unsigned int *status, int on_wire)
|
|||||||
mode. */
|
mode. */
|
||||||
if ( (*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE))
|
if ( (*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE))
|
||||||
== (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)
|
== (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)
|
||||||
&& !(reader_table[slot].pcsc.current_state & PCSC_STATE_INUSE) )
|
&& (opt.pcsc_shared
|
||||||
|
|| !(reader_table[slot].pcsc.current_state & PCSC_STATE_INUSE)))
|
||||||
*status |= APDU_CARD_USABLE;
|
*status |= APDU_CARD_USABLE;
|
||||||
#else
|
#else
|
||||||
/* Some winscard drivers may set EXCLUSIVE and INUSE at the same
|
/* Some winscard drivers may set EXCLUSIVE and INUSE at the same
|
||||||
@ -856,7 +857,7 @@ connect_pcsc_card (int slot)
|
|||||||
|
|
||||||
err = pcsc_connect (pcsc.context,
|
err = pcsc_connect (pcsc.context,
|
||||||
reader_table[slot].rdrname,
|
reader_table[slot].rdrname,
|
||||||
PCSC_SHARE_EXCLUSIVE,
|
opt.pcsc_shared? PCSC_SHARE_SHARED:PCSC_SHARE_EXCLUSIVE,
|
||||||
PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
|
PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
|
||||||
&reader_table[slot].pcsc.card,
|
&reader_table[slot].pcsc.card,
|
||||||
&reader_table[slot].pcsc.protocol);
|
&reader_table[slot].pcsc.protocol);
|
||||||
|
@ -2483,10 +2483,15 @@ chvno_to_keyref (int chvno)
|
|||||||
static void
|
static void
|
||||||
cache_pin (app_t app, ctrl_t ctrl, int chvno, const char *pin)
|
cache_pin (app_t app, ctrl_t ctrl, int chvno, const char *pin)
|
||||||
{
|
{
|
||||||
const char *keyref = chvno_to_keyref (chvno);
|
const char *keyref;
|
||||||
|
|
||||||
|
if (opt.pcsc_shared)
|
||||||
|
return;
|
||||||
|
|
||||||
|
keyref = chvno_to_keyref (chvno);
|
||||||
if (!keyref)
|
if (!keyref)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
switch (APP_CARD(app)->cardtype)
|
switch (APP_CARD(app)->cardtype)
|
||||||
{
|
{
|
||||||
case CARDTYPE_YUBIKEY: break;
|
case CARDTYPE_YUBIKEY: break;
|
||||||
@ -2707,7 +2712,7 @@ verify_chv2 (app_t app, ctrl_t ctrl,
|
|||||||
return rc;
|
return rc;
|
||||||
app->did_chv2 = 1;
|
app->did_chv2 = 1;
|
||||||
|
|
||||||
if (!app->did_chv1 && !app->force_chv1 && pinvalue)
|
if (!app->did_chv1 && !app->force_chv1 && pinvalue && !opt.pcsc_shared)
|
||||||
{
|
{
|
||||||
/* For convenience we verify CHV1 here too. We do this only if
|
/* For convenience we verify CHV1 here too. We do this only if
|
||||||
the card is not configured to require a verification before
|
the card is not configured to require a verification before
|
||||||
|
@ -1681,6 +1681,9 @@ cache_pin (app_t app, ctrl_t ctrl, int pinno,
|
|||||||
{
|
{
|
||||||
char pinref[20];
|
char pinref[20];
|
||||||
|
|
||||||
|
if (opt.pcsc_shared)
|
||||||
|
return;
|
||||||
|
|
||||||
if (pinno < 0)
|
if (pinno < 0)
|
||||||
return;
|
return;
|
||||||
switch (app->card->cardtype)
|
switch (app->card->cardtype)
|
||||||
|
@ -94,6 +94,7 @@ enum cmd_and_opt_values
|
|||||||
oCardTimeout,
|
oCardTimeout,
|
||||||
octapiDriver,
|
octapiDriver,
|
||||||
opcscDriver,
|
opcscDriver,
|
||||||
|
opcscShared,
|
||||||
oDisableCCID,
|
oDisableCCID,
|
||||||
oDisableOpenSC,
|
oDisableOpenSC,
|
||||||
oDisablePinpad,
|
oDisablePinpad,
|
||||||
@ -150,6 +151,7 @@ static gpgrt_opt_t opts[] = {
|
|||||||
N_("|NAME|use NAME as ct-API driver")),
|
N_("|NAME|use NAME as ct-API driver")),
|
||||||
ARGPARSE_s_s (opcscDriver, "pcsc-driver",
|
ARGPARSE_s_s (opcscDriver, "pcsc-driver",
|
||||||
N_("|NAME|use NAME as PC/SC driver")),
|
N_("|NAME|use NAME as PC/SC driver")),
|
||||||
|
ARGPARSE_s_n (opcscShared, "pcsc-shared", "@"),
|
||||||
ARGPARSE_s_n (oDisableCCID, "disable-ccid",
|
ARGPARSE_s_n (oDisableCCID, "disable-ccid",
|
||||||
#ifdef HAVE_LIBUSB
|
#ifdef HAVE_LIBUSB
|
||||||
N_("do not use the internal CCID driver")
|
N_("do not use the internal CCID driver")
|
||||||
@ -602,6 +604,7 @@ main (int argc, char **argv )
|
|||||||
case oReaderPort: opt.reader_port = pargs.r.ret_str; break;
|
case oReaderPort: opt.reader_port = pargs.r.ret_str; break;
|
||||||
case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break;
|
case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break;
|
||||||
case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break;
|
case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break;
|
||||||
|
case opcscShared: opt.pcsc_shared = 1; break;
|
||||||
case oDisableCCID: opt.disable_ccid = 1; break;
|
case oDisableCCID: opt.disable_ccid = 1; break;
|
||||||
case oDisableOpenSC: break;
|
case oDisableOpenSC: break;
|
||||||
|
|
||||||
|
@ -62,6 +62,7 @@ struct
|
|||||||
int enable_pinpad_varlen; /* Use variable length input for pinpad. */
|
int enable_pinpad_varlen; /* Use variable length input for pinpad. */
|
||||||
int allow_admin; /* Allow the use of admin commands for certain
|
int allow_admin; /* Allow the use of admin commands for certain
|
||||||
cards. */
|
cards. */
|
||||||
|
int pcsc_shared; /* Use shared PC/SC access. */
|
||||||
strlist_t disabled_applications; /* Card applications we do not
|
strlist_t disabled_applications; /* Card applications we do not
|
||||||
want to use. */
|
want to use. */
|
||||||
unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
|
unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user