scd: New option --pcsc-shared.

* scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users. (cherry picked from commit 5732e7a8e9)
2025-07-02 22:46:30 +02:00 · 2021-03-12 09:21:57 +01:00 · 2021-03-12 09:21:57 +01:00 · 5eec40f3d8
commit 5eec40f3d8
parent 96577e2e46
5 changed files with 14 additions and 3 deletions
--- a/scd/apdu.c
+++ b/scd/apdu.c
@ -713,7 +713,8 @@ pcsc_get_status (int slot, unsigned int *status, int on_wire)
     mode.  */
  if ( (*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE))
       == (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)
-       && !(reader_table[slot].pcsc.current_state & PCSC_STATE_INUSE) )
+       && (opt.pcsc_shared
+           || !(reader_table[slot].pcsc.current_state & PCSC_STATE_INUSE)))
    *status |= APDU_CARD_USABLE;
 #else
  /* Some winscard drivers may set EXCLUSIVE and INUSE at the same
@ -827,7 +828,7 @@ connect_pcsc_card (int slot)

  err = pcsc_connect (reader_table[slot].pcsc.context,
                      reader_table[slot].rdrname,
-                      PCSC_SHARE_EXCLUSIVE,
+                      opt.pcsc_shared? PCSC_SHARE_SHARED:PCSC_SHARE_EXCLUSIVE,
                      PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
                      &reader_table[slot].pcsc.card,
                      &reader_table[slot].pcsc.protocol);
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -2397,7 +2397,7 @@ verify_chv2 (app_t app,
        return rc;
      app->did_chv2 = 1;

-      if (!app->did_chv1 && !app->force_chv1 && pinvalue)
+      if (!app->did_chv1 && !app->force_chv1 && pinvalue && !opt.pcsc_shared)
        {
          /* For convenience we verify CHV1 here too.  We do this only if
             the card is not configured to require a verification before
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@ -93,6 +93,7 @@ enum cmd_and_opt_values
  oCardTimeout,
  octapiDriver,
  opcscDriver,
+  opcscShared,
  oDisableCCID,
  oDisableOpenSC,
  oDisablePinpad,
@ -139,6 +140,7 @@ static ARGPARSE_OPTS opts[] = {
                N_("|NAME|use NAME as ct-API driver")),
  ARGPARSE_s_s (opcscDriver, "pcsc-driver",
                N_("|NAME|use NAME as PC/SC driver")),
+  ARGPARSE_s_n (opcscShared, "pcsc-shared", "@"),
  ARGPARSE_s_n (oDisableCCID, "disable-ccid",
 #ifdef HAVE_LIBUSB
                                    N_("do not use the internal CCID driver")
@ -586,6 +588,7 @@ main (int argc, char **argv )
        case oReaderPort: opt.reader_port = pargs.r.ret_str; break;
        case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break;
        case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break;
+        case opcscShared: opt.pcsc_shared = 1; break;
        case oDisableCCID: opt.disable_ccid = 1; break;
        case oDisableOpenSC: break;

--- a/scd/scdaemon.h
+++ b/scd/scdaemon.h
@ -62,6 +62,7 @@ struct
  int enable_pinpad_varlen;  /* Use variable length input for pinpad. */
  int allow_admin;     /* Allow the use of admin commands for certain
                          cards. */
+  int pcsc_shared;     /* Use shared PC/SC access.  */
  strlist_t disabled_applications;  /* Card applications we do not
                                       want to use. */
  unsigned long card_timeout; /* Disconnect after N seconds of inactivity.  */