* scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin.

* app-openpgp.c (verify_chv3): Check it here.

scd/ChangeLog

@@ -1,3 +1,8 @@
+2003-11-17  Werner Koch  <wk@gnupg.org>
+
+	* scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin.
+	* app-openpgp.c (verify_chv3): Check it here.
+
 2003-11-12  Werner Koch  <wk@gnupg.org>
 
 	Adjusted for API changes in Libksba.

scd/app-openpgp.c

@@ -569,6 +569,12 @@ verify_chv3 (APP app,
 {
   int rc = 0;
 
+  if (!opt.allow_admin)
+    {
+      log_info ("access to admin commands is not configured\n");
+      return gpg_error (GPG_ERR_EACCES);
+    }
+      
   if (!app->did_chv3) 
     {
       char *pinvalue;

scd/scdaemon.c

@@ -73,6 +73,8 @@ enum cmd_and_opt_values
   opcscDriver,
   oDisableCCID,
   oDisableOpenSC,
+  oAllowAdmin,
+  oDenyAdmin,
 
 aTest };
 
@@ -112,8 +114,8 @@ static ARGPARSE_OPTS opts[] = {
                                     "@"
 #endif
                                          /* end --disable-opensc */},
-
-
+  { oAllowAdmin, "allow-admin", 0, N_("allow the use of admin card commands")},
+  { oDenyAdmin,  "deny-admin",  0, "@" },  
 
   {0}
 };
@@ -397,6 +399,9 @@ main (int argc, char **argv )
         case oDisableCCID: opt.disable_ccid = 1; break;
         case oDisableOpenSC: opt.disable_opensc = 1; break;
 
+        case oAllowAdmin: opt.allow_admin = 1; break;
+        case oDenyAdmin: opt.allow_admin = 0; break;
+
         default : pargs.err = configfp? 1:2; break;
 	}
     }

scd/scdaemon.h

@@ -57,6 +57,8 @@ struct {
   const char *pcsc_driver;  /* Library to access the PC/SC system. */
   int disable_opensc;  /* Disable the use of the OpenSC framework. */
   int disable_ccid;    /* Disable the use of the internal CCID driver. */
+  int allow_admin;     /* Allow the use of admin commands for certain
+                          cards. */
 } opt;