mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
card: Run factory-reset in locked stated.
* scd/command.c (reset_notify): Add option --keep-lock. (do_reset): Add arg keep_lock. (cmd_lock): Send progress status. * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs. * g10/card-util.c (send_apdu): Ditto. (factory_reset): Use lock commands. -- This is required so that for example Kleopatra does not detect the RESET and issues a SERIALNO of its own, thus conflicting with our SERIALNO undefined. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
21d5323f5d
commit
7f765a98fd
@ -1103,6 +1103,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
|
|||||||
- learncard :: Send by the agent and gpgsm while learing
|
- learncard :: Send by the agent and gpgsm while learing
|
||||||
the data of a smartcard.
|
the data of a smartcard.
|
||||||
- card_busy :: A smartcard is still working
|
- card_busy :: A smartcard is still working
|
||||||
|
- scd_locked :: Waiting for other clients to unlock the scdaemon
|
||||||
|
|
||||||
When <what> refers to a file path, it may be truncated.
|
When <what> refers to a file path, it may be truncated.
|
||||||
|
|
||||||
|
@ -866,8 +866,14 @@ agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
|
|||||||
|
|
||||||
/* Send an APDU to the current card. On success the status word is
|
/* Send an APDU to the current card. On success the status word is
|
||||||
* stored at R_SW. With HEXAPDU being NULL only a RESET command is
|
* stored at R_SW. With HEXAPDU being NULL only a RESET command is
|
||||||
* send to scd. With HEXAPDU being the string "undefined" the command
|
* send to scd. HEXAPDU may also be one of these special strings:
|
||||||
* "SERIALNO undefined" is send to scd.
|
*
|
||||||
|
* "undefined" :: Send the command "SCD SERIALNO undefined"
|
||||||
|
* "lock" :: Send the command "SCD LOCK --wait"
|
||||||
|
* "trylock" :: Send the command "SCD LOCK"
|
||||||
|
* "unlock" :: Send the command "SCD UNLOCK"
|
||||||
|
* "reset-keep-lock" :: Send the command "SCD RESET --keep-lock"
|
||||||
|
*
|
||||||
* Used by:
|
* Used by:
|
||||||
* card-util.c
|
* card-util.c
|
||||||
*/
|
*/
|
||||||
@ -888,6 +894,26 @@ agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
|
|||||||
NULL, NULL, NULL, NULL, NULL, NULL);
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
else if (!strcmp (hexapdu, "reset-keep-lock"))
|
||||||
|
{
|
||||||
|
err = assuan_transact (agent_ctx, "SCD RESET --keep-lock",
|
||||||
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
}
|
||||||
|
else if (!strcmp (hexapdu, "lock"))
|
||||||
|
{
|
||||||
|
err = assuan_transact (agent_ctx, "SCD LOCK --wait",
|
||||||
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
}
|
||||||
|
else if (!strcmp (hexapdu, "trylock"))
|
||||||
|
{
|
||||||
|
err = assuan_transact (agent_ctx, "SCD LOCK",
|
||||||
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
}
|
||||||
|
else if (!strcmp (hexapdu, "unlock"))
|
||||||
|
{
|
||||||
|
err = assuan_transact (agent_ctx, "SCD UNLOCK",
|
||||||
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
}
|
||||||
else if (!strcmp (hexapdu, "undefined"))
|
else if (!strcmp (hexapdu, "undefined"))
|
||||||
{
|
{
|
||||||
err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
|
err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
|
||||||
|
@ -1834,8 +1834,13 @@ send_apdu (const char *hexapdu, const char *desc, unsigned int ignore)
|
|||||||
if (err)
|
if (err)
|
||||||
tty_printf ("sending card command %s failed: %s\n", desc,
|
tty_printf ("sending card command %s failed: %s\n", desc,
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
else if (!hexapdu || !strcmp (hexapdu, "undefined"))
|
else if (!hexapdu
|
||||||
;
|
|| !strcmp (hexapdu, "undefined")
|
||||||
|
|| !strcmp (hexapdu, "reset-keep-lock")
|
||||||
|
|| !strcmp (hexapdu, "lock")
|
||||||
|
|| !strcmp (hexapdu, "trylock")
|
||||||
|
|| !strcmp (hexapdu, "unlock"))
|
||||||
|
; /* Ignore pseudo APDUs. */
|
||||||
else if (ignore == 0xffff)
|
else if (ignore == 0xffff)
|
||||||
; /* Ignore all status words. */
|
; /* Ignore all status words. */
|
||||||
else if (sw != 0x9000)
|
else if (sw != 0x9000)
|
||||||
@ -1864,6 +1869,7 @@ factory_reset (void)
|
|||||||
char *answer = NULL;
|
char *answer = NULL;
|
||||||
int termstate = 0;
|
int termstate = 0;
|
||||||
int i;
|
int i;
|
||||||
|
int locked = 0;
|
||||||
|
|
||||||
/* The code below basically does the same what this
|
/* The code below basically does the same what this
|
||||||
gpg-connect-agent script does:
|
gpg-connect-agent script does:
|
||||||
@ -1925,8 +1931,14 @@ factory_reset (void)
|
|||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
/* We need to select a card application before we can send APDUs
|
/* We need to select a card application before we can send APDUs
|
||||||
to the card without scdaemon doing anything on its own. */
|
to the card without scdaemon doing anything on its own. We
|
||||||
err = send_apdu (NULL, "RESET", 0);
|
then lock the connection so that other tools (e.g. Kleopatra)
|
||||||
|
don't try a new select. */
|
||||||
|
err = send_apdu ("lock", "locking connection ", 0);
|
||||||
|
if (err)
|
||||||
|
goto leave;
|
||||||
|
locked = 1;
|
||||||
|
err = send_apdu ("reset-keep-lock", "reset", 0);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
err = send_apdu ("undefined", "dummy select ", 0);
|
err = send_apdu ("undefined", "dummy select ", 0);
|
||||||
@ -1968,7 +1980,7 @@ factory_reset (void)
|
|||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
/* Finally we reset the card reader once more. */
|
/* Finally we reset the card reader once more. */
|
||||||
err = send_apdu (NULL, "RESET", 0);
|
err = send_apdu ("reset-keep-lock", "reset", 0);
|
||||||
|
|
||||||
/* Then, connect the card again. */
|
/* Then, connect the card again. */
|
||||||
if (!err)
|
if (!err)
|
||||||
@ -1981,6 +1993,8 @@ factory_reset (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
if (locked)
|
||||||
|
send_apdu ("unlock", "unlocking connection ", 0);
|
||||||
xfree (answer);
|
xfree (answer);
|
||||||
agent_release_card_info (&info);
|
agent_release_card_info (&info);
|
||||||
}
|
}
|
||||||
|
@ -138,9 +138,10 @@ hex_to_buffer (const char *string, size_t *r_length)
|
|||||||
|
|
||||||
/* Reset the card and free the application context. With SEND_RESET
|
/* Reset the card and free the application context. With SEND_RESET
|
||||||
set to true actually send a RESET to the reader; this is the normal
|
set to true actually send a RESET to the reader; this is the normal
|
||||||
way of calling the function. */
|
way of calling the function. If KEEP_LOCK is set and the session
|
||||||
|
is locked that lock wil not be released. */
|
||||||
static void
|
static void
|
||||||
do_reset (ctrl_t ctrl, int send_reset)
|
do_reset (ctrl_t ctrl, int send_reset, int keep_lock)
|
||||||
{
|
{
|
||||||
app_t app = ctrl->app_ctx;
|
app_t app = ctrl->app_ctx;
|
||||||
|
|
||||||
@ -148,7 +149,7 @@ do_reset (ctrl_t ctrl, int send_reset)
|
|||||||
app_reset (app, ctrl, IS_LOCKED (ctrl)? 0: send_reset);
|
app_reset (app, ctrl, IS_LOCKED (ctrl)? 0: send_reset);
|
||||||
|
|
||||||
/* If we hold a lock, unlock now. */
|
/* If we hold a lock, unlock now. */
|
||||||
if (locked_session && ctrl->server_local == locked_session)
|
if (!keep_lock && locked_session && ctrl->server_local == locked_session)
|
||||||
{
|
{
|
||||||
locked_session = NULL;
|
locked_session = NULL;
|
||||||
log_info ("implicitly unlocking due to RESET\n");
|
log_info ("implicitly unlocking due to RESET\n");
|
||||||
@ -160,9 +161,7 @@ reset_notify (assuan_context_t ctx, char *line)
|
|||||||
{
|
{
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
|
|
||||||
(void) line;
|
do_reset (ctrl, 1, has_option (line, "--keep-lock"));
|
||||||
|
|
||||||
do_reset (ctrl, 1);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1340,9 +1339,10 @@ cmd_lock (assuan_context_t ctx, char *line)
|
|||||||
npth_sleep (1); /* Better implement an event mechanism. However,
|
npth_sleep (1); /* Better implement an event mechanism. However,
|
||||||
for card operations this should be
|
for card operations this should be
|
||||||
sufficient. */
|
sufficient. */
|
||||||
/* FIXME: Need to check that the connection is still alive.
|
/* Send a progress so that we can detect a connection loss. */
|
||||||
This can be done by issuing status messages. */
|
rc = send_status_printf (ctrl, "PROGRESS", "scd_locked . 0 0");
|
||||||
goto retry;
|
if (!rc)
|
||||||
|
goto retry;
|
||||||
}
|
}
|
||||||
#endif /*USE_NPTH*/
|
#endif /*USE_NPTH*/
|
||||||
|
|
||||||
@ -1814,7 +1814,7 @@ scd_command_handler (ctrl_t ctrl, int fd)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Cleanup. We don't send an explicit reset to the card. */
|
/* Cleanup. We don't send an explicit reset to the card. */
|
||||||
do_reset (ctrl, 0);
|
do_reset (ctrl, 0, 0);
|
||||||
|
|
||||||
/* Release the server object. */
|
/* Release the server object. */
|
||||||
if (session_list == ctrl->server_local)
|
if (session_list == ctrl->server_local)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user