All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ray Strode <halfline@gmail.com>
To: qemu-devel@nongnu.org
Cc: Alon Levy <alevy@redhat.com>, Ray Strode <rstrode@redhat.com>,
	Michael Tokarev <mjt@tls.msk.ru>,
	Robert Relyea <rrelyea@redhat.com>
Subject: [Qemu-devel] [PATCH 1/2] libcacard: introduce new vcard_emul_logout
Date: Sun,  8 Sep 2013 01:08:38 -0400	[thread overview]
Message-ID: <1378616919-18169-2-git-send-email-halfline@gmail.com> (raw)
In-Reply-To: <1378616919-18169-1-git-send-email-halfline@gmail.com>

From: Ray Strode <rstrode@redhat.com>

vcard_emul_reset currently only logs NSS out, but there is a TODO
for potentially sending insertion/removal events when powering down
or powering up.

For clarity, this commit moves the current guts of vcard_emul_reset to
a new vcard_emul_logout function which will never send insertion/removal
events. The vcard_emul_reset function now just calls vcard_emul_logout,
but also retains its TODO for watching power state transitions and sending
insertion/removal events.

Signed-off-by: Ray Strode <rstrode@redhat.com>
---
 libcacard/vcard_emul.h     |  1 +
 libcacard/vcard_emul_nss.c | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/libcacard/vcard_emul.h b/libcacard/vcard_emul.h
index 963563f..f09ee98 100644
--- a/libcacard/vcard_emul.h
+++ b/libcacard/vcard_emul.h
@@ -13,53 +13,54 @@
 #ifndef VCARD_EMUL_H
 #define VCARD_EMUL_H 1
 
 #include "card_7816t.h"
 #include "vcard.h"
 #include "vcard_emul_type.h"
 
 /*
  * types
  */
 typedef enum {
     VCARD_EMUL_OK = 0,
     VCARD_EMUL_FAIL,
     /* return values by vcard_emul_init */
     VCARD_EMUL_INIT_ALREADY_INITED,
 } VCardEmulError;
 
 /* options are emul specific. call card_emul_parse_args to change a string
  * To an options struct */
 typedef struct VCardEmulOptionsStruct VCardEmulOptions;
 
 /*
  * Login functions
  */
 /* return the number of login attempts still possible on the card. if unknown,
  * return -1 */
 int vcard_emul_get_login_count(VCard *card);
 /* login into the card, return the 7816 status word (sw2 || sw1) */
 vcard_7816_status_t vcard_emul_login(VCard *card, unsigned char *pin,
                                      int pin_len);
+void vcard_emul_logout(VCard *card);
 
 /*
  * key functions
  */
 /* delete a key */
 void vcard_emul_delete_key(VCardKey *key);
 /* RSA sign/decrypt with the key, signature happens 'in place' */
 vcard_7816_status_t vcard_emul_rsa_op(VCard *card, VCardKey *key,
                                   unsigned char *buffer, int buffer_size);
 
 void vcard_emul_reset(VCard *card, VCardPower power);
 void vcard_emul_get_atr(VCard *card, unsigned char *atr, int *atr_len);
 
 /* Re-insert of a card that has been removed by force removal */
 VCardEmulError vcard_emul_force_card_insert(VReader *vreader);
 /* Force a card removal even if the card is not physically removed */
 VCardEmulError vcard_emul_force_card_remove(VReader *vreader);
 
 VCardEmulOptions *vcard_emul_options(const char *args);
 VCardEmulError vcard_emul_init(const VCardEmulOptions *options);
 void vcard_emul_replay_insertion_events(void);
 void vcard_emul_usage(void);
 #endif
diff --git a/libcacard/vcard_emul_nss.c b/libcacard/vcard_emul_nss.c
index fb429b1..c3a26d7 100644
--- a/libcacard/vcard_emul_nss.c
+++ b/libcacard/vcard_emul_nss.c
@@ -374,78 +374,86 @@ vcard_emul_login(VCard *card, unsigned char *pin, int pin_len)
     if (!nss_emul_init) {
         return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED;
     }
     slot = vcard_emul_card_get_slot(card);
      /* We depend on the PKCS #11 module internal login state here because we
       * create a separate process to handle each guest instance. If we needed
       * to handle multiple guests from one process, then we would need to keep
       * a lot of extra state in our card structure
       * */
     pin_string = g_malloc(pin_len+1);
     memcpy(pin_string, pin, pin_len);
     pin_string[pin_len] = 0;
 
     /* handle CAC expanded pins correctly */
     for (i = pin_len-1; i >= 0 && (pin_string[i] == 0xff); i--) {
         pin_string[i] = 0;
     }
 
     rv = PK11_Authenticate(slot, PR_FALSE, pin_string);
     memset(pin_string, 0, pin_len);  /* don't let the pin hang around in memory
                                         to be snooped */
     g_free(pin_string);
     if (rv == SECSuccess) {
         return VCARD7816_STATUS_SUCCESS;
     }
     /* map the error from port get error */
     return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED;
 }
 
 void
-vcard_emul_reset(VCard *card, VCardPower power)
+vcard_emul_logout(VCard *card)
 {
     PK11SlotInfo *slot;
 
     if (!nss_emul_init) {
         return;
     }
 
+    slot = vcard_emul_card_get_slot(card);
+    if (PK11_IsLoggedIn(slot,NULL)) {
+        PK11_Logout(slot); /* NOTE: ignoring SECStatus return value */
+    }
+}
+
+void
+vcard_emul_reset(VCard *card, VCardPower power)
+{
     /*
      * if we reset the card (either power on or power off), we lose our login
      * state
      */
+    vcard_emul_logout(card);
+
     /* TODO: we may also need to send insertion/removal events? */
-    slot = vcard_emul_card_get_slot(card);
-    PK11_Logout(slot); /* NOTE: ignoring SECStatus return value */
 }
 
-
 static VReader *
 vcard_emul_find_vreader_from_slot(PK11SlotInfo *slot)
 {
     VReaderList *reader_list = vreader_get_reader_list();
     VReaderListEntry *current_entry = NULL;
 
     if (reader_list == NULL) {
         return NULL;
     }
     for (current_entry = vreader_list_get_first(reader_list); current_entry;
                         current_entry = vreader_list_get_next(current_entry)) {
         VReader *reader = vreader_list_get_reader(current_entry);
         VReaderEmul *reader_emul = vreader_get_private(reader);
         if (reader_emul->slot == slot) {
             return reader;
         }
         vreader_free(reader);
     }
 
     return NULL;
 }
 
 /*
  * create a new reader emul
  */
 static VReaderEmul *
 vreader_emul_new(PK11SlotInfo *slot, VCardEmulType type, const char *params)
 {
     VReaderEmul *new_reader_emul;
 
-- 
1.8.3.1

  reply	other threads:[~2013-09-08  5:09 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-08  5:08 [Qemu-devel] [PATCH 0/2] Try to fix problem with emulated smartcards where invalid PIN succeeds Ray Strode
2013-09-08  5:08 ` Ray Strode [this message]
2013-09-08  5:08 ` [Qemu-devel] [PATCH 2/2] libcacard: Lock NSS cert db when selecting an applet on an emulated card Ray Strode
2013-09-08  8:18 ` [Qemu-devel] [PATCH 0/2] Try to fix problem with emulated smartcards where invalid PIN succeeds Alon Levy
2013-09-09 18:19   ` Robert Relyea
2013-09-11 13:35     ` Ray Strode

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1378616919-18169-2-git-send-email-halfline@gmail.com \
    --to=halfline@gmail.com \
    --cc=alevy@redhat.com \
    --cc=mjt@tls.msk.ru \
    --cc=qemu-devel@nongnu.org \
    --cc=rrelyea@redhat.com \
    --cc=rstrode@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.