[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.29-17-g8729f35
by NIIBE Yutaka
cvs at cvs.gnupg.org
Tue Dec 15 01:58:54 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 8729f35510550495c830fcf54f03da9a42d0a751 (commit)
via 904fbdccd65e537206c0b603f9576a07defebb29 (commit)
via 520c85ed94fa2033e0d2ca5f9a0244b7b290b958 (commit)
via 9934889415d47f691344499972a0b879cf90ff96 (commit)
from 01fa4c7b8b821da21a5acdeaeeafdd8c78a7a7cd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8729f35510550495c830fcf54f03da9a42d0a751
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Tue Dec 15 09:56:08 2015 +0900
scd: Fix commit 9a9bfd77.
* scd/app.c (check_application_conflict): Get SLOT.
diff --git a/scd/app.c b/scd/app.c
index cbcd3e4..0f36409 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -223,6 +223,7 @@ check_conflict (int slot, const char *name)
gpg_error_t
check_application_conflict (ctrl_t ctrl, const char *name)
{
+ int slot = ctrl->reader_slot;
gpg_error_t err;
if (slot < 0 || slot >= DIM (lock_table))
commit 904fbdccd65e537206c0b603f9576a07defebb29
Author: Daniel Hoffend <dh at dotlan.net>
Date: Mon Dec 7 00:13:59 2015 +0100
scd: Fix removal of unplugged usb readers on Windows.
* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.
--
Signed-off-by: Daniel Hoffend <dh at dotlan.net>
GnuPG-bug-id: 2167
In Windows 8 (and later), PC/SC service only runs when reader/token is
plugged in. After its removal, it returns PCSC_E_NO_SERVICE error.
This error should be handled as no reader. This comment is by gniibe.
(backport of commit d1a97585c5e73fbc7d4cf90e38f76ffc5aea305f)
diff --git a/scd/apdu.c b/scd/apdu.c
index acca799..30e5ef9 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -224,6 +224,7 @@ static char (* DLSTDCALL CT_close) (unsigned short ctn);
#define PCSC_E_NOT_TRANSACTED 0x80100016
#define PCSC_E_READER_UNAVAILABLE 0x80100017
#define PCSC_E_NO_SERVICE 0x8010001D
+#define PCSC_E_SERVICE_STOPPED 0x8010001E
#define PCSC_W_REMOVED_CARD 0x80100069
/* Fix pcsc-lite ABI incompatibilty. */
@@ -873,6 +874,8 @@ pcsc_error_to_sw (long ec)
case PCSC_E_CANCELLED: rc = SW_HOST_ABORTED; break;
case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break;
case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break;
+ case PCSC_E_NO_SERVICE:
+ case PCSC_E_SERVICE_STOPPED:
case PCSC_E_UNKNOWN_READER: rc = SW_HOST_NO_READER; break;
case PCSC_E_SHARING_VIOLATION: rc = SW_HOST_LOCKING_FAILED; break;
case PCSC_E_NO_SMARTCARD: rc = SW_HOST_NO_CARD; break;
commit 520c85ed94fa2033e0d2ca5f9a0244b7b290b958
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Fri Dec 4 14:13:23 2015 +0900
scd: Simplify saving application context.
* scd/app.c (lock_table): Remove LAST_APP field.
(lock_reader, app_dump_state, application_notify_card_reset)
(release_application): Follow the change.
(check_conflict): New.
(check_application_conflict): Lock the slot and call check_conflict.
(select_application): Call check_conflict and not use LAST_APP.
--
We don't need LAST_APP field but just keep the application context by
APP field. Since we have a reference counter, it is possible if we
can deallocate or not.
(backport of commit 9639af5f16a7ed908cbce2415330b9fcd88edc90)
diff --git a/scd/app.c b/scd/app.c
index 380a347..cbcd3e4 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -39,7 +39,6 @@ static struct
int initialized;
pth_mutex_t lock;
app_t app; /* Application context in use or NULL. */
- app_t last_app; /* Last application object used as this slot or NULL. */
} lock_table[10];
@@ -87,7 +86,6 @@ lock_reader (int slot, ctrl_t ctrl)
}
lock_table[slot].initialized = 1;
lock_table[slot].app = NULL;
- lock_table[slot].last_app = NULL;
}
if (!pth_mutex_acquire (&lock_table[slot].lock, 0, NULL))
@@ -154,12 +152,6 @@ app_dump_state (void)
if (lock_table[slot].app->apptype)
log_printf (" type=`%s'", lock_table[slot].app->apptype);
}
- if (lock_table[slot].last_app)
- {
- log_printf (" lastapp=%p", lock_table[slot].last_app);
- if (lock_table[slot].last_app->apptype)
- log_printf (" type=`%s'", lock_table[slot].last_app->apptype);
- }
log_printf ("\n");
}
}
@@ -182,8 +174,6 @@ is_app_allowed (const char *name)
void
application_notify_card_reset (int slot)
{
- app_t app;
-
if (slot < 0 || slot >= DIM (lock_table))
return;
@@ -197,20 +187,35 @@ application_notify_card_reset (int slot)
lock_table[slot].app = NULL;
}
- /* Deallocate a saved application for that slot, so that we won't
- try to reuse it. If there is no saved application, set a flag so
- that we won't save the current state. */
- app = lock_table[slot].last_app;
+ unlock_reader (slot);
+}
+
- if (app)
+/*
+ * This function is called with lock held.
+ */
+static gpg_error_t
+check_conflict (int slot, const char *name)
+{
+ app_t app = lock_table[slot].app;
+
+ if (!app || !name || (app->apptype && !ascii_strcasecmp (app->apptype, name)))
+ return 0;
+
+ if (!app->ref_count)
{
- lock_table[slot].last_app = NULL;
+ lock_table[slot].app = NULL;
deallocate_app (app);
+ return 0;
+ }
+ else
+ {
+ log_info ("application '%s' in use by reader %d - can't switch\n",
+ app->apptype? app->apptype : "<null>", slot);
+ return gpg_error (GPG_ERR_CONFLICT);
}
- unlock_reader (slot);
}
-
/* This function is used by the serialno command to check for an
application conflict which may appear if the serialno command is
used to request a specific application and the connection has
@@ -218,17 +223,18 @@ application_notify_card_reset (int slot)
gpg_error_t
check_application_conflict (ctrl_t ctrl, const char *name)
{
- int slot = ctrl->reader_slot;
- app_t app;
+ gpg_error_t err;
if (slot < 0 || slot >= DIM (lock_table))
return gpg_error (GPG_ERR_INV_VALUE);
- app = lock_table[slot].initialized ? lock_table[slot].app : NULL;
- if (app && app->apptype && name)
- if ( ascii_strcasecmp (app->apptype, name))
- return gpg_error (GPG_ERR_CONFLICT);
- return 0;
+ err = lock_reader (slot, ctrl);
+ if (err)
+ return err;
+
+ err = check_conflict (slot, name);
+ unlock_reader (slot);
+ return err;
}
@@ -257,41 +263,15 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
return err;
/* First check whether we already have an application to share. */
- app = lock_table[slot].initialized ? lock_table[slot].app : NULL;
- if (app && name)
- if (!app->apptype || ascii_strcasecmp (app->apptype, name))
- {
- unlock_reader (slot);
- if (app->apptype)
- log_info ("application `%s' in use by reader %d - can't switch\n",
- app->apptype, slot);
- return gpg_error (GPG_ERR_CONFLICT);
- }
-
- /* If we don't have an app, check whether we have a saved
- application for that slot. This is useful so that a card does
- not get reset even if only one session is using the card - this
- way the PIN cache and other cached data are preserved. */
- if (!app && lock_table[slot].initialized && lock_table[slot].last_app)
+ err = check_conflict (slot, name);
+ if (err)
{
- app = lock_table[slot].last_app;
- if (!name || (app->apptype && !ascii_strcasecmp (app->apptype, name)) )
- {
- /* Yes, we can reuse this application - either the caller
- requested an unspecific one or the requested one matches
- the saved one. */
- lock_table[slot].app = app;
- lock_table[slot].last_app = NULL;
- }
- else
- {
- /* No, this saved application can't be used - deallocate it. */
- lock_table[slot].last_app = NULL;
- deallocate_app (app);
- app = NULL;
- }
+ unlock_reader (slot);
+ return err;
}
+ app = lock_table[slot].app;
+
/* If we can reuse an application, bump the reference count and
return it. */
if (app)
@@ -497,10 +477,10 @@ release_application (app_t app)
return;
}
- if (lock_table[slot].last_app)
- deallocate_app (lock_table[slot].last_app);
- lock_table[slot].last_app = lock_table[slot].app;
- lock_table[slot].app = NULL;
+ /* We don't deallocate app here. Instead, we keep it. This is
+ useful so that a card does not get reset even if only one session
+ is using the card - this way the PIN cache and other cached data
+ are preserved. */
unlock_reader (slot);
}
commit 9934889415d47f691344499972a0b879cf90ff96
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Dec 3 11:26:24 2015 +0900
scd: Fix "Conflicting usage" bug.
* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
got an error from apdu_disconnect.
* scd/app-common.h (no_reuse): Remove.
* scd/app.c (application_notify_card_reset): Deallocate APP here.
(select_application, release_application): Don't use NO_REUSE.
--
Reproducible scenario: Invoke gpg --card-edit session from a terminal.
Invoke another gpg --card-edit session from another. Remove a token.
Insert a token again. Type RET on both terminals. One of terminal
answers "Conflicting usage".
Perhaps, having NO_REUSE field was to avoid race conditions. Now,
APP can be safely deallocated by application_notify_card_reset.
Thanks to the2nd.
(backport of commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3)
diff --git a/scd/apdu.c b/scd/apdu.c
index f9a1a2d..acca799 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -3136,7 +3136,13 @@ apdu_close_reader (int slot)
return SW_HOST_NO_DRIVER;
sw = apdu_disconnect (slot);
if (sw)
- return sw;
+ {
+ /*
+ * When the reader/token was removed it might come here.
+ * It should go through to call CLOSE_READER even if we got an error.
+ */
+ log_debug ("apdu_close_reader => 0x%x (apdu_disconnect)\n", sw);
+ }
if (reader_table[slot].close_reader)
return reader_table[slot].close_reader (slot);
return SW_HOST_NOT_SUPPORTED;
diff --git a/scd/app-common.h b/scd/app-common.h
index e48db3c..ac2c2e9 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -44,11 +44,6 @@ struct app_ctx_s {
operations the particular function pointer is set to NULL */
unsigned int ref_count;
- /* Flag indicating that a reset has been done for that application
- and that this context is merely lingering and just should not be
- reused. */
- int no_reuse;
-
/* Used reader slot. */
int slot;
diff --git a/scd/app.c b/scd/app.c
index 742f937..380a347 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -190,9 +190,12 @@ application_notify_card_reset (int slot)
/* FIXME: We are ignoring any error value here. */
lock_reader (slot, NULL);
- /* Mark application as non-reusable. */
+ /* Release the APP, as it's not reusable any more. */
if (lock_table[slot].app)
- lock_table[slot].app->no_reuse = 1;
+ {
+ deallocate_app (lock_table[slot].app);
+ lock_table[slot].app = NULL;
+ }
/* Deallocate a saved application for that slot, so that we won't
try to reuse it. If there is no saved application, set a flag so
@@ -265,16 +268,6 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
return gpg_error (GPG_ERR_CONFLICT);
}
- /* Don't use a non-reusable marked application. */
- if (app && app->no_reuse)
- {
- unlock_reader (slot);
- log_info ("lingering application `%s' in use by reader %d"
- " - can't switch\n",
- app->apptype? app->apptype:"?", slot);
- return gpg_error (GPG_ERR_CONFLICT);
- }
-
/* If we don't have an app, check whether we have a saved
application for that slot. This is useful so that a card does
not get reset even if only one session is using the card - this
@@ -506,15 +499,7 @@ release_application (app_t app)
if (lock_table[slot].last_app)
deallocate_app (lock_table[slot].last_app);
- if (app->no_reuse)
- {
- /* If we shall not re-use the application we can't save it for
- later use. */
- deallocate_app (app);
- lock_table[slot].last_app = NULL;
- }
- else
- lock_table[slot].last_app = lock_table[slot].app;
+ lock_table[slot].last_app = lock_table[slot].app;
lock_table[slot].app = NULL;
unlock_reader (slot);
}
-----------------------------------------------------------------------
Summary of changes:
scd/apdu.c | 11 ++++-
scd/app-common.h | 5 ---
scd/app.c | 122 ++++++++++++++++++++-----------------------------------
3 files changed, 54 insertions(+), 84 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list