Patch for scdaemon and reader/smartcard combo devices
Grant Olson
kgo at grant-olson.net
Thu Jan 20 05:51:26 CET 2011
Hey all,
Here's a patch that lets you unplug and replug a reader/smartcard combo
device without having to restart scdaemon.
I've tested on a cryptostick, on both Ubuntu 10.4 and OSX Snow Leopard,
making sure to test the following actions:
- attempting to sign/encrypt without a card.
- signing/encrypting once, removing and reinserting the card,
signing/encrypting again.
- signing/encrypting once, removing the card, attempting to
sign/encrypt, inserting the card, and successfully signing and encrypting.
I'll also continue to use a build with this patch daily to see if
anything falls out.
If NIIBE or anyone else using a card/reader combo could test this with
their hardware, I'd appreciate it greatly. I think it should also work
with any USB reader, even if you're using a seperate smart-card.
Werner, if the patch looks good to you, just let me know what copyright
assignment paperwork I need to fill out, where I need to do it, and I'll
get that done ASAP.
- Grant
From 0426c33c2c23f709b6659bc6b9f72b77a969570f Mon Sep 17 00:00:00 2001
From: Grant Olson <kgo at grant-olson.net>
Date: Wed, 19 Jan 2011 20:05:23 -0500
Subject: [PATCH 2/2] Fix so smartcard reader/card combos don't break
scdaemon when un/re-plugged.
- Make sure slot table entries get invalidated if all readers fail
or else we get stuck with a bad PC/SC entry.
- Treat no reader error same as no card error -- not fatal.
- Close the apdu reader slot if we detect the reader has been unplugged
---
scd/apdu.c | 5 +++--
scd/command.c | 10 ++++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/scd/apdu.c b/scd/apdu.c
index 0fe044c..1bdc673 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -769,6 +769,7 @@ pcsc_error_to_sw (long ec)
case PCSC_E_SHARING_VIOLATION: rc = SW_HOST_LOCKING_FAILED; break;
case PCSC_E_NO_SMARTCARD: rc = SW_HOST_NO_CARD; break;
case PCSC_W_REMOVED_CARD: rc = SW_HOST_NO_CARD; break;
+ case PCSC_E_UNKNOWN_READER: rc = SW_HOST_NO_READER; break;
case PCSC_E_INVALID_TARGET:
case PCSC_E_INVALID_VALUE:
@@ -1412,10 +1413,10 @@ reset_pcsc_reader_wrapped (int slot)
{
log_error ("PC/SC RESET failed: %s (0x%lx)\n",
pcsc_error_string (err), err);
- /* If the error code is no smart card, we should not considere
+ /* If the error code is no smart card or no reader, we should not
consider
this a major error and close the wrapper. */
sw = pcsc_error_to_sw (err);
- if (err == PCSC_E_NO_SMARTCARD)
+ if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER)
return sw;
goto command_failed;
}
diff --git a/scd/command.c b/scd/command.c
index e2cd1f5..d31d7af 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -401,6 +401,14 @@ get_reader_slot (void)
{
int no_service_flag;
ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag);
+
+ /* If we still don't have a slot, we have no readers.
+ Invalidate for now until a reader is attached. */
+ if(ss->slot == -1)
+ {
+ ss->valid = 0;
+ }
+
if (no_service_flag)
{
log_info ("no card services - disabling scdaemon\n");
@@ -2192,6 +2200,8 @@ update_reader_status_file (int set_card_removed_flag)
if (sw_apdu == SW_HOST_NO_READER)
{
/* Most likely the _reader_ has been unplugged. */
+ apdu_close_reader(ss->slot);
+ ss->valid = 0;
status = 0;
changed = ss->changed;
}
--
1.7.0.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110119/86d5e47b/attachment-0001.pgp>
More information about the Gnupg-devel
mailing list