aboutsummaryrefslogtreecommitdiff
path: root/libcacard
AgeCommit message (Collapse)Author
2014-10-28libcacard: don't free sign buffer while sign op is pendingRay Strode
commit 57f97834efe0c208ffadc9d2959f3d3d55580e52 cleaned up the cac_applet_pki_process_apdu function to have a single exit point. Unfortunately, that commit introduced a bug where the sign buffer can get free'd and nullified while it's still being used. This commit corrects the bug by introducing a boolean to track whether or not the sign buffer should be freed in the function exit path. Signed-off-by: Ray Strode <rstrode@redhat.com> Reviewed-by: Alon Levy <alon@pobox.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28libcacard: Lock NSS cert db when selecting an applet on an emulated cardRay Strode
When a process in a guest uses an emulated smartcard, libcacard running on the host passes the PIN from the guest to the PK11_Authenticate NSS function. The first time PK11_Authenticate is called the passed in PIN is used to unlock the certificate database. Subsequent calls to PK11_Authenticate will transparently succeed, regardless of the passed in PIN. This is a convenience for applications provided by NSS. Of course, the guest may have many applications using the one emulated smart card all driven from the same host QEMU process. That means if a user enters the right PIN in one program in the guest, and then enters the wrong PIN in another program in the guest, the wrong PIN will still successfully unlock the virtual smartcard. This commit forces the NSS certificate database to be locked anytime an applet is selected on an emulated smartcard by calling vcard_emul_logout. Signed-off-by: Ray Strode <rstrode@redhat.com> Reviewed-By: Robert Relyea <rrelyea@redhat.com> Reviewed-By: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28libcacard: introduce new vcard_emul_logoutRay Strode
vcard_emul_reset currently only logs NSS out, but there is a TODO for potentially sending insertion/removal events when powering down or powering up. For clarity, this commit moves the current guts of vcard_emul_reset to a new vcard_emul_logout function which will never send insertion/removal events. The vcard_emul_reset function now just calls vcard_emul_logout, but also retains its TODO for watching power state transitions and sending insertion/removal events. Signed-off-by: Ray Strode <rstrode@redhat.com> Reviewed-By: Robert Relyea <rrelyea@redhat.com> Reviewed-By: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-20Fix typos and misspellings in commentszhanghailiang
formated -> formatted gaurantee -> guarantee shear -> sheer Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-24vscclient: Add required headers to fix build on FreeBSDEd Maste
Signed-off-by: Ed Maste <emaste@freebsd.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-11Merge remote-tracking branch 'remotes/bonzini/configure' into stagingPeter Maydell
* remotes/bonzini/configure: rules.mak: Rewrite unnest-vars configure: unset interfering variables configure: duplicate/incorrect order of -lrt libcacard: improve documentation libcacard: actually use symbols file libcacard: replace qemu thread primitives with glib ones vscclient: use glib thread primitives not qemu glib-compat.h: add new thread API emulation on top of pre-2.31 API Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-10libcacard: Clean up dead stores before g_free()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-10libcacard: Drop superfluous conditionals around g_free()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-10libcacard: actually use symbols fileMichael Tokarev
libtool has an argument for .syms file, which is -export-symbols. There's no argument `-export-syms', and it looks like at least on linux, -export-syms is just ignored. Use the correct argument, -export-symbols, to actually get the right export list. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Alon Levy <alevy@redhat.com> Tested-by: Alon Levy <alevy@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-06-10libcacard: replace qemu thread primitives with glib onesMichael Tokarev
Replace QemuMutex with GMutex and QemuCond with GCond (with corresponding function changes), to make libcacard independent of qemu internal functions. After this step, none of libcacard internals use any qemu-provided symbols. Maybe it's a good idea to stop including qemu-common.h internally too. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Alon Levy <alevy@redhat.com> Tested-by: Alon Levy <alevy@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-06-10vscclient: use glib thread primitives not qemuMichael Tokarev
Use glib-provided thread primitives in vscclient instead of qemu ones, and do not use qemu sockets in there (open-code call to WSAStartup() for windows to initialize things). This way, vscclient becomes more stand-alone, independent on qemu internals. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Alon Levy <alevy@redhat.com> Tested-by: Alon Levy <alevy@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-26libcacard: remove useless initializersMichael Tokarev
libcacard has many functions which initializes local variables at declaration time, which are always assigned some values later (often right after declaration). Clean up these initializers. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-26libcacard: fix wrong array expansion logicMichael Tokarev
The currrent code in libcacard/vcard_emul_nss.c:vcard_emul_options() has a weird bug in variable usage around expanding opts->vreader array. There's a helper variable, vreaderOpt, which is first needlessly initialized to NULL, next, conditionally, only we have to expand opts->vreader, receives array expansion from g_renew(), and next, even if we don't actually perform expansion, the value of this variable is assigned to the actual array, opts->vreader, which was supposed to be expanded. So, since we expand the array by READER_STEP increments, only once in READER_STEP (=4) the code will work, in other 3/4 times it will fail badly. Fix this by not using this temp variable when expanding the array, and by dropping the useless =NULL initializer too - if it wasn't in place initially, compiler would have warned us about this problem at the beginning. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-05-24libcacard/vcard_emul_nss: Drop a redundant conditionalMarkus Armbruster
Bailing out when PK11_FindGenericObjects() returns null ensures the loop that follows it executes at least once. The "loop did not execute" test right after it is useless. Drop it. Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24libcacard: Convert two leftover realloc() to GLibMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24libcacard/vreader: Tighten assertion to clarify intentMarkus Armbruster
Bonus: hushes up Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24libcacard/vreader: Drop broken recovery from failed assertionMarkus Armbruster
We suppress some code when we got unexpected status and assertion checking is off: assert(card_status == VCARD_DONE); if (card_status == VCARD_DONE) { int size = MIN(*receive_buf_len, response->b_total_len); memcpy(receive_buf, response->b_data, size); *receive_buf_len = size; } Such "recovery" is of dubious value even when it works. This one doesn't: it fails to assign to receive_buf[] and *receive_buf_len, which the callers expect. Make the code unconditional. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24libcacard: Plug memory leaks around vreader_get_reader_list()Markus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24libcacard/vscclient: Bury some dead codeMarkus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24libcacard: g_malloc cleanupsMichael Tokarev
This patch replaces g_malloc() in libcacard into g_new() or g_new0() where appropriate (removing some init-to-zero surrounding code), g_malloc+memcpy into g_memdup() and the like. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Alon Levy <alevy@redhat.com>
2014-05-09libcacard: remove libcacard-specific CFLAGS and LIBS from global varsMichael Tokarev
Currently all what's needed for single file libcacard/vcard_emul_nss.c (libnss cflags) and hw/usb/ccid-card-emulated.c (libcacard includes) together with the libs is added to global QEMU_CFLAGS and libs_softmmu. Use the cflags only where really used (for two mentioned files), and libs only where needed. While at it, rename variables to better reflect reality: libcacard_* is really nss_*. This needs a bit more tweaking: $(NSS_LIBS) should not contain $glib_libs (ditto for _cflags). But in order to fix it, some more preparations should be made first. So add a FIXME comment. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-07libcacard: remove unnecessary EOL from debug printsAlon Levy
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-07libcacard: replace pstrcpy() with memcpy()Michael Tokarev
Commit 2e679780ae86c6ca8 replaced strncpy() with pstrcpy() in one place in libcacard. This is a qemu-specific function, while libcacard is a stand-alone library (or tries to be). But since we know the exact length of the string to copy, and know that it definitely will fit in the destination buffer, use memcpy() instead, and null-terminate the string after that. An alternative is to use g_strlcpy() or strncpy(), but memcpy() is more than adequate in this place. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Cc: qemu-trivial@nongnu.org Cc: Alon Levy <alevy@redhat.com>
2014-03-09Add a 'name' parameter to qemu_thread_createDr. David Alan Gilbert
If enabled, set the thread name at creation (on GNU systems with pthread_set_np) Fix up all the callers with a thread name Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-02-09libcacard: Don't link with all libraries QEMU links toChristophe Fergeau
As described in https://bugzilla.redhat.com/show_bug.cgi?id=987441 , libcacard currently links to all the libraries QEMU is linking to, including glusterfs libraries, libiscsi, ... libcacard does not need all of these. This patch ensures it's only linked with the libraries it needs. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> Signed-off-by: Alon Levy <alevy@redhat.com>
2013-12-16vscclient: do not add a socket watch if there is not data to sendMarc-André Lureau
Fixes the following error: ** (process:780): CRITICAL **: do_socket_send: assertion `socket_to_send->len != 0' failed Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-12-09libcacard: Fix compilation for older versions of glib (bug #1258168)Stefan Weil
See https://bugs.launchpad.net/bugs/1258168 libcacard/vscclient.c: In function 'do_socket_read': libcacard/vscclient.c:410: warning: implicit declaration of function 'g_warn_if_reached' libcacard/vscclient.c:410: warning: nested extern declaration of 'g_warn_if_reached' libcacard/vscclient.c: In function 'main': libcacard/vscclient.c:763: warning: implicit declaration of function 'g_byte_array_unref' libcacard/vscclient.c:763: warning: nested extern declaration of 'g_byte_array_unref' ... libcacard/vscclient.o: In function `do_socket_read': libcacard/vscclient.c:410: undefined reference to `g_warn_if_reached' libcacard/vscclient.o: In function `main': libcacard/vscclient.c:763: undefined reference to `g_byte_array_unref' g_warn_if_reached was added in glib 2.16, and g_byte_array_unref is supported since glib 2.22. QEMU requires glib 2.12, so both names must not be used. Instead of showing a warning for code which should not be reached, vscclient better stop running, so g_warn_if_reached is not useful for vscclient. In libcacard/vsclient.c, g_byte_array_unref can be replaced by g_byte_array_free. This is not generally true, so adding a compatibility layer in include/glib-compat.h is no option here. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Reported-by: Don Slutz <dslutz@verizon.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
2013-12-02libcacard/vcard_emul_nss: Remove unused statement (value stored is never read)Stefan Weil
Warning from ccc-analyzer: libcacard/vcard_emul_nss.c:937:9: warning: Value stored to 'cert_count' is never read cert_count = options->vreader[i].cert_count; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-12-02libcacard/cac: Remove unused statement (value stored is never read)Stefan Weil
Warning from ccc-analyzer: libcacard/cac.c:192:13: warning: Value stored to 'ret' is never read ret = VCARD_DONE; ^ ~~~~~~~~~~ Here 'ret' is assigned a value inside of a switch statement and also after that switch statement. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-09-23Merge remote-tracking branch 'stefanha/block' into stagingAnthony Liguori
# By Stefan Hajnoczi (4) and others # Via Stefan Hajnoczi * stefanha/block: virtio-blk: do not relay a previous driver's WCE configuration to the current blockdev: do not default cache.no-flush to true block: don't lose data from last incomplete sector qcow2: Correct snapshots size for overlap check coroutine: fix /perf/nesting coroutine benchmark coroutine: add qemu_coroutine_yield benchmark qemu-timer: do not take the lock in timer_pending qemu-timer: make qemu_timer_mod_ns() and qemu_timer_del() thread-safe qemu-timer: drop outdated signal safety comments osdep: warn if open(O_DIRECT) on fails with EINVAL libcacard: link against qemu-error.o for error_report() Message-id: 1379698931-946-1-git-send-email-stefanha@redhat.com
2013-09-20vscclient: remove unnecessary use of uninitialized variableMichael Tokarev
Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-09-18libcacard: link against qemu-error.o for error_report()Stefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-09-01misc: Fix some typos in names and commentsStefan Weil
Most typos were found using a modified version of codespell: accross -> across issueing -> issuing TICNT_THRESHHOLD -> TICNT_THRESHOLD bandwith -> bandwidth VCARD_7816_PROPIETARY -> VCARD_7816_PROPRIETARY occured -> occurred gaurantee -> guarantee sofware -> software Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-06-21libcacard: Fix cppcheck warning and remove unneeded codeStefan Weil
The local function vcard_emul_alloc_arrays always returned PR_TRUE. Therefore cppcheck complained about code which handled the non-existent PR_FALSE case. Remove the function's return value and the dead code. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-06-12libcacard/vscclient: fix leakage of socket on error pathsAlon Levy
Spotted by Coverity. Signed-off-by: Alon Levy <alevy@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-04-24libcacard/cac: change big switch functions to single return pointAlon Levy
Signed-off-by: Alon Levy <alevy@redhat.com> Reviewed-by: Marc-André Lureau <mlureau@redhat.com>
2013-04-24libcacard: move atr setting from macro to functionAlon Levy
Only because qemu's checkpatch complains about it. Signed-off-by: Alon Levy <alevy@redhat.com> Reviewed-by: Marc-André Lureau <mlureau@redhat.com>
2013-04-24libcacard/vreader: add debugging messages for apduAlon Levy
Using g_debug with log domain libcacard Signed-off-by: Alon Levy <alevy@redhat.com> Reviewed-by: Marc-André Lureau <mlureau@redhat.com>
2013-04-24libcacard: change default ATRAlon Levy
Signed-off-by: Alon Levy <alevy@redhat.com> Reviewed-by: Marc-André Lureau <mlureau@redhat.com>
2013-04-24libcacard: remove default libcoolkey loadingMarc-André Lureau
Use only the modules defined in the NSS database. Signed-off-by: Marc-André Lureau <mlureau@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com>
2013-04-24libcacard: remove sql: prefixMarc-André Lureau
For some reason, with sql:/ prefix, the PKCS11 modules are not loaded. This patch goes on top of Alon smartcard series. Signed-off-by: Marc-André Lureau <mlureau@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com>
2013-04-24libcacard: teach vscclient to use GMainLoop for portabilityMarc-André Lureau
This version handles non-blocking sending and receiving from the socket. Signed-off-by: Marc-André Lureau <mlureau@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com>
2013-04-24libcacard: vscclient to use QemuThread for portabilityMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com>
2013-04-24libcacard: split vscclient main() from socket readingMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com>
2013-04-24libcacard: use system config directory for nss db on win32Marc-André Lureau
It's a bit nicer to look for default database under CSIDL_COMMON_APPDATA\pki\nss rather that /etc/pki/nss. Signed-off-by: Marc-André Lureau <mlureau@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com>
2013-04-24libcacard: correct T0 historical bytes sizeMarc-André Lureau
The VCARD_ATR_PREFIX macro adds a prefix of 6 characters only. pcsc_scan was complaining before the patch: + Historical bytes: 56 43 41 52 44 5F 4E 53 53 ERROR! ATR is truncated: 2 byte(s) is/are missing Signed-off-by: Marc-André Lureau <mlureau@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com>
2013-01-30libcacard: Fix unchecked strdup() by converting to g_strdup()Markus Armbruster
Note that we already free with g_free(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-01-12build: fold trace-obj-y into libqemuutil.aPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-01-12build: move libqemuutil.a components to util/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-01-12libcacard: list oslib-obj-y file explicitlyPaolo Bonzini
We will grow the list of files in the next patches, but libcacard should remain slim. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>