| blob | b70455eecc94231003ea087fd927e98e4b3c2f5f |
1 /* command.c - SCdaemon command handler
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005,
3 * 2007, 2008, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <errno.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <ctype.h>
27 #include <unistd.h>
28 #include <signal.h>
29 #ifdef USE_GNU_PTH
30 # include <pth.h>
31 #endif
34 #include <assuan.h>
35 #include <ksba.h>
39 #ifdef HAVE_LIBUSB
41 #endif
43 /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */
44 #define MAXLEN_PIN 100
46 /* Maximum allowed size of key data as used in inquiries. */
47 #define MAXLEN_KEYDATA 4096
49 /* Maximum allowed size of certificate data as used in inquiries. */
50 #define MAXLEN_CERTDATA 16384
53 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
56 /* Macro to flag a removed card. ENODEV is also tested to catch teh
57 case of a removed reader. */
58 #define TEST_CARD_REMOVAL(c,r) \
59 do { \
60 int _r = (r); \
61 if (gpg_err_code (_r) == GPG_ERR_CARD_NOT_PRESENT \
62 || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED \
63 || gpg_err_code (_r) == GPG_ERR_ENODEV ) \
64 update_card_removed ((c)->reader_slot, 1); \
65 } while (0)
67 #define IS_LOCKED(c) \
68 (locked_session && locked_session != (c)->server_local \
69 && (c)->reader_slot != -1 && locked_session->ctrl_backlink \
70 && (c)->reader_slot == locked_session->ctrl_backlink->reader_slot)
73 /* This structure is used to keep track of open readers (slots). */
74 struct slot_status_s
75 {
82 done. This is set once to indicate that the status
83 tracking for the slot has been initialized. */
86 };
89 /* Data used to associate an Assuan context with local server data.
90 This object describes the local properties of one session. */
91 struct server_local_s
92 {
93 /* We keep a list of all active sessions with the anchor at
94 SESSION_LIST (see below). This field is used for linking. */
97 /* This object is usually assigned to a CTRL object (which is
98 globally visible). While enumerating all sessions we sometimes
99 need to access data of the CTRL object; thus we keep a
100 backpointer here. */
101 ctrl_t ctrl_backlink;
103 /* The Assuan context used by this session/server. */
104 assuan_context_t assuan_ctx;
106 #ifdef HAVE_W32_SYSTEM
108 #else
110 #endif
112 /* True if the card has been removed and a reset is required to
113 continue operation. */
116 /* Flag indicating that the application context needs to be released
117 at the next opportunity. */
120 /* A disconnect command has been sent. */
123 /* If set to true we will be terminate ourself at the end of the
124 this session. */
127 };
130 /* The table with information on all used slots. FIXME: This is a
131 different slot number than the one used by the APDU layer, and
132 should be renamed. */
136 /* To keep track of all running sessions, we link all active server
137 contexts and the anchor in this variable. */
140 /* If a session has been locked we store a link to its server object
141 in this variable. */
144 /* While doing a reset we need to make sure that the ticker does not
145 call scd_update_reader_status_file while we are using it. */
148 \f
149 /*-- Local prototypes --*/
153 \f
155 /* This function must be called once to initialize this module. This
156 has to be done before a second thread is spawned. We can't do the
157 static initialization because Pth emulation code might not be able
158 to do a static init; in particular, it is not possible for W32. */
159 void
161 {
165 {
168 }
169 }
172 /* Update the CARD_REMOVED element of all sessions using the reader
173 given by SLOT to VALUE. */
174 static void
176 {
182 {
184 }
185 /* Let the card application layer know about the removal. */
188 }
192 /* Check whether the option NAME appears in LINE. Returns 1 or 0. */
193 static int
195 {
201 }
203 /* Same as has_option but does only test for the name of the option
204 and ignores an argument, i.e. with NAME being "--hash" it would
205 return a pointer for "--hash" as well as for "--hash=foo". If
206 there is no such option NULL is returned. The pointer returned
207 points right behind the option name, this may be an equal sign, Nul
208 or a space. */
211 {
218 }
221 /* Skip over options. It is assumed that leading spaces have been
222 removed (this is the case for lines passed to a handler from
223 assuan). Blanks after the options are also removed. */
226 {
228 {
230 line++;
232 line++;
233 }
235 }
239 /* Convert the STRING into a newly allocated buffer while translating
240 the hex numbers. Stops at the first invalid character. Blanks and
241 colons are allowed to separate the hex digits. Returns NULL on
242 error or a newly malloced buffer and its length in LENGTH. */
245 {
254 {
258 {
260 s++;
261 }
262 else
264 }
267 }
271 /* Reset the card and free the application context. With SEND_RESET
272 set to true actually send a RESET to the reader; this is the normal
273 way of calling the function. */
274 static void
276 {
282 /* If there is an active application, release it. Tell all other
283 sessions using the same application to release the
284 application. */
286 {
290 {
296 {
298 }
299 }
300 }
302 /* If we want a real reset for the card, send the reset APDU and
303 tell the application layer about it. */
305 {
307 {
309 }
311 }
313 /* If we hold a lock, unlock now. */
315 {
318 }
320 /* Reset the card removed flag for the current reader. We need to
321 take the lock here so that the ticker thread won't concurrently
322 try to update the file. Calling update_reader_status_file is
323 required to get hold of the new status of the card in the slot
324 table. */
326 {
330 }
336 /* Do this last, so that the update_card_removed above does its job. */
338 }
340 \f
341 static void
343 {
347 }
350 static gpg_error_t
352 {
356 {
357 /* A value of 0 is allowed to reset the event signal. */
358 #ifdef HAVE_W32_SYSTEM
362 #else
367 #endif
368 }
371 }
374 /* Return the slot of the current reader or open the reader if no
375 other sessions are using a reader. Note, that we currently support
376 only one reader but most of the code (except for this function)
377 should be able to cope with several readers. */
378 static int
380 {
385 /* Initialize the item if needed. */
387 {
390 }
392 /* Try to open the reader. */
396 /* Return the slot_table index. */
398 }
400 /* If the card has not yet been opened, do it. Note that this
401 function returns an Assuan error, so don't map the error a second
402 time. */
403 static gpg_error_t
405 {
406 gpg_error_t err;
409 /* If we ever got a card not present error code, return that. Only
410 the SERIALNO command and a reset are able to clear from that
411 state. */
418 /* If the application has been marked for release do it now. We
419 can't do it immediately in do_reset because the application may
420 still be in use. */
422 {
426 }
428 /* If we are already initialized for one specific application we
429 need to check that the client didn't requested a specific
430 application different from the one in use before we continue. */
434 /* Setup the slot and select the application. */
437 else
442 else
443 {
444 /* Fixme: We should move the apdu_connect call to
445 select_application. */
451 {
454 else
456 }
457 else
459 }
463 }
466 /* SERIALNO [APPTYPE]
468 Return the serial number of the card using a status reponse. This
469 function should be used to check for the presence of a card.
471 If APPTYPE is given, an application of that type is selected and an
472 error is returned if the application is not supported or available.
473 The default is to auto-select the application using a hardwired
474 preference system. Note, that a future extension to this function
475 may allow to specify a list and order of applications to try.
477 This function is special in that it can be used to reset the card.
478 Most other functions will return an error when a card change has
479 been detected and the use of this function is therefore required.
481 Background: We want to keep the client clear of handling card
482 changes between operations; i.e. the client can assume that all
483 operations are done on the same card unless he calls this function.
484 */
485 static gpg_error_t
487 {
494 /* Clear the remove flag so that the open_card is able to reread it. */
496 {
500 }
518 }
523 /* LEARN [--force] [--keypairinfo]
525 Learn all useful information of the currently inserted card. When
526 used without the force options, the command might do an INQUIRE
527 like this:
529 INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
531 The client should just send an "END" if the processing should go on
532 or a "CANCEL" to force the function to terminate with a Cancel
533 error message.
535 With the option --keypairinfo only KEYPARIINFO lstatus lines are
536 returned.
538 The response of this command is a list of status lines formatted as
539 this:
541 S APPTYPE <apptype>
543 This returns the type of the application, currently the strings:
545 P15 = PKCS-15 structure used
546 DINSIG = DIN SIG
547 OPENPGP = OpenPGP card
548 NKS = NetKey card
550 are implemented. These strings are aliases for the AID
552 S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>
554 If there is no certificate yet stored on the card a single "X" is
555 returned as the keygrip. In addition to the keypair info, information
556 about all certificates stored on the card is also returned:
558 S CERTINFO <certtype> <hexstring_with_id>
560 Where CERTTYPE is a number indicating the type of certificate:
561 0 := Unknown
562 100 := Regular X.509 cert
563 101 := Trusted X.509 cert
564 102 := Useful X.509 cert
565 110 := Root CA cert in a special format (e.g. DINSIG)
566 111 := Root CA cert as standard X509 cert.
568 For certain cards, more information will be returned:
570 S KEY-FPR <no> <hexstring>
572 For OpenPGP cards this returns the stored fingerprints of the
573 keys. This can be used check whether a key is available on the
574 card. NO may be 1, 2 or 3.
576 S CA-FPR <no> <hexstring>
578 Similar to above, these are the fingerprints of keys assumed to be
579 ultimately trusted.
581 S DISP-NAME <name_of_card_holder>
583 The name of the card holder as stored on the card; percent
584 escaping takes place, spaces are encoded as '+'
586 S PUBKEY-URL <url>
588 The URL to be used for locating the entire public key.
590 Note, that this function may even be used on a locked card.
591 */
592 static gpg_error_t
594 {
602 /* Unless the force option is used we try a shortcut by identifying
603 the card using a serial number and inquiring the client with
604 that. The client may choose to cancel the operation if he already
605 knows about this card */
607 {
624 {
629 {
632 }
637 {
643 }
644 /* Not canceled, so we have to proceeed. */
645 }
647 }
649 /* Let the application print out its collection of useful status
650 information. */
656 }
659 \f
660 /* READCERT <hexified_certid>|<keyid>
662 Note, that this function may even be used on a locked card.
663 */
664 static gpg_error_t
666 {
682 {
687 }
691 }
694 /* READKEY <keyid>
696 Return the public key for the given cert or key ID as an standard
697 S-Expression.
699 Note, that this function may even be used on a locked card.
700 */
701 static gpg_error_t
703 {
709 ksba_sexp_t p;
717 /* If the application supports the READKEY function we use that.
718 Otherwise we use the old way by extracting it from the
719 certificate. */
728 }
732 else
733 {
737 }
745 {
748 }
751 {
754 }
758 {
761 }
768 leave:
773 }
776 \f
778 /* SETDATA <hexstring>
780 The client should use this command to tell us the data he want to
781 sign. */
782 static gpg_error_t
784 {
793 /* Parse the hexstring. */
795 ;
813 }
817 static gpg_error_t
819 {
827 {
828 /* We prompt for keypad entry. To make sure that the popup has
829 been show we use an inquire and not just a status message.
830 We ignore any value returned. */
832 {
839 }
840 else
841 {
845 }
849 }
858 /* Fixme: Write an inquire function which returns the result in
859 secure memory and check all further handling of the PIN. */
866 {
867 /* We require that the returned value is an UTF-8 string */
870 }
873 }
876 /* PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>
878 The --hash option is optional; the default is SHA1.
880 */
881 static gpg_error_t
883 {
907 else
918 /* We have to use a copy of the key ID because the function may use
919 the pin_cb which in turn uses the assuan line buffer and thus
920 overwriting the original line with the keyid */
933 {
935 }
936 else
937 {
942 }
946 }
948 /* PKAUTH <hexified_id>
950 */
951 static gpg_error_t
953 {
969 /* We have to use a copy of the key ID because the function may use
970 the pin_cb which in turn uses the assuan line buffer and thus
971 overwriting the original line with the keyid */
977 keyidstr,
983 {
985 }
986 else
987 {
992 }
996 }
998 /* PKDECRYPT <hexified_id>
1000 */
1001 static gpg_error_t
1003 {
1020 keyidstr,
1027 {
1029 }
1030 else
1031 {
1036 }
1040 }
1043 /* GETATTR <name>
1045 This command is used to retrieve data from a smartcard. The
1046 allowed names depend on the currently selected smartcard
1047 application. NAME must be percent and '+' escaped. The value is
1048 returned through status message, see the LEARN command for details.
1050 However, the current implementation assumes that Name is not escaped;
1051 this works as long as noone uses arbitrary escaping.
1053 Note, that this function may even be used on a locked card.
1054 */
1055 static gpg_error_t
1057 {
1067 ;
1071 /* (We ignore any garbage for now.) */
1073 /* FIXME: Applications should not return sensitive data if the card
1074 is locked. */
1079 }
1082 /* SETATTR <name> <value>
1084 This command is used to store data on a a smartcard. The allowed
1085 names and values are depend on the currently selected smartcard
1086 application. NAME and VALUE must be percent and '+' escaped.
1088 However, the current implementation assumes that NAME is not
1089 escaped; this works as long as noone uses arbitrary escaping.
1091 A PIN will be requested for most NAMEs. See the corresponding
1092 setattr function of the actually used application (app-*.c) for
1093 details. */
1094 static gpg_error_t
1096 {
1110 /* We need to use a copy of LINE, because PIN_CB uses the same
1111 context and thus reuses the Assuan provided LINE. */
1118 ;
1122 line++;
1131 }
1135 /* WRITECERT <hexified_certid>
1137 This command is used to store a certifciate on a smartcard. The
1138 allowed certids depend on the currently selected smartcard
1139 application. The actual certifciate is requested using the inquiry
1140 "CERTDATA" and needs to be provided in its raw (e.g. DER) form.
1142 In almost all cases a a PIN will be requested. See the related
1143 writecert function of the actually used application (app-*.c) for
1144 details. */
1145 static gpg_error_t
1147 {
1163 line++;
1176 /* Now get the actual keydata. */
1180 {
1183 }
1185 /* Write the certificate to the card. */
1193 }
1197 /* WRITEKEY [--force] <keyid>
1199 This command is used to store a secret key on a a smartcard. The
1200 allowed keyids depend on the currently selected smartcard
1201 application. The actual keydata is requested using the inquiry
1202 "KEYDATA" and need to be provided without any protection. With
1203 --force set an existing key under this KEYID will get overwritten.
1204 The keydata is expected to be the usual canonical encoded
1205 S-expression.
1207 A PIN will be requested for most NAMEs. See the corresponding
1208 writekey function of the actually used application (app-*.c) for
1209 details. */
1210 static gpg_error_t
1212 {
1229 line++;
1242 /* Now get the actual keydata. */
1247 {
1250 }
1252 /* Write the key to the card. */
1260 }
1264 /* GENKEY [--force] [--timestamp=<isodate>] <no>
1266 Generate a key on-card identified by NO, which is application
1267 specific. Return values are application specific. For OpenPGP
1268 cards 2 status lines are returned:
1270 S KEY-FPR <hexstring>
1271 S KEY-CREATED-AT <seconds_since_epoch>
1272 S KEY-DATA [p|n] <hexdata>
1274 --force is required to overwrite an already existing key. The
1275 KEY-CREATED-AT is required for further processing because it is
1276 part of the hashed key material for the fingerprint.
1278 If --timestamp is given an OpenPGP key will be created using this
1279 value. The value needs to be in ISO Format; e.g.
1280 "--timestamp=20030316T120000" and after 1970-01-01 00:00:00.
1282 The public part of the key can also later be retrieved using the
1283 READKEY command.
1285 */
1286 static gpg_error_t
1288 {
1302 {
1308 }
1309 else
1318 line++;
1336 }
1339 /* RANDOM <nbytes>
1341 Get NBYTES of random from the card and send them back as data.
1343 Note, that this function may be even be used on a locked card.
1344 */
1345 static gpg_error_t
1347 {
1369 {
1373 }
1378 }
1380 \f
1381 /* PASSWD [--reset] [--nullpin] <chvno>
1383 Change the PIN or, if --reset is given, reset the retry counter of
1384 the card holder verfication vector CHVNO. The option --nullpin is
1385 used for TCOS cards to set the initial PIN. The format of CHVNO
1386 depends on the card application. */
1387 static gpg_error_t
1389 {
1409 line++;
1428 }
1431 /* CHECKPIN <idstr>
1433 Perform a VERIFY operation without doing anything else. This may
1434 be used to initialize a the PIN cache earlier to long lasting
1435 operations. Its use is highly application dependent.
1437 For OpenPGP:
1439 Perform a simple verify operation for CHV1 and CHV2, so that
1440 further operations won't ask for CHV2 and it is possible to do a
1441 cheap check on the PIN: If there is something wrong with the PIN
1442 entry system, only the regular CHV will get blocked and not the
1443 dangerous CHV3. IDSTR is the usual card's serial number in hex
1444 notation; an optional fingerprint part will get ignored. There
1445 is however a special mode if the IDSTR is sffixed with the
1446 literal string "[CHV3]": In this case the Admin PIN is checked
1447 if and only if the retry counter is still at 3.
1449 For Netkey:
1451 Any of the valid PIN Ids may be used. These are the strings:
1453 PW1.CH - Global password 1
1454 PW2.CH - Global password 2
1455 PW1.CH.SIG - SigG password 1
1456 PW2.CH.SIG - SigG password 2
1458 For a definitive list, see the implementation in app-nks.c.
1459 Note that we call a PW2.* PIN a "PUK" despite that since TCOS
1460 3.0 they are technically alternative PINs used to mutally
1461 unblock each other.
1463 */
1464 static gpg_error_t
1466 {
1480 /* We have to use a copy of the key ID because the function may use
1481 the pin_cb which in turn uses the assuan line buffer and thus
1482 overwriting the original line with the keyid. */
1494 }
1497 /* LOCK [--wait]
1499 Grant exclusive card access to this session. Note that there is
1500 no lock counter used and a second lock from the same session will
1501 be ignored. A single unlock (or RESET) unlocks the session.
1502 Return GPG_ERR_LOCKED if another session has locked the reader.
1504 If the option --wait is given the command will wait until a
1505 lock has been released.
1506 */
1507 static gpg_error_t
1509 {
1513 retry:
1515 {
1518 }
1519 else
1522 #ifdef USE_GNU_PTH
1524 {
1527 for card operations this should be
1528 sufficient. */
1529 /* FIXME: Need to check that the connection is still alive.
1530 This can be done by issuing status messages. */
1532 }
1538 }
1541 /* UNLOCK
1543 Release exclusive card access.
1544 */
1545 static gpg_error_t
1547 {
1554 {
1557 else
1559 }
1560 else
1566 }
1569 /* GETINFO <what>
1571 Multi purpose command to return certain information.
1572 Supported values of WHAT are:
1574 version - Return the version of the program.
1575 pid - Return the process id of the server.
1577 socket_name - Return the name of the socket.
1579 status - Return the status of the current slot (in the future, may
1580 also return the status of all slots). The status is a list of
1581 one-character flags. The following flags are currently defined:
1582 'u' Usable card present. This is the normal state during operation.
1583 'r' Card removed. A reset is necessary.
1584 These flags are exclusive.
1586 reader_list - Return a list of detected card readers. Does
1587 currently only work with the internal CCID driver.
1589 deny_admin - Returns OK if admin commands are not allowed or
1590 GPG_ERR_GENERAL if admin commands are allowed.
1592 app_list - Return a list of supported applications. One
1593 application per line, fields delimited by colons,
1594 first field is the name.
1595 */
1597 static gpg_error_t
1599 {
1603 {
1606 }
1608 {
1613 }
1615 {
1620 else
1622 }
1624 {
1630 {
1643 }
1645 }
1647 {
1648 #ifdef HAVE_LIBUSB
1650 #else
1652 #endif
1656 else
1659 }
1663 {
1667 else
1670 }
1671 else
1674 }
1677 /* RESTART
1679 Restart the current connection; this is a kind of warm reset. It
1680 deletes the context used by this connection but does not send a
1681 RESET to the card. Thus the card itself won't get reset.
1683 This is used by gpg-agent to reuse a primary pipe connection and
1684 may be used by clients to backup from a conflict in the serial
1685 command; i.e. to select another application.
1686 */
1688 static gpg_error_t
1690 {
1696 {
1699 }
1701 {
1704 }
1706 }
1709 /* DISCONNECT
1711 Disconnect the card if it is not any longer used by other
1712 connections and the backend supports a disconnect operation.
1713 */
1714 static gpg_error_t
1716 {
1723 }
1727 /* APDU [--atr] [--more] [--exlen[=N]] [hexstring]
1729 Send an APDU to the current reader. This command bypasses the high
1730 level functions and sends the data directly to the card. HEXSTRING
1731 is expected to be a proper APDU. If HEXSTRING is not given no
1732 commands are set to the card but the command will implictly check
1733 whether the card is ready for use.
1735 Using the option "--atr" returns the ATR of the card as a status
1736 message before any data like this:
1737 S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
1739 Using the option --more handles the card status word MORE_DATA
1740 (61xx) and concatenates all reponses to one block.
1742 Using the option "--exlen" the returned APDU may use extended
1743 length up to N bytes. If N is not given a default value is used
1744 (currently 4096).
1745 */
1746 static gpg_error_t
1748 {
1762 {
1765 else
1767 }
1768 else
1780 {
1787 {
1790 }
1794 }
1798 {
1801 }
1803 {
1812 else
1813 {
1816 }
1817 }
1820 leave:
1823 }
1826 /* KILLSCD - Commit suicide. */
1827 static gpg_error_t
1829 {
1836 }
1839 \f
1840 /* Tell the assuan library about our commands */
1841 static int
1843 {
1874 };
1878 {
1882 }
1888 }
1891 /* Startup the server. If FD is given as -1 this is simple pipe
1892 server, otherwise it is a regular server. Returns true if there
1893 are no more active asessions. */
1894 int
1896 {
1903 {
1907 }
1910 {
1916 }
1917 else
1918 {
1920 }
1922 {
1926 }
1929 {
1933 }
1936 /* Allocate and initialize the server object. Put it into the list
1937 of active sessions. */
1947 /* We open the reader right at startup so that the ticker is able to
1948 update the status file. */
1950 {
1952 }
1954 /* Command processing loop. */
1956 {
1959 {
1961 }
1963 {
1966 }
1970 {
1973 }
1974 }
1976 /* Cleanup. We don't send an explicit reset to the card. */
1979 /* Release the server object. */
1982 else
1983 {
1992 }
1997 /* Release the Assuan context. */
2003 /* If there are no more sessions return true. */
2005 }
2008 /* Send a line with status information via assuan and escape all given
2009 buffers. The variable elements are pairs of (char *, size_t),
2010 terminated with a (NULL, 0). */
2011 void
2013 {
2026 {
2031 {
2033 n++;
2034 }
2036 {
2038 {
2041 }
2044 else
2046 }
2047 }
2052 }
2055 /* Send a ready formatted status line via assuan. */
2056 void
2058 {
2063 else
2065 }
2068 /* Helper to send the clients a status change notification. */
2069 static void
2071 {
2073 pid_t pid;
2074 #ifdef HAVE_W32_SYSTEM
2075 HANDLE handle;
2076 #else
2078 #endif
2085 {
2087 {
2089 #ifdef HAVE_W32_SYSTEM
2099 else
2100 {
2107 {
2110 killidx++;
2111 }
2112 }
2117 {
2125 else
2126 {
2131 {
2134 killidx++;
2135 }
2136 }
2137 }
2139 }
2140 }
2141 }
2145 /* This is the core of scd_update_reader_status_file but the caller
2146 needs to take care of the locking. */
2147 static void
2149 {
2153 /* Make sure that the reader has been opened. Like get_reader_slot,
2154 this part of the code assumes that there is only one reader. */
2158 /* Note, that we only try to get the status, because it does not
2159 make sense to wait here for a operation to complete. If we are
2160 busy working with a card, delays in the status file update should
2161 be acceptable. */
2163 {
2173 {
2174 /* Most likely the _reader_ has been unplugged. */
2177 }
2179 {
2180 /* Get status failed. Ignore that. */
2182 }
2185 {
2195 /* FIXME: Should this be IDX instead of ss->slot? This
2196 depends on how client sessions will associate the reader
2197 status with their session. */
2202 {
2208 }
2211 /* If a status script is executable, run it. */
2212 {
2216 gpg_error_t err;
2221 else
2222 {
2248 }
2250 }
2252 /* Set the card removed flag for all current sessions. We
2253 will set this on any card change because a reset or
2254 SERIALNO request must be done in any case. */
2260 /* Send a signal to all clients who applied for it. */
2262 }
2264 /* Check whether a disconnect is pending. */
2266 {
2271 {
2272 /* FIXME: Use a real timeout. */
2273 /* At least one connection and all allow a disconnect. */
2276 }
2277 }
2279 }
2280 }
2282 /* This function is called by the ticker thread to check for changes
2283 of the reader stati. It updates the reader status files and if
2284 requested by the caller also send a signal to the caller. */
2285 void
2287 {
2293 }