| blob | 6c1cdd0724f09ee518ee4943335e1e28958c27f7 |
1 /* command.c - SCdaemon command handler
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005,
3 * 2007, 2008, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <errno.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <ctype.h>
27 #include <unistd.h>
28 #include <signal.h>
29 #ifdef USE_GNU_PTH
30 # include <pth.h>
31 #endif
33 #include <assuan.h>
36 #include <ksba.h>
40 #ifdef HAVE_LIBUSB
42 #endif
44 /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */
45 #define MAXLEN_PIN 100
47 /* Maximum allowed size of key data as used in inquiries. */
48 #define MAXLEN_KEYDATA 4096
50 /* Maximum allowed size of certificate data as used in inquiries. */
51 #define MAXLEN_CERTDATA 16384
54 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
57 /* Macro to flag a removed card. */
58 #define TEST_CARD_REMOVAL(c,r) \
59 do { \
60 int _r = (r); \
61 if (gpg_err_code (_r) == GPG_ERR_CARD_NOT_PRESENT \
62 || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED) \
63 update_card_removed ((c)->reader_slot, 1); \
64 } while (0)
66 #define IS_LOCKED(c) \
67 (locked_session && locked_session != (c)->server_local \
68 && (c)->reader_slot != -1 && locked_session->ctrl_backlink \
69 && (c)->reader_slot == locked_session->ctrl_backlink->reader_slot)
72 /* This structure is used to keep track of open readers (slots). */
73 struct slot_status_s
74 {
81 done. This is set once to indicate that the status
82 tracking for the slot has been initialized. */
85 };
88 /* Data used to associate an Assuan context with local server data.
89 This object describes the local properties of one session. */
90 struct server_local_s
91 {
92 /* We keep a list of all active sessions with the anchor at
93 SESSION_LIST (see below). This field is used for linking. */
96 /* This object is usually assigned to a CTRL object (which is
97 globally visible). While enumerating all sessions we sometimes
98 need to access data of the CTRL object; thus we keep a
99 backpointer here. */
100 ctrl_t ctrl_backlink;
102 /* The Assuan context used by this session/server. */
103 assuan_context_t assuan_ctx;
105 #ifdef HAVE_W32_SYSTEM
107 #else
109 #endif
111 /* True if the card has been removed and a reset is required to
112 continue operation. */
115 /* Flag indicating that the application context needs to be released
116 at the next opportunity. */
119 /* A disconnect command has been sent. */
122 /* If set to true we will be terminate ourself at the end of the
123 this session. */
126 };
129 /* The table with information on all used slots. FIXME: This is a
130 different slot number than the one used by the APDU layer, and
131 should be renamed. */
135 /* To keep track of all running sessions, we link all active server
136 contexts and the anchor in this variable. */
139 /* If a session has been locked we store a link to its server object
140 in this variable. */
143 /* While doing a reset we need to make sure that the ticker does not
144 call scd_update_reader_status_file while we are using it. */
147 \f
148 /*-- Local prototypes --*/
152 \f
154 /* This function must be called once to initialize this module. This
155 has to be done before a second thread is spawned. We can't do the
156 static initialization because Pth emulation code might not be able
157 to do a static init; in particular, it is not possible for W32. */
158 void
160 {
164 {
167 }
168 }
171 /* Update the CARD_REMOVED element of all sessions using the reader
172 given by SLOT to VALUE. */
173 static void
175 {
181 {
183 }
184 /* Let the card application layer know about the removal. */
187 }
191 /* Check whether the option NAME appears in LINE. Returns 1 or 0. */
192 static int
194 {
200 }
202 /* Same as has_option but does only test for the name of the option
203 and ignores an argument, i.e. with NAME being "--hash" it would
204 return a pointer for "--hash" as well as for "--hash=foo". If
205 thhere is no such option NULL is returned. The pointer returned
206 points right behind the option name, this may be an equal sign, Nul
207 or a space. */
210 {
217 }
220 /* Skip over options. It is assumed that leading spaces have been
221 removed (this is the case for lines passed to a handler from
222 assuan). Blanks after the options are also removed. */
225 {
227 {
229 line++;
231 line++;
232 }
234 }
238 /* Convert the STRING into a newly allocated buffer while translating
239 the hex numbers. Stops at the first invalid character. Blanks and
240 colons are allowed to separate the hex digits. Returns NULL on
241 error or a newly malloced buffer and its length in LENGTH. */
244 {
253 {
257 {
259 s++;
260 }
261 else
263 }
266 }
270 /* Reset the card and free the application context. With SEND_RESET
271 set to true actually send a RESET to the reader; this is the normal
272 way of calling the function. */
273 static void
275 {
281 /* If there is an active application, release it. Tell all other
282 sessions using the same application to release the
283 application. */
285 {
289 {
295 {
297 }
298 }
299 }
301 /* If we want a real reset for the card, send the reset APDU and
302 tell the application layer about it. */
304 {
306 {
308 }
310 }
312 /* If we hold a lock, unlock now. */
314 {
317 }
319 /* Reset the card removed flag for the current reader. We need to
320 take the lock here so that the ticker thread won't concurrently
321 try to update the file. Calling update_reader_status_file is
322 required to get hold of the new status of the card in the slot
323 table. */
325 {
329 }
335 /* Do this last, so that the update_card_removed above does its job. */
337 }
339 \f
340 static void
342 {
346 }
349 static int
351 {
355 {
356 /* A value of 0 is allowed to reset the event signal. */
357 #ifdef HAVE_W32_SYSTEM
361 #else
366 #endif
367 }
370 }
373 /* Return the slot of the current reader or open the reader if no
374 other sessions are using a reader. Note, that we currently support
375 only one reader but most of the code (except for this function)
376 should be able to cope with several readers. */
377 static int
379 {
384 /* Initialize the item if needed. */
386 {
389 }
391 /* Try to open the reader. */
395 /* Return the slot_table index. */
397 }
399 /* If the card has not yet been opened, do it. Note that this
400 function returns an Assuan error, so don't map the error a second
401 time. */
402 static assuan_error_t
404 {
405 gpg_error_t err;
408 /* If we ever got a card not present error code, return that. Only
409 the SERIALNO command and a reset are able to clear from that
410 state. */
417 /* If the application has been marked for release do it now. We
418 can't do it immediately in do_reset because the application may
419 still be in use. */
421 {
425 }
427 /* If we are already initialized for one specific application we
428 need to check that the client didn't requested a specific
429 application different from the one in use before we continue. */
433 /* Setup the slot and select the application. */
436 else
441 else
442 {
443 /* Fixme: We should move the apdu_connect call to
444 select_application. */
450 {
453 else
455 }
456 else
458 }
462 }
465 /* SERIALNO [APPTYPE]
467 Return the serial number of the card using a status reponse. This
468 function should be used to check for the presence of a card.
470 If APPTYPE is given, an application of that type is selected and an
471 error is returned if the application is not supported or available.
472 The default is to auto-select the application using a hardwired
473 preference system. Note, that a future extension to this function
474 may allow to specify a list and order of applications to try.
476 This function is special in that it can be used to reset the card.
477 Most other functions will return an error when a card change has
478 been detected and the use of this function is therefore required.
480 Background: We want to keep the client clear of handling card
481 changes between operations; i.e. the client can assume that all
482 operations are done on the same card unless he calls this function.
483 */
484 static int
486 {
493 /* Clear the remove flag so that the open_card is able to reread it. */
495 {
499 }
517 }
522 /* LEARN [--force] [--keypairinfo]
524 Learn all useful information of the currently inserted card. When
525 used without the force options, the command might do an INQUIRE
526 like this:
528 INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
530 The client should just send an "END" if the processing should go on
531 or a "CANCEL" to force the function to terminate with a Cancel
532 error message.
534 With the option --keypairinfo only KEYPARIINFO lstatus lines are
535 returned.
537 The response of this command is a list of status lines formatted as
538 this:
540 S APPTYPE <apptype>
542 This returns the type of the application, currently the strings:
544 P15 = PKCS-15 structure used
545 DINSIG = DIN SIG
546 OPENPGP = OpenPGP card
547 NKS = NetKey card
549 are implemented. These strings are aliases for the AID
551 S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>
553 If there is no certificate yet stored on the card a single "X" is
554 returned as the keygrip. In addition to the keypair info, information
555 about all certificates stored on the card is also returned:
557 S CERTINFO <certtype> <hexstring_with_id>
559 Where CERTTYPE is a number indicating the type of certificate:
560 0 := Unknown
561 100 := Regular X.509 cert
562 101 := Trusted X.509 cert
563 102 := Useful X.509 cert
564 110 := Root CA cert in a special format (e.g. DINSIG)
565 111 := Root CA cert as standard X509 cert.
567 For certain cards, more information will be returned:
569 S KEY-FPR <no> <hexstring>
571 For OpenPGP cards this returns the stored fingerprints of the
572 keys. This can be used check whether a key is available on the
573 card. NO may be 1, 2 or 3.
575 S CA-FPR <no> <hexstring>
577 Similar to above, these are the fingerprints of keys assumed to be
578 ultimately trusted.
580 S DISP-NAME <name_of_card_holder>
582 The name of the card holder as stored on the card; percent
583 escaping takes place, spaces are encoded as '+'
585 S PUBKEY-URL <url>
587 The URL to be used for locating the entire public key.
589 Note, that this function may even be used on a locked card.
590 */
591 static int
593 {
601 /* Unless the force option is used we try a shortcut by identifying
602 the card using a serial number and inquiring the client with
603 that. The client may choose to cancel the operation if he already
604 knows about this card */
606 {
623 {
628 {
631 }
636 {
642 }
643 /* Not canceled, so we have to proceeed. */
644 }
646 }
648 /* Let the application print out its collection of useful status
649 information. */
655 }
658 \f
659 /* READCERT <hexified_certid>|<keyid>
661 Note, that this function may even be used on a locked card.
662 */
663 static int
665 {
681 {
686 }
690 }
693 /* READKEY <keyid>
695 Return the public key for the given cert or key ID as an standard
696 S-Expression.
698 Note, that this function may even be used on a locked card.
699 */
700 static int
702 {
708 ksba_sexp_t p;
716 /* If the application supports the READKEY function we use that.
717 Otherwise we use the old way by extracting it from the
718 certificate. */
727 }
731 else
732 {
736 }
744 {
747 }
750 {
753 }
757 {
760 }
767 leave:
772 }
775 \f
777 /* SETDATA <hexstring>
779 The client should use this command to tell us the data he want to
780 sign. */
781 static int
783 {
792 /* Parse the hexstring. */
794 ;
811 }
815 static gpg_error_t
817 {
825 {
826 /* We prompt for keypad entry. To make sure that the popup has
827 been show we use an inquire and not just a status message.
828 We ignore any value returned. */
830 {
837 }
838 else
839 {
843 }
847 }
856 /* Fixme: Write an inquire function which returns the result in
857 secure memory and check all further handling of the PIN. */
864 {
865 /* We require that the returned value is an UTF-8 string */
868 }
871 }
874 /* PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>
876 The --hash option is optional; the default is SHA1.
878 */
879 static int
881 {
905 else
916 /* We have to use a copy of the key ID because the function may use
917 the pin_cb which in turn uses the assuan line buffer and thus
918 overwriting the original line with the keyid */
931 {
933 }
934 else
935 {
940 }
944 }
946 /* PKAUTH <hexified_id>
948 */
949 static int
951 {
967 /* We have to use a copy of the key ID because the function may use
968 the pin_cb which in turn uses the assuan line buffer and thus
969 overwriting the original line with the keyid */
975 keyidstr,
981 {
983 }
984 else
985 {
990 }
994 }
996 /* PKDECRYPT <hexified_id>
998 */
999 static int
1001 {
1018 keyidstr,
1025 {
1027 }
1028 else
1029 {
1034 }
1038 }
1041 /* GETATTR <name>
1043 This command is used to retrieve data from a smartcard. The
1044 allowed names depend on the currently selected smartcard
1045 application. NAME must be percent and '+' escaped. The value is
1046 returned through status message, see the LEARN command for details.
1048 However, the current implementation assumes that Name is not escaped;
1049 this works as long as noone uses arbitrary escaping.
1051 Note, that this function may even be used on a locked card.
1052 */
1053 static int
1055 {
1065 ;
1069 /* (We ignore any garbage for now.) */
1071 /* FIXME: Applications should not return sensitive data if the card
1072 is locked. */
1077 }
1080 /* SETATTR <name> <value>
1082 This command is used to store data on a a smartcard. The allowed
1083 names and values are depend on the currently selected smartcard
1084 application. NAME and VALUE must be percent and '+' escaped.
1086 However, the current implementation assumes that NAME is not
1087 escaped; this works as long as noone uses arbitrary escaping.
1089 A PIN will be requested for most NAMEs. See the corresponding
1090 setattr function of the actually used application (app-*.c) for
1091 details. */
1092 static int
1094 {
1108 /* We need to use a copy of LINE, because PIN_CB uses the same
1109 context and thus reuses the Assuan provided LINE. */
1116 ;
1120 line++;
1129 }
1133 /* WRITECERT <hexified_certid>
1135 This command is used to store a certifciate on a smartcard. The
1136 allowed certids depend on the currently selected smartcard
1137 application. The actual certifciate is requested using the inquiry
1138 "CERTDATA" and needs to be provided in its raw (e.g. DER) form.
1140 In almost all cases a a PIN will be requested. See the related
1141 writecert function of the actually used application (app-*.c) for
1142 details. */
1143 static int
1145 {
1161 line++;
1174 /* Now get the actual keydata. */
1178 {
1181 }
1183 /* Write the certificate to the card. */
1191 }
1195 /* WRITEKEY [--force] <keyid>
1197 This command is used to store a secret key on a a smartcard. The
1198 allowed keyids depend on the currently selected smartcard
1199 application. The actual keydata is requested using the inquiry
1200 "KEYDATA" and need to be provided without any protection. With
1201 --force set an existing key under this KEYID will get overwritten.
1202 The keydata is expected to be the usual canonical encoded
1203 S-expression.
1205 A PIN will be requested for most NAMEs. See the corresponding
1206 writekey function of the actually used application (app-*.c) for
1207 details. */
1208 static int
1210 {
1227 line++;
1240 /* Now get the actual keydata. */
1245 {
1248 }
1250 /* Write the key to the card. */
1258 }
1262 /* GENKEY [--force] [--timestamp=<isodate>] <no>
1264 Generate a key on-card identified by NO, which is application
1265 specific. Return values are application specific. For OpenPGP
1266 cards 2 status lines are returned:
1268 S KEY-FPR <hexstring>
1269 S KEY-CREATED-AT <seconds_since_epoch>
1270 S KEY-DATA [p|n] <hexdata>
1272 --force is required to overwrite an already existing key. The
1273 KEY-CREATED-AT is required for further processing because it is
1274 part of the hashed key material for the fingerprint.
1276 If --timestamp is given an OpenPGP key will be created using this
1277 value. The value needs to be in ISO Format; e.g.
1278 "--timestamp=20030316T120000" and after 1970-01-01 00:00:00.
1280 The public part of the key can also later be retrieved using the
1281 READKEY command.
1283 */
1284 static int
1286 {
1300 {
1306 }
1307 else
1316 line++;
1334 }
1337 /* RANDOM <nbytes>
1339 Get NBYTES of random from the card and send them back as data.
1341 Note, that this function may be even be used on a locked card.
1342 */
1343 static int
1345 {
1367 {
1371 }
1376 }
1378 \f
1379 /* PASSWD [--reset] [--nullpin] <chvno>
1381 Change the PIN or, if --reset is given, reset the retry counter of
1382 the card holder verfication vector CHVNO. The option --nullpin is
1383 used for TCOS cards to set the initial PIN. The format of CHVNO
1384 depends on the card application. */
1385 static int
1387 {
1407 line++;
1426 }
1429 /* CHECKPIN <idstr>
1431 Perform a VERIFY operation without doing anything else. This may
1432 be used to initialize a the PIN cache earlier to long lasting
1433 operations. Its use is highly application dependent.
1435 For OpenPGP:
1437 Perform a simple verify operation for CHV1 and CHV2, so that
1438 further operations won't ask for CHV2 and it is possible to do a
1439 cheap check on the PIN: If there is something wrong with the PIN
1440 entry system, only the regular CHV will get blocked and not the
1441 dangerous CHV3. IDSTR is the usual card's serial number in hex
1442 notation; an optional fingerprint part will get ignored. There
1443 is however a special mode if the IDSTR is sffixed with the
1444 literal string "[CHV3]": In this case the Admin PIN is checked
1445 if and only if the retry counter is still at 3.
1447 For Netkey:
1449 Any of the valid PIN Ids may be used. These are the strings:
1451 PW1.CH - Global password 1
1452 PW2.CH - Global password 2
1453 PW1.CH.SIG - SigG password 1
1454 PW2.CH.SIG - SigG password 2
1456 For a definitive list, see the implementation in app-nks.c.
1457 Note that we call a PW2.* PIN a "PUK" despite that since TCOS
1458 3.0 they are technically alternative PINs used to mutally
1459 unblock each other.
1461 */
1462 static int
1464 {
1478 /* We have to use a copy of the key ID because the function may use
1479 the pin_cb which in turn uses the assuan line buffer and thus
1480 overwriting the original line with the keyid. */
1492 }
1495 /* LOCK [--wait]
1497 Grant exclusive card access to this session. Note that there is
1498 no lock counter used and a second lock from the same session will
1499 be ignored. A single unlock (or RESET) unlocks the session.
1500 Return GPG_ERR_LOCKED if another session has locked the reader.
1502 If the option --wait is given the command will wait until a
1503 lock has been released.
1504 */
1505 static int
1507 {
1511 retry:
1513 {
1516 }
1517 else
1520 #ifdef USE_GNU_PTH
1522 {
1525 for card operations this should be
1526 sufficient. */
1527 /* FIXME: Need to check that the connection is still alive.
1528 This can be done by issuing status messages. */
1530 }
1536 }
1539 /* UNLOCK
1541 Release exclusive card access.
1542 */
1543 static int
1545 {
1552 {
1555 else
1557 }
1558 else
1564 }
1567 /* GETINFO <what>
1569 Multi purpose command to return certain information.
1570 Supported values of WHAT are:
1572 version - Return the version of the program.
1573 pid - Return the process id of the server.
1575 socket_name - Return the name of the socket.
1577 status - Return the status of the current slot (in the future, may
1578 also return the status of all slots). The status is a list of
1579 one-character flags. The following flags are currently defined:
1580 'u' Usable card present. This is the normal state during operation.
1581 'r' Card removed. A reset is necessary.
1582 These flags are exclusive.
1584 reader_list - Return a list of detected card readers. Does
1585 currently only work with the internal CCID driver.
1587 deny_admin - Returns OK if admin commands are not allowed or
1588 GPG_ERR_GENERAL if admin commands are allowed.
1590 app_list - Return a list of supported applications. One
1591 application per line, fields delimited by colons,
1592 first field is the name.
1593 */
1595 static int
1597 {
1601 {
1604 }
1606 {
1611 }
1613 {
1618 else
1620 }
1622 {
1628 {
1641 }
1643 }
1645 {
1646 #ifdef HAVE_LIBUSB
1648 #else
1650 #endif
1654 else
1657 }
1661 {
1665 else
1668 }
1669 else
1672 }
1675 /* RESTART
1677 Restart the current connection; this is a kind of warm reset. It
1678 deletes the context used by this connection but does not send a
1679 RESET to the card. Thus the card itself won't get reset.
1681 This is used by gpg-agent to reuse a primary pipe connection and
1682 may be used by clients to backup from a conflict in the serial
1683 command; i.e. to select another application.
1684 */
1686 static int
1688 {
1694 {
1697 }
1699 {
1702 }
1704 }
1707 /* DISCONNECT
1709 Disconnect the card if it is not any longer used by other
1710 connections and the backend supports a disconnect operation.
1711 */
1712 static int
1714 {
1721 }
1725 /* APDU [--atr] [--more] [hexstring]
1727 Send an APDU to the current reader. This command bypasses the high
1728 level functions and sends the data directly to the card. HEXSTRING
1729 is expected to be a proper APDU. If HEXSTRING is not given no
1730 commands are set to the card but the command will implictly check
1731 whether the card is ready for use.
1733 Using the option "--atr" returns the ATR of the card as a status
1734 message before any data like this:
1735 S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
1737 Using the option --more handles the card status word MORE_DATA
1738 (61xx) and concatenate all reponses to one block.
1740 */
1741 static int
1743 {
1763 {
1770 {
1773 }
1777 }
1781 {
1784 }
1786 {
1794 else
1795 {
1798 }
1799 }
1802 leave:
1805 }
1808 /* KILLSCD - Commit suicide. */
1809 static int
1811 {
1818 }
1821 \f
1822 /* Tell the assuan library about our commands */
1823 static int
1825 {
1856 };
1860 {
1864 }
1870 }
1873 /* Startup the server. If FD is given as -1 this is simple pipe
1874 server, otherwise it is a regular server. Returns true if there
1875 are no more active asessions. */
1876 int
1878 {
1880 assuan_context_t ctx;
1884 {
1890 }
1891 else
1892 {
1894 }
1896 {
1900 }
1903 {
1907 }
1910 /* Allocate and initialize the server object. Put it into the list
1911 of active sessions. */
1921 /* We open the reader right at startup so that the ticker is able to
1922 update the status file. */
1924 {
1926 }
1928 /* Command processing loop. */
1930 {
1933 {
1935 }
1937 {
1940 }
1944 {
1947 }
1948 }
1950 /* Cleanup. We don't send an explicit reset to the card. */
1953 /* Release the server object. */
1956 else
1957 {
1966 }
1971 /* Release the Assuan context. */
1977 /* If there are no more sessions return true. */
1979 }
1982 /* Send a line with status information via assuan and escape all given
1983 buffers. The variable elements are pairs of (char *, size_t),
1984 terminated with a (NULL, 0). */
1985 void
1987 {
2000 {
2005 {
2007 n++;
2008 }
2010 {
2012 {
2015 }
2018 else
2020 }
2021 }
2026 }
2029 /* Send a ready formatted status line via assuan. */
2030 void
2032 {
2037 else
2039 }
2042 /* Helper to send the clients a status change notification. */
2043 static void
2045 {
2047 pid_t pid;
2048 #ifdef HAVE_W32_SYSTEM
2049 HANDLE handle;
2050 #else
2052 #endif
2059 {
2061 {
2063 #ifdef HAVE_W32_SYSTEM
2073 else
2074 {
2081 {
2084 killidx++;
2085 }
2086 }
2091 {
2099 else
2100 {
2105 {
2108 killidx++;
2109 }
2110 }
2111 }
2113 }
2114 }
2115 }
2119 /* This is the core of scd_update_reader_status_file but the caller
2120 needs to take care of the locking. */
2121 static void
2123 {
2127 /* Make sure that the reader has been opened. Like get_reader_slot,
2128 this part of the code assumes that there is only one reader. */
2132 /* Note, that we only try to get the status, because it does not
2133 make sense to wait here for a operation to complete. If we are
2134 busy working with a card, delays in the status file update should
2135 be acceptable. */
2137 {
2147 {
2148 /* Get status failed. Ignore that. */
2150 }
2153 {
2163 /* FIXME: Should this be IDX instead of ss->slot? This
2164 depends on how client sessions will associate the reader
2165 status with their session. */
2170 {
2176 }
2179 /* If a status script is executable, run it. */
2180 {
2184 gpg_error_t err;
2189 else
2190 {
2216 }
2218 }
2220 /* Set the card removed flag for all current sessions. We
2221 will set this on any card change because a reset or
2222 SERIALNO request must be done in any case. */
2228 /* Send a signal to all clients who applied for it. */
2230 }
2232 /* Check whether a disconnect is pending. */
2234 {
2239 {
2240 /* FIXME: Use a real timeout. */
2241 /* At least one connection and all allow a disconnect. */
2244 }
2245 }
2247 }
2248 }
2250 /* This function is called by the ticker thread to check for changes
2251 of the reader stati. It updates the reader status files and if
2252 requested by the caller also send a signal to the caller. */
2253 void
2255 {
2261 }