| blob | f12f11acf39aab8b7a777624cad2c29851a47170 |
1 /* command.c - SCdaemon command handler
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005,
3 * 2007, 2008, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <errno.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <ctype.h>
27 #include <unistd.h>
28 #include <signal.h>
29 #ifdef USE_GNU_PTH
30 # include <pth.h>
31 #endif
34 #include <assuan.h>
35 #include <ksba.h>
39 #ifdef HAVE_LIBUSB
41 #endif
43 /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */
44 #define MAXLEN_PIN 100
46 /* Maximum allowed size of key data as used in inquiries. */
47 #define MAXLEN_KEYDATA 4096
49 /* Maximum allowed size of certificate data as used in inquiries. */
50 #define MAXLEN_CERTDATA 16384
53 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
56 /* Macro to flag a removed card. ENODEV is also tested to catch teh
57 case of a removed reader. */
58 #define TEST_CARD_REMOVAL(c,r) \
59 do { \
60 int _r = (r); \
61 if (gpg_err_code (_r) == GPG_ERR_CARD_NOT_PRESENT \
62 || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED \
63 || gpg_err_code (_r) == GPG_ERR_ENODEV ) \
64 update_card_removed ((c)->reader_slot, 1); \
65 } while (0)
67 #define IS_LOCKED(c) \
68 (locked_session && locked_session != (c)->server_local \
69 && (c)->reader_slot != -1 && locked_session->ctrl_backlink \
70 && (c)->reader_slot == locked_session->ctrl_backlink->reader_slot)
73 /* This structure is used to keep track of open readers (slots). */
74 struct slot_status_s
75 {
82 done. This is set once to indicate that the status
83 tracking for the slot has been initialized. */
86 };
89 /* Data used to associate an Assuan context with local server data.
90 This object describes the local properties of one session. */
91 struct server_local_s
92 {
93 /* We keep a list of all active sessions with the anchor at
94 SESSION_LIST (see below). This field is used for linking. */
97 /* This object is usually assigned to a CTRL object (which is
98 globally visible). While enumerating all sessions we sometimes
99 need to access data of the CTRL object; thus we keep a
100 backpointer here. */
101 ctrl_t ctrl_backlink;
103 /* The Assuan context used by this session/server. */
104 assuan_context_t assuan_ctx;
106 #ifdef HAVE_W32_SYSTEM
108 #else
110 #endif
112 /* True if the card has been removed and a reset is required to
113 continue operation. */
116 /* Flag indicating that the application context needs to be released
117 at the next opportunity. */
120 /* A disconnect command has been sent. */
123 /* If set to true we will be terminate ourself at the end of the
124 this session. */
127 };
130 /* The table with information on all used slots. FIXME: This is a
131 different slot number than the one used by the APDU layer, and
132 should be renamed. */
136 /* To keep track of all running sessions, we link all active server
137 contexts and the anchor in this variable. */
140 /* If a session has been locked we store a link to its server object
141 in this variable. */
144 /* While doing a reset we need to make sure that the ticker does not
145 call scd_update_reader_status_file while we are using it. */
148 \f
149 /*-- Local prototypes --*/
153 \f
155 /* This function must be called once to initialize this module. This
156 has to be done before a second thread is spawned. We can't do the
157 static initialization because Pth emulation code might not be able
158 to do a static init; in particular, it is not possible for W32. */
159 void
161 {
165 {
168 }
169 }
172 /* Update the CARD_REMOVED element of all sessions using the reader
173 given by SLOT to VALUE. */
174 static void
176 {
182 {
184 }
185 /* Let the card application layer know about the removal. */
188 }
192 /* Check whether the option NAME appears in LINE. Returns 1 or 0. */
193 static int
195 {
201 }
203 /* Same as has_option but does only test for the name of the option
204 and ignores an argument, i.e. with NAME being "--hash" it would
205 return a pointer for "--hash" as well as for "--hash=foo". If
206 there is no such option NULL is returned. The pointer returned
207 points right behind the option name, this may be an equal sign, Nul
208 or a space. */
211 {
218 }
221 /* Skip over options. It is assumed that leading spaces have been
222 removed (this is the case for lines passed to a handler from
223 assuan). Blanks after the options are also removed. */
226 {
228 {
230 line++;
232 line++;
233 }
235 }
239 /* Convert the STRING into a newly allocated buffer while translating
240 the hex numbers. Stops at the first invalid character. Blanks and
241 colons are allowed to separate the hex digits. Returns NULL on
242 error or a newly malloced buffer and its length in LENGTH. */
245 {
254 {
258 {
260 s++;
261 }
262 else
264 }
267 }
271 /* Reset the card and free the application context. With SEND_RESET
272 set to true actually send a RESET to the reader; this is the normal
273 way of calling the function. */
274 static void
276 {
282 /* If there is an active application, release it. Tell all other
283 sessions using the same application to release the
284 application. */
286 {
290 {
296 {
298 }
299 }
300 }
302 /* If we want a real reset for the card, send the reset APDU and
303 tell the application layer about it. */
305 {
307 {
309 }
311 }
313 /* If we hold a lock, unlock now. */
315 {
318 }
320 /* Reset the card removed flag for the current reader. We need to
321 take the lock here so that the ticker thread won't concurrently
322 try to update the file. Calling update_reader_status_file is
323 required to get hold of the new status of the card in the slot
324 table. */
326 {
330 }
336 /* Do this last, so that the update_card_removed above does its job. */
338 }
340 \f
341 static gpg_error_t
343 {
350 }
353 static gpg_error_t
355 {
359 {
360 /* A value of 0 is allowed to reset the event signal. */
361 #ifdef HAVE_W32_SYSTEM
365 #else
370 #endif
371 }
374 }
377 /* Return the slot of the current reader or open the reader if no
378 other sessions are using a reader. Note, that we currently support
379 only one reader but most of the code (except for this function)
380 should be able to cope with several readers. */
381 static int
383 {
388 /* Initialize the item if needed. */
390 {
393 }
395 /* Try to open the reader. */
399 /* Return the slot_table index. */
401 }
403 /* If the card has not yet been opened, do it. Note that this
404 function returns an Assuan error, so don't map the error a second
405 time. */
406 static gpg_error_t
408 {
409 gpg_error_t err;
412 /* If we ever got a card not present error code, return that. Only
413 the SERIALNO command and a reset are able to clear from that
414 state. */
421 /* If the application has been marked for release do it now. We
422 can't do it immediately in do_reset because the application may
423 still be in use. */
425 {
429 }
431 /* If we are already initialized for one specific application we
432 need to check that the client didn't requested a specific
433 application different from the one in use before we continue. */
437 /* Setup the slot and select the application. */
440 else
445 else
446 {
447 /* Fixme: We should move the apdu_connect call to
448 select_application. */
454 {
457 else
459 }
460 else
462 }
466 }
469 /* SERIALNO [APPTYPE]
471 Return the serial number of the card using a status reponse. This
472 function should be used to check for the presence of a card.
474 If APPTYPE is given, an application of that type is selected and an
475 error is returned if the application is not supported or available.
476 The default is to auto-select the application using a hardwired
477 preference system. Note, that a future extension to this function
478 may allow to specify a list and order of applications to try.
480 This function is special in that it can be used to reset the card.
481 Most other functions will return an error when a card change has
482 been detected and the use of this function is therefore required.
484 Background: We want to keep the client clear of handling card
485 changes between operations; i.e. the client can assume that all
486 operations are done on the same card unless he calls this function.
487 */
488 static gpg_error_t
490 {
497 /* Clear the remove flag so that the open_card is able to reread it. */
499 {
503 }
521 }
526 /* LEARN [--force] [--keypairinfo]
528 Learn all useful information of the currently inserted card. When
529 used without the force options, the command might do an INQUIRE
530 like this:
532 INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
534 The client should just send an "END" if the processing should go on
535 or a "CANCEL" to force the function to terminate with a Cancel
536 error message.
538 With the option --keypairinfo only KEYPARIINFO lstatus lines are
539 returned.
541 The response of this command is a list of status lines formatted as
542 this:
544 S APPTYPE <apptype>
546 This returns the type of the application, currently the strings:
548 P15 = PKCS-15 structure used
549 DINSIG = DIN SIG
550 OPENPGP = OpenPGP card
551 NKS = NetKey card
553 are implemented. These strings are aliases for the AID
555 S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>
557 If there is no certificate yet stored on the card a single "X" is
558 returned as the keygrip. In addition to the keypair info, information
559 about all certificates stored on the card is also returned:
561 S CERTINFO <certtype> <hexstring_with_id>
563 Where CERTTYPE is a number indicating the type of certificate:
564 0 := Unknown
565 100 := Regular X.509 cert
566 101 := Trusted X.509 cert
567 102 := Useful X.509 cert
568 110 := Root CA cert in a special format (e.g. DINSIG)
569 111 := Root CA cert as standard X509 cert.
571 For certain cards, more information will be returned:
573 S KEY-FPR <no> <hexstring>
575 For OpenPGP cards this returns the stored fingerprints of the
576 keys. This can be used check whether a key is available on the
577 card. NO may be 1, 2 or 3.
579 S CA-FPR <no> <hexstring>
581 Similar to above, these are the fingerprints of keys assumed to be
582 ultimately trusted.
584 S DISP-NAME <name_of_card_holder>
586 The name of the card holder as stored on the card; percent
587 escaping takes place, spaces are encoded as '+'
589 S PUBKEY-URL <url>
591 The URL to be used for locating the entire public key.
593 Note, that this function may even be used on a locked card.
594 */
595 static gpg_error_t
597 {
605 /* Unless the force option is used we try a shortcut by identifying
606 the card using a serial number and inquiring the client with
607 that. The client may choose to cancel the operation if he already
608 knows about this card */
610 {
627 {
632 {
635 }
640 {
646 }
647 /* Not canceled, so we have to proceeed. */
648 }
650 }
652 /* Let the application print out its collection of useful status
653 information. */
659 }
662 \f
663 /* READCERT <hexified_certid>|<keyid>
665 Note, that this function may even be used on a locked card.
666 */
667 static gpg_error_t
669 {
685 {
690 }
694 }
697 /* READKEY <keyid>
699 Return the public key for the given cert or key ID as an standard
700 S-Expression.
702 Note, that this function may even be used on a locked card.
703 */
704 static gpg_error_t
706 {
712 ksba_sexp_t p;
720 /* If the application supports the READKEY function we use that.
721 Otherwise we use the old way by extracting it from the
722 certificate. */
731 }
735 else
736 {
740 }
748 {
751 }
754 {
757 }
761 {
764 }
771 leave:
776 }
779 \f
781 /* SETDATA <hexstring>
783 The client should use this command to tell us the data he want to
784 sign. */
785 static gpg_error_t
787 {
796 /* Parse the hexstring. */
798 ;
816 }
820 static gpg_error_t
822 {
830 {
831 /* We prompt for keypad entry. To make sure that the popup has
832 been show we use an inquire and not just a status message.
833 We ignore any value returned. */
835 {
842 }
843 else
844 {
848 }
852 }
861 /* Fixme: Write an inquire function which returns the result in
862 secure memory and check all further handling of the PIN. */
869 {
870 /* We require that the returned value is an UTF-8 string */
873 }
876 }
879 /* PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>
881 The --hash option is optional; the default is SHA1.
883 */
884 static gpg_error_t
886 {
910 else
921 /* We have to use a copy of the key ID because the function may use
922 the pin_cb which in turn uses the assuan line buffer and thus
923 overwriting the original line with the keyid */
936 {
938 }
939 else
940 {
945 }
949 }
951 /* PKAUTH <hexified_id>
953 */
954 static gpg_error_t
956 {
972 /* We have to use a copy of the key ID because the function may use
973 the pin_cb which in turn uses the assuan line buffer and thus
974 overwriting the original line with the keyid */
980 keyidstr,
986 {
988 }
989 else
990 {
995 }
999 }
1001 /* PKDECRYPT <hexified_id>
1003 */
1004 static gpg_error_t
1006 {
1023 keyidstr,
1030 {
1032 }
1033 else
1034 {
1039 }
1043 }
1046 /* GETATTR <name>
1048 This command is used to retrieve data from a smartcard. The
1049 allowed names depend on the currently selected smartcard
1050 application. NAME must be percent and '+' escaped. The value is
1051 returned through status message, see the LEARN command for details.
1053 However, the current implementation assumes that Name is not escaped;
1054 this works as long as noone uses arbitrary escaping.
1056 Note, that this function may even be used on a locked card.
1057 */
1058 static gpg_error_t
1060 {
1070 ;
1074 /* (We ignore any garbage for now.) */
1076 /* FIXME: Applications should not return sensitive data if the card
1077 is locked. */
1082 }
1085 /* SETATTR <name> <value>
1087 This command is used to store data on a a smartcard. The allowed
1088 names and values are depend on the currently selected smartcard
1089 application. NAME and VALUE must be percent and '+' escaped.
1091 However, the current implementation assumes that NAME is not
1092 escaped; this works as long as noone uses arbitrary escaping.
1094 A PIN will be requested for most NAMEs. See the corresponding
1095 setattr function of the actually used application (app-*.c) for
1096 details. */
1097 static gpg_error_t
1099 {
1113 /* We need to use a copy of LINE, because PIN_CB uses the same
1114 context and thus reuses the Assuan provided LINE. */
1121 ;
1125 line++;
1134 }
1138 /* WRITECERT <hexified_certid>
1140 This command is used to store a certifciate on a smartcard. The
1141 allowed certids depend on the currently selected smartcard
1142 application. The actual certifciate is requested using the inquiry
1143 "CERTDATA" and needs to be provided in its raw (e.g. DER) form.
1145 In almost all cases a a PIN will be requested. See the related
1146 writecert function of the actually used application (app-*.c) for
1147 details. */
1148 static gpg_error_t
1150 {
1166 line++;
1179 /* Now get the actual keydata. */
1183 {
1186 }
1188 /* Write the certificate to the card. */
1196 }
1200 /* WRITEKEY [--force] <keyid>
1202 This command is used to store a secret key on a a smartcard. The
1203 allowed keyids depend on the currently selected smartcard
1204 application. The actual keydata is requested using the inquiry
1205 "KEYDATA" and need to be provided without any protection. With
1206 --force set an existing key under this KEYID will get overwritten.
1207 The keydata is expected to be the usual canonical encoded
1208 S-expression.
1210 A PIN will be requested for most NAMEs. See the corresponding
1211 writekey function of the actually used application (app-*.c) for
1212 details. */
1213 static gpg_error_t
1215 {
1232 line++;
1245 /* Now get the actual keydata. */
1250 {
1253 }
1255 /* Write the key to the card. */
1263 }
1267 /* GENKEY [--force] [--timestamp=<isodate>] <no>
1269 Generate a key on-card identified by NO, which is application
1270 specific. Return values are application specific. For OpenPGP
1271 cards 2 status lines are returned:
1273 S KEY-FPR <hexstring>
1274 S KEY-CREATED-AT <seconds_since_epoch>
1275 S KEY-DATA [p|n] <hexdata>
1277 --force is required to overwrite an already existing key. The
1278 KEY-CREATED-AT is required for further processing because it is
1279 part of the hashed key material for the fingerprint.
1281 If --timestamp is given an OpenPGP key will be created using this
1282 value. The value needs to be in ISO Format; e.g.
1283 "--timestamp=20030316T120000" and after 1970-01-01 00:00:00.
1285 The public part of the key can also later be retrieved using the
1286 READKEY command.
1288 */
1289 static gpg_error_t
1291 {
1305 {
1311 }
1312 else
1321 line++;
1339 }
1342 /* RANDOM <nbytes>
1344 Get NBYTES of random from the card and send them back as data.
1346 Note, that this function may be even be used on a locked card.
1347 */
1348 static gpg_error_t
1350 {
1372 {
1376 }
1381 }
1383 \f
1384 /* PASSWD [--reset] [--nullpin] <chvno>
1386 Change the PIN or, if --reset is given, reset the retry counter of
1387 the card holder verfication vector CHVNO. The option --nullpin is
1388 used for TCOS cards to set the initial PIN. The format of CHVNO
1389 depends on the card application. */
1390 static gpg_error_t
1392 {
1412 line++;
1431 }
1434 /* CHECKPIN <idstr>
1436 Perform a VERIFY operation without doing anything else. This may
1437 be used to initialize a the PIN cache earlier to long lasting
1438 operations. Its use is highly application dependent.
1440 For OpenPGP:
1442 Perform a simple verify operation for CHV1 and CHV2, so that
1443 further operations won't ask for CHV2 and it is possible to do a
1444 cheap check on the PIN: If there is something wrong with the PIN
1445 entry system, only the regular CHV will get blocked and not the
1446 dangerous CHV3. IDSTR is the usual card's serial number in hex
1447 notation; an optional fingerprint part will get ignored. There
1448 is however a special mode if the IDSTR is sffixed with the
1449 literal string "[CHV3]": In this case the Admin PIN is checked
1450 if and only if the retry counter is still at 3.
1452 For Netkey:
1454 Any of the valid PIN Ids may be used. These are the strings:
1456 PW1.CH - Global password 1
1457 PW2.CH - Global password 2
1458 PW1.CH.SIG - SigG password 1
1459 PW2.CH.SIG - SigG password 2
1461 For a definitive list, see the implementation in app-nks.c.
1462 Note that we call a PW2.* PIN a "PUK" despite that since TCOS
1463 3.0 they are technically alternative PINs used to mutally
1464 unblock each other.
1466 */
1467 static gpg_error_t
1469 {
1483 /* We have to use a copy of the key ID because the function may use
1484 the pin_cb which in turn uses the assuan line buffer and thus
1485 overwriting the original line with the keyid. */
1497 }
1500 /* LOCK [--wait]
1502 Grant exclusive card access to this session. Note that there is
1503 no lock counter used and a second lock from the same session will
1504 be ignored. A single unlock (or RESET) unlocks the session.
1505 Return GPG_ERR_LOCKED if another session has locked the reader.
1507 If the option --wait is given the command will wait until a
1508 lock has been released.
1509 */
1510 static gpg_error_t
1512 {
1516 retry:
1518 {
1521 }
1522 else
1525 #ifdef USE_GNU_PTH
1527 {
1530 for card operations this should be
1531 sufficient. */
1532 /* FIXME: Need to check that the connection is still alive.
1533 This can be done by issuing status messages. */
1535 }
1541 }
1544 /* UNLOCK
1546 Release exclusive card access.
1547 */
1548 static gpg_error_t
1550 {
1557 {
1560 else
1562 }
1563 else
1569 }
1572 /* GETINFO <what>
1574 Multi purpose command to return certain information.
1575 Supported values of WHAT are:
1577 version - Return the version of the program.
1578 pid - Return the process id of the server.
1580 socket_name - Return the name of the socket.
1582 status - Return the status of the current slot (in the future, may
1583 also return the status of all slots). The status is a list of
1584 one-character flags. The following flags are currently defined:
1585 'u' Usable card present. This is the normal state during operation.
1586 'r' Card removed. A reset is necessary.
1587 These flags are exclusive.
1589 reader_list - Return a list of detected card readers. Does
1590 currently only work with the internal CCID driver.
1592 deny_admin - Returns OK if admin commands are not allowed or
1593 GPG_ERR_GENERAL if admin commands are allowed.
1595 app_list - Return a list of supported applications. One
1596 application per line, fields delimited by colons,
1597 first field is the name.
1598 */
1600 static gpg_error_t
1602 {
1606 {
1609 }
1611 {
1616 }
1618 {
1623 else
1625 }
1627 {
1633 {
1646 }
1648 }
1650 {
1651 #ifdef HAVE_LIBUSB
1653 #else
1655 #endif
1659 else
1662 }
1666 {
1670 else
1673 }
1674 else
1677 }
1680 /* RESTART
1682 Restart the current connection; this is a kind of warm reset. It
1683 deletes the context used by this connection but does not send a
1684 RESET to the card. Thus the card itself won't get reset.
1686 This is used by gpg-agent to reuse a primary pipe connection and
1687 may be used by clients to backup from a conflict in the serial
1688 command; i.e. to select another application.
1689 */
1691 static gpg_error_t
1693 {
1699 {
1702 }
1704 {
1707 }
1709 }
1712 /* DISCONNECT
1714 Disconnect the card if it is not any longer used by other
1715 connections and the backend supports a disconnect operation.
1716 */
1717 static gpg_error_t
1719 {
1726 }
1730 /* APDU [--atr] [--more] [--exlen[=N]] [hexstring]
1732 Send an APDU to the current reader. This command bypasses the high
1733 level functions and sends the data directly to the card. HEXSTRING
1734 is expected to be a proper APDU. If HEXSTRING is not given no
1735 commands are set to the card but the command will implictly check
1736 whether the card is ready for use.
1738 Using the option "--atr" returns the ATR of the card as a status
1739 message before any data like this:
1740 S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
1742 Using the option --more handles the card status word MORE_DATA
1743 (61xx) and concatenates all reponses to one block.
1745 Using the option "--exlen" the returned APDU may use extended
1746 length up to N bytes. If N is not given a default value is used
1747 (currently 4096).
1748 */
1749 static gpg_error_t
1751 {
1765 {
1768 else
1770 }
1771 else
1783 {
1790 {
1793 }
1797 }
1801 {
1804 }
1806 {
1815 else
1816 {
1819 }
1820 }
1823 leave:
1826 }
1829 /* KILLSCD - Commit suicide. */
1830 static gpg_error_t
1832 {
1839 }
1842 \f
1843 /* Tell the assuan library about our commands */
1844 static int
1846 {
1849 assuan_handler_t handler;
1877 };
1881 {
1885 }
1891 }
1894 /* Startup the server. If FD is given as -1 this is simple pipe
1895 server, otherwise it is a regular server. Returns true if there
1896 are no more active asessions. */
1897 int
1899 {
1906 {
1910 }
1913 {
1919 }
1920 else
1921 {
1923 }
1925 {
1929 }
1932 {
1936 }
1939 /* Allocate and initialize the server object. Put it into the list
1940 of active sessions. */
1950 /* We open the reader right at startup so that the ticker is able to
1951 update the status file. */
1953 {
1955 }
1957 /* Command processing loop. */
1959 {
1962 {
1964 }
1966 {
1969 }
1973 {
1976 }
1977 }
1979 /* Cleanup. We don't send an explicit reset to the card. */
1982 /* Release the server object. */
1985 else
1986 {
1995 }
2000 /* Release the Assuan context. */
2006 /* If there are no more sessions return true. */
2008 }
2011 /* Send a line with status information via assuan and escape all given
2012 buffers. The variable elements are pairs of (char *, size_t),
2013 terminated with a (NULL, 0). */
2014 void
2016 {
2029 {
2034 {
2036 n++;
2037 }
2039 {
2041 {
2044 }
2047 else
2049 }
2050 }
2055 }
2058 /* Send a ready formatted status line via assuan. */
2059 void
2061 {
2066 else
2068 }
2071 /* Helper to send the clients a status change notification. */
2072 static void
2074 {
2076 pid_t pid;
2077 #ifdef HAVE_W32_SYSTEM
2078 HANDLE handle;
2079 #else
2081 #endif
2088 {
2090 {
2092 #ifdef HAVE_W32_SYSTEM
2102 else
2103 {
2110 {
2113 killidx++;
2114 }
2115 }
2120 {
2128 else
2129 {
2134 {
2137 killidx++;
2138 }
2139 }
2140 }
2142 }
2143 }
2144 }
2148 /* This is the core of scd_update_reader_status_file but the caller
2149 needs to take care of the locking. */
2150 static void
2152 {
2156 /* Make sure that the reader has been opened. Like get_reader_slot,
2157 this part of the code assumes that there is only one reader. */
2161 /* Note, that we only try to get the status, because it does not
2162 make sense to wait here for a operation to complete. If we are
2163 busy working with a card, delays in the status file update should
2164 be acceptable. */
2166 {
2176 {
2177 /* Most likely the _reader_ has been unplugged. */
2180 }
2182 {
2183 /* Get status failed. Ignore that. */
2185 }
2188 {
2198 /* FIXME: Should this be IDX instead of ss->slot? This
2199 depends on how client sessions will associate the reader
2200 status with their session. */
2205 {
2211 }
2214 /* If a status script is executable, run it. */
2215 {
2219 gpg_error_t err;
2224 else
2225 {
2251 }
2253 }
2255 /* Set the card removed flag for all current sessions. We
2256 will set this on any card change because a reset or
2257 SERIALNO request must be done in any case. */
2263 /* Send a signal to all clients who applied for it. */
2265 }
2267 /* Check whether a disconnect is pending. */
2269 {
2274 {
2275 /* FIXME: Use a real timeout. */
2276 /* At least one connection and all allow a disconnect. */
2279 }
2280 }
2282 }
2283 }
2285 /* This function is called by the ticker thread to check for changes
2286 of the reader stati. It updates the reader status files and if
2287 requested by the caller also send a signal to the caller. */
2288 void
2290 {
2296 }