| blob | 1fdcf7d5139c738015ef3715b8225ad021cbc786 |
1 /* command.c - SCdaemon command handler
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005,
3 * 2007, 2008, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <errno.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <ctype.h>
27 #include <unistd.h>
28 #include <signal.h>
29 #ifdef USE_GNU_PTH
30 # include <pth.h>
31 #endif
33 #include <assuan.h>
36 #include <ksba.h>
40 #ifdef HAVE_LIBUSB
42 #endif
44 /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */
45 #define MAXLEN_PIN 100
47 /* Maximum allowed size of key data as used in inquiries. */
48 #define MAXLEN_KEYDATA 4096
50 /* Maximum allowed size of certificate data as used in inquiries. */
51 #define MAXLEN_CERTDATA 16384
54 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
57 /* Macro to flag a removed card. ENODEV is also tested to catch teh
58 case of a removed reader. */
59 #define TEST_CARD_REMOVAL(c,r) \
60 do { \
61 int _r = (r); \
62 if (gpg_err_code (_r) == GPG_ERR_CARD_NOT_PRESENT \
63 || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED \
64 || gpg_err_code (_r) == GPG_ERR_ENODEV ) \
65 update_card_removed ((c)->reader_slot, 1); \
66 } while (0)
68 #define IS_LOCKED(c) \
69 (locked_session && locked_session != (c)->server_local \
70 && (c)->reader_slot != -1 && locked_session->ctrl_backlink \
71 && (c)->reader_slot == locked_session->ctrl_backlink->reader_slot)
74 /* This structure is used to keep track of open readers (slots). */
75 struct slot_status_s
76 {
83 done. This is set once to indicate that the status
84 tracking for the slot has been initialized. */
87 };
90 /* Data used to associate an Assuan context with local server data.
91 This object describes the local properties of one session. */
92 struct server_local_s
93 {
94 /* We keep a list of all active sessions with the anchor at
95 SESSION_LIST (see below). This field is used for linking. */
98 /* This object is usually assigned to a CTRL object (which is
99 globally visible). While enumerating all sessions we sometimes
100 need to access data of the CTRL object; thus we keep a
101 backpointer here. */
102 ctrl_t ctrl_backlink;
104 /* The Assuan context used by this session/server. */
105 assuan_context_t assuan_ctx;
107 #ifdef HAVE_W32_SYSTEM
109 #else
111 #endif
113 /* True if the card has been removed and a reset is required to
114 continue operation. */
117 /* Flag indicating that the application context needs to be released
118 at the next opportunity. */
121 /* A disconnect command has been sent. */
124 /* If set to true we will be terminate ourself at the end of the
125 this session. */
128 };
131 /* The table with information on all used slots. FIXME: This is a
132 different slot number than the one used by the APDU layer, and
133 should be renamed. */
137 /* To keep track of all running sessions, we link all active server
138 contexts and the anchor in this variable. */
141 /* If a session has been locked we store a link to its server object
142 in this variable. */
145 /* While doing a reset we need to make sure that the ticker does not
146 call scd_update_reader_status_file while we are using it. */
149 \f
150 /*-- Local prototypes --*/
154 \f
156 /* This function must be called once to initialize this module. This
157 has to be done before a second thread is spawned. We can't do the
158 static initialization because Pth emulation code might not be able
159 to do a static init; in particular, it is not possible for W32. */
160 void
162 {
166 {
169 }
170 }
173 /* Update the CARD_REMOVED element of all sessions using the reader
174 given by SLOT to VALUE. */
175 static void
177 {
183 {
185 }
186 /* Let the card application layer know about the removal. */
189 }
193 /* Check whether the option NAME appears in LINE. Returns 1 or 0. */
194 static int
196 {
202 }
204 /* Same as has_option but does only test for the name of the option
205 and ignores an argument, i.e. with NAME being "--hash" it would
206 return a pointer for "--hash" as well as for "--hash=foo". If
207 there is no such option NULL is returned. The pointer returned
208 points right behind the option name, this may be an equal sign, Nul
209 or a space. */
212 {
219 }
222 /* Skip over options. It is assumed that leading spaces have been
223 removed (this is the case for lines passed to a handler from
224 assuan). Blanks after the options are also removed. */
227 {
229 {
231 line++;
233 line++;
234 }
236 }
240 /* Convert the STRING into a newly allocated buffer while translating
241 the hex numbers. Stops at the first invalid character. Blanks and
242 colons are allowed to separate the hex digits. Returns NULL on
243 error or a newly malloced buffer and its length in LENGTH. */
246 {
255 {
259 {
261 s++;
262 }
263 else
265 }
268 }
272 /* Reset the card and free the application context. With SEND_RESET
273 set to true actually send a RESET to the reader; this is the normal
274 way of calling the function. */
275 static void
277 {
283 /* If there is an active application, release it. Tell all other
284 sessions using the same application to release the
285 application. */
287 {
291 {
297 {
299 }
300 }
301 }
303 /* If we want a real reset for the card, send the reset APDU and
304 tell the application layer about it. */
306 {
308 {
310 }
312 }
314 /* If we hold a lock, unlock now. */
316 {
319 }
321 /* Reset the card removed flag for the current reader. We need to
322 take the lock here so that the ticker thread won't concurrently
323 try to update the file. Calling update_reader_status_file is
324 required to get hold of the new status of the card in the slot
325 table. */
327 {
331 }
337 /* Do this last, so that the update_card_removed above does its job. */
339 }
341 \f
342 static void
344 {
348 }
351 static int
353 {
357 {
358 /* A value of 0 is allowed to reset the event signal. */
359 #ifdef HAVE_W32_SYSTEM
363 #else
368 #endif
369 }
372 }
375 /* Return the slot of the current reader or open the reader if no
376 other sessions are using a reader. Note, that we currently support
377 only one reader but most of the code (except for this function)
378 should be able to cope with several readers. */
379 static int
381 {
386 /* Initialize the item if needed. */
388 {
391 }
393 /* Try to open the reader. */
397 /* Return the slot_table index. */
399 }
401 /* If the card has not yet been opened, do it. Note that this
402 function returns an Assuan error, so don't map the error a second
403 time. */
404 static assuan_error_t
406 {
407 gpg_error_t err;
410 /* If we ever got a card not present error code, return that. Only
411 the SERIALNO command and a reset are able to clear from that
412 state. */
419 /* If the application has been marked for release do it now. We
420 can't do it immediately in do_reset because the application may
421 still be in use. */
423 {
427 }
429 /* If we are already initialized for one specific application we
430 need to check that the client didn't requested a specific
431 application different from the one in use before we continue. */
435 /* Setup the slot and select the application. */
438 else
443 else
444 {
445 /* Fixme: We should move the apdu_connect call to
446 select_application. */
452 {
455 else
457 }
458 else
460 }
464 }
467 /* SERIALNO [APPTYPE]
469 Return the serial number of the card using a status reponse. This
470 function should be used to check for the presence of a card.
472 If APPTYPE is given, an application of that type is selected and an
473 error is returned if the application is not supported or available.
474 The default is to auto-select the application using a hardwired
475 preference system. Note, that a future extension to this function
476 may allow to specify a list and order of applications to try.
478 This function is special in that it can be used to reset the card.
479 Most other functions will return an error when a card change has
480 been detected and the use of this function is therefore required.
482 Background: We want to keep the client clear of handling card
483 changes between operations; i.e. the client can assume that all
484 operations are done on the same card unless he calls this function.
485 */
486 static int
488 {
495 /* Clear the remove flag so that the open_card is able to reread it. */
497 {
501 }
519 }
524 /* LEARN [--force] [--keypairinfo]
526 Learn all useful information of the currently inserted card. When
527 used without the force options, the command might do an INQUIRE
528 like this:
530 INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
532 The client should just send an "END" if the processing should go on
533 or a "CANCEL" to force the function to terminate with a Cancel
534 error message.
536 With the option --keypairinfo only KEYPARIINFO lstatus lines are
537 returned.
539 The response of this command is a list of status lines formatted as
540 this:
542 S APPTYPE <apptype>
544 This returns the type of the application, currently the strings:
546 P15 = PKCS-15 structure used
547 DINSIG = DIN SIG
548 OPENPGP = OpenPGP card
549 NKS = NetKey card
551 are implemented. These strings are aliases for the AID
553 S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>
555 If there is no certificate yet stored on the card a single "X" is
556 returned as the keygrip. In addition to the keypair info, information
557 about all certificates stored on the card is also returned:
559 S CERTINFO <certtype> <hexstring_with_id>
561 Where CERTTYPE is a number indicating the type of certificate:
562 0 := Unknown
563 100 := Regular X.509 cert
564 101 := Trusted X.509 cert
565 102 := Useful X.509 cert
566 110 := Root CA cert in a special format (e.g. DINSIG)
567 111 := Root CA cert as standard X509 cert.
569 For certain cards, more information will be returned:
571 S KEY-FPR <no> <hexstring>
573 For OpenPGP cards this returns the stored fingerprints of the
574 keys. This can be used check whether a key is available on the
575 card. NO may be 1, 2 or 3.
577 S CA-FPR <no> <hexstring>
579 Similar to above, these are the fingerprints of keys assumed to be
580 ultimately trusted.
582 S DISP-NAME <name_of_card_holder>
584 The name of the card holder as stored on the card; percent
585 escaping takes place, spaces are encoded as '+'
587 S PUBKEY-URL <url>
589 The URL to be used for locating the entire public key.
591 Note, that this function may even be used on a locked card.
592 */
593 static int
595 {
603 /* Unless the force option is used we try a shortcut by identifying
604 the card using a serial number and inquiring the client with
605 that. The client may choose to cancel the operation if he already
606 knows about this card */
608 {
625 {
630 {
633 }
638 {
644 }
645 /* Not canceled, so we have to proceeed. */
646 }
648 }
650 /* Let the application print out its collection of useful status
651 information. */
657 }
660 \f
661 /* READCERT <hexified_certid>|<keyid>
663 Note, that this function may even be used on a locked card.
664 */
665 static int
667 {
683 {
688 }
692 }
695 /* READKEY <keyid>
697 Return the public key for the given cert or key ID as an standard
698 S-Expression.
700 Note, that this function may even be used on a locked card.
701 */
702 static int
704 {
710 ksba_sexp_t p;
718 /* If the application supports the READKEY function we use that.
719 Otherwise we use the old way by extracting it from the
720 certificate. */
729 }
733 else
734 {
738 }
746 {
749 }
752 {
755 }
759 {
762 }
769 leave:
774 }
777 \f
779 /* SETDATA <hexstring>
781 The client should use this command to tell us the data he want to
782 sign. */
783 static int
785 {
794 /* Parse the hexstring. */
796 ;
813 }
817 static gpg_error_t
819 {
827 {
828 /* We prompt for keypad entry. To make sure that the popup has
829 been show we use an inquire and not just a status message.
830 We ignore any value returned. */
832 {
839 }
840 else
841 {
845 }
849 }
858 /* Fixme: Write an inquire function which returns the result in
859 secure memory and check all further handling of the PIN. */
866 {
867 /* We require that the returned value is an UTF-8 string */
870 }
873 }
876 /* PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>
878 The --hash option is optional; the default is SHA1.
880 */
881 static int
883 {
907 else
918 /* We have to use a copy of the key ID because the function may use
919 the pin_cb which in turn uses the assuan line buffer and thus
920 overwriting the original line with the keyid */
933 {
935 }
936 else
937 {
942 }
946 }
948 /* PKAUTH <hexified_id>
950 */
951 static int
953 {
969 /* We have to use a copy of the key ID because the function may use
970 the pin_cb which in turn uses the assuan line buffer and thus
971 overwriting the original line with the keyid */
977 keyidstr,
983 {
985 }
986 else
987 {
992 }
996 }
998 /* PKDECRYPT <hexified_id>
1000 */
1001 static int
1003 {
1020 keyidstr,
1027 {
1029 }
1030 else
1031 {
1036 }
1040 }
1043 /* GETATTR <name>
1045 This command is used to retrieve data from a smartcard. The
1046 allowed names depend on the currently selected smartcard
1047 application. NAME must be percent and '+' escaped. The value is
1048 returned through status message, see the LEARN command for details.
1050 However, the current implementation assumes that Name is not escaped;
1051 this works as long as noone uses arbitrary escaping.
1053 Note, that this function may even be used on a locked card.
1054 */
1055 static int
1057 {
1067 ;
1071 /* (We ignore any garbage for now.) */
1073 /* FIXME: Applications should not return sensitive data if the card
1074 is locked. */
1079 }
1082 /* SETATTR <name> <value>
1084 This command is used to store data on a a smartcard. The allowed
1085 names and values are depend on the currently selected smartcard
1086 application. NAME and VALUE must be percent and '+' escaped.
1088 However, the current implementation assumes that NAME is not
1089 escaped; this works as long as noone uses arbitrary escaping.
1091 A PIN will be requested for most NAMEs. See the corresponding
1092 setattr function of the actually used application (app-*.c) for
1093 details. */
1094 static int
1096 {
1110 /* We need to use a copy of LINE, because PIN_CB uses the same
1111 context and thus reuses the Assuan provided LINE. */
1118 ;
1122 line++;
1131 }
1135 /* WRITECERT <hexified_certid>
1137 This command is used to store a certifciate on a smartcard. The
1138 allowed certids depend on the currently selected smartcard
1139 application. The actual certifciate is requested using the inquiry
1140 "CERTDATA" and needs to be provided in its raw (e.g. DER) form.
1142 In almost all cases a a PIN will be requested. See the related
1143 writecert function of the actually used application (app-*.c) for
1144 details. */
1145 static int
1147 {
1163 line++;
1176 /* Now get the actual keydata. */
1180 {
1183 }
1185 /* Write the certificate to the card. */
1193 }
1197 /* WRITEKEY [--force] <keyid>
1199 This command is used to store a secret key on a a smartcard. The
1200 allowed keyids depend on the currently selected smartcard
1201 application. The actual keydata is requested using the inquiry
1202 "KEYDATA" and need to be provided without any protection. With
1203 --force set an existing key under this KEYID will get overwritten.
1204 The keydata is expected to be the usual canonical encoded
1205 S-expression.
1207 A PIN will be requested for most NAMEs. See the corresponding
1208 writekey function of the actually used application (app-*.c) for
1209 details. */
1210 static int
1212 {
1229 line++;
1242 /* Now get the actual keydata. */
1247 {
1250 }
1252 /* Write the key to the card. */
1260 }
1264 /* GENKEY [--force] [--timestamp=<isodate>] <no>
1266 Generate a key on-card identified by NO, which is application
1267 specific. Return values are application specific. For OpenPGP
1268 cards 2 status lines are returned:
1270 S KEY-FPR <hexstring>
1271 S KEY-CREATED-AT <seconds_since_epoch>
1272 S KEY-DATA [p|n] <hexdata>
1274 --force is required to overwrite an already existing key. The
1275 KEY-CREATED-AT is required for further processing because it is
1276 part of the hashed key material for the fingerprint.
1278 If --timestamp is given an OpenPGP key will be created using this
1279 value. The value needs to be in ISO Format; e.g.
1280 "--timestamp=20030316T120000" and after 1970-01-01 00:00:00.
1282 The public part of the key can also later be retrieved using the
1283 READKEY command.
1285 */
1286 static int
1288 {
1302 {
1308 }
1309 else
1318 line++;
1336 }
1339 /* RANDOM <nbytes>
1341 Get NBYTES of random from the card and send them back as data.
1343 Note, that this function may be even be used on a locked card.
1344 */
1345 static int
1347 {
1369 {
1373 }
1378 }
1380 \f
1381 /* PASSWD [--reset] [--nullpin] <chvno>
1383 Change the PIN or, if --reset is given, reset the retry counter of
1384 the card holder verfication vector CHVNO. The option --nullpin is
1385 used for TCOS cards to set the initial PIN. The format of CHVNO
1386 depends on the card application. */
1387 static int
1389 {
1409 line++;
1428 }
1431 /* CHECKPIN <idstr>
1433 Perform a VERIFY operation without doing anything else. This may
1434 be used to initialize a the PIN cache earlier to long lasting
1435 operations. Its use is highly application dependent.
1437 For OpenPGP:
1439 Perform a simple verify operation for CHV1 and CHV2, so that
1440 further operations won't ask for CHV2 and it is possible to do a
1441 cheap check on the PIN: If there is something wrong with the PIN
1442 entry system, only the regular CHV will get blocked and not the
1443 dangerous CHV3. IDSTR is the usual card's serial number in hex
1444 notation; an optional fingerprint part will get ignored. There
1445 is however a special mode if the IDSTR is sffixed with the
1446 literal string "[CHV3]": In this case the Admin PIN is checked
1447 if and only if the retry counter is still at 3.
1449 For Netkey:
1451 Any of the valid PIN Ids may be used. These are the strings:
1453 PW1.CH - Global password 1
1454 PW2.CH - Global password 2
1455 PW1.CH.SIG - SigG password 1
1456 PW2.CH.SIG - SigG password 2
1458 For a definitive list, see the implementation in app-nks.c.
1459 Note that we call a PW2.* PIN a "PUK" despite that since TCOS
1460 3.0 they are technically alternative PINs used to mutally
1461 unblock each other.
1463 */
1464 static int
1466 {
1480 /* We have to use a copy of the key ID because the function may use
1481 the pin_cb which in turn uses the assuan line buffer and thus
1482 overwriting the original line with the keyid. */
1494 }
1497 /* LOCK [--wait]
1499 Grant exclusive card access to this session. Note that there is
1500 no lock counter used and a second lock from the same session will
1501 be ignored. A single unlock (or RESET) unlocks the session.
1502 Return GPG_ERR_LOCKED if another session has locked the reader.
1504 If the option --wait is given the command will wait until a
1505 lock has been released.
1506 */
1507 static int
1509 {
1513 retry:
1515 {
1518 }
1519 else
1522 #ifdef USE_GNU_PTH
1524 {
1527 for card operations this should be
1528 sufficient. */
1529 /* FIXME: Need to check that the connection is still alive.
1530 This can be done by issuing status messages. */
1532 }
1538 }
1541 /* UNLOCK
1543 Release exclusive card access.
1544 */
1545 static int
1547 {
1554 {
1557 else
1559 }
1560 else
1566 }
1569 /* GETINFO <what>
1571 Multi purpose command to return certain information.
1572 Supported values of WHAT are:
1574 version - Return the version of the program.
1575 pid - Return the process id of the server.
1577 socket_name - Return the name of the socket.
1579 status - Return the status of the current slot (in the future, may
1580 also return the status of all slots). The status is a list of
1581 one-character flags. The following flags are currently defined:
1582 'u' Usable card present. This is the normal state during operation.
1583 'r' Card removed. A reset is necessary.
1584 These flags are exclusive.
1586 reader_list - Return a list of detected card readers. Does
1587 currently only work with the internal CCID driver.
1589 deny_admin - Returns OK if admin commands are not allowed or
1590 GPG_ERR_GENERAL if admin commands are allowed.
1592 app_list - Return a list of supported applications. One
1593 application per line, fields delimited by colons,
1594 first field is the name.
1595 */
1597 static int
1599 {
1603 {
1606 }
1608 {
1613 }
1615 {
1620 else
1622 }
1624 {
1630 {
1643 }
1645 }
1647 {
1648 #ifdef HAVE_LIBUSB
1650 #else
1652 #endif
1656 else
1659 }
1663 {
1667 else
1670 }
1671 else
1674 }
1677 /* RESTART
1679 Restart the current connection; this is a kind of warm reset. It
1680 deletes the context used by this connection but does not send a
1681 RESET to the card. Thus the card itself won't get reset.
1683 This is used by gpg-agent to reuse a primary pipe connection and
1684 may be used by clients to backup from a conflict in the serial
1685 command; i.e. to select another application.
1686 */
1688 static int
1690 {
1696 {
1699 }
1701 {
1704 }
1706 }
1709 /* DISCONNECT
1711 Disconnect the card if it is not any longer used by other
1712 connections and the backend supports a disconnect operation.
1713 */
1714 static int
1716 {
1723 }
1727 /* APDU [--atr] [--more] [--exlen[=N]] [hexstring]
1729 Send an APDU to the current reader. This command bypasses the high
1730 level functions and sends the data directly to the card. HEXSTRING
1731 is expected to be a proper APDU. If HEXSTRING is not given no
1732 commands are set to the card but the command will implictly check
1733 whether the card is ready for use.
1735 Using the option "--atr" returns the ATR of the card as a status
1736 message before any data like this:
1737 S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
1739 Using the option --more handles the card status word MORE_DATA
1740 (61xx) and concatenates all reponses to one block.
1742 Using the option "--exlen" the returned APDU may use extended
1743 length up to N bytes. If N is not given a default value is used
1744 (currently 4096).
1745 */
1746 static int
1748 {
1762 {
1765 else
1767 }
1768 else
1780 {
1787 {
1790 }
1794 }
1798 {
1801 }
1803 {
1812 else
1813 {
1816 }
1817 }
1820 leave:
1823 }
1826 /* KILLSCD - Commit suicide. */
1827 static int
1829 {
1836 }
1839 \f
1840 /* Tell the assuan library about our commands */
1841 static int
1843 {
1874 };
1878 {
1882 }
1888 }
1891 /* Startup the server. If FD is given as -1 this is simple pipe
1892 server, otherwise it is a regular server. Returns true if there
1893 are no more active asessions. */
1894 int
1896 {
1898 assuan_context_t ctx;
1902 {
1908 }
1909 else
1910 {
1912 }
1914 {
1918 }
1921 {
1925 }
1928 /* Allocate and initialize the server object. Put it into the list
1929 of active sessions. */
1939 /* We open the reader right at startup so that the ticker is able to
1940 update the status file. */
1942 {
1944 }
1946 /* Command processing loop. */
1948 {
1951 {
1953 }
1955 {
1958 }
1962 {
1965 }
1966 }
1968 /* Cleanup. We don't send an explicit reset to the card. */
1971 /* Release the server object. */
1974 else
1975 {
1984 }
1989 /* Release the Assuan context. */
1995 /* If there are no more sessions return true. */
1997 }
2000 /* Send a line with status information via assuan and escape all given
2001 buffers. The variable elements are pairs of (char *, size_t),
2002 terminated with a (NULL, 0). */
2003 void
2005 {
2018 {
2023 {
2025 n++;
2026 }
2028 {
2030 {
2033 }
2036 else
2038 }
2039 }
2044 }
2047 /* Send a ready formatted status line via assuan. */
2048 void
2050 {
2055 else
2057 }
2060 /* Helper to send the clients a status change notification. */
2061 static void
2063 {
2065 pid_t pid;
2066 #ifdef HAVE_W32_SYSTEM
2067 HANDLE handle;
2068 #else
2070 #endif
2077 {
2079 {
2081 #ifdef HAVE_W32_SYSTEM
2091 else
2092 {
2099 {
2102 killidx++;
2103 }
2104 }
2109 {
2117 else
2118 {
2123 {
2126 killidx++;
2127 }
2128 }
2129 }
2131 }
2132 }
2133 }
2137 /* This is the core of scd_update_reader_status_file but the caller
2138 needs to take care of the locking. */
2139 static void
2141 {
2145 /* Make sure that the reader has been opened. Like get_reader_slot,
2146 this part of the code assumes that there is only one reader. */
2150 /* Note, that we only try to get the status, because it does not
2151 make sense to wait here for a operation to complete. If we are
2152 busy working with a card, delays in the status file update should
2153 be acceptable. */
2155 {
2165 {
2166 /* Most likely the _reader_ has been unplugged. */
2169 }
2171 {
2172 /* Get status failed. Ignore that. */
2174 }
2177 {
2187 /* FIXME: Should this be IDX instead of ss->slot? This
2188 depends on how client sessions will associate the reader
2189 status with their session. */
2194 {
2200 }
2203 /* If a status script is executable, run it. */
2204 {
2208 gpg_error_t err;
2213 else
2214 {
2240 }
2242 }
2244 /* Set the card removed flag for all current sessions. We
2245 will set this on any card change because a reset or
2246 SERIALNO request must be done in any case. */
2252 /* Send a signal to all clients who applied for it. */
2254 }
2256 /* Check whether a disconnect is pending. */
2258 {
2263 {
2264 /* FIXME: Use a real timeout. */
2265 /* At least one connection and all allow a disconnect. */
2268 }
2269 }
2271 }
2272 }
2274 /* This function is called by the ticker thread to check for changes
2275 of the reader stati. It updates the reader status files and if
2276 requested by the caller also send a signal to the caller. */
2277 void
2279 {
2285 }