When a process in a guest uses an emulated smartcard, libcacard running
on the host passes the PIN from the guest to the PK11_Authenticate NSS
function. The first time PK11_Authenticate is called the passed in PIN
is used to unlock the certificate database. Subsequent calls to
PK11_Authenticate will transparently succeed, regardless of the passed in
PIN. This is a convenience for applications provided by NSS.
Of course, the guest may have many applications using the one emulated
smart card all driven from the same host QEMU process. That means if a
user enters the right PIN in one program in the guest, and then enters the
wrong PIN in another program in the guest, the wrong PIN will still
successfully unlock the virtual smartcard.
This commit forces the NSS certificate database to be locked anytime an
applet is selected on an emulated smartcard by calling vcard_emul_logout.
Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-By: Robert Relyea <rrelyea@redhat.com>
Reviewed-By: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
vcard_emul_reset currently only logs NSS out, but there is a TODO
for potentially sending insertion/removal events when powering down
or powering up.
For clarity, this commit moves the current guts of vcard_emul_reset to
a new vcard_emul_logout function which will never send insertion/removal
events. The vcard_emul_reset function now just calls vcard_emul_logout,
but also retains its TODO for watching power state transitions and sending
insertion/removal events.
Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-By: Robert Relyea <rrelyea@redhat.com>
Reviewed-By: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* remotes/bonzini/configure:
rules.mak: Rewrite unnest-vars
configure: unset interfering variables
configure: duplicate/incorrect order of -lrt
libcacard: improve documentation
libcacard: actually use symbols file
libcacard: replace qemu thread primitives with glib ones
vscclient: use glib thread primitives not qemu
glib-compat.h: add new thread API emulation on top of pre-2.31 API
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
libtool has an argument for .syms file, which is -export-symbols.
There's no argument `-export-syms', and it looks like at least on
linux, -export-syms is just ignored. Use the correct argument,
-export-symbols, to actually get the right export list.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Alon Levy <alevy@redhat.com>
Tested-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Replace QemuMutex with GMutex and QemuCond with GCond
(with corresponding function changes), to make libcacard
independent of qemu internal functions.
After this step, none of libcacard internals use any
qemu-provided symbols. Maybe it's a good idea to
stop including qemu-common.h internally too.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Alon Levy <alevy@redhat.com>
Tested-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use glib-provided thread primitives in vscclient instead of
qemu ones, and do not use qemu sockets in there (open-code
call to WSAStartup() for windows to initialize things).
This way, vscclient becomes more stand-alone, independent on
qemu internals.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Alon Levy <alevy@redhat.com>
Tested-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
libcacard has many functions which initializes local variables
at declaration time, which are always assigned some values later
(often right after declaration). Clean up these initializers.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The currrent code in libcacard/vcard_emul_nss.c:vcard_emul_options()
has a weird bug in variable usage around expanding opts->vreader
array.
There's a helper variable, vreaderOpt, which is first needlessly
initialized to NULL, next, conditionally, only we have to expand
opts->vreader, receives array expansion from g_renew(), and next,
even if we don't actually perform expansion, the value of this
variable is assigned to the actual array, opts->vreader, which
was supposed to be expanded.
So, since we expand the array by READER_STEP increments, only
once in READER_STEP (=4) the code will work, in other 3/4 times
it will fail badly.
Fix this by not using this temp variable when expanding the
array, and by dropping the useless =NULL initializer too -
if it wasn't in place initially, compiler would have warned
us about this problem at the beginning.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Bailing out when PK11_FindGenericObjects() returns null ensures the
loop that follows it executes at least once. The "loop did not
execute" test right after it is useless. Drop it.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Bonus: hushes up Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
We suppress some code when we got unexpected status and assertion
checking is off:
assert(card_status == VCARD_DONE);
if (card_status == VCARD_DONE) {
int size = MIN(*receive_buf_len, response->b_total_len);
memcpy(receive_buf, response->b_data, size);
*receive_buf_len = size;
}
Such "recovery" is of dubious value even when it works. This one
doesn't: it fails to assign to receive_buf[] and *receive_buf_len,
which the callers expect.
Make the code unconditional.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This patch replaces g_malloc() in libcacard into g_new()
or g_new0() where appropriate (removing some init-to-zero
surrounding code), g_malloc+memcpy into g_memdup() and the
like.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Alon Levy <alevy@redhat.com>
Currently all what's needed for single file libcacard/vcard_emul_nss.c
(libnss cflags) and hw/usb/ccid-card-emulated.c (libcacard includes)
together with the libs is added to global QEMU_CFLAGS and libs_softmmu.
Use the cflags only where really used (for two mentioned files), and
libs only where needed.
While at it, rename variables to better reflect reality: libcacard_*
is really nss_*.
This needs a bit more tweaking: $(NSS_LIBS) should not contain $glib_libs
(ditto for _cflags). But in order to fix it, some more preparations
should be made first. So add a FIXME comment.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 2e679780ae replaced strncpy() with pstrcpy()
in one place in libcacard. This is a qemu-specific function,
while libcacard is a stand-alone library (or tries to be).
But since we know the exact length of the string to copy,
and know that it definitely will fit in the destination
buffer, use memcpy() instead, and null-terminate the string
after that.
An alternative is to use g_strlcpy() or strncpy(), but memcpy()
is more than adequate in this place.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-trivial@nongnu.org
Cc: Alon Levy <alevy@redhat.com>
If enabled, set the thread name at creation (on GNU systems with
pthread_set_np)
Fix up all the callers with a thread name
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
As described in https://bugzilla.redhat.com/show_bug.cgi?id=987441 ,
libcacard currently links to all the libraries QEMU is linking to,
including glusterfs libraries, libiscsi, ... libcacard does not need all of
these. This patch ensures it's only linked with the libraries it needs.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Signed-off-by: Alon Levy <alevy@redhat.com>
See https://bugs.launchpad.net/bugs/1258168
libcacard/vscclient.c: In function 'do_socket_read':
libcacard/vscclient.c:410: warning: implicit declaration of function 'g_warn_if_reached'
libcacard/vscclient.c:410: warning: nested extern declaration of 'g_warn_if_reached'
libcacard/vscclient.c: In function 'main':
libcacard/vscclient.c:763: warning: implicit declaration of function 'g_byte_array_unref'
libcacard/vscclient.c:763: warning: nested extern declaration of 'g_byte_array_unref'
...
libcacard/vscclient.o: In function `do_socket_read':
libcacard/vscclient.c:410: undefined reference to `g_warn_if_reached'
libcacard/vscclient.o: In function `main':
libcacard/vscclient.c:763: undefined reference to `g_byte_array_unref'
g_warn_if_reached was added in glib 2.16, and g_byte_array_unref is
supported since glib 2.22. QEMU requires glib 2.12, so both names must
not be used.
Instead of showing a warning for code which should not be reached,
vscclient better stop running, so g_warn_if_reached is not useful for
vscclient.
In libcacard/vsclient.c, g_byte_array_unref can be replaced by
g_byte_array_free. This is not generally true, so adding a compatibility
layer in include/glib-compat.h is no option here.
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reported-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Warning from ccc-analyzer:
libcacard/vcard_emul_nss.c:937:9: warning:
Value stored to 'cert_count' is never read
cert_count = options->vreader[i].cert_count;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warning from ccc-analyzer:
libcacard/cac.c:192:13: warning: Value stored to 'ret' is never read
ret = VCARD_DONE;
^ ~~~~~~~~~~
Here 'ret' is assigned a value inside of a switch statement and also after
that switch statement.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
# By Stefan Hajnoczi (4) and others
# Via Stefan Hajnoczi
* stefanha/block:
virtio-blk: do not relay a previous driver's WCE configuration to the current
blockdev: do not default cache.no-flush to true
block: don't lose data from last incomplete sector
qcow2: Correct snapshots size for overlap check
coroutine: fix /perf/nesting coroutine benchmark
coroutine: add qemu_coroutine_yield benchmark
qemu-timer: do not take the lock in timer_pending
qemu-timer: make qemu_timer_mod_ns() and qemu_timer_del() thread-safe
qemu-timer: drop outdated signal safety comments
osdep: warn if open(O_DIRECT) on fails with EINVAL
libcacard: link against qemu-error.o for error_report()
Message-id: 1379698931-946-1-git-send-email-stefanha@redhat.com
Most typos were found using a modified version of codespell:
accross -> across
issueing -> issuing
TICNT_THRESHHOLD -> TICNT_THRESHOLD
bandwith -> bandwidth
VCARD_7816_PROPIETARY -> VCARD_7816_PROPRIETARY
occured -> occurred
gaurantee -> guarantee
sofware -> software
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The local function vcard_emul_alloc_arrays always returned PR_TRUE.
Therefore cppcheck complained about code which handled the
non-existent PR_FALSE case.
Remove the function's return value and the dead code.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity.
Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
For some reason, with sql:/ prefix, the PKCS11 modules are not loaded.
This patch goes on top of Alon smartcard series.
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
This version handles non-blocking sending and receiving from the
socket.
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
It's a bit nicer to look for default database under
CSIDL_COMMON_APPDATA\pki\nss rather that /etc/pki/nss.
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
The VCARD_ATR_PREFIX macro adds a prefix of 6 characters only.
pcsc_scan was complaining before the patch:
+ Historical bytes: 56 43 41 52 44 5F 4E 53 53
ERROR! ATR is truncated: 2 byte(s) is/are missing
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Note that we already free with g_free().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
There is no reason for vscclient to duplicate the code. rules.mak
takes care of invoking libtool to do the link.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>