Patch for scdaemon and reader/smartcard combo devices

Grant Olson kgo at grant-olson.net
Thu Jan 20 05:51:26 CET 2011


Hey all,

Here's a patch that lets you unplug and replug a reader/smartcard combo
device without having to restart scdaemon.

I've tested on a cryptostick, on both Ubuntu 10.4 and OSX Snow Leopard,
making sure to test the following actions:

  - attempting to sign/encrypt without a card.

  - signing/encrypting once, removing and reinserting the card,
signing/encrypting again.

  - signing/encrypting once, removing the card, attempting to
sign/encrypt, inserting the card, and successfully signing and encrypting.

I'll also continue to use a build with this patch daily to see if
anything falls out.

If NIIBE or anyone else using a card/reader combo could test this with
their hardware, I'd appreciate it greatly.  I think it should also work
with any USB reader, even if you're using a seperate smart-card.

Werner, if the patch looks good to you, just let me know what copyright
assignment paperwork I need to fill out, where I need to do it, and I'll
get that done ASAP.

- Grant

From 0426c33c2c23f709b6659bc6b9f72b77a969570f Mon Sep 17 00:00:00 2001
From: Grant Olson <kgo at grant-olson.net>
Date: Wed, 19 Jan 2011 20:05:23 -0500
Subject: [PATCH 2/2] Fix so smartcard reader/card combos don't break
scdaemon when un/re-plugged.

 - Make sure slot table entries get invalidated if all readers fail
   or else we get stuck with a bad PC/SC entry.

 - Treat no reader error same as no card error -- not fatal.

 - Close the apdu reader slot if we detect the reader has been unplugged
---
 scd/apdu.c    |    5 +++--
 scd/command.c |   10 ++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/scd/apdu.c b/scd/apdu.c
index 0fe044c..1bdc673 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -769,6 +769,7 @@ pcsc_error_to_sw (long ec)
     case PCSC_E_SHARING_VIOLATION:   rc = SW_HOST_LOCKING_FAILED; break;
     case PCSC_E_NO_SMARTCARD:        rc = SW_HOST_NO_CARD; break;
     case PCSC_W_REMOVED_CARD:        rc = SW_HOST_NO_CARD; break;
+    case PCSC_E_UNKNOWN_READER:      rc = SW_HOST_NO_READER; break;

     case PCSC_E_INVALID_TARGET:
     case PCSC_E_INVALID_VALUE:
@@ -1412,10 +1413,10 @@ reset_pcsc_reader_wrapped (int slot)
     {
       log_error ("PC/SC RESET failed: %s (0x%lx)\n",
                  pcsc_error_string (err), err);
-      /* If the error code is no smart card, we should not considere
+      /* If the error code is no smart card or no reader, we should not
consider
          this a major error and close the wrapper.  */
       sw = pcsc_error_to_sw (err);
-      if (err == PCSC_E_NO_SMARTCARD)
+      if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER)
         return sw;
       goto command_failed;
     }
diff --git a/scd/command.c b/scd/command.c
index e2cd1f5..d31d7af 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -401,6 +401,14 @@ get_reader_slot (void)
     {
       int no_service_flag;
       ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag);
+
+      /* If we still don't have a slot, we have no readers.
+	 Invalidate for now until a reader is attached. */
+      if(ss->slot == -1)
+	{
+	  ss->valid = 0;
+	}
+
       if (no_service_flag)
         {
           log_info ("no card services - disabling scdaemon\n");
@@ -2192,6 +2200,8 @@ update_reader_status_file (int set_card_removed_flag)
       if (sw_apdu == SW_HOST_NO_READER)
         {
           /* Most likely the _reader_ has been unplugged.  */
+	  apdu_close_reader(ss->slot);
+	  ss->valid = 0;
           status = 0;
           changed = ss->changed;
         }
-- 
1.7.0.4


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110119/86d5e47b/attachment-0001.pgp>


More information about the Gnupg-devel mailing list