openct ifdhandler patch

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

openct ifdhandler patch

Priit Randla

    Hello,

Following patch should allow clean(er) shutdown of ifdhandler process.
Made against latest opensc-20050916

Priit

--- openct-20050916/src/ifd/ifdhandler.c 2005-09-16 03:10:07.000000000 +0300
+++ openct-20050916-new/src/ifd/ifdhandler.c 2005-09-16 11:54:15.410012264 +0300
@@ -162,6 +162,11 @@
  return 0;
 }
 
+static void TERMhandler(int signo)
+{
+        ct_mainloop_leave();
+}
+
 /*
  * Spawn a new ifd handler thread
  */
@@ -170,6 +175,7 @@
  char socket_name[1024];
  ct_socket_t *sock;
  int rc;
+ struct sigaction act;
 
  /* Activate reader */
  if ((rc = ifd_activate(reader)) < 0) {
@@ -194,6 +200,12 @@
  sock->recv = ifdhandler_accept;
  ct_mainloop_add_socket(sock);
 
+ /* Set an TERM signal handler for clean exit */
+ act.sa_handler = TERMhandler;
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ sigaction(SIGTERM, &act, NULL);
+
  /* Encapsulate the reader into a socket struct */
  sock = ct_socket_new(0);
  sock->fd = 0x7FFFFFFF;
@@ -203,6 +215,12 @@
 
  /* Call the server loop */
  ct_mainloop();
+ ct_socket_free(sock);
+ unlink(socket_name);
+ memset(reader->status, 0, sizeof(*reader->status));
+ ct_status_update(reader->status);
+ ifd_debug(1, "ifdhandler for reader %s shut down", reader->name);
+
  exit(0);
 }
 

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: openct ifdhandler patch

Priit Randla
Priit Randla wrote:

> Made against latest opensc-20050916
>
    Well, of course I meant openct-20050916

Priit


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: openct ifdhandler patch

Andreas Jellinghaus-2
In reply to this post by Priit Randla
On Friday 16 September 2005 11:38, Priit Randla wrote:
> Following patch should allow clean(er) shutdown of ifdhandler process.
> Made against latest opensc-20050916

thanks, commited.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

User-specified path for openct's root directory

Priit Randla
In reply to this post by Priit Randla

    Hello, it's me again...

Dug out an old patch of mine and made it work with latest openct...
Following patch allows users to specify openct's root directory before
launching 'openct-control init'. This can be done by setting
environment variable OPENCT_ROOT (export
OPENCT_ROOT=/users/home/directory/something). This feature is useful
when one wants to use smartcard reader over remote connection - ifdproxy
can be launched on a remote computer without
having root privileges and multiple ifdproxy's can be run on one remote
computer (different set of usable readers for different users).

The patch is quite trivial - I mostly just refactored the code which was
looking for files under opect root directory.
I tried not to mess with sunray code, but maybe it would be better to
unify those things...

As usual - works for me.

PS. Only use openct's remote cardreader support with secure messaging
between card and application. Transport protocol isn't currently secured
at all.

Priit

diff -ur openct-20050919/src/ct/client.c openct-0.6.6.1/src/ct/client.c
--- openct-20050919/src/ct/client.c 2005-09-19 03:10:11.000000000 +0300
+++ openct-0.6.6.1/src/ct/client.c 2005-09-12 16:50:12.000000000 +0300
@@ -12,6 +12,7 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <errno.h>
+#include <limits.h>
 #include <openct/openct.h>
 #include <openct/socket.h>
 #include <openct/tlv.h>
@@ -51,12 +52,38 @@
 }
 
 /*
+ * Determine the path to OpenCT's communications sockets
+*/
+char* ct_get_socket_path(void)
+{
+        static char path[PATH_MAX] = "";
+        char *socket_root;
+                                                                                                                            
+        if (path[0])
+ return path;
+                                                                                                                            
+#if defined (sunray) || defined (sunrayclient)
+        socket_root = getenv("UTDEVROOT");
+        if (socket_root)
+ snprintf(path, sizeof(path), "%s/openct", socket_root);
+#else
+        socket_root = getenv("OPENCT_ROOT");
+        if (socket_root)
+ snprintf(path, sizeof(path), "%s", socket_root);
+#endif
+        else
+ snprintf(path, sizeof(path), "%s", OPENCT_SOCKET_PATH);
+                                                                                                                            
+        return path;
+}
+
+/*
  * Connect to a reader manager
  */
 ct_handle *ct_reader_connect(unsigned int reader)
 {
  const ct_info_t *info;
- char path[1024];
+ char path[PATH_MAX];
  ct_handle *h;
  int rc;
 
@@ -70,19 +97,13 @@
  free(h);
  return NULL;
  }
-#if defined (sunray) || defined (sunrayclient)
- {
- char *utdevroot = getenv("UTDEVROOT");
- if (utdevroot)
- snprintf(path, sizeof(path),
- "%s/openct/%u", utdevroot, reader);
- else
- snprintf(path, sizeof(path),
- OPENCT_SOCKET_PATH "/%u", reader);
- }
-#else
- snprintf(path, sizeof(path), OPENCT_SOCKET_PATH "/%u", reader);
-#endif
+
+ snprintf(path, sizeof(path), "%s/%u", ct_get_socket_path(), reader);
+        if (ct_socket_connect(h->sock, path) < 0) {
+                ct_reader_disconnect(h);
+                return NULL;
+        }
+
  if (ct_socket_connect(h->sock, path) < 0) {
  ct_reader_disconnect(h);
  return NULL;
diff -ur openct-20050919/src/ct/status.c openct-0.6.6.1/src/ct/status.c
--- openct-20050919/src/ct/status.c 2005-09-19 03:10:11.000000000 +0300
+++ openct-0.6.6.1/src/ct/status.c 2005-09-12 17:16:15.000000000 +0300
@@ -15,6 +15,7 @@
 #include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <limits.h>
 #include <errno.h>
 #include <string.h>
 
@@ -24,34 +25,53 @@
 static int ct_status_lock(void);
 static void ct_status_unlock(void);
 
-static void *ct_map_status(int flags, size_t * size)
+static char *get_status_path(void)
 {
- struct stat stb;
- int fd, prot;
- void *addr = NULL;
- char status_path[1024];
-
+ static char path[PATH_MAX] = "";
+ char *openct_path;
+                                                                                                                  
+ if (path[0])
+ return path;
+                                                                                                                            
 #if defined (sunray) || defined (sunrayclient)
- char *utdevroot = getenv("UTDEVROOT");
-
- if (utdevroot)
- snprintf(status_path, sizeof(status_path),
- "%s/openct/status", utdevroot);
- else
- snprintf(status_path, sizeof(status_path), OPENCT_STATUS_PATH);
+ openct_path = getenv("UTDEVROOT");
+ if (openct_path)
+ snprintf(path, sizeof(path), "%s/openct/status", openct_path);
 #else
- snprintf(status_path, sizeof(status_path), OPENCT_STATUS_PATH);
+ openct_path = getenv("OPENCT_ROOT");
+ if (openct_path)
+ snprintf(path, sizeof(path), "%s/status", openct_path);
 #endif
+ else
+ snprintf(path, sizeof(path), "%s", OPENCT_STATUS_PATH);
+                                                                                                                        
+ return path;
+}
+                                                                                                                            
+static char *get_status_lock_path(void)
+{
+ static char lockfile[PATH_MAX] = "";
+                                                                                                                
+ if (!lockfile[0])
+ snprintf(lockfile, sizeof(lockfile), "%s%s", get_status_path(), ".lock");
+ return lockfile;
+}
 
- if ((fd = open(status_path, flags)) < 0) {
- /* no error message - openct not started? */
- return NULL;
- }
-
- if (fstat(fd, &stb) < 0) {
- ct_error("unable to stat %s: %m", status_path);
- goto done;
- }
+static void *ct_map_status(int flags, size_t * size)
+{
+ struct stat stb;
+ int fd, prot;
+ void *addr = NULL;
+                                                                                                                            
+        if ((fd = open(get_status_path(), flags)) < 0) {
+                ct_error("unable to open %s: %m", get_status_path());
+                return NULL;
+        }
+                                                                                                                            
+        if (fstat(fd, &stb) < 0) {
+                ct_error("unable to stat %s: %m", get_status_path());
+                goto done;
+        }
  *size = stb.st_size;
 
  prot = PROT_READ;
@@ -60,37 +80,25 @@
 
  addr = mmap(0, *size, prot, MAP_SHARED, fd, 0);
 
-      done:close(fd);
+done: close(fd);
  return addr;
 }
 
 int ct_status_clear(unsigned int count)
 {
  int fd;
- char status_path[1024];
-
-#if defined (sunray) || defined (sunrayclient)
- char *utdevroot = getenv("UTDEVROOT");
-
- if (utdevroot)
- snprintf(status_path, sizeof(status_path),
- "%s/openct/status", utdevroot);
- else
- snprintf(status_path, sizeof(status_path), OPENCT_STATUS_PATH);
-#else
- snprintf(status_path, sizeof(status_path), OPENCT_STATUS_PATH);
-#endif
- unlink(status_path);
- if ((fd = open(status_path, O_RDWR | O_CREAT, 0644)) < 0
-    || ftruncate(fd, count * sizeof(ct_info_t)) < 0
-    || fchmod(fd, 0644) < 0) {
- ct_error("cannot create %s: %m", status_path);
- unlink(status_path);
+                                                                                                                      
+ unlink(get_status_path());
+ if ((fd = open(get_status_path(), O_RDWR|O_CREAT, 0644)) < 0
+ || ftruncate(fd, count * sizeof(ct_info_t)) < 0
+ || fchmod(fd, 0644) < 0) {
+ ct_error("cannot create %s: %m", get_status_path());
+ unlink(get_status_path());
  if (fd >= 0)
  close(fd);
  return -1;
  }
-
+                                                                                                                        
  return 0;
 }
 
@@ -187,56 +195,27 @@
  */
 int ct_status_lock(void)
 {
+ char locktemp[PATH_MAX];
  int fd, retries = 10;
- char status_lock_path[1024];
- char locktemp[1024];
-
-#if defined (sunray) || defined (sunrayclient)
- char *utdevroot = getenv("UTDEVROOT");
-
- if (utdevroot)
- snprintf(status_lock_path, sizeof(status_lock_path),
- "%s/openct/status.lock", utdevroot);
- else
- snprintf(status_lock_path, sizeof(status_lock_path),
- OPENCT_STATUS_PATH ".lock");
-#else
- snprintf(status_lock_path, sizeof(status_lock_path),
- OPENCT_STATUS_PATH ".lock");
-#endif
+                                                                                                                      
  snprintf(locktemp, sizeof(locktemp),
- "%s.%u", status_lock_path, (unsigned int)getpid());
-
- if ((fd = open(locktemp, O_CREAT | O_RDWR, 0600)) < 0)
+ "%s.%u", get_status_lock_path(), (unsigned int) getpid());
+                                                                                                                  
+ if ((fd = open(locktemp, O_CREAT|O_RDWR, 0600)) < 0)
  return -1;
-
+                                                                                    
  while (retries--) {
- if (link(locktemp, status_lock_path) >= 0) {
+ if (link(locktemp, get_status_lock_path()) >= 0) {
  unlink(locktemp);
  return 0;
  }
  }
-
+                                                                                                                
  unlink(locktemp);
  return -1;
 }
-
+                                                                                                                            
 void ct_status_unlock(void)
 {
- char status_lock_path[1024];
-
-#if defined (sunray) || defined (sunrayclient)
- char *utdevroot = getenv("UTDEVROOT");
-
- if (utdevroot)
- snprintf(status_lock_path, sizeof(status_lock_path),
- "%s/openct/status.lock", utdevroot);
- else
- snprintf(status_lock_path, sizeof(status_lock_path),
- OPENCT_STATUS_PATH ".lock");
-#else
- snprintf(status_lock_path, sizeof(status_lock_path),
- OPENCT_STATUS_PATH ".lock");
-#endif
- unlink(status_lock_path);
+ unlink(get_status_lock_path());
 }
diff -ur openct-20050919/src/ifd/ifdhandler.c openct-0.6.6.1/src/ifd/ifdhandler.c
--- openct-20050919/src/ifd/ifdhandler.c 2005-09-19 03:10:11.000000000 +0300
+++ openct-0.6.6.1/src/ifd/ifdhandler.c 2005-09-12 17:21:11.000000000 +0300
@@ -16,6 +16,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <time.h>
@@ -172,7 +173,7 @@
  */
 void ifdhandler_run(ifd_reader_t * reader)
 {
- char socket_name[1024];
+ char socket_name[PATH_MAX];
  ct_socket_t *sock;
  int rc;
  struct sigaction act;
@@ -184,13 +185,8 @@
  }
 
  sock = ct_socket_new(0);
-#if defined (sunray)
  snprintf(socket_name, sizeof(socket_name),
- "%s/openct/%u", getenv("UTDEVROOT"), opt_reader);
-#else
- snprintf(socket_name, sizeof(socket_name),
- "%s/%u", OPENCT_SOCKET_PATH, opt_reader);
-#endif
+ "%s/%u", ct_get_socket_path(), opt_reader);
  if (ct_socket_listen(sock, socket_name, 0666) < 0) {
  ct_error("Failed to create server socket");
  exit(1);
diff -ur openct-20050919/src/include/openct/openct.h openct-0.6.6.1/src/include/openct/openct.h
--- openct-20050919/src/include/openct/openct.h 2005-09-19 03:10:11.000000000 +0300
+++ openct-0.6.6.1/src/include/openct/openct.h 2005-09-12 17:09:40.000000000 +0300
@@ -91,6 +91,7 @@
  unsigned short address,
  const void *send_buf, size_t send_len);
 
+extern char * ct_get_socket_path(void);
 extern int ct_status_clear(unsigned int);
 extern ct_info_t * ct_status_alloc_slot(unsigned int *);
 extern int ct_status_update(ct_info_t *);

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: User-specified path for openct's root directory

Andreas Jellinghaus-2
Hi Pritt,

I like the idea, but would like a change in the implementation.
basicaly we should get rid of three times the same code to
create a path.

we can't simply return getenv("OPENCT_ROOT") or the compiled
in default because of the solaris code.

the best alternative I can come up with is a function like

create_path(path, sizeof(path), "%s", "socket");
or similiar, i.e. pass the destination and pass the format and
pass any arguments, and that function then fills in the
path (getenv("UTROOTDEV") followed by "/openct" or
getenv("OPENCT_ROOT") or the compile time default),
adds a slash, adds the other parameters ("%s", "socket"
in this case).

something like that - one function for client.c, status.c,
ifdhandler.c - would be nice. I don't know what the best
place for that function would be, but I'm sure there is some
code shared by all resulting binaries where we can add it.

your other change: using PATH_MAX and limits.h is a good idea,
I like it.

there are some lines in your patch that seem unchanged.
maybe one an accidential whitespace change? Lindent before/after
should be able to help you with that and make the patch smaller
and easier to read.

Do you want to give that change a try? if not, I will try to,
but right now opensc has priority, so I don't know when I will
find time.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

remote openct access

Andreas Jellinghaus-2
In reply to this post by Priit Randla
On Monday 19 September 2005 11:28, Priit Randla wrote:
> PS. Only use openct's remote cardreader support with secure messaging
> between card and application. Transport protocol isn't currently secured
> at all.

but tunneling via ssh or stunnel should work, right?

could you check the openct wiki page on RemoteAccess
whether the description is correct? I did cut&paste
it from an old email your wrote, but might have added
some bug somewhere.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel