Merge pull request OpenSC#2681 from frankmorgner/firefox

Remove onepin-opensc-pkcs11
hhonkanen · Aug 1, 2023 · 681c780 · 681c780
2 parents 97c282e + 37d9873
commit 681c780
Show file tree

Hide file tree

Showing 36 changed files with 221 additions and 111 deletions.
diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in
@@ -73,6 +73,9 @@ app <replaceable>application</replaceable> {
  <replaceable>application</replaceable>
  specifies one of:
  <itemizedlist>
+ <listitem><para>
+ <literal><replaceable>filename</replaceable></literal>: Configuration block for the application with specified file path.
+ </para></listitem>
  <listitem><para>
  <literal>default</literal>: The fall-back configuration block for all applications
  </para></listitem>
@@ -1509,10 +1512,13 @@ app <replaceable>application</replaceable> {
  <option>slots_per_card = <replaceable>num</replaceable>;</option>
  </term>
  <listitem><para>
- Maximum number of slots per smart card (Default:
- <literal>4</literal>). If the card has fewer keys
+ Maximum number of PIN slots per smart card (Default:
+ <literal>4</literal>). If the card has fewer PINs
  than defined here, the remaining number of slots
- will be empty.
+ will be empty. For Firefox, Chrome and Chromium, the
+ <option>slots_per_card</option> is set to <literal>1</literal>,
+ to avoid prompting for unrelated PINs. Typically, this
+ effectively disables signature PINs and keys.
  </para></listitem>
  </varlistentry>
  <varlistentry>

diff --git a/etc/opensc.conf.example.in b/etc/opensc.conf.example.in
@@ -1138,7 +1138,7 @@ app opensc-pkcs11 {
  }
 }
 
-app onepin-opensc-pkcs11 {
+app "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" {
  pkcs11 {
  slots_per_card = 1;
  }

diff --git a/packaging/opensc.spec b/packaging/opensc.spec
@@ -161,10 +161,8 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 %{_libdir}/lib*.so.*
 %{_libdir}/opensc-pkcs11.so
 %{_libdir}/pkcs11-spy.so
-%{_libdir}/onepin-opensc-pkcs11.so
 %dir %{_libdir}/pkcs11
 %{_libdir}/pkcs11/opensc-pkcs11.so
-%{_libdir}/pkcs11/onepin-opensc-pkcs11.so
 %{_libdir}/pkcs11/pkcs11-spy.so
 %{_datadir}/opensc/
 %{_mandir}/man1/cardos-tool.1*

diff --git a/src/libopensc/card-westcos.c b/src/libopensc/card-westcos.c
@@ -82,15 +82,22 @@ static struct sc_card_driver westcos_drv = {
 static int westcos_get_default_key(sc_card_t * card,
  struct sc_cardctl_default_key *data)
 {
- const char *default_key;
+ const char *default_key = NULL;
+ size_t i;
  sc_log(card->ctx,
  "westcos_get_default_key:data->method=%d, data->key_ref=%d\n",
  data->method, data->key_ref);
  if (data->method != SC_AC_AUT || data->key_ref != 0)
  return SC_ERROR_NO_DEFAULT_KEY;
- default_key =
- scconf_get_str(card->ctx->conf_blocks[0], "westcos_default_key",
- DEFAULT_TRANSPORT_KEY);
+
+ for (i = 0; card->ctx->conf_blocks[i]; i++) {
+ default_key = scconf_get_str(card->ctx->conf_blocks[i], "westcos_default_key", NULL);
+ if (default_key)
+ break;
+ }
+ if (!default_key)
+ default_key = DEFAULT_TRANSPORT_KEY;
+
  return sc_hex_to_bin(default_key, data->key_data, &data->len);
 }
 

diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
@@ -37,6 +37,10 @@
 #include <io.h>
 #endif
 
+#ifdef __APPLE__
+#include <libproc.h>
+#endif
+
 #include "common/libscdl.h"
 #include "common/compat_strlcpy.h"
 #include "internal.h"
@@ -732,6 +736,10 @@ static void process_config_file(sc_context_t *ctx, struct _sc_ctx_options *opts)
  }
  /* needs to be after the log file is known */
  sc_log(ctx, "Used configuration file '%s'", conf_path);
+ blocks = scconf_find_blocks(ctx->conf, NULL, "app", ctx->exe_path);
+ if (blocks && blocks[0])
+ ctx->conf_blocks[count++] = blocks[0];
+ free(blocks);
  blocks = scconf_find_blocks(ctx->conf, NULL, "app", ctx->app_name);
  if (blocks && blocks[0])
  ctx->conf_blocks[count++] = blocks[0];
@@ -742,7 +750,7 @@ static void process_config_file(sc_context_t *ctx, struct _sc_ctx_options *opts)
  ctx->conf_blocks[count] = blocks[0];
  free(blocks);
  }
- /* Above we add 2 blocks at most, but conf_blocks has 3 elements,
+ /* Above we add 3 blocks at most, but conf_blocks has 4 elements,
  * so at least one is NULL */
  for (i = 0; ctx->conf_blocks[i]; i++)
  load_parameters(ctx, ctx->conf_blocks[i], opts);
@@ -852,6 +860,41 @@ static void sc_openssl3_deinit(sc_context_t *ctx)
 }
 #endif
 
+static char *get_exe_path()
+{
+ /* Find the executable's path which runs this code.
+ * See https://github.com/gpakosz/whereami/ for
+ * potentially more platforms */
+ char exe_path[PATH_MAX] = "unknown executable path";
+ int path_found = 0;
+
+#if defined(_WIN32)
+ if (0 < GetModuleFileNameA(NULL, exe_path, sizeof exe_path))
+ path_found = 1;
+#elif defined(__APPLE__)
+ if (0 < proc_pidpath(getpid(), exe_path, sizeof exe_path))
+ path_found = 1;
+#elif defined(__linux__) || defined(__CYGWIN__)
+ if (NULL != realpath("/proc/self/exe", exe_path))
+ path_found = 1;
+#endif
+
+#if defined(HAVE_GETPROGNAME)
+ if (!path_found) {
+ /* getprogname is unreliable and typically only returns the basename.
+ * However, this should be enough for our purposes */
+ const char *prog = getprogname();
+ if (prog)
+ strlcpy(exe_path, prog, sizeof exe_path);
+ }
+#else
+ /* avoid warning "set but not used" */
+ (void) path_found;
+#endif
+
+ return strdup(exe_path);
+}
+
 int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
 {
  sc_context_t *ctx;
@@ -877,6 +920,12 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
  return SC_ERROR_OUT_OF_MEMORY;
  }
 
+ ctx->exe_path = get_exe_path();
+ if (ctx->exe_path == NULL) {
+ sc_release_context(ctx);
+ return SC_ERROR_OUT_OF_MEMORY;
+ }
+
  ctx->flags = parm->flags;
  set_defaults(ctx, &opts);
 
@@ -903,8 +952,20 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
 #endif
 
  process_config_file(ctx, &opts);
+
+ /* overwrite with caller's parameters if explicitly given */
+ if (parm->debug) {
+ ctx->debug = parm->debug;
+ }
+ if (parm->debug_file) {
+ if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout))
+ fclose(ctx->debug_file);
+ ctx->debug_file = parm->debug_file;
+ }
+
  sc_log(ctx, "==================================="); /* first thing in the log */
- sc_log(ctx, "opensc version: %s", sc_get_version());
+ sc_log(ctx, "OpenSC version: %s", sc_get_version());
+ sc_log(ctx, "Configured for %s (%s)", ctx->app_name, ctx->exe_path);
 
 #ifdef USE_OPENSSL3_LIBCTX
  r = sc_openssl3_init(ctx);
@@ -1020,10 +1081,9 @@ int sc_release_context(sc_context_t *ctx)
  scconf_free(ctx->conf);
  if (ctx->debug_file && (ctx->debug_file != stdout && ctx->debug_file != stderr))
  fclose(ctx->debug_file);
- if (ctx->debug_filename != NULL)
- free(ctx->debug_filename);
- if (ctx->app_name != NULL)
- free(ctx->app_name);
+ free(ctx->debug_filename);
+ free(ctx->app_name);
+ free(ctx->exe_path);
  list_destroy(&ctx->readers);
  sc_mem_clear(ctx, sizeof(*ctx));
  free(ctx);

diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
@@ -871,8 +871,9 @@ typedef struct ossl3ctx ossl3ctx_t;
 
 typedef struct sc_context {
  scconf_context *conf;
- scconf_block *conf_blocks[3];
+ scconf_block *conf_blocks[4];
  char *app_name;
+ char *exe_path;
  int debug;
  unsigned long flags;
 
@@ -986,6 +987,8 @@ typedef struct {
  unsigned long flags;
  /** mutex functions to use (optional) */
  sc_thread_context_t *thread_ctx;
+ int debug;
+ FILE *debug_file;
 } sc_context_param_t;
 
 /**

diff --git a/src/minidriver/minidriver.c b/src/minidriver/minidriver.c
@@ -749,15 +749,16 @@ md_get_config_bool(PCARD_DATA pCardData, char *flag_name, BOOL ret_default)
 static BOOL
 md_is_pinpad_dlg_enable_cancel(PCARD_DATA pCardData)
 {
- TCHAR path[MAX_PATH]={0};
+ VENDOR_SPECIFIC *vs;
 
  logprintf(pCardData, 2, "Is cancelling the PIN pad dialog enabled?\n");
 
- if (GetModuleFileName(NULL, path, ARRAYSIZE(path))) {
+ vs = (VENDOR_SPECIFIC*) pCardData->pvVendorSpecific;
+ if (vs && vs->ctx && vs->ctx->exe_path) {
  DWORD enable_cancel;
  size_t sz = sizeof enable_cancel;
 
- if (SC_SUCCESS == sc_ctx_win32_get_config_value(NULL, path,
+ if (SC_SUCCESS == sc_ctx_win32_get_config_value(NULL, vs->ctx->exe_path,
  SUBKEY_ENABLE_CANCEL,
  (char *)(&enable_cancel), &sz)) {
  switch (enable_cancel) {
@@ -3158,8 +3159,7 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p
  result = TaskDialogIndirect(&tc, NULL, NULL, &user_checked);
 
  if (user_checked != checked) {
- TCHAR path[MAX_PATH]={0};
- if (GetModuleFileName(NULL, path, ARRAYSIZE(path))) {
+ if (pv && pv->ctx && pv->ctx->exe_path) {
  HKEY hKey;
  LSTATUS lstatus = RegOpenKeyExA(HKEY_CURRENT_USER,
  SUBKEY_ENABLE_CANCEL, 0, KEY_WRITE, &hKey);
@@ -3173,7 +3173,7 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p
  if (user_checked == FALSE) {
  enable_cancel = 1;
  }
- lstatus = RegSetValueEx(hKey, path, 0, REG_DWORD,
+ lstatus = RegSetValueEx(hKey, pv->ctx->exe_path, 0, REG_DWORD,
  (const BYTE*)&enable_cancel, sizeof(enable_cancel));
  RegCloseKey(hKey);
  }

diff --git a/src/pkcs11/Makefile.am b/src/pkcs11/Makefile.am
@@ -1,10 +1,10 @@
 include $(top_srcdir)/win32/ltrc.inc
 
 MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/versioninfo-pkcs11.rc $(srcdir)/versioninfo-pkcs11-spy.rc
-EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in versioninfo-pkcs11-spy.rc.in opensc-pkcs11.pc.in opensc-pkcs11.dll.manifest onepin-opensc-pkcs11.dll.manifest
+EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in versioninfo-pkcs11-spy.rc.in opensc-pkcs11.pc.in opensc-pkcs11.dll.manifest
 
 if ENABLE_SHARED
-lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la onepin-opensc-pkcs11.la
+lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la
 else
 noinst_LTLIBRARIES = libopensc-pkcs11.la
 endif
@@ -43,13 +43,6 @@ libopensc_pkcs11_la_CFLAGS = $(OPENSC_PKCS11_CFLAGS)
 libopensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
 libopensc_pkcs11_la_LDFLAGS = $(AM_LDFLAGS)
 
-onepin_opensc_pkcs11_la_SOURCES = $(OPENSC_PKCS11_SRC) $(OPENSC_PKCS11_INC)
-onepin_opensc_pkcs11_la_CFLAGS = -DMODULE_APP_NAME=\"onepin-opensc-pkcs11\" $(OPENSC_PKCS11_CFLAGS)
-onepin_opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
-onepin_opensc_pkcs11_la_LDFLAGS = $(AM_LDFLAGS) \
- -export-symbols "$(srcdir)/pkcs11.exports" \
- -module -shared -avoid-version -no-undefined
-
 pkcs11_spy_la_SOURCES = pkcs11-spy.c pkcs11-display.c pkcs11-display.h pkcs11.exports
 pkcs11_spy_la_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPENSC_PKCS11_PTHREAD_CFLAGS)
 pkcs11_spy_la_LIBADD = \
@@ -81,6 +74,8 @@ uninstall-hook:
 else
 # see http:https://wiki.cacert.org/wiki/Pkcs11TaskForce
 install-exec-hook:
+ rm -f "$(DESTDIR)$(libdir)/onepin-opensc-pkcs11$(DYN_LIB_EXT)"
+ $(LN_S) "$(DESTDIR)$(libdir)/opensc-pkcs11$(DYN_LIB_EXT)" "$(DESTDIR)$(libdir)/onepin-opensc-pkcs11$(DYN_LIB_EXT)"
  $(MKDIR_P) "$(DESTDIR)$(pkcs11dir)"
  for l in opensc-pkcs11$(DYN_LIB_EXT) onepin-opensc-pkcs11$(DYN_LIB_EXT) pkcs11-spy$(DYN_LIB_EXT); do \
  rm -f "$(DESTDIR)$(pkcs11dir)/$$l"; \
@@ -92,6 +87,7 @@ uninstall-hook:
  rm -f "$(DESTDIR)$(pkcs11dir)/$$l"; \
  done
  rm -df "$(DESTDIR)$(pkcs11dir)" || true
+ rm -f "$(DESTDIR)$(libdir)/onepin-opensc-pkcs11$(DYN_LIB_EXT)"
 endif
 
 TIDY_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(OPENSC_PKCS11_CFLAGS)

diff --git a/src/pkcs11/Makefile.mak b/src/pkcs11/Makefile.mak
@@ -1,7 +1,6 @@
 TOPDIR = ..\..
 
 TARGET1 = opensc-pkcs11.dll
-TARGET2 = onepin-opensc-pkcs11.dll
 TARGET3 = pkcs11-spy.dll
 
 OBJECTS = pkcs11-global.obj pkcs11-session.obj pkcs11-object.obj misc.obj slot.obj \
@@ -21,20 +20,14 @@ LIBS = $(TOPDIR)\src\libopensc\opensc_a.lib \
  $(TOPDIR)\src\pkcs15init\pkcs15init.lib
 LIBS3 = $(TOPDIR)\src\common\libpkcs11.lib $(TOPDIR)\src\common\libscdl.lib $(TOPDIR)\src\common\common.lib
 
-all: $(TARGET1) $(TARGET2) $(TARGET3)
+all: $(TARGET1) $(TARGET3)
 
 !INCLUDE $(TOPDIR)\win32\Make.rules.mak
 
 $(TARGET1): $(OBJECTS) $(LIBS)
  link $(LINKFLAGS) /dll /implib:$*.lib /out:$(TARGET1) $(OBJECTS) $(LIBS) $(OPENPACE_LIB) $(OPENSSL_LIB) $(ZLIB_LIB) gdi32.lib Comctl32.lib Shell32.lib user32.lib advapi32.lib ws2_32.lib Shell32.lib Comctl32.lib shlwapi.lib
  if EXIST $(TARGET1).manifest mt -manifest $(TARGET1).manifest -outputresource:$(TARGET1);2
 
-$(TARGET2): $(OBJECTS) $(LIBS)
- del pkcs11-global.obj
- cl $(CODE_OPTIMIZATION) $(COPTS) /DMODULE_APP_NAME=\"onepin-opensc-pkcs11\" /c pkcs11-global.c
- link $(LINKFLAGS) /dll /implib:$*.lib /out:$(TARGET2) $(OBJECTS) $(LIBS) $(OPENPACE_LIB) $(OPENSSL_LIB) $(ZLIB_LIB) gdi32.lib Comctl32.lib Shell32.lib user32.lib advapi32.lib ws2_32.lib Shell32.lib Comctl32.lib shlwapi.lib
- if EXIST $(TARGET2).manifest mt -manifest $(TARGET2).manifest -outputresource:$(TARGET2);2
-
 $(TARGET3): $(OBJECTS3) $(LIBS3)
  link $(LINKFLAGS) /dll /implib:$*.lib /out:$(TARGET3) $(OBJECTS3) $(LIBS3) $(OPENSSL_LIB) gdi32.lib advapi32.lib shlwapi.lib
  if EXIST $(TARGET3).manifest mt -manifest $(TARGET3).manifest -outputresource:$(TARGET3);2
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
@@ -350,12 +350,6 @@ pkcs15_bind(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info)
  }
  }
 
- if (idx == 0) {
- /* send a notification only for the first application that's bound */
- sc_notify_id(p11card->card->ctx, &p11card->reader->atr, fw_data->p15_card,
- NOTIFY_CARD_INSERTED);
- }
-
  return CKR_OK;
 }
 
@@ -386,17 +380,6 @@ pkcs15_unbind(struct sc_pkcs11_card *p11card)
  unlock_card(fw_data);
 
  if (fw_data->p15_card) {
- if (fw_data->p15_card->card && idx == 0) {
- int rc = sc_detect_card_presence(fw_data->p15_card->card->reader);
- if (rc <= 0 || rc & SC_READER_CARD_CHANGED) {
- /* send a notification only if the card was removed/changed
- * and only for the first application that's unbound */
- sc_notify_id(fw_data->p15_card->card->ctx,
- &fw_data->p15_card->card->reader->atr,
- fw_data->p15_card,
- NOTIFY_CARD_REMOVED);
- }
- }
  rv = sc_pkcs15_unbind(fw_data->p15_card);
  }
  fw_data->p15_card = NULL;