securityd-55199.3.tar.gz

[apple/securityd.git] / src / token.cpp
diff --git a/src/token.cpp b/src/token.cpp

index 9b3de21094b5041b37cec0fa09c48e3848382ec3..55198c1dfbd7dfadf3e5130f60e1adfd580998fd 100644 (file)
--- a/src/token.cpp
+++ b/src/token.cpp
@@ -200,11 +200,21 @@ void Token::removeCommon(TokenDbCommon &dbc)
  // we're analyzing the token, determine its characteristics, and get ready to
  // use it.
  //
  // we're analyzing the token, determine its characteristics, and get ready to
  // use it.
  //
-void Token::insert(::Reader &slot)
+void Token::insert(::Reader &slot, RefPointer<TokenDaemon> tokend)
  {
         try {
                 // this might take a while...
                 Server::active().longTermActivity();
  {
         try {
                 // this might take a while...
                 Server::active().longTermActivity();
+               referent(slot);
+               mState = slot.pcscState();
+               
+               if (tokend == NULL) {
+                       // no pre-determined Tokend - search for one
+                       if (!(tokend = chooseTokend())) {
+                               secdebug("token", "%p no token daemons available - faulting this card", this);
+                               fault(false);   // throws
+                       }
+               }
  
                 // take Token lock and hold throughout insertion
                 StLock<Mutex> _(*this);
  
                 // take Token lock and hold throughout insertion
                 StLock<Mutex> _(*this);
@@ -212,26 +222,18 @@ void Token::insert(::Reader &slot)
                 Syslog::debug("token inserted into reader %s", slot.name().c_str());
                 secdebug("token", "%p begin insertion into slot %p (reader %s)",
                         this, &slot, slot.name().c_str());
                 Syslog::debug("token inserted into reader %s", slot.name().c_str());
                 secdebug("token", "%p begin insertion into slot %p (reader %s)",
                         this, &slot, slot.name().c_str());
-               referent(slot);
-               mState = slot.pcscState();
-               
-               RefPointer<TokenDaemon> tokend = chooseTokend();
-               if (!tokend) {
-                       secdebug("token", "%p no token daemons available - faulting this card", this);
-                       fault(false);
-               }
                 
                 // tell the tokend object to relay faults to us
                 tokend->faultRelay(this);
  
                 // locate or establish cache directories
                 if (tokend->hasTokenUid()) {
                 
                 // tell the tokend object to relay faults to us
                 tokend->faultRelay(this);
  
                 // locate or establish cache directories
                 if (tokend->hasTokenUid()) {
-                       secdebug("token", "%p CHOOSING %s (score=%d, uid=\"%s\")",
+                       secdebug("token", "%p using %s (score=%d, uid=\"%s\")",
                                 this, tokend->bundlePath().c_str(), tokend->score(), tokend->tokenUid().c_str());
                         mCache = new TokenCache::Token(reader().cache,
                                 tokend->bundleIdentifier() + ":" + tokend->tokenUid());
                 } else {
                                 this, tokend->bundlePath().c_str(), tokend->score(), tokend->tokenUid().c_str());
                         mCache = new TokenCache::Token(reader().cache,
                                 tokend->bundleIdentifier() + ":" + tokend->tokenUid());
                 } else {
-                       secdebug("token", "%p CHOOSING %s (score=%d, temporary)",
+                       secdebug("token", "%p using %s (score=%d, temporary)",
                                 this, tokend->bundlePath().c_str(), tokend->score());
                         mCache = new TokenCache::Token(reader().cache);
                 }
                                 this, tokend->bundlePath().c_str(), tokend->score());
                         mCache = new TokenCache::Token(reader().cache);
                 }
@@ -268,12 +270,16 @@ void Token::insert(::Reader &slot)
                 secdebug("token", "%p installing MDS from %s(%s)", this,
                         tokend->bundlePath().c_str(),
                         mdsDirectory[0] ? mdsDirectory : "ALL");
                 secdebug("token", "%p installing MDS from %s(%s)", this,
                         tokend->bundlePath().c_str(),
                         mdsDirectory[0] ? mdsDirectory : "ALL");
-               string holdGuid = mGuid.toString();     // extend lifetime of .toString()
+               string holdGuid = mGuid.toString();     // extend lifetime of std::string
+               string holdTokenUid;
+               if (tokend->hasTokenUid())
+                       holdTokenUid = tokend->tokenUid();
+               string holdPrintName = this->printName();
                 MDS_InstallDefaults mdsDefaults = {
                         holdGuid.c_str(),
                         mSubservice,
                 MDS_InstallDefaults mdsDefaults = {
                         holdGuid.c_str(),
                         mSubservice,
-                       tokend->hasTokenUid() ? tokend->tokenUid().c_str() : "",
-                       this->printName().c_str()
+                       holdTokenUid.c_str(),
+                       holdPrintName.c_str()
                 };
                 mds().install(&mdsDefaults,
                         tokend->bundlePath().c_str(),
                 };
                 mds().install(&mdsDefaults,
                         tokend->bundlePath().c_str(),
@@ -448,10 +454,15 @@ RefPointer<TokenDaemon> Token::chooseTokend()
         RefPointer<TokenDaemon> leader;
         for (CodeRepository<Bundle>::const_iterator it = candidates.begin();
                         it != candidates.end(); it++) {
         RefPointer<TokenDaemon> leader;
         for (CodeRepository<Bundle>::const_iterator it = candidates.begin();
                         it != candidates.end(); it++) {
+               RefPointer<Bundle> candidate = *it;
                 try {
                 try {
-                       // any pre-launch screening of candidate *it goes here
-                       
-                       RefPointer<TokenDaemon> tokend = new TokenDaemon(*it,
+                       // skip software token daemons - ineligible for automatic choosing
+                       if (CFTypeRef type = (*it)->infoPlistItem("TokendType"))
+                               if (CFEqual(type, CFSTR("software")))
+                                       continue;
+
+                       // okay, launch it and let it try
+                       RefPointer<TokenDaemon> tokend = new TokenDaemon(candidate,
                                 reader().name(), reader().pcscState(), reader().cache);
                         
                         if (tokend->state() == ServerChild::dead)       // ah well, this one's no good
                                 reader().name(), reader().pcscState(), reader().cache);
                         
                         if (tokend->state() == ServerChild::dead)       // ah well, this one's no good
@@ -465,7 +476,7 @@ RefPointer<TokenDaemon> Token::chooseTokend()
                         if (!leader || tokend->score() > leader->score())
                                 leader = tokend;                // a new front runner, he is...
                 } catch (...) {
                         if (!leader || tokend->score() > leader->score())
                                 leader = tokend;                // a new front runner, he is...
                 } catch (...) {
-                       secdebug("token", "exception setting up %s (moving on)", (*it)->canonicalPath().c_str());
+                       secdebug("token", "exception setting up %s (moving on)", candidate->canonicalPath().c_str());
                 }
         }
         return leader;
                 }
         }
         return leader;