From cd557df54df175c15f9b397b1366f11cdb3d386d Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Fri, 27 Jul 2018 15:50:41 +0200 Subject: [PATCH] md: change semantics of cancelling the PIN pad prompt md_pinpad_dlg_allow_cancel now defines whether or not the user is asked before verifying the PIN on the PIN pad. This can be denied without interaction with the PIN pad. A checkbox in the dialog allows the user to change this setting, which is saved in the registry by the path of the process. This change fixes the progress bar to match the actual configured timout. The progressbar now fills instead of running empty, which seemed less frightening for most users. This change also fixes some copy/paste errors in the documentation of opensc.conf(5). --- doc/files/files.html | 109 +++++++++++------------ doc/files/opensc.conf.5.xml.in | 99 +++++++++------------ etc/opensc.conf.example.in | 39 ++------- src/libopensc/ctx.c | 3 +- src/libopensc/opensc.h | 5 +- src/minidriver/Makefile.mak | 2 +- src/minidriver/minidriver.c | 155 ++++++++++++++++++++++++--------- src/ui/strings.c | 31 +++---- src/ui/strings.h | 3 +- win32/OpenSC.wxs.in | 2 +- 10 files changed, 225 insertions(+), 223 deletions(-) diff --git a/doc/files/files.html b/doc/files/files.html index 362535db..37fbb7b8 100644 --- a/doc/files/files.html +++ b/doc/files/files.html @@ -50,7 +50,11 @@ span.errortext {

  • environment variables

  • - Windows registry (if available) + Windows registry key in + HKEY_CURRENT_USER (if available) +

  • + Windows registry key in + HKEY_LOCAL_MACHINE (if available)

  • system-wide configuration file (/home/fm/.local/etc/opensc.conf) @@ -118,7 +122,7 @@ app application { westcos-tool: Configuration block for OpenSC tools

    • -

    Configuration Options

    +

    Configuration Options

    debug = num;

    Amount of debug info to print (Default: @@ -146,7 +150,7 @@ app application {

    If this configuration value is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\ProfileDir is checked.

    @@ -257,7 +261,7 @@ app application {

    If this configuration value is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\SmDir is checked.

    @@ -328,7 +332,7 @@ app application { Parameters for the OpenSC PKCS11 module.

    For details see the section called “Configuration of PKCS#11”. -

    Configuration of Smart Card Reader Driver

    Configuration Options for all Reader Drivers

    +

    Configuration of Smart Card Reader Driver

    Configuration Options for all Reader Drivers

    max_send_size = num; max_recv_size = num;

    @@ -607,68 +611,53 @@ app application {

    Content of the PIN pad dialog for role "user" (Default: - "Please verify your - fingerprint or PIN on the - card."). + "Please enter your PIN on the PIN + pad.").

    md_pinpad_dlg_content_user_sign = value;

    Content of the PIN pad dialog for role "user+signature" (Default: - "Please verify your - fingerprint or PIN for the - digital signature PIN on the - card."). -

    - md_pinpad_dlg_content_user_sign = name; -

    - Content of the PIN pad dialog for - role "user+signature" (Default: - "Please verify your - fingerprint or PIN for the - digital signature PIN on the - card."). + "Please enter your digital signature + PIN on the PIN pad.").

    md_pinpad_dlg_content_admin = value;

    Content of the PIN pad dialog for role "admin" (Default: - "Please enter your PIN to - unblock the user PIN on the - PINPAD.") -

    - md_pinpad_dlg_content_cancel = value; -

    - Content of the PIN pad dialog after - pressing "Cancel", when the reader - doesn't respond to SCardCancel + "Please enter your PIN to unblock the + user PIN on the PIN pad.")

    md_pinpad_dlg_expanded = value;

    Expanded information of the PIN pad - dialog (Default: "This - window will be closed - automatically after the PIN has - been submitted on the PINPAD - (timeout typically after 30 - seconds).") -

    - md_pinpad_dlg_expanded_cancel = value; -

    - Expanded information of the PIN pad - dialog after pressing "Cancel", - when the reader doesn't respond to - SCardCancel (Default: - "Some readers only support - canceling the operation on the - PIN pad. Press Cancel or remove - the card."). + dialog (Default: "This window will be + closed automatically after the PIN has been + submitted on the PIN pad (timeout typically + after 30 seconds).")

    md_pinpad_dlg_enable_cancel = bool;

    Allow the user to cancel the PIN pad dialog (Default: - false) + false). + + If this value is set to + true, the user needs to + click "OK" to start the PIN verification on the + PIN pad. The user can choose the default + behavior by enabling or disabling the checkbox + of the dialog. The setting is saved by the + program's full path + (program_path) that + uses OpenSC. +

    + The registry key HKCU\Software\OpenSC + Project\OpenSC\md_pinpad_dlg_enable_cancel\program_path + overwrites this setting with a + DWORD set to either + 1 (enabled) or + 0 (disabled).

    md_pinpad_dlg_timeout = num;

    @@ -786,10 +775,12 @@ app application { builtin_emulators = emulators;

    List of the builtin pkcs15 emulators to test - (Default: esteid, openpgp, tcos, - starcert, itacns, infocamere, postecert, - actalis, atrust-acos, gemsafeGPK, - gemsafeV1, tccardos, PIV-II) + (Default: westcos, openpgp, infocamere, + starcert, tcos, esteid, itacns, postecert, + PIV-II, cac, gemsafeGPK, gemsafeV1, actalis, + atrust-acos, tccardos, entersafe, pteid, + oberthur, sc-hsm, dnie, gids, iasecc, jpki, + coolkey, din66291)

    pkcs11_enable_InitToken = bool;

    @@ -1029,14 +1020,14 @@ app application { For the module to simulate the opensc-onepin module behavior the following option create_slots_for_pins = "user"; -

    Environment

    +

    Environment

    OPENSC_CONF

    Filename for a user defined configuration file

    If this environment variable is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\ConfigFile is checked.

    @@ -1060,7 +1051,7 @@ app application {

    If this environment variable is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\MiniDriverDebug is checked.

    @@ -1072,7 +1063,7 @@ app application {

    PIV configuration during initialization with piv-tool. -

    Files

    +

    Files

    /home/fm/.local/etc/opensc.conf

    System-wide configuration file @@ -1080,7 +1071,7 @@ app application { /home/fm/.local/share/doc/opensc/opensc.conf

    Extended example configuration file -

    Name

    pkcs15-profile — format of profile for pkcs15-init

    Description

    +

    Name

    pkcs15-profile — format of profile for pkcs15-init

    Description

    The pkcs15-init utility for PKCS #15 smart card personalization is controlled via profiles. When starting, it will read two such profiles at the moment, a generic application profile, and a card @@ -1096,10 +1087,10 @@ app application { The card specific profile contains additional information required during card initialization, such as location of PIN files, key references etc. Profiles currently reside in @pkgdatadir@ -

    Syntax

    +

    Syntax

    This section should contain information about the profile syntax. Will add this soonishly. -

    See also

    +

    See also

    pkcs15-init(1), pkcs15-crypt(1)

    diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in index 4a8b2ceb..b0cb4e75 100644 --- a/doc/files/opensc.conf.5.xml.in +++ b/doc/files/opensc.conf.5.xml.in @@ -25,7 +25,12 @@ environment variables - Windows registry (if available) + Windows registry key in + HKEY_CURRENT_USER (if available) + + + Windows registry key in + HKEY_LOCAL_MACHINE (if available) system-wide configuration file @@ -156,7 +161,7 @@ app application { If this configuration value is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\ProfileDir is checked. @@ -333,7 +338,7 @@ app application { If this configuration value is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\SmDir is checked. @@ -911,9 +916,8 @@ app application { Content of the PIN pad dialog for role "user" (Default: - "Please verify your - fingerprint or PIN on the - card."). + "Please enter your PIN on the PIN + pad."). @@ -923,23 +927,8 @@ app application { Content of the PIN pad dialog for role "user+signature" (Default: - "Please verify your - fingerprint or PIN for the - digital signature PIN on the - card."). - - - - - - - - Content of the PIN pad dialog for - role "user+signature" (Default: - "Please verify your - fingerprint or PIN for the - digital signature PIN on the - card."). + "Please enter your digital signature + PIN on the PIN pad."). @@ -949,19 +938,8 @@ app application { Content of the PIN pad dialog for role "admin" (Default: - "Please enter your PIN to - unblock the user PIN on the - PINPAD.") - - - - - - - - Content of the PIN pad dialog after - pressing "Cancel", when the reader - doesn't respond to SCardCancel + "Please enter your PIN to unblock the + user PIN on the PIN pad.") @@ -970,27 +948,10 @@ app application { Expanded information of the PIN pad - dialog (Default: "This - window will be closed - automatically after the PIN has - been submitted on the PINPAD - (timeout typically after 30 - seconds).") - - - - - - - - Expanded information of the PIN pad - dialog after pressing "Cancel", - when the reader doesn't respond to - SCardCancel (Default: - "Some readers only support - canceling the operation on the - PIN pad. Press Cancel or remove - the card."). + dialog (Default: "This window will be + closed automatically after the PIN has been + submitted on the PIN pad (timeout typically + after 30 seconds).") @@ -1000,7 +961,25 @@ app application { Allow the user to cancel the PIN pad dialog (Default: - false) + false). + + If this value is set to + true, the user needs to + click "OK" to start the PIN verification on the + PIN pad. The user can choose the default + behavior by enabling or disabling the checkbox + of the dialog. The setting is saved by the + program's full path + (program_path) that + uses OpenSC. + + + The registry key HKCU\Software\OpenSC + Project\OpenSC\md_pinpad_dlg_enable_cancel\program_path + overwrites this setting with a + DWORD set to either + 1 (enabled) or + 0 (disabled). @@ -1568,7 +1547,7 @@ app application { If this environment variable is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\ConfigFile is checked. @@ -1601,7 +1580,7 @@ app application { If this environment variable is not found on Windows, the registry key - HKLM\Software\OpenSC + Software\OpenSC Project\OpenSC\MiniDriverDebug is checked. diff --git a/etc/opensc.conf.example.in b/etc/opensc.conf.example.in index 8ba5e4dd..d8abb8f8 100644 --- a/etc/opensc.conf.example.in +++ b/etc/opensc.conf.example.in @@ -313,21 +313,18 @@ app default { # Default: "Please enter your PIN to unblock the user PIN on the PINPAD." # md_pinpad_dlg_content_admin = "Content Admin"; # - # Content of the PIN pad dialog after pressing "Cancel", when the reader doesn't respond to SCardCancel - # md_pinpad_dlg_content_cancel = "Content Cancel"; - # # Expanded information of the PIN pad dialog # Default: "This window will be closed automatically after the PIN has been submitted on the PINPAD (timeout typically after 30 seconds)." # md_pinpad_dlg_expanded = "Expanded Information"; # - # Expanded information of the PIN pad dialog after pressing "Cancel", when the reader doesn't respond to SCardCancel - # Default: "Some readers only support canceling the operation on the PIN pad. Press Cancel or remove the card." - # md_pinpad_dlg_expanded_cancel = "Expanded Information Cancel"; - # - # Allow the user to cancel the PIN pad dialog + # Allow the user to cancel the PIN pad dialog by not immediately requesting the PIN on the PIN pad # Default: false # md_pinpad_dlg_enable_cancel = true; # + # Content of the verification of the PIN pad dialog + # Default: "Automatically request PIN immediately on PIN-Pad" + # md_pinpad_dlg_verification = "Verification"; + # # Time in seconds for the progress bar of the PIN pad dialog to tick. "0" removes the progress bar. # Default: 30 # md_pinpad_dlg_timeout = 0; @@ -477,8 +474,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -503,8 +498,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -528,8 +521,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -553,8 +544,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -578,8 +567,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -603,8 +590,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -628,8 +613,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -653,8 +636,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -678,8 +659,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -703,8 +682,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -729,8 +706,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -755,8 +730,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; @@ -781,8 +754,6 @@ app default { md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte."; md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen."; - md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte."; - md_pinpad_dlg_allow_cancel = false; md_pinpad_dlg_timeout = 30; notify_card_inserted = "GoID erkannt"; notify_card_inserted_text = ""; diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c index f6022dba..6aefae7a 100644 --- a/src/libopensc/ctx.c +++ b/src/libopensc/ctx.c @@ -165,7 +165,8 @@ struct _sc_ctx_options { int -sc_ctx_win32_get_config_value(char *name_env, char *name_reg, char *name_key, +sc_ctx_win32_get_config_value(const char *name_env, + const char *name_reg, const char *name_key, char *out, size_t *out_len) { #ifdef _WIN32 diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h index 7f6f6554..9853e489 100644 --- a/src/libopensc/opensc.h +++ b/src/libopensc/opensc.h @@ -838,8 +838,9 @@ int sc_ctx_detect_readers(sc_context_t *ctx); * @param key path of register key * @return SC_SUCCESS on success and an error code otherwise. */ -int sc_ctx_win32_get_config_value(char *env, char *reg, char *key, char *out, - size_t *out_size); +int sc_ctx_win32_get_config_value(const char *env, + const char *reg, const char *key, + char *out, size_t *out_size); /** * Returns a pointer to the specified sc_reader_t object diff --git a/src/minidriver/Makefile.mak b/src/minidriver/Makefile.mak index c63232bc..a2ef5b5d 100644 --- a/src/minidriver/Makefile.mak +++ b/src/minidriver/Makefile.mak @@ -20,5 +20,5 @@ $(TARGET): $(OBJECTS) $(LIBS) echo LIBRARY $* > $*.def echo EXPORTS >> $*.def type minidriver.exports >> $*.def - link /dll $(LINKFLAGS) /def:$*.def /out:$(TARGET) $(OBJECTS) $(LIBS) $(ZLIB_LIB) $(OPENPACE_LIB) $(OPENSSL_LIB) ws2_32.lib gdi32.lib Comctl32.lib advapi32.lib Crypt32.lib User32.lib bcrypt.lib DelayImp.lib Rpcrt4.lib Shell32.lib Comctl32.lib /DELAYLOAD:bcrypt.dll + link /dll $(LINKFLAGS) /def:$*.def /out:$(TARGET) $(OBJECTS) $(LIBS) $(ZLIB_LIB) $(OPENPACE_LIB) $(OPENSSL_LIB) ws2_32.lib gdi32.lib Comctl32.lib advapi32.lib Crypt32.lib User32.lib bcrypt.lib DelayImp.lib Rpcrt4.lib Shell32.lib Comctl32.lib Winmm.lib /DELAYLOAD:bcrypt.dll if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2 diff --git a/src/minidriver/minidriver.c b/src/minidriver/minidriver.c index 82ce1980..c719c556 100644 --- a/src/minidriver/minidriver.c +++ b/src/minidriver/minidriver.c @@ -37,6 +37,7 @@ #include #include +#include #include "cardmod.h" #include "common/compat_strlcpy.h" @@ -122,6 +123,8 @@ HINSTANCE g_inst; /* defined twice: in versioninfo-minidriver.rc.in and in minidriver.c */ #define IDI_SMARTCARD 102 +#define SUBKEY_ENABLE_CANCEL "Software\\OpenSC Project\\OpenSC\\md_pinpad_dlg_enable_cancel" + /* magic to determine previous pinpad authentication */ #define MAGIC_SESSION_PIN "opensc-minidriver" @@ -649,11 +652,30 @@ md_get_config_bool(PCARD_DATA pCardData, char *flag_name, BOOL ret_default) } -/* 'Write' mode can be enabled from the OpenSC configuration file*/ +/* 'cancellation' mode can be enabled from the OpenSC configuration file*/ static BOOL md_is_pinpad_dlg_enable_cancel(PCARD_DATA pCardData) { + TCHAR path[MAX_PATH]={0}; + logprintf(pCardData, 2, "Is cancelling the PIN pad dialog enabled?\n"); + + if (GetModuleFileName(NULL, path, ARRAYSIZE(path))) { + DWORD enable_cancel; + size_t sz = sizeof enable_cancel; + + if (SC_SUCCESS == sc_ctx_win32_get_config_value(NULL, path, + SUBKEY_ENABLE_CANCEL, + (char *)(&enable_cancel), &sz)) { + switch (enable_cancel) { + case 0: + return FALSE; + case 1: + return TRUE; + } + } + } + return md_get_config_bool(pCardData, "md_pinpad_dlg_enable_cancel", FALSE); } @@ -2821,65 +2843,85 @@ static const char *md_get_ui_str(PCARD_DATA pCardData, enum ui_str id) static HRESULT CALLBACK md_dialog_proc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam, LONG_PTR dwRefData) { LONG_PTR param; - int timeout; UNREFERENCED_PARAMETER(lParam); switch (message) { case TDN_CREATED: { PCARD_DATA pCardData = (PCARD_DATA)((LONG_PTR*)dwRefData)[7]; + DWORD now = timeGetTime(); + /* remove the icon from the window title */ SendMessage(hWnd, WM_SETICON, (LPARAM) ICON_BIG, (LONG_PTR) NULL); SendMessage(hWnd, WM_SETICON, (LPARAM) ICON_SMALL, (LONG_PTR) NULL); + + /* store parameter like pCardData for further use if needed */ + ((LONG_PTR*)dwRefData)[11] = (LONG_PTR) now; + SetWindowLongPtr(hWnd, GWLP_USERDATA, dwRefData); + ((LONG_PTR*)dwRefData)[10] = (LONG_PTR) hWnd; + if (!md_is_pinpad_dlg_enable_cancel(pCardData)) { + int timeout = md_get_pinpad_dlg_timeout(pCardData); + if (timeout > 0) { + SendMessage(hWnd, TDM_SET_PROGRESS_BAR_RANGE, 0, MAKELPARAM(0, timeout*1000)); + } + /* disable "Close" */ SendMessage(hWnd, TDM_ENABLE_BUTTON, IDCLOSE, 0); + + /* launch the function in another thread context store the thread handle */ + ((LONG_PTR*)dwRefData)[9] = (LONG_PTR) CreateThread(NULL, 0, md_dialog_perform_pin_operation_thread, (LPVOID) dwRefData, 0, NULL); + } else { + int timeout = md_get_pinpad_dlg_timeout(pCardData); + if (timeout > 0) { + SendMessage(hWnd, TDM_SET_PROGRESS_BAR_RANGE, 0, 0); + SendMessage(hWnd, TDM_SET_PROGRESS_BAR_STATE, PBST_PAUSED, 0); + } } - timeout = md_get_pinpad_dlg_timeout(pCardData); - if (timeout > 0) { - /* update the progress bar with the tick counter for the number of specified seconds */ - SendMessage(hWnd, TDM_SET_PROGRESS_BAR_RANGE, 0, MAKELPARAM(0, timeout*1000)); - } - /* store parameter like pCardData for further use if needed */ - SetWindowLongPtr(hWnd, GWLP_USERDATA, dwRefData); - /* launch the function in another thread context store the thread handle */ - ((LONG_PTR*)dwRefData)[10] = (LONG_PTR) hWnd; - ((LONG_PTR*)dwRefData)[9] = (LONG_PTR) CreateThread(NULL, 0, md_dialog_perform_pin_operation_thread, (LPVOID) dwRefData, 0, NULL); } return S_OK; case TDN_TIMER: - /* tick down for 30 seconds */ - SendMessage(hWnd, TDM_SET_PROGRESS_BAR_POS, 30000 - wParam, 0L); + SendMessage(hWnd, TDM_SET_PROGRESS_BAR_POS, wParam, 0L); return S_OK; case TDN_BUTTON_CLICKED: - /* We ignore anything else than the Cancel button */ - if (LOWORD(wParam) != IDCANCEL) - return S_FALSE; + switch(LOWORD(wParam)) { + case IDCANCEL: + DestroyWindow(hWnd); + break; - param = GetWindowLongPtr(hWnd, GWLP_USERDATA); - if (param) { - PCARD_DATA pCardData = (PCARD_DATA)((LONG_PTR*)param)[7]; - VENDOR_SPECIFIC* vs = (VENDOR_SPECIFIC*) pCardData->pvVendorSpecific; - WCHAR *pszContent = wchar_from_char_str(md_get_ui_str(pCardData, - MD_PINPAD_DLG_CONTENT_CANCEL)); - WCHAR *pszExpandedInformation = wchar_from_char_str(md_get_ui_str(pCardData, - MD_PINPAD_DLG_EXPANDED_CANCEL)); + case IDOK: + param = GetWindowLongPtr(hWnd, GWLP_USERDATA); + if (param) { + PCARD_DATA pCardData = (PCARD_DATA)((LONG_PTR*)param)[7]; + VENDOR_SPECIFIC* vs = (VENDOR_SPECIFIC*) pCardData->pvVendorSpecific; - sc_cancel(vs->ctx); + int timeout = md_get_pinpad_dlg_timeout(pCardData); + if (timeout > 0) { + DWORD start = (DWORD)((LONG_PTR*)dwRefData)[11]; + DWORD delta = timeGetTime() - start; + SendMessage(hWnd, TDM_SET_PROGRESS_BAR_RANGE, 0, MAKELPARAM(delta, delta + timeout*1000)); + SendMessage(hWnd, TDM_SET_PROGRESS_BAR_STATE, PBST_NORMAL, 0); + } - SendMessage(hWnd, TDM_SET_ELEMENT_TEXT, - TDE_CONTENT, (LPARAM) pszContent); - SendMessage(hWnd, TDM_SET_ELEMENT_TEXT, - TDE_EXPANDED_INFORMATION, (LPARAM) pszExpandedInformation); - SendMessage(hWnd, TDM_UPDATE_ICON, TDIE_ICON_MAIN, (LPARAM)MAKEINTRESOURCE(TD_INFORMATION_ICON)); - /* remove the icon from the window title */ - SendMessage(hWnd, WM_SETICON, (LPARAM) ICON_BIG, (LONG_PTR) NULL); - SendMessage(hWnd, WM_SETICON, (LPARAM) ICON_SMALL, (LONG_PTR) NULL); + /* disable "OK" and "Cancel" */ + SendMessage(hWnd, TDM_ENABLE_BUTTON, IDOK, 0); + SendMessage(hWnd, TDM_ENABLE_BUTTON, IDCANCEL, 0); - LocalFree(pszContent); - LocalFree(pszExpandedInformation); + /* disable "x" */ + HMENU menu = GetSystemMenu(hWnd, FALSE); + if (menu) { + EnableMenuItem(menu, SC_CLOSE, MF_BYCOMMAND | MF_GRAYED); + } + + /* launch the function in another thread context store the thread handle */ + ((LONG_PTR*)dwRefData)[9] = (LONG_PTR) CreateThread(NULL, 0, md_dialog_perform_pin_operation_thread, (LPVOID) dwRefData, 0, NULL); + } + break; + + default: + return S_FALSE; } break; @@ -2905,11 +2947,12 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p const u8 *pin1, size_t pin1len, const u8 *pin2, size_t *pin2len, BOOL displayUI, DWORD role) { - LONG_PTR parameter[11]; + LONG_PTR parameter[12]; INT_PTR result = 0; HWND hWndDlg = 0; TASKDIALOGCONFIG tc = {0}; int rv = 0; + BOOL checked, user_checked; VENDOR_SPECIFIC* pv = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); /* stack the parameters */ @@ -2924,6 +2967,7 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p parameter[8] = (LONG_PTR)role; parameter[9] = 0; /* place holder for thread handle */ parameter[10] = 0; /* place holder for window handle */ + parameter[11] = 0; /* place holder for end of timer */ /* launch the function to perform in the same thread context */ if (!displayUI) { @@ -2947,6 +2991,8 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p MD_PINPAD_DLG_CONTROL_COLLAPSED)); tc.pszExpandedInformation = wchar_from_char_str(md_get_ui_str(pCardData, MD_PINPAD_DLG_EXPANDED)); + tc.pszVerificationText = wchar_from_char_str(md_get_ui_str(pCardData, + MD_PINPAD_DLG_VERIFICATION)); switch (role) { case ROLE_ADMIN: tc.pszContent = wchar_from_char_str(md_get_ui_str(pCardData, @@ -2977,12 +3023,14 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p tc.dwFlags |= TDF_SHOW_PROGRESS_BAR | TDF_CALLBACK_TIMER; } - if (md_is_pinpad_dlg_enable_cancel(pCardData)) { - tc.dwFlags |= TDF_ALLOW_DIALOG_CANCELLATION; - tc.dwCommonButtons = TDCBF_CANCEL_BUTTON; - } else { + checked = !md_is_pinpad_dlg_enable_cancel(pCardData); + if (checked) { + tc.dwFlags |= TDF_VERIFICATION_FLAG_CHECKED; /* can't use TDCBF_CANCEL_BUTTON since this would implicitly set TDF_ALLOW_DIALOG_CANCELLATION */ tc.dwCommonButtons = TDCBF_CLOSE_BUTTON; + } else { + tc.dwFlags |= TDF_ALLOW_DIALOG_CANCELLATION; + tc.dwCommonButtons = TDCBF_CANCEL_BUTTON | TDCBF_OK_BUTTON; } tc.hMainIcon = md_get_pinpad_dlg_icon(pCardData); @@ -2995,7 +3043,30 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p tc.lpCallbackData = (LONG_PTR)parameter; tc.cbSize = sizeof(tc); - result = TaskDialogIndirect(&tc, NULL, NULL, NULL); + result = TaskDialogIndirect(&tc, NULL, NULL, &user_checked); + + if (user_checked != checked) { + TCHAR path[MAX_PATH]={0}; + if (GetModuleFileName(NULL, path, ARRAYSIZE(path))) { + HKEY hKey; + LSTATUS lstatus = RegOpenKeyExA(HKEY_CURRENT_USER, + SUBKEY_ENABLE_CANCEL, 0, KEY_WRITE, &hKey); + if (ERROR_SUCCESS != lstatus) { + lstatus = RegCreateKeyExA(HKEY_CURRENT_USER, + SUBKEY_ENABLE_CANCEL, 0, NULL, REG_OPTION_NON_VOLATILE, + KEY_WRITE, NULL, &hKey, NULL); + } + if (ERROR_SUCCESS == lstatus) { + DWORD enable_cancel = 0; + if (user_checked == FALSE) { + enable_cancel = 1; + } + lstatus = RegSetValueEx(hKey, path, 0, REG_DWORD, + (const BYTE*)&enable_cancel, sizeof(enable_cancel)); + RegCloseKey(hKey); + } + } + } LocalFree((WCHAR *) tc.pszWindowTitle); LocalFree((WCHAR *) tc.pszMainInstruction); diff --git a/src/ui/strings.c b/src/ui/strings.c index ecf9be8b..446e199c 100644 --- a/src/ui/strings.c +++ b/src/ui/strings.c @@ -113,15 +113,9 @@ const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, case MD_PINPAD_DLG_CONTENT_ADMIN: option = "md_pinpad_dlg_content_admin"; break; - case MD_PINPAD_DLG_CONTENT_CANCEL: - option = "md_pinpad_dlg_content_cancel"; - break; case MD_PINPAD_DLG_EXPANDED: option = "md_pinpad_dlg_expanded"; break; - case MD_PINPAD_DLG_EXPANDED_CANCEL: - option = "md_pinpad_dlg_expanded_cancel"; - break; case MD_PINPAD_DLG_ICON: option = "md_pinpad_dlg_icon"; break; @@ -149,6 +143,9 @@ const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, case NOTIFY_PIN_BAD_TEXT: option = "notify_pin_bad_text"; break; + case MD_PINPAD_DLG_VERIFICATION: + option = "md_pinpad_dlg_verification"; + break; default: option = NULL; break; @@ -191,15 +188,9 @@ const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, case MD_PINPAD_DLG_CONTENT_ADMIN: str = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein."; break; - case MD_PINPAD_DLG_CONTENT_CANCEL: - str = "Nutzen Sie das PIN-Pad, um den Vorgang abzubrechen."; - break; case MD_PINPAD_DLG_EXPANDED: str = "Dieses Fenster wird automatisch geschlossen, wenn die PIN am PIN-Pad eingegeben wurde (Timeout typischerweise nach 30 Sekunden)."; break; - case MD_PINPAD_DLG_EXPANDED_CANCEL: - str = "Einige Kartenleser unterstützen das Abbrechen ausschließlich am PIN-Pad. Drücken Sie Cancel (Abbruch) oder entfernen Sie die Karte."; - break; case NOTIFY_CARD_INSERTED: if (p15card) { str = "Smartcard kann jetzt verwendet werden"; @@ -228,9 +219,11 @@ const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, case NOTIFY_PIN_BAD_TEXT: str = "Smartcard ist gesperrt"; break; + case MD_PINPAD_DLG_VERIFICATION: + str = "Sofort PIN am PIN-Pad abfragen"; + break; case MD_PINPAD_DLG_CONTROL_COLLAPSED: - /* fall through */ case MD_PINPAD_DLG_CONTROL_EXPANDED: str = "Weitere Informationen"; break; @@ -246,7 +239,6 @@ const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, } break; case EN: - /* fall through */ default: switch (id) { case MD_PINPAD_DLG_TITLE: @@ -264,15 +256,9 @@ const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, case MD_PINPAD_DLG_CONTENT_ADMIN: str = "Please enter your PIN to unblock the user PIN on the PIN pad."; break; - case MD_PINPAD_DLG_CONTENT_CANCEL: - str = "Use the PIN pad to cancel the operation."; - break; case MD_PINPAD_DLG_EXPANDED: str = "This window will be closed automatically after the PIN has been submitted on the PIN pad (timeout typically after 30 seconds)."; break; - case MD_PINPAD_DLG_EXPANDED_CANCEL: - str = "Some readers only support canceling the operation on the PIN pad. Press Cancel or remove the card."; - break; case NOTIFY_CARD_INSERTED: if (p15card) { str = "Smart card is ready to use"; @@ -301,8 +287,11 @@ const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, case NOTIFY_PIN_BAD_TEXT: str = "Smart card is locked"; break; + case MD_PINPAD_DLG_VERIFICATION: + str = "Immediately request PIN on PIN-Pad"; + break; + case MD_PINPAD_DLG_CONTROL_COLLAPSED: - /* fall through */ case MD_PINPAD_DLG_CONTROL_EXPANDED: str = "Click here for more information"; break; diff --git a/src/ui/strings.h b/src/ui/strings.h index ddde3389..488dd62c 100644 --- a/src/ui/strings.h +++ b/src/ui/strings.h @@ -32,9 +32,7 @@ enum ui_str { MD_PINPAD_DLG_MAIN, MD_PINPAD_DLG_CONTENT_USER, MD_PINPAD_DLG_CONTENT_ADMIN, - MD_PINPAD_DLG_CONTENT_CANCEL, MD_PINPAD_DLG_EXPANDED, - MD_PINPAD_DLG_EXPANDED_CANCEL, MD_PINPAD_DLG_CONTROL_COLLAPSED, MD_PINPAD_DLG_CONTROL_EXPANDED, MD_PINPAD_DLG_ICON, @@ -49,6 +47,7 @@ enum ui_str { NOTIFY_PIN_BAD_TEXT, MD_PINPAD_DLG_CONTENT_USER_SIGN, NOTIFY_EXIT, + MD_PINPAD_DLG_VERIFICATION, }; const char *ui_get_str(struct sc_context *ctx, struct sc_atr *atr, diff --git a/win32/OpenSC.wxs.in b/win32/OpenSC.wxs.in index c0fdac39..5ca23416 100644 --- a/win32/OpenSC.wxs.in +++ b/win32/OpenSC.wxs.in @@ -71,7 +71,7 @@ - +