diff options
author | Mili Verma <mili.verma@isode.com> | 2015-07-06 14:10:25 (GMT) |
---|---|---|
committer | Kevin Smith <kevin.smith@isode.com> | 2015-07-07 10:49:49 (GMT) |
commit | f10c9618f8ccd9e44c9a45a69179883b39a445f5 (patch) | |
tree | c22b7ddfaa5aaba08edb1ae62650a45dce6af9e7 /Swiften | |
parent | 88e392fd98a1d49d787860f4b504a01f082c6ae6 (diff) | |
download | swift-f10c9618f8ccd9e44c9a45a69179883b39a445f5.zip swift-f10c9618f8ccd9e44c9a45a69179883b39a445f5.tar.bz2 |
Add hidden option to prevent disconnect when smartcard removed
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which
when set to false allows the user's session to stay connected if the smartcard
is removed. The default value of this option is true if it is not specified.
Test-information:
Tested on Windows using NIST smartcards.
Tested true and false values set for this option in the file and also when
option is not specified (true).
Unit tests pass.
Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
Diffstat (limited to 'Swiften')
-rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp | 10 | ||||
-rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContextFactory.h | 3 | ||||
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.cpp | 10 | ||||
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.h | 5 | ||||
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContextFactory.cpp | 6 | ||||
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContextFactory.h | 3 | ||||
-rw-r--r-- | Swiften/TLS/TLSContextFactory.h | 1 |
7 files changed, 31 insertions, 7 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp index 50f6731..4981170 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Isode Limited. + * Copyright (c) 2010-2015 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -20,8 +20,14 @@ TLSContext* OpenSSLContextFactory::createTLSContext(const TLSOptions&) { void OpenSSLContextFactory::setCheckCertificateRevocation(bool check) { if (check) { - assert(false); SWIFT_LOG(warning) << "CRL Checking not supported for OpenSSL" << std::endl; + assert(false); + } +} + +void OpenSSLContextFactory::setDisconnectOnCardRemoval(bool check) { + if (check) { + SWIFT_LOG(warning) << "Smart cards not supported for OpenSSL" << std::endl; } } diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h index bf7f08a..89033ad 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h +++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Isode Limited. + * Copyright (c) 2010-2015 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -18,5 +18,6 @@ namespace Swift { // Not supported virtual void setCheckCertificateRevocation(bool b); + virtual void setDisconnectOnCardRemoval(bool b); }; } diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 5f230ec..70ff7dd 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -21,7 +21,7 @@ namespace Swift { //------------------------------------------------------------------------ -SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround) { +SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround), disconnectOnCardRemoval_(true) { contextFlags_ = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | @@ -625,7 +625,9 @@ bool SchannelContext::setClientCertificate(CertificateWithKey::ref certificate) //------------------------------------------------------------------------ void SchannelContext::handleCertificateCardRemoved() { - indicateError(boost::make_shared<TLSError>(TLSError::CertificateCardRemoved)); + if (disconnectOnCardRemoval_) { + indicateError(boost::make_shared<TLSError>(TLSError::CertificateCardRemoved)); + } } //------------------------------------------------------------------------ @@ -680,5 +682,9 @@ void SchannelContext::setCheckCertificateRevocation(bool b) { checkCertificateRevocation_ = b; } +void SchannelContext::setDisconnectOnCardRemoval(bool b) { + disconnectOnCardRemoval_ = b; +} + } diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h index 19cc473..36a3f0c 100644 --- a/Swiften/TLS/Schannel/SchannelContext.h +++ b/Swiften/TLS/Schannel/SchannelContext.h @@ -5,7 +5,7 @@ */ /* - * Copyright (c) 2012 Isode Limited. + * Copyright (c) 2012-2015 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -57,6 +57,8 @@ namespace Swift virtual void setCheckCertificateRevocation(bool b); + virtual void setDisconnectOnCardRemoval(bool b); + private: void determineStreamSizes(); void continueHandshake(const SafeByteArray& data); @@ -105,5 +107,6 @@ namespace Swift boost::shared_ptr<CAPICertificate> userCertificate_; bool checkCertificateRevocation_; bool tls1_0Workaround_; + bool disconnectOnCardRemoval_; }; } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp index 6e83b0d..c2587c5 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp +++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp @@ -15,7 +15,7 @@ namespace Swift { -SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) { +SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true), disconnectOnCardRemoval(true) { } bool SchannelContextFactory::canCreate() const { @@ -25,6 +25,7 @@ bool SchannelContextFactory::canCreate() const { TLSContext* SchannelContextFactory::createTLSContext(const TLSOptions& tlsOptions) { SchannelContext* context = new SchannelContext(tlsOptions.schannelTLS1_0Workaround); context->setCheckCertificateRevocation(checkCertificateRevocation); + context->setDisconnectOnCardRemoval(disconnectOnCardRemoval); return context; } @@ -32,5 +33,8 @@ void SchannelContextFactory::setCheckCertificateRevocation(bool b) { checkCertificateRevocation = b; } +void SchannelContextFactory::setDisconnectOnCardRemoval(bool b) { + disconnectOnCardRemoval = b; +} } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h index 789d15f..27b7dc9 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.h +++ b/Swiften/TLS/Schannel/SchannelContextFactory.h @@ -24,7 +24,10 @@ namespace Swift { virtual void setCheckCertificateRevocation(bool b); + virtual void setDisconnectOnCardRemoval(bool b); + public: bool checkCertificateRevocation; + bool disconnectOnCardRemoval; }; } diff --git a/Swiften/TLS/TLSContextFactory.h b/Swiften/TLS/TLSContextFactory.h index 90da4a1..b67c34f 100644 --- a/Swiften/TLS/TLSContextFactory.h +++ b/Swiften/TLS/TLSContextFactory.h @@ -20,5 +20,6 @@ namespace Swift { virtual TLSContext* createTLSContext(const TLSOptions& tlsOptions) = 0; virtual void setCheckCertificateRevocation(bool b) = 0; + virtual void setDisconnectOnCardRemoval(bool b) = 0; }; } |