diff --git a/SOURCES/esc-1.1.2-fix7.patch b/SOURCES/esc-1.1.2-fix7.patch new file mode 100644 index 0000000..6150024 --- /dev/null +++ b/SOURCES/esc-1.1.2-fix7.patch @@ -0,0 +1,343 @@ +diff -up ./esc/src/app/esc.js.fix7 ./esc/src/app/esc.js +--- ./esc/src/app/esc.js.fix7 2020-05-30 18:57:40.423388032 -0700 ++++ ./esc/src/app/esc.js 2020-05-30 19:01:40.769955310 -0700 +@@ -30,6 +30,12 @@ const ESC_CONFIG_FILE_NAME = "esc.conf"; + const ESC_CONFIG_GROUP = "ESC"; + const ESC_PWORD_FILE = "pword"; + ++const STATUS_ENROLLED="Enrolled"; ++const STATUS_FORMATTED="Formatted"; ++const STATUS_UNFORMATTED="Unformatted"; ++const STATUS_UNKNOWN="Unknown"; ++const FORMATTED_CODE=2; ++ + const UNKNOWN_LABEL = "unknown"; + const CoolKeyNotifyIface = ' \ + \ +@@ -185,17 +191,17 @@ class ESC { + _getStatusString(intStatus) { + switch(intStatus) { + case 4: +- return "enrolled"; ++ return STATUS_ENROLLED; + break; + + case 2: +- return "uninitialized"; ++ return STATUS_FORMATTED; + break; + case 1: +- return "unknown"; ++ return STATUS_UNFORMATTED; + break; + default: +- return "unknown"; ++ return STATUS_UNKNOWN; + break; + } + } +@@ -216,14 +222,30 @@ class ESC { + let issuer = inserted.issuer; + let issuedTo = inserted.issued_to; + ++ let cachedIssuer = null; ++ ++ if(inserted.is_a_cool_key) { ++ cachedIssuer = this._phoneHomeMgr.getCachedIssuer(aKeyID); ++ } ++ ++ if(cachedIssuer != null) { ++ issuer = cachedIssuer; ++ } ++ + if(issuer == null || issuer.length == 0) { +- issuer = "unknown"; ++ issuer = STATUS_UNKNOWN; + } + if(issuedTo == null || issuedTo.length == 0) { +- issuedTo = "unknown"; ++ issuedTo = STATUS_UNKNOWN; + } ++ let newStatus = inserted.status; ++ ++ if(newStatus == FORMATTED_CODE) { ++ issuedTo = STATUS_UNKNOWN; ++ } ++ + this._tokenStore.set (this._tokenStore.append(), [0, 1, 2, 3, 4], +- [issuer, issuedTo, this._getStatusString(inserted.status), aKeyID,aKeyType]); ++ [issuer, issuedTo, this._getStatusString(newStatus), aKeyID,aKeyType]); + + let [ isSelected, iter] = this._tokenStore.get_iter_first(); + +diff -up ./esc/src/app/opensc.esc.conf.fix7 ./esc/src/app/opensc.esc.conf +--- ./esc/src/app/opensc.esc.conf.fix7 2020-05-30 18:54:14.079618060 -0700 ++++ ./esc/src/app/opensc.esc.conf 2020-05-30 19:02:16.191744158 -0700 +@@ -89,12 +89,12 @@ app default { + } + reader_driver openct { + }; +- card_drivers = coolkey, cac, piv, default; ++ card_drivers = coolkey, cac,cac1, piv, default; + secure_messaging local_authentic { + module_path = /usr/lib64; + } + framework pkcs15 { +- builtin_emulators = coolkey, cac, piv; ++ builtin_emulators = coolkey, cac, cac1, piv; + } + } + app opensc-pkcs11 { +diff -up ./esc/src/app/operationDialog.js.fix7 ./esc/src/app/operationDialog.js +--- ./esc/src/app/operationDialog.js.fix7 2020-05-30 18:54:48.700411683 -0700 ++++ ./esc/src/app/operationDialog.js 2020-05-30 19:03:01.354474940 -0700 +@@ -47,34 +47,32 @@ operationDialog.prototype = { + if(tokenInfo == null) { + this.app_alert("Invalid Token!"); + } +- this.dialog = new Gtk.Dialog ({ transient_for: this.app._window, +- modal: true,deletable: false, +- title: TOKEN_OPERATION, border_width: 10 }); + + this.operation = operation; + this.tokenInfo = tokenInfo; + + let opMessage = ""; + if(this.operation == OP_FORMAT) { +- opMessage = "Format Smart Card"; ++ opMessage = "Format Smart Card:"; + + } else if(this.operation == OP_ENROLL) { +- opMessage = "Enroll Smart Card"; ++ opMessage = "Enroll Smart Card:"; + } else if(this.operation == OP_PIN_RESET) { +- opMessage = "Reset Smart Card Pin"; ++ opMessage = "Reset Smart Card Pin:"; + } else { + this.app._alert("operationdDialog: Invalid operation!"); + return; + } + ++ this.dialog = new Gtk.Dialog ({ transient_for: this.app._window, ++ modal: true,deletable: false, ++ title: TOKEN_OPERATION, border_width: 10 }); ++ + this.area = this.dialog.get_content_area(); + this.grid = new Gtk.Grid ({row_spacing: 20, column_spacing: 20}); + +- this.message = new Gtk.Label ({label: opMessage}); +- this.area.add (this.message); +- + //this.throbberImage = new Gtk.Image({file: this.app._currentDir + "/" + "throbber-anim5.gif"}); +- ++ this.label = new Gtk.Label({label: opMessage}); + this.progressBar = new Gtk.ProgressBar ({ valign: Gtk.Align.CENTER }); + this.progressBar.set_fraction(0.0); + +@@ -86,15 +84,16 @@ operationDialog.prototype = { + this.ldapUserLabel = new Gtk.Label({label: "Ldap User:"}); + this.ldapUserBox = new Gtk.Entry(); + +- this.grid.attach(this.ldapUserLabel, 0, 0, 1,1); +- this.grid.attach(this.ldapUserBox,1, 0,1,1); ++ this.grid.attach(this.label,0,0,1,1); ++ this.grid.attach(this.ldapUserLabel, 0, 1, 1,1); ++ this.grid.attach(this.ldapUserBox,1, 1,1,1); + + this.ldapPasswordLabel = new Gtk.Label({label: "Ldap Password:"}); + this.ldapPasswordBox = new Gtk.Entry(); + this.ldapPasswordBox.set_visibility(false); + +- this.grid.attach(this.ldapPasswordLabel,2,0,1,1); +- this.grid.attach(this.ldapPasswordBox,3,0,1,1); ++ this.grid.attach(this.ldapPasswordLabel,2,1,1,1); ++ this.grid.attach(this.ldapPasswordBox,3,1,1,1); + + if(this.operation != OP_FORMAT ) { + +@@ -106,10 +105,10 @@ operationDialog.prototype = { + this.confirmPinBox = new Gtk.Entry(); + this.confirmPinBox.set_visibility(false); + +- this.grid.attach(this.newpinLabel, 0,1,1,1); +- this.grid.attach(this.newpinBox,1,1,1,1); +- this.grid.attach(this.confirmPinLabel,2,1,1,1); +- this.grid.attach(this.confirmPinBox,3,1,1,1); ++ this.grid.attach(this.newpinLabel, 0,2,1,1); ++ this.grid.attach(this.newpinBox,1,2,1,1); ++ this.grid.attach(this.confirmPinLabel,2,2,1,1); ++ this.grid.attach(this.confirmPinBox,3,2,1,1); + } + + this.oKButton = new Gtk.Button ({label: OpLabels[this.operation]}); +@@ -117,11 +116,11 @@ operationDialog.prototype = { + this.dismissButton = new Gtk.Button({label: "Cancel" }); + + //this.grid.attach(this.throbberImage,0,2,1,1); +- this.grid.attach(this.progressLabel, 0,2,1,1); ++ this.grid.attach(this.progressLabel, 0,3,1,1); + //this.throbberImage.hide(); +- this.grid.attach(this.progressBar, 1,2,1,1); +- this.grid.attach (this.oKButton,2,2,1,1); +- this.grid.attach (this.dismissButton,3,2,1,1); ++ this.grid.attach(this.progressBar, 1,3,1,1); ++ this.grid.attach (this.oKButton,2,3,1,1); ++ this.grid.attach (this.dismissButton,3,3,1,1); + + // Connect the button to the function that handles what it does + this.oKButton.connect ("clicked", this.oKHandler.bind(this)); +diff -up ./esc/src/app/phoneHome.js.fix7 ./esc/src/app/phoneHome.js +--- ./esc/src/app/phoneHome.js.fix7 2020-05-30 18:55:43.223086670 -0700 ++++ ./esc/src/app/phoneHome.js 2020-05-30 19:03:49.787186230 -0700 +@@ -93,7 +93,7 @@ phoneHome.prototype = { + + this.phArea = this.phDialog.get_content_area(); + this.phMessage = new Gtk.Label ({label: "Enter url: ex: http://test.host.com:8080/tps/phoneHome"}); +- this.phArea.add (this.phMessage); ++ //this.phArea.add (this.phMessage); + + this.phActionArea = this.phDialog.get_action_area(); + this.phUrlBox = new Gtk.Entry({width_chars: 35}); +@@ -108,9 +108,9 @@ phoneHome.prototype = { + this.phActionArea.add(this.phGrid); + + this.phOKButton = Gtk.Button.new_from_stock (Gtk.STOCK_OK); +- +- this.phGrid.attach(this.phUrlBox, 0, 0, 1,1); +- this.phGrid.attach(this.phOKButton,1, 0,1,1); ++ this.phGrid.add(this.phMessage); ++ this.phGrid.attach(this.phUrlBox, 0, 1, 1,1); ++ this.phGrid.attach(this.phOKButton,1, 1,1,1); + + // Connect the button to the function that handles what it does + this.phOKButton.connect ("clicked", this.phoneHomeOKHandler.bind(this)); +@@ -228,9 +228,9 @@ phoneHome.prototype = { + if(!aKeyID) + return null; + +- var issuerValue = this.app._configValueWithKeyID(aKeyID,KEY_ISSUER); ++ let issuerValue = this.app._configValueWithKeyID(aKeyID,KEY_ISSUER); + +- if(!issuerValue) ++ if(issuerValue == null) + return null; + + issuer = this.app._getConfigValue(issuerValue); +diff -up ./esc/src/app/pinDialog.js.fix7 ./esc/src/app/pinDialog.js +--- ./esc/src/app/pinDialog.js.fix7 2020-05-30 18:55:09.395288320 -0700 ++++ ./esc/src/app/pinDialog.js 2020-05-30 19:04:51.380819066 -0700 +@@ -36,16 +36,15 @@ pinDialog.prototype = { + launchPinPrompt: function(notify) { + + this.notify = notify; ++ this.message = "Token Pin Entry"; + this.dialog = new Gtk.Dialog ({ transient_for: this.app._window, + modal: true, + expand: false, +- title: PIN_OPERATION ,border_width: 20, deletable: false }); ++ title: this.message ,border_width: 20, deletable: false }); + + this.area = this.dialog.get_content_area(); + this.grid = new Gtk.Grid ({row_spacing: 10, column_spacing: 20}); + +- this.message = new Gtk.Label ({label: "Enter Token Pin"}); +- this.area.add (this.message); + + this.actionArea = this.dialog.get_action_area(); + this.pinBox = new Gtk.Entry(); +diff -up ./esc/src/lib/coolkey/CoolKey.cpp.fix7 ./esc/src/lib/coolkey/CoolKey.cpp +--- ./esc/src/lib/coolkey/CoolKey.cpp.fix7 2020-05-30 18:56:35.827773090 -0700 ++++ ./esc/src/lib/coolkey/CoolKey.cpp 2020-05-30 19:05:30.561585507 -0700 +@@ -511,6 +511,11 @@ HRESULT CoolKeyGetCUIDDirectly(char *aBu + + CKYCardConnection_BeginTransaction(conn); + ++ status = CKYApplet_SelectCardManager(conn, &apduRC); ++ if (status != CKYSUCCESS) { ++ goto done; ++ } ++ + status = CKYApplet_GetCUID(conn, &cuid, &apduRC); + if (status != CKYSUCCESS) { + goto done; +@@ -764,7 +769,6 @@ HRESULT CoolKeyGetCPLCDataDirectly(CKYAp + } + + CKYCardConnection_BeginTransaction(conn); +- unsigned long state; + + status = CKYApplet_SelectCardManager(conn, &apduRC); + if (status != CKYSUCCESS) { +diff -up ./esc/src/lib/coolkey/CoolKeyHandler.cpp.fix7 ./esc/src/lib/coolkey/CoolKeyHandler.cpp +--- ./esc/src/lib/coolkey/CoolKeyHandler.cpp.fix7 2020-05-30 18:56:56.511649792 -0700 ++++ ./esc/src/lib/coolkey/CoolKeyHandler.cpp 2020-05-30 19:06:21.955279145 -0700 +@@ -2157,11 +2157,22 @@ copySerialNumber(char *dest, const char + // it will probably have Dashes and store in lower case some time in the + // future. + // +-static HRESULT ++static HRESULT + getCUIDFromTokenInfo(CK_TOKEN_INFO *tokenInfo, char *tokenSerialNumber) + { ++ const int minCUIDLen = 18; ++ + char *cp = tokenSerialNumber; + ++ if( tokenSerialNumber == NULL) { ++ return E_FAIL; ++ } ++ ++ if(tokenInfo == NULL) { ++ *cp = 0; ++ return E_FAIL; ++ } ++ + if (isxdigit(tokenInfo->manufacturerID[0]) && + isxdigit(tokenInfo->manufacturerID[1]) && + isxdigit(tokenInfo->manufacturerID[2]) && +@@ -2181,6 +2192,10 @@ getCUIDFromTokenInfo(CK_TOKEN_INFO *toke + } + *cp=0; + ++ if( strlen(tokenSerialNumber) < minCUIDLen) { ++ return E_FAIL; ++ } ++ + return S_OK; + } + +@@ -2207,7 +2222,7 @@ CKHGetCoolKeyInfo(PK11SlotInfo *aSlot,Co + CK_TOKEN_INFO tokenInfo; + CoolKeyInfo *info = NULL; + SECStatus status; +- HRESULT hres,atrRes,cuidRes,cycleRes; ++ HRESULT hres,atrRes,cycleRes,cuidRes; + + char *readerName = PK11_GetSlotName(aSlot); + +@@ -2327,22 +2342,16 @@ CKHGetCoolKeyInfo(PK11SlotInfo *aSlot,Co + goto failed; + } + +- hres = getCUIDFromTokenInfo(&tokenInfo, info->mCUID); +- /* shouldn't the be != S_SUCCESS? */ +- if (hres == E_FAIL) { +- goto failed; +- } +- ++ cuidRes = getCUIDFromTokenInfo(&tokenInfo, info->mCUID); + //Check for blank cuid and put something there + +- if(isACOOLKey && strlen(info->mCUID) == 0 ) +- { ++ if(isACOOLKey && cuidRes == E_FAIL) { + //Let's try to get the cuid directly from the token. + + cuidRes = CoolKeyGetCUIDDirectly(cuidChar, 100, readerName); + + if(cuidRes != S_OK) { +- strcpy(info->mCUID, "blank-token"); ++ strcpy(info->mCUID, "unknown"); + } else { + strcpy(info->mCUID, cuidChar); + } diff --git a/SOURCES/esc-1.1.2-fix8.patch b/SOURCES/esc-1.1.2-fix8.patch new file mode 100644 index 0000000..4231b9b --- /dev/null +++ b/SOURCES/esc-1.1.2-fix8.patch @@ -0,0 +1,60 @@ +diff -up ./esc/src/app/opensc.esc.conf.fix8 ./esc/src/app/opensc.esc.conf +--- ./esc/src/app/opensc.esc.conf.fix8 2020-08-07 16:17:37.464650003 -0700 ++++ ./esc/src/app/opensc.esc.conf 2020-08-07 16:20:21.861957011 -0700 +@@ -89,12 +89,12 @@ app default { + } + reader_driver openct { + }; +- card_drivers = coolkey, cac,cac1, piv, default; ++ card_drivers = coolkey, cac,cac1, PIV-II, default; + secure_messaging local_authentic { + module_path = /usr/lib64; + } + framework pkcs15 { +- builtin_emulators = coolkey, cac, cac1, piv; ++ builtin_emulators = coolkey, cac, cac1, PIV-II; + } + } + app opensc-pkcs11 { +diff -up ./esc/src/lib/coolkey/CoolKey.cpp.fix8 ./esc/src/lib/coolkey/CoolKey.cpp +--- ./esc/src/lib/coolkey/CoolKey.cpp.fix8 2020-08-07 12:05:35.982966019 -0700 ++++ ./esc/src/lib/coolkey/CoolKey.cpp 2020-08-07 16:08:16.747602873 -0700 +@@ -593,6 +593,7 @@ char *CoolKeyGetFullReaderName(const cha + } else { + fullReaderName = strdup(thisReader); + PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s CoolKeyGetFullReaderName correct full name: %s \n",fullReaderName,GetTStamp(tBuff,56))); ++ break; + } + } + +diff -up ./esc/src/lib/coolkey/CoolKeyHandler.cpp.fix8 ./esc/src/lib/coolkey/CoolKeyHandler.cpp +--- ./esc/src/lib/coolkey/CoolKeyHandler.cpp.fix8 2020-08-07 12:05:44.394982245 -0700 ++++ ./esc/src/lib/coolkey/CoolKeyHandler.cpp 2020-08-07 16:10:35.504862004 -0700 +@@ -2225,8 +2225,17 @@ CKHGetCoolKeyInfo(PK11SlotInfo *aSlot,Co + HRESULT hres,atrRes,cycleRes,cuidRes; + + char *readerName = PK11_GetSlotName(aSlot); ++ int readerNameLen = strlen(readerName); + +- char *actualReaderName = CoolKeyGetFullReaderName(readerName); ++ //Since there is no local support to get a reader name by slot, ++ //Will simply do a partial substring compare, using less characters ++ //to avoid any hard coded trailing chars. ++ ++ char partialReaderName[60]; ++ memset(partialReaderName, 0, 60); ++ ++ strncpy(partialReaderName,readerName, 59); ++ char *actualReaderName = CoolKeyGetFullReaderName(partialReaderName); + + memset((void *) &tokenInfo,0,sizeof(tokenInfo)); + ATR.data = NULL; // initialize for error processing +@@ -2348,7 +2357,7 @@ CKHGetCoolKeyInfo(PK11SlotInfo *aSlot,Co + if(isACOOLKey && cuidRes == E_FAIL) { + //Let's try to get the cuid directly from the token. + +- cuidRes = CoolKeyGetCUIDDirectly(cuidChar, 100, readerName); ++ cuidRes = CoolKeyGetCUIDDirectly(cuidChar, 100, actualReaderName); + + if(cuidRes != S_OK) { + strcpy(info->mCUID, "unknown"); diff --git a/SOURCES/esc-1.1.2-fix9.patch b/SOURCES/esc-1.1.2-fix9.patch new file mode 100644 index 0000000..0ddf203 --- /dev/null +++ b/SOURCES/esc-1.1.2-fix9.patch @@ -0,0 +1,41 @@ +diff -up ./esc/src/app/esc.js.fix9 ./esc/src/app/esc.js +--- ./esc/src/app/esc.js.fix9 2020-08-12 11:15:29.423093856 -0700 ++++ ./esc/src/app/esc.js 2020-08-12 11:43:47.646556310 -0700 +@@ -271,7 +271,6 @@ class ESC { + if(!insertedToken && !doReset) { + return; + } +- + if(doReset) { + this._operationsGrid.remove(this._phoneHomeButton); + this._operationsGrid.remove(this._enrollButton); +@@ -297,6 +296,12 @@ class ESC { + } + + this._operationsGrid.show_all(); ++ } else { ++ if(insertedToken.status == 4) { ++ this._operationsGrid.add(this._certDetailButton); ++ this._operationsGrid.show_all(); ++ ++ } + } + } + +diff -up ./esc/src/lib/coolkey/CoolKeyHandler.cpp.fix9 ./esc/src/lib/coolkey/CoolKeyHandler.cpp +--- ./esc/src/lib/coolkey/CoolKeyHandler.cpp.fix9 2020-08-12 10:59:24.844704399 -0700 ++++ ./esc/src/lib/coolkey/CoolKeyHandler.cpp 2020-08-12 11:11:05.480713407 -0700 +@@ -2329,11 +2329,11 @@ CKHGetCoolKeyInfo(PK11SlotInfo *aSlot,Co + } + + //Massage the tokenInfo so it adhered to when coolkey was doing it. +- if(hasApplet) { ++ if(hasApplet == 1 || isACAC == 1 || isAPIV == 1) { + tokenInfo.firmwareVersion.major = 1; + } + +- if(isPersonalized) { ++ if(isPersonalized == 1 || isACAC == 1 || isAPIV == 1) { + tokenInfo.flags |= CKF_TOKEN_INITIALIZED; + } + diff --git a/SPECS/esc.spec b/SPECS/esc.spec index 043e57a..e995ae3 100644 --- a/SPECS/esc.spec +++ b/SPECS/esc.spec @@ -1,6 +1,6 @@ Name: esc Version: 1.1.2 -Release: 11%{?dist} +Release: 14%{?dist} Summary: Enterprise Security Client Smart Card Client License: GPL+ URL: http://directory.fedora.redhat.com/wiki/CoolKey @@ -13,6 +13,9 @@ Patch3: esc-1.1.2-fix3.patch Patch4: esc-1.1.2-fix4.patch Patch5: esc-1.1.2-fix5.patch Patch6: esc-1.1.2-fix6.patch +Patch7: esc-1.1.2-fix7.patch +Patch8: esc-1.1.2-fix8.patch +Patch9: esc-1.1.2-fix9.patch #BuildRequires: doxygen fontconfig-devel @@ -77,6 +80,9 @@ cryptographic smartcards. %patch4 -p1 -b .fix4 %patch5 -p1 -b .fix5 %patch6 -p1 -b .fix6 +%patch7 -p1 -b .fix7 +%patch8 -p1 -b .fix8 +%patch9 -p1 -b .fix9 %build @@ -145,6 +151,14 @@ cp %{escname}/esc/LICENSE $RPM_BUILD_ROOT/%{docdir} %{_datadir}/%{appdir}/esc.desktop %changelog +* Fri Aug 07 2020 Jack Magne - 1.1.2-14 +- Resolves: rhbz#1848629 - Smartcard is not detected by esc. Ammendment to bug fix. +* Fri Aug 07 2020 Jack Magne - 1.1.2-13 +- Resolves: rhbz#1848629 - Smartcard is not detected by esc +* Sat May 30 2020 Jack Magne - 1.1.2-12 +- Resolves: rhbz#1646486 - alt tokens not detected by ESC +- Resolves: rhbz#1774750 - ESC's unusual behavior after formatting a blank Gemalto token +- Resolves: rhbz#1774770 - After formatting a Gemalto/SCP03 token, ESC shows incorrect Issuer, Issued To, Status, and Token ID details * Wed Nov 13 2019 Jack Magne - 1.1.2-11 - Resolves: rhbz#1724787 - ESC - HTTP GET Requests incorrectly Being Sent To TPS for Token Operations [8.2] - Resolves: rhbz#1734117 - ESC does not detect/recognize both clean and formatted (with phone home) smart cards