piv: mark PC/SC connection as exclusive

go-piv · Apr 27, 2020 · d862809 · d862809
1 parent 6bdd3b3
commit d862809
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/piv/pcsc.go b/piv/pcsc.go
@@ -196,7 +196,7 @@ func (c *scContext) Connect(reader string) (*scHandle, error) {
 		activeProtocol C.DWORD
 	)
 	rc := C.SCardConnect(c.ctx, C.CString(reader),
-		C.SCARD_SHARE_SHARED, C.SCARD_PROTOCOL_T1,
+		C.SCARD_SHARE_EXCLUSIVE, C.SCARD_PROTOCOL_T1,
 		&handle, &activeProtocol)
 	if err := scCheck(rc); err != nil {
 		return nil, err

diff --git a/piv/piv_test.go b/piv/piv_test.go
@@ -80,6 +80,36 @@ func TestNewYubiKey(t *testing.T) {
 	defer close()
 }
 
+func TestMultipleConnections(t *testing.T) {
+	cards, err := Cards()
+	if err != nil {
+		t.Fatalf("listing cards: %v", err)
+	}
+	for _, card := range cards {
+		if !strings.Contains(strings.ToLower(card), "yubikey") {
+			continue
+		}
+		if !pivtest.CanModifyYubiKey {
+			t.Skip("not running test that accesses yubikey, provide --wipe-yubikey flag")
+		}
+		yk, err := Open(card)
+		if err != nil {
+			t.Fatalf("getting new yubikey: %v", err)
+		}
+		defer func() {
+			if err := yk.Close(); err != nil {
+				t.Errorf("closing yubikey: %v", err)
+			}
+		}()
+
+		if _, err := Open(card); err == nil {
+			t.Errorf("expected second open operation to fail")
+		}
+		return
+	}
+	t.Skip("no yubikeys detected, skipping")
+}
+
 func TestYubiKeySerial(t *testing.T) {
 	yk, close := newTestYubiKey(t)
 	defer close()