fix: close all cards on exit

This fixes a bug where if piv-agent exited due to an idle or exit timer then connections to the card were left in pcscd, and then when piv-agent started up again it couldn't (re)open the card.
smlx · Dec 16, 2021 · d7a1e09 · d7a1e09
1 parent 6b582f4
commit d7a1e09
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/cmd/piv-agent/serve.go b/cmd/piv-agent/serve.go
@@ -50,6 +50,7 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error {
 	log.Info("startup", zap.String("version", version),
 		zap.String("build date", date))
 	p := piv.New(log)
+	defer p.CloseAll()
 	// use FDs passed via socket activation
 	ls, err := sockets.Get(validAgents)
 	if err != nil {

diff --git a/internal/keyservice/piv/keyservice.go b/internal/keyservice/piv/keyservice.go
@@ -138,3 +138,11 @@ func (p *KeyService) GetDecrypter(keygrip []byte) (crypto.Decrypter, error) {
 	}
 	return &ECDHKey{ecdsa: ecdsaPrivKey}, nil
 }
+
+// CloseAll closes all security keys without checking for errors.
+// This should be called to clean up connections to `pcscd`.
+func (p *KeyService) CloseAll() {
+	for _, k := range p.securityKeys {
+		_ = k.Close()
+	}
+}