From ran at unusedvar.com Wed Dec 11 12:40:51 2024 From: ran at unusedvar.com (Ran Benita) Date: Wed, 11 Dec 2024 22:40:51 +0200 Subject: [Pcsclite-muscle] CCID: Reduce status change latency by using the status from RDR_to_PC_NotifySlotChange? Message-ID: For readers which support it, the CCID driver listens for RDR_to_PC_NotifySlotChange notifications on the interrupt endpoint. This replaces the need for polling. When a RDR_to_PC_NotifySlotChange notification is received, the CCID driver then issues a PC_to_RDR_GetSlotStatus to get the new status and notify the application. However, the RDR_to_PC_NotifySlotChange already contains the new status of the slot(s). If the CCID driver were to use it, it could skip the PC_to_RDR_GetSlotStatus roundtrip, thereby removing the 10-20ms latency it adds (by my measurement with a couple of readers) before the application gets the status change. IMO, 10-20ms latency for SCardGetStatusChange, while not a lot, is not insignificant. What are your opinion on this idea? As a proof of concept, I modified `InterruptRead` to return the new status to `IFDHPolling`, which stashes it in the `CcidSlots`; then `IFDHICCPresence` uses this status, if it is set, instead of calling `CmdGetSlotStatus`. This seems to work from rudimentary testing, although there is some business with `bPowerFlags` that I haven't gotten to the bottom of. Hopefully someone more familiar with the code can do it properly, if the idea is sound. Ran From ludovic.rousseau at gmail.com Wed Dec 25 06:44:05 2024 From: ludovic.rousseau at gmail.com (Ludovic Rousseau) Date: Wed, 25 Dec 2024 15:44:05 +0100 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 Message-ID: Hello, I just released a new version 2.3.1 of pcsc-lite. Changes: 2.3.1: Ludovic Rousseau 24 December 2024 - Install a default /etc/default/pcscd file - auth.c: implement polkit support for FreeBSD - meson: . also build static version of libpcsclite . add options to disable polkit and libsystemd . add "filter_names" in features when needed - Doxygen: document dwCurrentState use for "\\?PnP?\Notification" - Some other minor improvements https://blog.apdu.fr/posts/2024/12/new-version-of-pcsc-lite-231/ -- Dr. Ludovic Rousseau From gdt at lexort.com Fri Dec 27 04:25:30 2024 From: gdt at lexort.com (Greg Troxel) Date: Fri, 27 Dec 2024 07:25:30 -0500 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: (Ludovic Rousseau's message of "Wed, 25 Dec 2024 15:44:05 +0100") References: Message-ID: Thanks for the update. I used to use smartcards at work, and have kept updating pcsc stuff in pkgsrc partly for old times sake and partly because I think I might be using them again someday. I had a few wrinkles updating pgksrc to 2.3.1 from 2.3.0 * polkit being present threw an error Building on NetBSD under pkgsrc, where polkit is provided: ===> Building for pcsc-lite-2.3.1 ninja: Entering directory `output' [18/57] Compiling C object pcscd.p/src_auth.c.o FAILED: pcscd.p/src_auth.c.o gcc -Ipcscd.p -I. -I.. -I../src -I../src/PCSC -I/usr/pkg/include/libusb-1.0 -I/usr/pkg/include/polkit-1 -I/usr/pkg/include -I/usr/pkg/include/glib-2.0 -I/usr/pkg/lib/glib-2.0/include -I/usr/pkg/include/gio-unix-2.0 -I/usr/include -I/usr/pkg/include/python3.12 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -fvisibility=hidden -O2 -pthread -DPCSCD -MD -MQ pcscd.p/src_auth.c.o -MF pcscd.p/src_auth.c.o.d -o pcscd.p/src_auth.c.o -c ../src/auth.c ../src/auth.c:185:2: error: #error polkit is enabled, but no socket cred implementation for this platform 185 | #error polkit is enabled, but no socket cred implementation for this platform | ^~~~~ [21/57] Compiling C object libpcsclite.a.p/src_winscard_clnt.c.o ninja: build stopped: subcommand failed. I get where you are coming from, but it seems better to build as if polkit is not there, basically requiring both tests to enable the feature. When hiding polkit, it built. Did pcsc-lite used to actually use polkit? * default file is in a linuxy place ERROR: The following files are in /tmp/work/security/pcsc-lite/work/.destdir/usr/pkg but not in the PLIST: ERROR: /tmp/work/security/pcsc-lite/work/.destdir/usr/pkg/etc/default/pcscd so perhaps should only be installed on GNU/Linux. It's not clear if this is a file that actually *sets* defaults that should be read, or an example that someone could copy, or if pcsd-lite now tries to read from this path before reading from a more standard config file location within $prefix. pkgsrc, when building to /usr/pkg expects config files to be in /usr/pkg/etc/foo.conf or /usr/pkg/etc/foo/whatever.conf). It's also not clear to me if this file is meant to be edited by the sysadmin, in which case it isn't really "default" so much as the system config, perhaps read before a user config. The big question for me is: did anything change about config file placement/reading other than installing this file? If not, I can just not install it and do the update, and if so, I don't feel that I can commit the update without untangling the config file location/reading. From gdt at lexort.com Fri Dec 27 04:28:37 2024 From: gdt at lexort.com (Greg Troxel) Date: Fri, 27 Dec 2024 07:28:37 -0500 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: (Greg Troxel's message of "Fri, 27 Dec 2024 07:25:30 -0500") References: Message-ID: Greg Troxel writes: > * default file is in a linuxy place > > ERROR: The following files are in /tmp/work/security/pcsc-lite/work/.destdir/usr/pkg but not in the PLIST: > ERROR: /tmp/work/security/pcsc-lite/work/.destdir/usr/pkg/etc/default/pcscd Sorry - this is within prefix. but "default" is not normal on NetBSD. From ludovic.rousseau at gmail.com Fri Dec 27 05:56:35 2024 From: ludovic.rousseau at gmail.com (Ludovic Rousseau) Date: Fri, 27 Dec 2024 14:56:35 +0100 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: References: Message-ID: Hello Greg, Le ven. 27 d?c. 2024 ? 13:25, Greg Troxel a ?crit : > > Thanks for the update. I used to use smartcards at work, and have kept > updating pcsc stuff in pkgsrc partly for old times sake and partly > because I think I might be using them again someday. > > I had a few wrinkles updating pgksrc to 2.3.1 from 2.3.0 > > * polkit being present threw an error > > Building on NetBSD under pkgsrc, where polkit is provided: > > ===> Building for pcsc-lite-2.3.1 > ninja: Entering directory `output' > [18/57] Compiling C object pcscd.p/src_auth.c.o > FAILED: pcscd.p/src_auth.c.o > gcc -Ipcscd.p -I. -I.. -I../src -I../src/PCSC -I/usr/pkg/include/libusb-1.0 -I/usr/pkg/include/polkit-1 -I/usr/pkg/include -I/usr/pkg/include/glib-2.0 -I/usr/pkg/lib/glib-2.0/include -I/usr/pkg/include/gio-unix-2.0 -I/usr/include -I/usr/pkg/include/python3.12 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -fvisibility=hidden -O2 -pthread -DPCSCD -MD -MQ pcscd.p/src_auth.c.o -MF pcscd.p/src_auth.c.o.d -o pcscd.p/src_auth.c.o -c ../src/auth.c > ../src/auth.c:185:2: error: #error polkit is enabled, but no socket cred implementation for this platform > 185 | #error polkit is enabled, but no socket cred implementation for this platform > | ^~~~~ > [21/57] Compiling C object libpcsclite.a.p/src_winscard_clnt.c.o > ninja: build stopped: subcommand failed. > > I get where you are coming from, but it seems better to build as if > polkit is not there, basically requiring both tests to enable the > feature. > > When hiding polkit, it built. > > Did pcsc-lite used to actually use polkit? Polkit is used since 2014 and is enabled by default since Nov 2023. Support of FreeBSD was added in https://github.com/LudovicRousseau/PCSC/commit/19d0b26402a3d584186ff28d4c528382d7fd1a5e But it looks like NetBSD do not have LOCAL_PEERCRED. A patch is welcome. > * default file is in a linuxy place > > ERROR: The following files are in /tmp/work/security/pcsc-lite/work/.destdir/usr/pkg but not in the PLIST: > ERROR: /tmp/work/security/pcsc-lite/work/.destdir/usr/pkg/etc/default/pcscd > > so perhaps should only be installed on GNU/Linux. It's not clear if > this is a file that actually *sets* defaults that should be read, or an > example that someone could copy, or if pcsd-lite now tries to read from > this path before reading from a more standard config file location > within $prefix. > > pkgsrc, when building to /usr/pkg expects config files to be in > /usr/pkg/etc/foo.conf or /usr/pkg/etc/foo/whatever.conf). > > It's also not clear to me if this file is meant to be edited by the > sysadmin, in which case it isn't really "default" so much as the system > config, perhaps read before a user config. > > > The big question for me is: did anything change about config file > placement/reading other than installing this file? If not, I can just > not install it and do the update, and if so, I don't feel that I can > commit the update without untangling the config file location/reading. This file is supposed to be used/read by the launching system (systemd for example). It is NOT used by pcscd. But it defines environment variables used by pcscd. It is supposed to be edited by the local admin. If you do not have an equivalent on NetBSD you can ignore it. Bye -- Dr. Ludovic Rousseau From gdt at lexort.com Fri Dec 27 06:23:54 2024 From: gdt at lexort.com (Greg Troxel) Date: Fri, 27 Dec 2024 09:23:54 -0500 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: (Ludovic Rousseau's message of "Fri, 27 Dec 2024 14:56:35 +0100") References: Message-ID: Ludovic Rousseau writes: >> I get where you are coming from, but it seems better to build as if >> polkit is not there, basically requiring both tests to enable the >> feature. >> >> When hiding polkit, it built. >> >> Did pcsc-lite used to actually use polkit? > > Polkit is used since 2014 and is enabled by default since Nov 2023. > > Support of FreeBSD was added in > https://github.com/LudovicRousseau/PCSC/commit/19d0b26402a3d584186ff28d4c528382d7fd1a5e > But it looks like NetBSD do not have LOCAL_PEERCRED. > A patch is welcome. It does not have it. The current code is problematic because it #ifdefs on things and then the resulting branches don't line up with what is probed. There's an ifdef on SO_PEERCRED/LOCAL_PEERCRED, but that controls whether stdbool is included, and then there's an if freebsd with an error branch. The previous behavior seemed to be that without polkit, requests are all considered authorized. So with polkit, and without credentials code, the same thing should happen. I'm having a hard time figuring out the plan. It looks like the first isClientAuthorized implementation is for the case when #if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) is true. But it isn't part of that ifdef. When #if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) isn't true, then there's a typedef, but no inclusion of ucred.h, and the inclusion of stdbool doesn't happen. But the function happens anyway, only on FreeBSD. I don't understand why there needs to be an ifdef FreeBSD, if it's guarded on SO_PEERCRED and LOCAL_PEERCRED. And why the else branch of the PEERCRED test isn't just the old "it's ok" code.f Maybe this patch is wrong, but it at least shows what I failed to understand. Basically, the isClientAuthorized that relies on PEERCRED is invoked if polkit and if PEERCRED. (I've also added comments to else/endif as for me that makes it easier to follow.) --- src/auth.c.orig 2024-12-24 10:16:27.000000000 +0000 +++ src/auth.c @@ -51,28 +51,16 @@ #include -#ifdef HAVE_POLKIT - -#if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) +#if defined(POLKIT) && defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) #include #include -#ifdef __FreeBSD__ - #include typedef struct xucred platform_cred; #define CRED_PID(uc) (uc).cr_pid #define CRED_UID(uc) (uc).cr_uid -#else - -typedef struct ucred platform_cred; -#define CRED_PID(uc) (uc).pid -#define CRED_UID(uc) (uc).uid - -#endif - extern bool disable_polkit; /* Returns non zero when the client is authorized */ @@ -180,13 +168,7 @@ cleanup1: return ret; } -#else - -#error polkit is enabled, but no socket cred implementation for this platform - -#endif - -#else +#else /* defined(POLKIT) && defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) */ unsigned IsClientAuthorized(int socket, const char* action, const char* reader) { @@ -197,4 +179,4 @@ unsigned IsClientAuthorized(int socket, return 1; } -#endif +#endif /* defined(POLKIT) && defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) */ From gdt at lexort.com Fri Dec 27 06:41:42 2024 From: gdt at lexort.com (Greg Troxel) Date: Fri, 27 Dec 2024 09:41:42 -0500 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: (Ludovic Rousseau's message of "Fri, 27 Dec 2024 14:56:35 +0100") References: Message-ID: Ludovic Rousseau writes: >> The big question for me is: did anything change about config file >> placement/reading other than installing this file? If not, I can just >> not install it and do the update, and if so, I don't feel that I can >> commit the update without untangling the config file location/reading. > > This file is supposed to be used/read by the launching system (systemd > for example). > It is NOT used by pcscd. But it defines environment variables used by pcscd. > It is supposed to be edited by the local admin. > > If you do not have an equivalent on NetBSD you can ignore it. We don't have any concept of launchers setting environment variables, and generally daemons don't look for config in the env. They read e.g. $prefix/etc/pcscd/pcscd.conf. (FWIW, my take on best practices is that the defaults make sense so that many people do not need a config file, so that it is normal for that file to be missing if one intends to be default.) Should this be conditional on HAVE_SYSTEMD? It seems like a systemd special case rather than broader practice. For pkgsrc, I have just patched the install out of the meson file. From gdt at lexort.com Fri Dec 27 07:01:53 2024 From: gdt at lexort.com (Greg Troxel) Date: Fri, 27 Dec 2024 10:01:53 -0500 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: (Ludovic Rousseau's message of "Fri, 27 Dec 2024 14:56:35 +0100") References: Message-ID: Ludovic Rousseau writes: > Polkit is used since 2014 and is enabled by default since Nov 2023. > > Support of FreeBSD was added in > https://github.com/LudovicRousseau/PCSC/commit/19d0b26402a3d584186ff28d4c528382d7fd1a5e > But it looks like NetBSD do not have LOCAL_PEERCRED. > A patch is welcome. Reading that diff, I'm not sure how this built before. It looks like the other half of the ifdef freebsd is linux, not "everything else". But it looks like there are changes since. Looking at 2.3.0:: #if defined(HAVE_POLKIT) && defined(SO_PEERCRED) #include #include extern bool disable_polkit; /* Returns non zero when the client is authorized */ unsigned IsClientAuthorized(int socket, const char* action, const char* reader) { struct ucred cr; the logic is as I'd expect. My diff is wrong, but I think the basic concept, of only compiling the peercred-using IsClientAuthorized if both polkit is present and there is one or the other PEERCRED define is present, is sound. NetBSD has LOCAL_CREDS which gets you a struct sockcred. Probably that's in OpenBSD as well. I am surprised this is different; I would have guessed it dated back to 4.3BSD. FreeBSD's unix(4) says Credentials of the sending process can be transmitted explicitly using a control message of type SCM_CREDS with a data portion of type struct cmsgcred, defined in as follows: struct cmsgcred { pid_t cmcred_pid; /* PID of sending process */ uid_t cmcred_uid; /* real UID of sending process */ uid_t cmcred_euid; /* effective UID of sending process */ gid_t cmcred_gid; /* real GID of sending process */ short cmcred_ngroups; /* number of groups */ gid_t cmcred_groups[CMGROUP_MAX]; /* groups */ }; The sender should pass a zeroed buffer which will be filled in by the system. I see also that FreeBSD supports LOCAL_CREDS, and that support appears to be the same as NetBSD. I am guessing that the PEERCRED approach was chosen because it can be queried on a socket, rather than enabled on the socket and then using recvmsg. From ludovic.rousseau at gmail.com Fri Dec 27 09:02:44 2024 From: ludovic.rousseau at gmail.com (Ludovic Rousseau) Date: Fri, 27 Dec 2024 18:02:44 +0100 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: References: Message-ID: Le ven. 27 d?c. 2024 ? 15:41, Greg Troxel a ?crit : > > Ludovic Rousseau writes: > > >> The big question for me is: did anything change about config file > >> placement/reading other than installing this file? If not, I can just > >> not install it and do the update, and if so, I don't feel that I can > >> commit the update without untangling the config file location/reading. > > > > This file is supposed to be used/read by the launching system (systemd > > for example). > > It is NOT used by pcscd. But it defines environment variables used by pcscd. > > It is supposed to be edited by the local admin. > > > > If you do not have an equivalent on NetBSD you can ignore it. > > We don't have any concept of launchers setting environment variables, > and generally daemons don't look for config in the env. They read > e.g. $prefix/etc/pcscd/pcscd.conf. (FWIW, my take on best practices is > that the defaults make sense so that many people do not need a config > file, so that it is normal for that file to be missing if one intends to > be default.) > > Should this be conditional on HAVE_SYSTEMD? It seems like a systemd > special case rather than broader practice. It is not specific to systemd. The same mechanism was already used by SysVinit previously used on Debian. For example see https://salsa.debian.org/debian/pcsc-lite/-/blob/master/debian/pcscd.init?ref_type=heads#L33 > For pkgsrc, I have just patched the install out of the meson file. OK Bye -- Dr. Ludovic Rousseau From ludovic.rousseau at gmail.com Fri Dec 27 09:06:30 2024 From: ludovic.rousseau at gmail.com (Ludovic Rousseau) Date: Fri, 27 Dec 2024 18:06:30 +0100 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: References: Message-ID: Le ven. 27 d?c. 2024 ? 16:01, Greg Troxel a ?crit : > My diff is wrong, but I think the basic concept, of only compiling the > peercred-using IsClientAuthorized if both polkit is present and there is > one or the other PEERCRED define is present, is sound. The idea is to explicitly fail if polkit is enabled but IsClientAuthorized() can't use it. In that case the choice is to disable polkit, instead of silently ignore it. Bye -- Dr. Ludovic Rousseau From gdt at lexort.com Fri Dec 27 09:21:19 2024 From: gdt at lexort.com (Greg Troxel) Date: Fri, 27 Dec 2024 12:21:19 -0500 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: (Ludovic Rousseau's message of "Fri, 27 Dec 2024 18:06:30 +0100") References: Message-ID: Ludovic Rousseau writes: > Le ven. 27 d?c. 2024 ? 16:01, Greg Troxel a ?crit : >> My diff is wrong, but I think the basic concept, of only compiling the >> peercred-using IsClientAuthorized if both polkit is present and there is >> one or the other PEERCRED define is present, is sound. > > The idea is to explicitly fail if polkit is enabled but > IsClientAuthorized() can't use it. > In that case the choice is to disable polkit, instead of silently ignore it. Thanks. I did not come to understand that this was intentional from the comments :-) It would be nice to give the plan, to make it easier for someone trying to figure out what to do. As it is, it requires figuring out the intent, and then that polkit is used only for this, not something else. The README gives options but doesn't list enable/disable polkit, and doesn't explain. I don't mean to demand you do anything - just giving a trip report from a packager doing an update labeled micro (which turned out to have breaking changes). It would also be nice to label the else/endif with commented copies of the if conditions. Of course I can figure that out but with nested ifs and not understanding the intent, I think it would help others. The use of FreeBSD ifdef is unfortunate, vs the sockopt showing up in the header. I mean to still have the if, but instead of on FreeBSD be on LOCAL_PEERCRED, assuming that it's an API that may be elsewhere. It is very likely LOCAL_PEERCRED works on DragonFly, and it might well show up in other BSDs at some point. From ludovic.rousseau at gmail.com Sat Dec 28 06:58:18 2024 From: ludovic.rousseau at gmail.com (Ludovic Rousseau) Date: Sat, 28 Dec 2024 15:58:18 +0100 Subject: [Pcsclite-muscle] New version of pcsc-lite: 2.3.1 In-Reply-To: References: Message-ID: Le ven. 27 d?c. 2024 ? 18:21, Greg Troxel a ?crit : > > Ludovic Rousseau writes: > > > Le ven. 27 d?c. 2024 ? 16:01, Greg Troxel a ?crit : > >> My diff is wrong, but I think the basic concept, of only compiling the > >> peercred-using IsClientAuthorized if both polkit is present and there is > >> one or the other PEERCRED define is present, is sound. > > > > The idea is to explicitly fail if polkit is enabled but > > IsClientAuthorized() can't use it. > > In that case the choice is to disable polkit, instead of silently ignore it. > > Thanks. I did not come to understand that this was intentional from the > comments :-) > > It would be nice to give the plan, > to make it easier for someone trying to figure out what to do. As it > is, it requires figuring out the intent, and then that polkit is used > only for this, not something else. The README gives options but doesn't > list enable/disable polkit, and doesn't explain. I don't mean to demand > you do anything - just giving a trip report from a packager doing an > update labeled micro (which turned out to have breaking changes). > > It would also be nice to label the else/endif with commented copies of > the if conditions. Of course I can figure that out but with nested ifs > and not understanding the intent, I think it would help others. I added comments in auth.c just above the #error and also in doc/README.polkit See https://github.com/LudovicRousseau/PCSC/commit/4e5bb43d42a21a9c983ec0816c41c5aaffb2040f > The use of FreeBSD ifdef is unfortunate, vs the sockopt showing up in > the header. I mean to still have the if, but instead of on FreeBSD be on > LOCAL_PEERCRED, assuming that it's an API that may be elsewhere. > It is very likely LOCAL_PEERCRED works on DragonFly, and it might well > show up in other BSDs at some point. It is even more complex than that. I tried to build pcsc-lite on OpenBSD. On this system SO_PEERCRED is defined (and not LOCAL_PEERCRED) but, like on FreeBSD sys/ucred.h is provided. And struct xucred is defined as: struct xucred { uid_t cr_uid; /* user id */ gid_t cr_gid; /* group id */ short cr_ngroups; /* number of groups */ gid_t cr_groups[NGROUPS_MAX]; /* groups */ }; No cr_pid field is present :-( so the build fails with: ../src/auth.c:121:46: error: no member named 'cr_pid' in 'struct xucred' subject = polkit_unix_process_new_for_owner(CRED_PID(cr), 0, CRED_UID(cr)); ^~~~~~~~~~~~ ../src/auth.c:65:27: note: expanded from macro 'CRED_PID' #define CRED_PID(uc) (uc).cr_pid ~~~~ ^ The best to do on OpenBSD and NetBSD (and some other Unixes) is to explicitly disable polkit until someone provides a patch. Thanks for your feedback. Regards, -- Dr. Ludovic Rousseau