[Pcsclite-muscle] New version of pcsc-lite: 2.3.1

Greg Troxel gdt at lexort.com
Fri Dec 27 06:23:54 PST 2024 

Ludovic Rousseau <ludovic.rousseau at gmail.com> writes:

>> I get where you are coming from, but it seems better to build as if
>> polkit is not there, basically requiring both tests to enable the
>> feature.
>>
>> When hiding polkit, it built.
>>
>> Did pcsc-lite used to actually use polkit?
>
> Polkit is used since 2014 and is enabled by default since Nov 2023.
>
> Support of FreeBSD was added in
> https://github.com/LudovicRousseau/PCSC/commit/19d0b26402a3d584186ff28d4c528382d7fd1a5e
> But it looks like NetBSD do not have LOCAL_PEERCRED.
> A patch is welcome.

It does not have it.

The current code is problematic because it #ifdefs on things and then
the resulting branches don't line up with what is probed.

There's an ifdef on SO_PEERCRED/LOCAL_PEERCRED, but that controls
whether stdbool is included, and then there's an if freebsd with an
error branch.

The previous behavior seemed to be that without polkit, requests are all
considered authorized.  So with polkit, and without credentials code,
the same thing should happen.


I'm having a hard time figuring out the plan.  It looks like the first
isClientAuthorized implementation is for the case when
  #if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED)
is true.  But it isn't part of that ifdef.

When
  #if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED)
isn't true, then there's a typedef, but no inclusion of ucred.h, and the
inclusion of stdbool  doesn't happen.  But the function happens anyway,
only on FreeBSD.

I don't understand why there needs to be an ifdef FreeBSD, if it's
guarded on SO_PEERCRED and LOCAL_PEERCRED.   And why the else branch of
the PEERCRED test isn't just the old "it's ok" code.f


Maybe this patch is wrong, but it at least shows what I failed to
understand.  Basically, the isClientAuthorized that relies on PEERCRED
is invoked if polkit and if PEERCRED.  (I've also added comments to
else/endif as for me that makes it easier to follow.)




--- src/auth.c.orig	2024-12-24 10:16:27.000000000 +0000
+++ src/auth.c
@@ -51,28 +51,16 @@
 
 #include <errno.h>
 
-#ifdef HAVE_POLKIT
-
-#if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED)
+#if defined(POLKIT) && defined(SO_PEERCRED) || defined(LOCAL_PEERCRED)
 
 #include <polkit/polkit.h>
 #include <stdbool.h>
 
-#ifdef __FreeBSD__
-
 #include <sys/ucred.h>
 typedef struct xucred platform_cred;
 #define	CRED_PID(uc)	(uc).cr_pid
 #define	CRED_UID(uc)	(uc).cr_uid
 
-#else
-
-typedef struct ucred platform_cred;
-#define	CRED_PID(uc)	(uc).pid
-#define	CRED_UID(uc)	(uc).uid
-
-#endif
-
 extern bool disable_polkit;
 
 /* Returns non zero when the client is authorized */
@@ -180,13 +168,7 @@ cleanup1:
 	return ret;
 }
 
-#else
-
-#error polkit is enabled, but no socket cred implementation for this platform
-
-#endif
-
-#else
+#else /* defined(POLKIT) && defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) */
 
 unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
 {
@@ -197,4 +179,4 @@ unsigned IsClientAuthorized(int socket, 
 	return 1;
 }
 
-#endif
+#endif /* defined(POLKIT) && defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) */

More information about the pcsclite-muscle mailing list