[Pcsclite-muscle] New version of pcsc-lite: 2.3.1

Ludovic Rousseau ludovic.rousseau at gmail.com
Sat Dec 28 06:58:18 PST 2024 

Le ven. 27 déc. 2024 à 18:21, Greg Troxel <gdt at lexort.com> a écrit :
>
> Ludovic Rousseau <ludovic.rousseau at gmail.com> writes:
>
> > Le ven. 27 déc. 2024 à 16:01, Greg Troxel <gdt at lexort.com> a écrit :
> >> My diff is wrong, but I think the basic concept, of only compiling the
> >> peercred-using IsClientAuthorized if both polkit is present and there is
> >> one or the other PEERCRED define is present, is sound.
> >
> > The idea is to explicitly fail if polkit is enabled but
> > IsClientAuthorized() can't use it.
> > In that case the choice is to disable polkit, instead of silently ignore it.
>
> Thanks.  I did not come to understand that this was intentional from the
> comments :-)
>
> It would be nice to give the plan,
> to make it easier for someone trying to figure out what to do.  As it
> is, it requires figuring out the intent, and then that polkit is used
> only for this, not something else.  The README gives options but doesn't
> list enable/disable polkit, and doesn't explain.  I don't mean to demand
> you do anything - just giving a trip report from a packager doing an
> update labeled micro (which turned out to have breaking changes).
>
> It would also be nice to label the else/endif with commented copies of
> the if conditions.  Of course I can figure that out but with nested ifs
> and not understanding the intent, I think it would help others.

I added comments in auth.c just above the #error and also in doc/README.polkit
See https://github.com/LudovicRousseau/PCSC/commit/4e5bb43d42a21a9c983ec0816c41c5aaffb2040f

> The use of FreeBSD ifdef is unfortunate, vs the sockopt showing up in
> the header. I mean to still have the if, but instead of on FreeBSD be on
> LOCAL_PEERCRED, assuming that it's an API that may be elsewhere.
> It is very likely LOCAL_PEERCRED works on DragonFly, and it might well
> show up in other BSDs at some point.

It is even more complex than that.
I tried to build pcsc-lite on OpenBSD.
On this system SO_PEERCRED is defined (and not LOCAL_PEERCRED) but,
like on FreeBSD sys/ucred.h is provided.
And struct xucred is defined as:
struct xucred {
        uid_t   cr_uid;                 /* user id */
        gid_t   cr_gid;                 /* group id */
        short   cr_ngroups;             /* number of groups */
        gid_t   cr_groups[NGROUPS_MAX]; /* groups */
};

No cr_pid field is present :-( so the build fails with:
../src/auth.c:121:46: error: no member named 'cr_pid' in 'struct xucred'
        subject = polkit_unix_process_new_for_owner(CRED_PID(cr), 0,
CRED_UID(cr));
                                                    ^~~~~~~~~~~~
../src/auth.c:65:27: note: expanded from macro 'CRED_PID'
#define CRED_PID(uc)    (uc).cr_pid
                        ~~~~ ^

The best to do on OpenBSD and NetBSD (and some other Unixes) is to
explicitly disable polkit until someone provides a patch.

Thanks for your feedback.

Regards,

-- 
 Dr. Ludovic Rousseau

More information about the pcsclite-muscle mailing list