[Pcsclite-muscle] [PATCH] Support udev PCSCLITE_IGNORE property to filter readers

Fri Jan 24 05:08:06 PST 2025

Adds support for filtering readers by checking whether the udev property
PCSCLITE_IGNORE is set to "1" for the device being probed.

This is similar to the existing filtering support provided by
PCSCLITE_FILTER_IGNORE_READER_NAMES, but allows using the full range of udev
rules to match specific devices. For example, if you have several Yubikeys and
one is attached to a specific USB port that is being forwarded to a virtual
machine (viz. it should not be touched by programs on the host machine), this
facility allows setting a rule to keep pcscd away from that Yubikey. Yubikeys
attached to other ports keep working normally.

Example rule that targets a Yubikey attached to a specific USB port and causes
pcscd to ignore that device:

ACTION!="remove|unbind", SUBSYSTEM=="usb", ATTR{idVendor}=="1050",
ATTR{idProduct}=="0406", KERNEL=="1-2.3", ENV{PCSCLITE_IGNORE}="1"

The KERNEL match targets a USB device attached to port 3 of a hub on port 2 of
USB bus 1, and rule sets property PCSCLITE_IGNORE to cause the device to be
ignored.

Signed-off-by: Valtteri Vuorikoski <vuori at notcom.org>
---
 doc/pcscd.8.in        | 16 +++++++++++++++-
 src/hotplug_libudev.c | 10 ++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/doc/pcscd.8.in b/doc/pcscd.8.in
index 31a6ea68..fb2a6390 100644
--- a/doc/pcscd.8.in
+++ b/doc/pcscd.8.in
@@ -168,6 +168,19 @@ See
 https://blog.apdu.fr/posts/2021/08/pcsc-lite-configuration-using/
 .UE
 for more details.
+.SH "UDEV USB READER FILTERING (LINUX ONLY)"
+If udev support is enabled, setting the udev property
+.I PCSCLITE_IGNORE=1
+on a USB device will cause that reader to be ignored. For example
+to ignore any reader attached to USB port 3 of bus 1, add
+the following to a file in the
+.I /etc/udev/rules.d
+directory:
+.RS
+.EX
+ACTION!="remove|unbind", SUBSYSTEM=="usb", KERNEL=="1-3", ENV{PCSCLITE_IGNORE}="1"
+.EE
+.RE
 .SH FILES
 .I /etc/default/pcscd
 : daemon configuration file
@@ -183,7 +196,8 @@ for more details.
 .
 .SH "SEE ALSO"
 .BR reader.conf (5),
-.BR syslog (3)
+.BR syslog (3),
+.BR udev (7)
 .
 .SH AUTHORS
 David Corcoran <corcoran at musclecard.com> and Ludovic Rousseau
diff --git a/src/hotplug_libudev.c b/src/hotplug_libudev.c
index 13c506ab..67b4523f 100644
--- a/src/hotplug_libudev.c
+++ b/src/hotplug_libudev.c
@@ -373,6 +373,7 @@ static void HPAddDevice(struct udev_device *dev)
 	const char *devpath;
 	struct udev_device *parent;
 	const char *sysname;
+	const char *ignoreprop;
 
 	/* The device pointed to by dev contains information about
 	   the interface. In order to get information about the USB
@@ -410,6 +411,15 @@ static void HPAddDevice(struct udev_device *dev)
 		return;
 	}
 
+	ignoreprop = udev_device_get_property_value(parent, "PCSCLITE_IGNORE");
+	if (ignoreprop && !strcmp(ignoreprop, "1"))
+	{
+		Log4(PCSC_LOG_ERROR,
+			"Device %s at %s (%s) has PCSCLITE_IGNORE set: ignored",
+			driver->readerName, devpath, sysname);
+		return;
+	}
+
 	/* check for duplicated add */
 	for (index=0; index<PCSCLITE_MAX_READERS_CONTEXTS; index++)
 	{
-- 
2.39.5


