Hello Paul, I just tried to compile the Solaris branch of pcsc-lite.
On Fri, Jun 13, 2008 at 12:01 AM, Paul Klissner > Recently Ludovic created a branch in the repository in which to > place a new version of PC/SC-Lite (spun off of PC/SC-Lite 1.3.2), > which I've been working on for the past year or so, adapting it > for increased scalability and security, as previously discussed > on this mail list. > > The overarching objective was to make PC/SC-Lite adaptable to more > kinds of environments. My specific task was to ensure that these new > abstractions would be compatible with Solaris Trusted Extensions, > and with the Sun Ray thin client platform. Over the course of > development, the design evolved from the proposal initially posted > to this list. However, it works now and is being used in production. > This code has had exposure, use and feedback from customers, > including some larger installations, and has undergone some quality > assurance testing. Thus the new code has been proven viable. > > The new implementation has been checked-in into the following > branch and can be browsed and diff'd online: > > http://svn.debian.org/viewsvn/pcsclite/branches/Solaris/ > > Documentation for this branch is provided in these files: > > SECURITY_SCALABILITY_ENHANCEMENTS.pdf Design document > README.build Build instructions > BUGS.txt Issues/TO DO > > > WHAT THIS BRANCH DELIVERS: > > This workspace currently constructs a Solaris 10 compatible package > "SolarisPCSC" for SPARC and i386. That package installs the new > PC/SC-lite framework, providing basic components and infrastructure > to support using Smart Card readers associated with local consoles > (X-Windows) on a UNIX-like system. It can be extended for other > environments by providing additional configuration files and > plugins. > > A package called "SUNWpcscdtu", soon to be on Sun's download center, > contains plugins for SolarisPCSC, provisioning PC/SC-Lite to work > with Sun Ray thin clients, specifically to use smart card readers > internal to Sun Ray desktop units, as well as USB readers connected > to them upon installation of the CCID IFD handler. > > The SUNWpcscdtu package compliments the SUNWpcsc package, which is > currently identical to SolarisPCSC. SUNWpcsc will be posted at > Sun's download center, though ultimately we'd rather be working > from the open source distribution of PC/SC-Lite; therefore, it is > my hope that ultimately these architectural changes will be merged > into the trunk to meet the community goals and the needs of users. > > BACKGROUND: > > This implementation was designed modularly, with platform neutrality > a primary goal. It was designed to be as flexible and extensible as > could be managed, including providing a new plugin interface for > user and resource validation and authentication, as well as offering > an extensible command-line interface providing backward-compatible > modes as well as new operational modes, such as a launcher/instance > model. > > Along the way, a few bugs in in 1.3.2 were found and fixed. These > were discovered by scaling PC/SC-lite for multi-user use and stress > testing under a somewhat rigorous test matrix. Some of these bugs, > previously reported to the mail list may have already been fixed > in 1.4.x. The ones that come to mind are a very elusive memory > leak, a race condition, a minor incompatibility of SCardStatus() > to the PC/SC spec, and also the way status bits are set in > SCardGetStatus(). Do you have a more detailed description of the bugs you corrected? > To help people diagnose issues with PC/SC-Lite, a set of tools > will be posted this month on Sun's software download center > along side the PC/SC-Lite "1.1" distribution. Among these is a tool > that interposes between a client and libpcsclite.so and dereferences > arguments and formats and logs transactions. Another utility allows > a reader list to be pruned to nudge client applications to select > the proper reader among a plurality, and yet another provides a > means to externally induce a regression in SCardStatus() that at > least one 3rd party middleware product actually required at one > point to function properly. Are these tools under a free software licence? I think they could be used on non Solaris systems. I do not use the "Sun's software download center". Do you have an URL? > NOTES ON MERGING WITH TRUNK: > > Given deadline pressure and scope of the effort, Solaris-specific > code crept in. I suspect a few system calls weren't wrapped in > platform-independent abstractions in the manner set forth in 1.3.2, > but some are. It shouldn't take too much work to clean that up. I attach a patch to make the software compile under Debian GNU/Linux. I can't link so I can't run it. Comments: - use #include <stdarg.h> instead of #include <sys/varargs.h> - #include <sys/param.h> to have MAXPATHLEN defined. I don't know if using MAXPATHLEN is a good idea. It is a problem under Hurd for example. See http://www.debian.org/ports/hurd/hurd-devel-debian.html - BUILD is not defined anywhere - ucred.h, synch.h, sys/conf.h, sys/filio.h do not exist on GNU/Linux - PATH_MAX is redifined in src/auth.c - macro NONULL() is defined in pcscdaemon.h and also in many .c files - RTLD_PARENT does not exist for GNU/Linux dlopen() - the mutex type is pthread_mutex_t not mutex_t - use uint32_t instead of uint_t - gethrtime() is not available - use SYS_ThreadSelf() instead of thr_self(). And use SYS_ThreadEqual() to compare two thread ids. > Beyond ensuring backward-compatibility (autoconf build modes and > daemon run modes), and tidying up platform-independent abstractions, > I expect that merging the new code with the scores of open source > changes made between 1.3.2 and 1.4.x will be the brunt of the > unification effort, because there are significant architectural > changes in this branch that involve several new source files as well > as substantial changes to existing source files. Still, I believe the > benefit outweighs the burden. I also think it a good idea to merge the two branches. But I don't know how we should do. One way is to incrementally change the Solaris branch to make it compile on GNU/Linux by wrapping Solaris specific code in a portable API. This version should still continue to work as expected on Solaris. Then we can try to make it run on GNU/Linux. Once we have a working code for Solaris and GNU/Linux we can try to merge it with the "official" version. > CONCLUSION: > > I look forward to discussing this with the community to arrive at > a PC/SC-Lite with increased functionality and adaptability that > meet the needs of more users. I haven't seen any comment to you mail in this list. Maybe the "community" is not so much interested in your improvements. I think you/SUN we have to do the most part of the work. Bye, -- Dr. Ludovic Rousseau
Index: src/pcscdaemon.c =================================================================== --- src/pcscdaemon.c (révision 3034) +++ src/pcscdaemon.c (copie de travail) @@ -28,7 +28,8 @@ #include <unistd.h> #include <stdlib.h> #include <string.h> -#include <sys/varargs.h> +//#include <sys/varargs.h> +#include <stdarg.h> #include <strings.h> #include <unistd.h> #include <fcntl.h> @@ -39,6 +40,7 @@ #include <time.h> #include <limits.h> #include <syslog.h> +#include <sys/param.h> #include <dlfcn.h> @@ -1119,6 +1121,9 @@ signal_trap(int sig) void print_version (void) { +#ifndef BUILD +#define BUILD "42" +#endif printf("%s version %s_%s.\n", PACKAGE, VERSION, BUILD); printf("Copyright (C) 2007-2008 by Sun Microsystems, Inc.\n"); printf("Copyright (C) 2003-2004 " Index: src/winscard_msg.c =================================================================== --- src/winscard_msg.c (révision 3034) +++ src/winscard_msg.c (copie de travail) @@ -34,7 +34,7 @@ #include <strings.h> #include <netdb.h> #include <stdlib.h> -#include <ucred.h> +//#include <ucred.h> #include <thread.h> #include <sys/socket.h> Index: src/debug.c =================================================================== --- src/debug.c (révision 3034) +++ src/debug.c (copie de travail) @@ -23,6 +23,7 @@ #include <unistd.h> #include <string.h> #include <stdio.h> +#include <time.h> #include <sys/time.h> #include "debug.h" #include "strlcpycat.h" Index: src/debug.h =================================================================== --- src/debug.h (révision 3034) +++ src/debug.h (copie de travail) @@ -44,8 +44,6 @@ #define __FUNCTION__ "" #endif -extern int LogLevel; - #define DEBUG_LEVEL_CRITICAL 1 #define DEBUG_LEVEL_INFO 2 #define DEBUG_LEVEL_COMM 4 Index: src/cfgfuncs.c =================================================================== --- src/cfgfuncs.c (révision 3034) +++ src/cfgfuncs.c (copie de travail) @@ -172,7 +172,7 @@ int CFGProcessKvp(const char *key, const char *val, const int provider) { int i, j, rv; - static char env[LINEMAX]; + //static char env[LINEMAX]; if (key == NULL) return (CFG_NULL_POINTER); @@ -302,6 +302,9 @@ CFGParseXdisplay(char *display, int *dpy int i, len, ipFlag = 0; struct hostent *pHostEnt; struct in_addr sia; +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 127 +#endif char token[MAXHOSTNAMELEN + 1]; *dpyNbr = -1; Index: src/auth.c =================================================================== --- src/auth.c (révision 3034) +++ src/auth.c (copie de travail) @@ -21,13 +21,13 @@ #include <errno.h> #include <sys/types.h> #include <sys/stat.h> -#include <ucred.h> +//#include <ucred.h> #include <string.h> #include <strings.h> #include <stdlib.h> #include <stdarg.h> #include <thread.h> -#include <synch.h> +//#include <synch.h> #include <debuglog.h> #include <syslog.h> #include <unistd.h> @@ -47,7 +47,9 @@ #define PLUGIN_NOT_VALID -2 #define NOT_AUTHORIZED -3 #define RELOAD_ABORTED -4 +#ifndef PATH_MAX #define PATH_MAX 256 +#endif #define LINEMAX 256 #define KVMAXLEN 256 #define IFD_PLUGIN 0 @@ -56,6 +58,11 @@ #define NONULL(s) s ? s : "<null>" #define MAX_KEY_LEN 64 +typedef int mutex_t; +typedef int ucred_t; +#ifndef RTLD_PARENT +#define RTLD_PARENT 0 +#endif typedef struct kvp_list { struct kvp_list *next; @@ -96,7 +103,6 @@ static plugin_t *findPluginByTag(const c static plugin_t plist, ilist; static time_t conf_ctime; -#define NONULL(n) n ? n : "<null>" /** * @brief Get client credentials from socket. Index: src/launcher.c =================================================================== --- src/launcher.c (révision 3034) +++ src/launcher.c (copie de travail) @@ -24,20 +24,18 @@ #include <strings.h> #include <stropts.h> #include <syslog.h> -#include <ucred.h> #include <unistd.h> #include <wait.h> #include <syslog.h> #include <arpa/inet.h> #include <netinet/in.h> -#include <sys/conf.h> -#include <sys/filio.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/types.h> #include <libgen.h> #include <thread.h> #include <syslog.h> +#include <sys/param.h> #ifdef HAVE_GETOPT_H #include <getopt.h> #endif Index: src/PCSC/clientcred.h =================================================================== --- src/PCSC/clientcred.h (révision 3034) +++ src/PCSC/clientcred.h (copie de travail) @@ -19,7 +19,7 @@ #ifndef _client_cred_h_ #define _client_cred_h_ -#include <ucred.h> +//#include <ucred.h> #include <netdb.h> #ifdef __cplusplus @@ -33,8 +33,8 @@ typedef struct pcsc_client_cred { uid_t euid; /* Solaris, Linux, FreeBSD, MacOS */ uid_t egid; /* Solaris, Linux, FreeBSD, MacOS */ pid_t pid; /* Solaris, Linux */ - uint_t dpyNbr; /* X11 */ - uint_t screenNbr; /* X11 */ + uint32_t dpyNbr; /* X11 */ + uint32_t screenNbr; /* X11 */ in_addr_t clientXhostIP; /* Avail from $DISPLAY */ in_addr_t clientIP; /* Avail from accept() */ struct { Index: src/PCSC/debuglog.h =================================================================== --- src/PCSC/debuglog.h (révision 3034) +++ src/PCSC/debuglog.h (copie de travail) @@ -39,6 +39,8 @@ extern "C" { #endif +#define gethrtime() (42) + #ifndef PCSC_API #define PCSC_API #endif Index: src/debuglog.c =================================================================== --- src/debuglog.c (révision 3034) +++ src/debuglog.c (copie de travail) @@ -32,7 +32,7 @@ #include "misc.h" #include "debuglog.h" #include "sys_generic.h" -#include <sys/time.h> +#include <time.h> #include "strlcpycat.h" /** Index: src/validate.c =================================================================== --- src/validate.c (révision 3034) +++ src/validate.c (copie de travail) @@ -16,11 +16,11 @@ * @brief This handles thread function abstraction. */ -#include <ucred.h> +//#include <ucred.h> #include <string.h> #include <dlfcn.h> #include <thread.h> -#include <synch.h> +//#include <synch.h> #include <fcntl.h> #include <unistd.h> #include <sys/types.h> @@ -37,10 +37,16 @@ #include "debuglog.h" #include "pcsc_config.h" #include "util.h" +#include <sys/param.h> #define LINEMAX 256 #define MAXARGS 100 #define NONULL(s) (s ? s : "<null>") +#ifndef RTLD_PARENT +#define RTLD_PARENT 0 +#endif + +typedef int mutex_t; static time_t getFileCtime(char *); static int havPluginsChanged(); Index: src/instance.c =================================================================== --- src/instance.c (révision 3034) +++ src/instance.c (copie de travail) @@ -22,14 +22,14 @@ #include <strings.h> #include <stropts.h> #include <syslog.h> -#include <ucred.h> +//#include <ucred.h> #include <unistd.h> #include <wait.h> #include <syslog.h> #include <arpa/inet.h> #include <netinet/in.h> -#include <sys/conf.h> -#include <sys/filio.h> +//#include <sys/conf.h> +//#include <sys/filio.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/types.h> Index: src/thread.h =================================================================== --- src/thread.h (révision 0) +++ src/thread.h (révision 0) @@ -0,0 +1,2 @@ +#define thr_self() 42 +typedef int thread_t; Index: src/daemon_utils.c =================================================================== --- src/daemon_utils.c (révision 3034) +++ src/daemon_utils.c (copie de travail) @@ -23,14 +23,14 @@ #include <strings.h> #include <stropts.h> #include <syslog.h> -#include <ucred.h> +//#include <ucred.h> #include <unistd.h> #include <wait.h> #include <syslog.h> #include <arpa/inet.h> #include <netinet/in.h> -#include <sys/conf.h> -#include <sys/filio.h> +//#include <sys/conf.h> +//#include <sys/filio.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/types.h> Index: src/Makefile.am =================================================================== --- src/Makefile.am (révision 3034) +++ src/Makefile.am (copie de travail) @@ -4,7 +4,7 @@ SUBDIRS = . utils modules AM_CPPFLAGS = -I$(top_srcdir)/src/PCSC -I$(top_builddir)/src/PCSC \ $(SYMBOL_VISIBILITY) -lib_LTLIBRARIES = libpcsclite.la libpcsclite64.la +lib_LTLIBRARIES = libpcsclite.la if !HAVE_SCF sbin_PROGRAMS = pcscd Index: ltmain.sh =================================================================== --- ltmain.sh (révision 3034) +++ ltmain.sh (copie de travail) @@ -43,7 +43,7 @@ EXIT_FAILURE=1 PROGRAM=ltmain.sh PACKAGE=libtool -VERSION=1.5.22 +VERSION="1.5.22 Debian 1.5.22-4" TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" # See if we are running on zsh, and set the options which allow our @@ -2082,7 +2082,10 @@ EOF case $pass in dlopen) libs="$dlfiles" ;; dlpreopen) libs="$dlprefiles" ;; - link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + link) + libs="$deplibs %DEPLIBS%" + test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" + ;; esac fi if test "$pass" = dlopen; then @@ -3201,6 +3204,11 @@ EOF age="$number_minor" revision="$number_minor" ;; + *) + $echo "$modename: unknown library version type \`$version_type'" 1>&2 + $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 + exit $EXIT_FAILURE + ;; esac ;; no)
_______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle