Ludovic Rousseau wrote: > 2009/1/21 Stanislav Brabec <sbra...@suse.cz>: > > Alon Bar-Lev wrote: > >> I don't understand the motivation. > >> Why do you care if readers are accessible by all users? > > > > 1) There are applications, that need direct access to the reader, not > > using pcsc-lite (example: cyberjack utilities). That is why it should > > allow to access not only to pcsc daemon, but also to users. > > The Reiner-SCT cyberJack pinpad(a) is already supported by my CCID > driver. Maybe the cyberjack utilities could be modified to use PC/SC > instead of a direct device access. > > Note: I could not find a "cyberjack utilities" software. Do you have an URL?
There are utilities, that are coming with vendor Reiner-SCT cyberJack drivers: cjflash, cjgeldkarte and cyberjack. These utilities use libusb and libctapi-cyberjack directly. http://www.reiner-sct.de/support/treiber_cyberjack.php I am afraid that there are more similar third party utilities, that completely obey pcsc-lite. (e. g. proprietary POS solutions) Thinking about it again, the default policy should be: Deny to everybody except smart card daemon. If one of these utilities will be installed (by an authorized person), then direct access to the reader can be granted. > > PolicyKit can ensure, that only users physically sitting at the desk can > > use the card. > > Is that really needed? > I remember proposing such a change on the Muscle list a while ago. One > solution is to play with the permissions of the /var/run/pcscd/* files > and then restrict access to PC/SC only to the user physically sitting > at the desk. It is the purpose of PolicyKit. With proper polkit-auth arguments, denying permission after logout from physical console can happen automatically. I'll learn it more and let you know, how to do it. > > 2) Up to now, HAL has no keyword for these devices and cannot report its > > presence. > > > > HAL can easily recognize this device type (at least for USB). It allows > > to write simple applications: If smart card reader/token is plugged, do > > something (e. g. launch banking application). > > PC/SC provides a method to detect reader insertion/removal. HAL is not > needed here. Yes, it is. But HAL broadcasts generic device removal events. One has to connect to pcscd to just identify, whether unknown USB device is a Smart Card reader. Well, and I want to PC/SC device insertion/removal connect to HAL instead of udev. See another mail in the thread. > And as Jeffrey already wrote, inserting a reader does not infer > insertion of a card in the reader. > > Why launch a banking application and not a SIM application? How to you > plan to recognise a bank card from a phone card, from a health card, > from a corporate access card, from a fidelity card, etc? It was just an example of possibilities, that the new infrastructure can bring to the user space. I want to only clean the first step: Smart Card reader feature keywords, that may be useful for authors of these applications. However I can imagine an addon, which performs card insertion detection (e. g. by polling via pcscd) and then broadcast card insertion (and card type) to the bus. HAL already provides a support for polling of particular devices: hal-disable-polling/hal-enable-polling. -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbra...@suse.cz Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
