[Muscle] New Solaris PC/SC-Lite branch added to repository
Ludovic Rousseau
ludovic.rousseau at gmail.com
Thu Jul 3 02:39:18 PDT 2008
Hello Paul,
I just tried to compile the Solaris branch of pcsc-lite.
On Fri, Jun 13, 2008 at 12:01 AM, Paul Klissner
> Recently Ludovic created a branch in the repository in which to
> place a new version of PC/SC-Lite (spun off of PC/SC-Lite 1.3.2),
> which I've been working on for the past year or so, adapting it
> for increased scalability and security, as previously discussed
> on this mail list.
>
> The overarching objective was to make PC/SC-Lite adaptable to more
> kinds of environments. My specific task was to ensure that these new
> abstractions would be compatible with Solaris Trusted Extensions,
> and with the Sun Ray thin client platform. Over the course of
> development, the design evolved from the proposal initially posted
> to this list. However, it works now and is being used in production.
> This code has had exposure, use and feedback from customers,
> including some larger installations, and has undergone some quality
> assurance testing. Thus the new code has been proven viable.
>
> The new implementation has been checked-in into the following
> branch and can be browsed and diff'd online:
>
> http://svn.debian.org/viewsvn/pcsclite/branches/Solaris/
>
> Documentation for this branch is provided in these files:
>
> SECURITY_SCALABILITY_ENHANCEMENTS.pdf Design document
> README.build Build instructions
> BUGS.txt Issues/TO DO
>
>
> WHAT THIS BRANCH DELIVERS:
>
> This workspace currently constructs a Solaris 10 compatible package
> "SolarisPCSC" for SPARC and i386. That package installs the new
> PC/SC-lite framework, providing basic components and infrastructure
> to support using Smart Card readers associated with local consoles
> (X-Windows) on a UNIX-like system. It can be extended for other
> environments by providing additional configuration files and
> plugins.
>
> A package called "SUNWpcscdtu", soon to be on Sun's download center,
> contains plugins for SolarisPCSC, provisioning PC/SC-Lite to work
> with Sun Ray thin clients, specifically to use smart card readers
> internal to Sun Ray desktop units, as well as USB readers connected
> to them upon installation of the CCID IFD handler.
>
> The SUNWpcscdtu package compliments the SUNWpcsc package, which is
> currently identical to SolarisPCSC. SUNWpcsc will be posted at
> Sun's download center, though ultimately we'd rather be working
> from the open source distribution of PC/SC-Lite; therefore, it is
> my hope that ultimately these architectural changes will be merged
> into the trunk to meet the community goals and the needs of users.
>
> BACKGROUND:
>
> This implementation was designed modularly, with platform neutrality
> a primary goal. It was designed to be as flexible and extensible as
> could be managed, including providing a new plugin interface for
> user and resource validation and authentication, as well as offering
> an extensible command-line interface providing backward-compatible
> modes as well as new operational modes, such as a launcher/instance
> model.
>
> Along the way, a few bugs in in 1.3.2 were found and fixed. These
> were discovered by scaling PC/SC-lite for multi-user use and stress
> testing under a somewhat rigorous test matrix. Some of these bugs,
> previously reported to the mail list may have already been fixed
> in 1.4.x. The ones that come to mind are a very elusive memory
> leak, a race condition, a minor incompatibility of SCardStatus()
> to the PC/SC spec, and also the way status bits are set in
> SCardGetStatus().
Do you have a more detailed description of the bugs you corrected?
> To help people diagnose issues with PC/SC-Lite, a set of tools
> will be posted this month on Sun's software download center
> along side the PC/SC-Lite "1.1" distribution. Among these is a tool
> that interposes between a client and libpcsclite.so and dereferences
> arguments and formats and logs transactions. Another utility allows
> a reader list to be pruned to nudge client applications to select
> the proper reader among a plurality, and yet another provides a
> means to externally induce a regression in SCardStatus() that at
> least one 3rd party middleware product actually required at one
> point to function properly.
Are these tools under a free software licence? I think they could be
used on non Solaris systems.
I do not use the "Sun's software download center". Do you have an URL?
> NOTES ON MERGING WITH TRUNK:
>
> Given deadline pressure and scope of the effort, Solaris-specific
> code crept in. I suspect a few system calls weren't wrapped in
> platform-independent abstractions in the manner set forth in 1.3.2,
> but some are. It shouldn't take too much work to clean that up.
I attach a patch to make the software compile under Debian GNU/Linux.
I can't link so I can't run it.
Comments:
- use #include <stdarg.h> instead of #include <sys/varargs.h>
- #include <sys/param.h> to have MAXPATHLEN defined.
I don't know if using MAXPATHLEN is a good idea. It is a problem under
Hurd for example. See
http://www.debian.org/ports/hurd/hurd-devel-debian.html
- BUILD is not defined anywhere
- ucred.h, synch.h, sys/conf.h, sys/filio.h do not exist on GNU/Linux
- PATH_MAX is redifined in src/auth.c
- macro NONULL() is defined in pcscdaemon.h and also in many .c files
- RTLD_PARENT does not exist for GNU/Linux dlopen()
- the mutex type is pthread_mutex_t not mutex_t
- use uint32_t instead of uint_t
- gethrtime() is not available
- use SYS_ThreadSelf() instead of thr_self(). And use
SYS_ThreadEqual() to compare two thread ids.
> Beyond ensuring backward-compatibility (autoconf build modes and
> daemon run modes), and tidying up platform-independent abstractions,
> I expect that merging the new code with the scores of open source
> changes made between 1.3.2 and 1.4.x will be the brunt of the
> unification effort, because there are significant architectural
> changes in this branch that involve several new source files as well
> as substantial changes to existing source files. Still, I believe the
> benefit outweighs the burden.
I also think it a good idea to merge the two branches. But I don't
know how we should do.
One way is to incrementally change the Solaris branch to make it
compile on GNU/Linux by wrapping Solaris specific code in a portable
API. This version should still continue to work as expected on
Solaris.
Then we can try to make it run on GNU/Linux.
Once we have a working code for Solaris and GNU/Linux we can try to
merge it with the "official" version.
> CONCLUSION:
>
> I look forward to discussing this with the community to arrive at
> a PC/SC-Lite with increased functionality and adaptability that
> meet the needs of more users.
I haven't seen any comment to you mail in this list. Maybe the
"community" is not so much interested in your improvements.
I think you/SUN we have to do the most part of the work.
Bye,
--
Dr. Ludovic Rousseau
-------------- next part --------------
Index: src/pcscdaemon.c
===================================================================
--- src/pcscdaemon.c (révision 3034)
+++ src/pcscdaemon.c (copie de travail)
@@ -28,7 +28,8 @@
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
-#include <sys/varargs.h>
+//#include <sys/varargs.h>
+#include <stdarg.h>
#include <strings.h>
#include <unistd.h>
#include <fcntl.h>
@@ -39,6 +40,7 @@
#include <time.h>
#include <limits.h>
#include <syslog.h>
+#include <sys/param.h>
#include <dlfcn.h>
@@ -1119,6 +1121,9 @@ signal_trap(int sig)
void
print_version (void)
{
+#ifndef BUILD
+#define BUILD "42"
+#endif
printf("%s version %s_%s.\n", PACKAGE, VERSION, BUILD);
printf("Copyright (C) 2007-2008 by Sun Microsystems, Inc.\n");
printf("Copyright (C) 2003-2004 "
Index: src/winscard_msg.c
===================================================================
--- src/winscard_msg.c (révision 3034)
+++ src/winscard_msg.c (copie de travail)
@@ -34,7 +34,7 @@
#include <strings.h>
#include <netdb.h>
#include <stdlib.h>
-#include <ucred.h>
+//#include <ucred.h>
#include <thread.h>
#include <sys/socket.h>
Index: src/debug.c
===================================================================
--- src/debug.c (révision 3034)
+++ src/debug.c (copie de travail)
@@ -23,6 +23,7 @@
#include <unistd.h>
#include <string.h>
#include <stdio.h>
+#include <time.h>
#include <sys/time.h>
#include "debug.h"
#include "strlcpycat.h"
Index: src/debug.h
===================================================================
--- src/debug.h (révision 3034)
+++ src/debug.h (copie de travail)
@@ -44,8 +44,6 @@
#define __FUNCTION__ ""
#endif
-extern int LogLevel;
-
#define DEBUG_LEVEL_CRITICAL 1
#define DEBUG_LEVEL_INFO 2
#define DEBUG_LEVEL_COMM 4
Index: src/cfgfuncs.c
===================================================================
--- src/cfgfuncs.c (révision 3034)
+++ src/cfgfuncs.c (copie de travail)
@@ -172,7 +172,7 @@ int
CFGProcessKvp(const char *key, const char *val, const int provider)
{
int i, j, rv;
- static char env[LINEMAX];
+ //static char env[LINEMAX];
if (key == NULL)
return (CFG_NULL_POINTER);
@@ -302,6 +302,9 @@ CFGParseXdisplay(char *display, int *dpy
int i, len, ipFlag = 0;
struct hostent *pHostEnt;
struct in_addr sia;
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 127
+#endif
char token[MAXHOSTNAMELEN + 1];
*dpyNbr = -1;
Index: src/auth.c
===================================================================
--- src/auth.c (révision 3034)
+++ src/auth.c (copie de travail)
@@ -21,13 +21,13 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <ucred.h>
+//#include <ucred.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <stdarg.h>
#include <thread.h>
-#include <synch.h>
+//#include <synch.h>
#include <debuglog.h>
#include <syslog.h>
#include <unistd.h>
@@ -47,7 +47,9 @@
#define PLUGIN_NOT_VALID -2
#define NOT_AUTHORIZED -3
#define RELOAD_ABORTED -4
+#ifndef PATH_MAX
#define PATH_MAX 256
+#endif
#define LINEMAX 256
#define KVMAXLEN 256
#define IFD_PLUGIN 0
@@ -56,6 +58,11 @@
#define NONULL(s) s ? s : "<null>"
#define MAX_KEY_LEN 64
+typedef int mutex_t;
+typedef int ucred_t;
+#ifndef RTLD_PARENT
+#define RTLD_PARENT 0
+#endif
typedef struct kvp_list {
struct kvp_list *next;
@@ -96,7 +103,6 @@ static plugin_t *findPluginByTag(const c
static plugin_t plist, ilist;
static time_t conf_ctime;
-#define NONULL(n) n ? n : "<null>"
/**
* @brief Get client credentials from socket.
Index: src/launcher.c
===================================================================
--- src/launcher.c (révision 3034)
+++ src/launcher.c (copie de travail)
@@ -24,20 +24,18 @@
#include <strings.h>
#include <stropts.h>
#include <syslog.h>
-#include <ucred.h>
#include <unistd.h>
#include <wait.h>
#include <syslog.h>
#include <arpa/inet.h>
#include <netinet/in.h>
-#include <sys/conf.h>
-#include <sys/filio.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <libgen.h>
#include <thread.h>
#include <syslog.h>
+#include <sys/param.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
Index: src/PCSC/clientcred.h
===================================================================
--- src/PCSC/clientcred.h (révision 3034)
+++ src/PCSC/clientcred.h (copie de travail)
@@ -19,7 +19,7 @@
#ifndef _client_cred_h_
#define _client_cred_h_
-#include <ucred.h>
+//#include <ucred.h>
#include <netdb.h>
#ifdef __cplusplus
@@ -33,8 +33,8 @@ typedef struct pcsc_client_cred {
uid_t euid; /* Solaris, Linux, FreeBSD, MacOS */
uid_t egid; /* Solaris, Linux, FreeBSD, MacOS */
pid_t pid; /* Solaris, Linux */
- uint_t dpyNbr; /* X11 */
- uint_t screenNbr; /* X11 */
+ uint32_t dpyNbr; /* X11 */
+ uint32_t screenNbr; /* X11 */
in_addr_t clientXhostIP; /* Avail from $DISPLAY */
in_addr_t clientIP; /* Avail from accept() */
struct {
Index: src/PCSC/debuglog.h
===================================================================
--- src/PCSC/debuglog.h (révision 3034)
+++ src/PCSC/debuglog.h (copie de travail)
@@ -39,6 +39,8 @@ extern "C"
{
#endif
+#define gethrtime() (42)
+
#ifndef PCSC_API
#define PCSC_API
#endif
Index: src/debuglog.c
===================================================================
--- src/debuglog.c (révision 3034)
+++ src/debuglog.c (copie de travail)
@@ -32,7 +32,7 @@
#include "misc.h"
#include "debuglog.h"
#include "sys_generic.h"
-#include <sys/time.h>
+#include <time.h>
#include "strlcpycat.h"
/**
Index: src/validate.c
===================================================================
--- src/validate.c (révision 3034)
+++ src/validate.c (copie de travail)
@@ -16,11 +16,11 @@
* @brief This handles thread function abstraction.
*/
-#include <ucred.h>
+//#include <ucred.h>
#include <string.h>
#include <dlfcn.h>
#include <thread.h>
-#include <synch.h>
+//#include <synch.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/types.h>
@@ -37,10 +37,16 @@
#include "debuglog.h"
#include "pcsc_config.h"
#include "util.h"
+#include <sys/param.h>
#define LINEMAX 256
#define MAXARGS 100
#define NONULL(s) (s ? s : "<null>")
+#ifndef RTLD_PARENT
+#define RTLD_PARENT 0
+#endif
+
+typedef int mutex_t;
static time_t getFileCtime(char *);
static int havPluginsChanged();
Index: src/instance.c
===================================================================
--- src/instance.c (révision 3034)
+++ src/instance.c (copie de travail)
@@ -22,14 +22,14 @@
#include <strings.h>
#include <stropts.h>
#include <syslog.h>
-#include <ucred.h>
+//#include <ucred.h>
#include <unistd.h>
#include <wait.h>
#include <syslog.h>
#include <arpa/inet.h>
#include <netinet/in.h>
-#include <sys/conf.h>
-#include <sys/filio.h>
+//#include <sys/conf.h>
+//#include <sys/filio.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
Index: src/thread.h
===================================================================
--- src/thread.h (révision 0)
+++ src/thread.h (révision 0)
@@ -0,0 +1,2 @@
+#define thr_self() 42
+typedef int thread_t;
Index: src/daemon_utils.c
===================================================================
--- src/daemon_utils.c (révision 3034)
+++ src/daemon_utils.c (copie de travail)
@@ -23,14 +23,14 @@
#include <strings.h>
#include <stropts.h>
#include <syslog.h>
-#include <ucred.h>
+//#include <ucred.h>
#include <unistd.h>
#include <wait.h>
#include <syslog.h>
#include <arpa/inet.h>
#include <netinet/in.h>
-#include <sys/conf.h>
-#include <sys/filio.h>
+//#include <sys/conf.h>
+//#include <sys/filio.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
Index: src/Makefile.am
===================================================================
--- src/Makefile.am (révision 3034)
+++ src/Makefile.am (copie de travail)
@@ -4,7 +4,7 @@ SUBDIRS = . utils modules
AM_CPPFLAGS = -I$(top_srcdir)/src/PCSC -I$(top_builddir)/src/PCSC \
$(SYMBOL_VISIBILITY)
-lib_LTLIBRARIES = libpcsclite.la libpcsclite64.la
+lib_LTLIBRARIES = libpcsclite.la
if !HAVE_SCF
sbin_PROGRAMS = pcscd
Index: ltmain.sh
===================================================================
--- ltmain.sh (révision 3034)
+++ ltmain.sh (copie de travail)
@@ -43,7 +43,7 @@ EXIT_FAILURE=1
PROGRAM=ltmain.sh
PACKAGE=libtool
-VERSION=1.5.22
+VERSION="1.5.22 Debian 1.5.22-4"
TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)"
# See if we are running on zsh, and set the options which allow our
@@ -2082,7 +2082,10 @@ EOF
case $pass in
dlopen) libs="$dlfiles" ;;
dlpreopen) libs="$dlprefiles" ;;
- link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+ link)
+ libs="$deplibs %DEPLIBS%"
+ test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
+ ;;
esac
fi
if test "$pass" = dlopen; then
@@ -3201,6 +3204,11 @@ EOF
age="$number_minor"
revision="$number_minor"
;;
+ *)
+ $echo "$modename: unknown library version type \`$version_type'" 1>&2
+ $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2
+ exit $EXIT_FAILURE
+ ;;
esac
;;
no)
More information about the Muscle
mailing list