On 19/10/06, Paul Klissner <[EMAIL PROTECTED]> wrote:
The pcsclite library must check the $DISPLAY environment variable
on the client and validate that it refers only to a display, on
the local machine, if defined. Failing that, it needs to return
an error code to the client.
I'd like to add SCARD_E_INVALID_DISPLAY to the list of err consts
in PCSC/pcsclite.h, and the text "Invalid $DISPLAY environment" to
pcsc_stringify_error(), but I am concerned that I might be
constrained by backward-compatibility issues.
Can you describe the backward compatibility issues you are thinking about?
Any thoughts on this, or which existing error codes I might
fall back to using if extending the list isn't an option?
The existing list of error constants seems far from ideal.
I do not like the name SCARD_E_INVALID_DISPLAY. It could be more
generic like SCARD_E_NO_PERMISSION.
Maybe this error code could also be used to solve the problem
described in the recent thread "Limiting reader access to the console
user only" [1].
It is easy on the libpcsclite side to check the file permissions of
/var/run/pcscd.pub and return SCARD_E_NO_PERMISSION when appropriate.
Also, further validation of the X display is done server side,
where client EUID is obtained from the socket and authenticated
via a PAM module as the owner of the X display. If that check
fails, I planned to return the same error code as for a
client-side failure, however, having an even more explicit
error might be reasonable too.
Why do you have two cases with two (possibly different) error codes?
Which PC/SC call would return the two error codes?
SCardEstablishContext? SCardConnect? another one?
Bye,
[1] http://archives.neohapsis.com/archives/dev/muscle/2006-q4/0019.html
--
Dr. Ludovic Rousseau
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
