On 2/8/2011 1:29 PM, Andre Zepezauer wrote: > Hello Douglas, > > please have a look at that picture [1]. FYI the cardmod resides on the > same level as OpenSC.tokend does. As you can see, there is a clear > distinction between the library 'libopensc' and the applications (shown > at the top). >
Yes, cardmod would be a box next to tokend with a line to libopensc. But the BaseCSP passed reader and card handles to cardmod. These need to be passed to the PC/SC driver. That would be a line from the cardmod box to the PC/SC box. That line is implemented by use_reader. > So, if there is a problem within a particular application, that problem > should also be fixed within the same application. If that isn't possible > at all, then improvements in libopensc may be considered. Yes that is the situation. use_reader is an improvement in that is allows the calling module, cardmod, to pass in the handles that are to be used. These handles are setup by the BaseCSP. (The term application is vague. Cardmod is not the application, is is a module under the BaseCSP. The application could be IE, login, certutil etc.) All of the existing applications that use OpenSC allow the reader drivers to find reader and cards on their own. The reader drivers do the detection, and all the reader and card communication. When using cardmod, The Windows smart card code reads the ATR, then calls a CSP based on the ATR. If the BaseCSP is used it may be using the opensc cardmod mini-driver based on the ATR. How the handles are opened and closed is up to the Microsoft code. The code might even be doing some locking or selecting of a reader. It could even use some group policy on what readers can be used for a smart card login. (I don't know if they do this now, but I could see it in the future.) The mini-driver is expected to use the provided handles. > Preferable in > a way that other/future applications can also take advantage of it. > That's my personal opinion and the reason of my resistance about your > patch. Future "applications" could take advantage of this, if they were doing something similar and opening connections to readers and cards they could pass in the handles to use. (Maybe an ssh tunnel for example.) > > On Tue, 2011-02-08 at 09:09 -0600, Douglas E. Engert wrote: >> Today the opensc cardmod driver is experimental and it has issues > > Are you talking about the opensc cardmod application [1]? Yes last summer(?) the cardmod modifications were submitted as experimental, and they are normally built. The use_reader mod adds an extra entry point into a driver, and only the cardmod version of pcsc will be using it for now. The other drivers define the entry as NULL, and sc_ctx_use_reader will return SC_ERROR_NOT_SUPPORTED. Only the cardmod.c will be calling the sc_ctx_use_reader. > >> My goal this week is to get the use_reader patch committed, > > You don't have to but you could explain how that would improve libopensc > [1]? I would hope the above explains this. It is used to limit the access of PC/SC to the provided handles, and lets the BaseCSP control handles to the reader and card. > >> as well as the other fixes to the cardmod code. > > No objections. > >> After that if you have improvements and a way to test them, >> please try them. > > What are you talking about? In some of your notes you were proposing different entry points for different reasons. These might be good ideas for some future projects. One note talked about combining the original pcsc and modified copies of these routines used for cardmod, to reduce the redundent code. Part of the problem with the mini-driver is trying to understand what Microsoft is really doing, especially without having their source code. Being able to test a modification is a big part of the development process. That is why I was asking if you have and environment to build and test any cardmod changes. > > Regards > Andre > > [1] http://www.opensc-project.org/opensc/attachment/wiki/OverView/OpenSC.png > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
