[Spice-devel] Help with SmartCards and XSpice

Alon Levy alon at pobox.com
Wed Aug 6 08:49:57 PDT 2014 

On 08/06/2014 06:14 PM, Jeremy White wrote:
>>> And, finally, if that's all right - on to the next question:  where
>>> should spiceccid fit in the XSpice stack?  Should it be part of the Xorg
>>> driver?  Should it be a vd_agent process?
>>
>> I'm not sure - I was thinking a third part, this time it's a bit more
>> complicated, basically having a pcscd driver that would only be used by
>> specific clients (i.e. processes, apps running presumably by the user
>> controlling the Xspice instance). Usage scenario I guess is:
>> 1. user launches Xspice (via some control interface)
>> 2. user starts smartcard using app (i.e. firefox)
>> 3. firefox connects to smartcard via pcscd, pcscd recognized this is
>> supposed to go to the spice-ccid driver (to the *specific* one - you
>> presumably have more then one instance of Xspice with different clients
>> and hence smartcard hardware/credentials connected). You could use some
>> environment variable, or perhaps having more then one instance of pcscd
>> - that would make things simpler at the pcscd level, i.e. it could use a
>> config file running only one driver, spice-ccid, with the correct unix
>> domain socket connecting back to Xspice (spiceqxl_drv.so).
> 
> Ah, okay, you're ahead of me.  I hadn't gotten quite that far yet, but
> your thought process seems sound to me.
> 
> Your thinking seems to suggest you feel the hook should be another fifo
> out of spiceqxl_drv.so.  That would certainly be the easiest approach
> for me to take, so I have a built in desire to go that way.  But I worry
> about complicating that driver.
> 
> Why not route it through the vd_agent?

vd_agent communicates with spiceqxl_drv.so via a pipe (or two? I forget
- uinput and the vdagent protocol I mean). This would require one of
1. extending vd_agent protocol with the smartcard channel messages
2. using another pipe with smartcard channel messages

And *then* you add a pipe / some other way of communicating from
vd_agent to the pcscd driver (maybe you make the vdagent the driver, so
it's loaded by pcscd.. no, doesn't sound like a good idea).

> 
> Cheers,
> 
> Jeremy

More information about the Spice-devel mailing list