[Spice-devel] [PATCH] Provide support for using the passthru smartcard mode in libcacard.

Jeremy White jwhite at codeweavers.com
Mon Jan 19 07:01:45 PST 2015 

Signed-off-by: Jeremy White <jwhite at codeweavers.com>
---
 gtk/smartcard-manager.c |   14 ++++++++++++++
 gtk/spice-option.c      |   23 +++++++++++++++++++++--
 gtk/spice-session.c     |   26 ++++++++++++++++++++++++++
 man/spice-client.pod    |    7 +++++--
 4 files changed, 66 insertions(+), 4 deletions(-)

diff --git a/gtk/smartcard-manager.c b/gtk/smartcard-manager.c
index 9e228e9..d605c99 100644
--- a/gtk/smartcard-manager.c
+++ b/gtk/smartcard-manager.c
@@ -416,14 +416,28 @@ static gboolean smartcard_manager_init(SmartcardManagerInitArgs *args)
     gchar *dbname = NULL;
     GStrv certificates = NULL;
     gboolean retval = FALSE;
+    gchar *smartcard_type = NULL;
 
     SPICE_DEBUG("smartcard_manager_init");
     g_return_val_if_fail(SPICE_IS_SESSION(args->session), FALSE);
     g_object_get(G_OBJECT(args->session),
                  "smartcard-db", &dbname,
                  "smartcard-certificates", &certificates,
+                 "smartcard-type", &smartcard_type,
                  NULL);
 
+    if (g_strcmp0(smartcard_type, "passthru") == 0) {
+        emul_args = g_strdup_printf("use_hw=yes hw_type=passthru");
+        options = vcard_emul_options(emul_args);
+        if (options == NULL) {
+            args->err = g_error_new(SPICE_CLIENT_ERROR,
+                                    SPICE_CLIENT_ERROR_FAILED,
+                                    "vcard_emul_options() for passthru failed!");
+            goto end;
+        }
+        goto init;
+    }
+
     if ((certificates == NULL) || (g_strv_length(certificates) != 3))
         goto init;
 
diff --git a/gtk/spice-option.c b/gtk/spice-option.c
index 958e03c..5b53cb3 100644
--- a/gtk/spice-option.c
+++ b/gtk/spice-option.c
@@ -35,6 +35,7 @@ static char *smartcard_certificates = NULL;
 static char *usbredir_auto_redirect_filter = NULL;
 static char *usbredir_redirect_on_connect = NULL;
 static gboolean smartcard = FALSE;
+static char * smartcard_type = NULL;
 static gboolean disable_audio = FALSE;
 static gboolean disable_usbredir = FALSE;
 static gint cache_size = 0;
@@ -149,6 +150,22 @@ static gboolean parse_usbredir_filter(const gchar *option_name,
     return TRUE;
 }
 
+static gboolean parse_smartcard(const gchar *option_name, const gchar *value,
+                                      gpointer data, GError **error)
+{
+    if (! value || strlen(value) == 0 || g_strcmp0(value, "nssemul") == 0)
+        smartcard_type = "nssemul";
+    else if (g_strcmp0(value, "passthru") == 0)
+        smartcard_type = "passthru";
+    else {
+            g_set_error(error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
+                        _("invalid smartcard type (%s), valid types: nssemul, passthru"), value);
+            return FALSE;
+    }
+
+    smartcard = TRUE;
+    return TRUE;
+}
 
 /**
  * spice_get_option_group: (skip)
@@ -173,8 +190,8 @@ GOptionGroup* spice_get_option_group(void)
           N_("Subject of the host certificate (field=value pairs separated by commas)"), N_("<host-subject>") },
         { "spice-disable-audio", '\0', 0, G_OPTION_ARG_NONE, &disable_audio,
           N_("Disable audio support"), NULL },
-        { "spice-smartcard", '\0', 0, G_OPTION_ARG_NONE, &smartcard,
-          N_("Enable smartcard support"), NULL },
+        { "spice-smartcard", '\0', G_OPTION_FLAG_OPTIONAL_ARG, G_OPTION_ARG_CALLBACK, parse_smartcard,
+          N_("Enable smartcard support (you can specify nssemul, the default, or passthru)"), NULL },
         { "spice-smartcard-certificates", '\0', 0, G_OPTION_ARG_STRING, &smartcard_certificates,
           N_("Certificates to use for software smartcards (field=values separated by commas)"), N_("<certificates>") },
         { "spice-smartcard-db", '\0', 0, G_OPTION_ARG_STRING, &smartcard_db,
@@ -258,6 +275,8 @@ void spice_set_session_option(SpiceSession *session)
         }
         if (smartcard_db)
             g_object_set(session, "smartcard-db", smartcard_db, NULL);
+        if (smartcard_type)
+            g_object_set(session, "smartcard-type", smartcard_type, NULL);
     }
     if (usbredir_auto_redirect_filter) {
         SpiceUsbDeviceManager *m = spice_usb_device_manager_get(session, NULL);
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 7971f3c..6f97fd0 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -64,6 +64,7 @@ struct _SpiceSessionPrivate {
 
     /* whether to enable smartcard event forwarding to the server */
     gboolean          smartcard;
+    gchar             *smartcard_type;
 
     /* list of certificates to use for the software smartcard reader if
      * enabled. For now, it has to contain exactly 3 certificates for
@@ -182,6 +183,7 @@ enum {
     PROP_MIGRATION_STATE,
     PROP_AUDIO,
     PROP_SMARTCARD,
+    PROP_SMARTCARD_TYPE,
     PROP_SMARTCARD_CERTIFICATES,
     PROP_SMARTCARD_DB,
     PROP_USBREDIR,
@@ -570,6 +572,9 @@ static void spice_session_get_property(GObject    *gobject,
     case PROP_SMARTCARD:
         g_value_set_boolean(value, s->smartcard);
         break;
+    case PROP_SMARTCARD_TYPE:
+        g_value_set_string(value, s->smartcard_type);
+        break;
     case PROP_SMARTCARD_CERTIFICATES:
         g_value_set_boxed(value, s->smartcard_certificates);
         break;
@@ -696,6 +701,10 @@ static void spice_session_set_property(GObject      *gobject,
     case PROP_SMARTCARD:
         s->smartcard = g_value_get_boolean(value);
         break;
+    case PROP_SMARTCARD_TYPE:
+        g_free(s->smartcard_type);
+        s->smartcard_type = g_value_dup_string(value);
+        break;
     case PROP_SMARTCARD_CERTIFICATES:
         g_strfreev(s->smartcard_certificates);
         s->smartcard_certificates = g_value_dup_boxed(value);
@@ -1025,6 +1034,23 @@ static void spice_session_class_init(SpiceSessionClass *klass)
                           G_PARAM_STATIC_STRINGS));
 
     /**
+     * SpiceSession:smartcard-type:
+     *
+     * Can be set to nssemul to emulate a CAC card via libnss, or
+     *  passthru to use pcsclite to pass smartcard access through
+     *
+     * Since: 0.28
+     **/
+    g_object_class_install_property
+        (gobject_class, PROP_SMARTCARD_TYPE,
+         g_param_spec_string("smartcard-type",
+                          "Type of smartcard access to use.",
+                          "The default is nssemul, which uses libnss to emulate a CAC card.  Specifying passthru will use pcsclite to directly interact with the card.",
+                          FALSE,
+                          G_PARAM_READWRITE |
+                          G_PARAM_STATIC_STRINGS));
+
+    /**
      * SpiceSession:enable-audio:
      *
      * If set to TRUE, the audio channels will be enabled for
diff --git a/man/spice-client.pod b/man/spice-client.pod
index 69ea84c..acf457f 100644
--- a/man/spice-client.pod
+++ b/man/spice-client.pod
@@ -140,9 +140,12 @@ when a SPICE connection to a remote display has been established.
 
 Display Spice-GTK version information
 
-=item --spice-smartcard
+=item --spice-smartcard[=type]
 
-Enable smartcard support
+Enable smartcard support.  By default (type nssemul) the client will use
+libnss to access the card, and simulate a CAC card.  If a type of passthru
+is given, the client will instead use pcsclite and attempt to pass thru
+the raw card commands.
 
 =item --spice-smartcard-db=<certificate-db>
 
-- 
1.7.10.4

More information about the Spice-devel mailing list