Tested with the following configuration:
- SCM Micro 3310 USB & Omnikey 4040 PCMCIA readers
- An Estonian ID card (EstEID)
- Fedora Core 4
- pcsc-lite 1.2.9-beta8
- ccid-0.9.3
- Windows 2k3 Terminal Server
- Rdesktop 1.4.1 + scard patch (of course)
Test results:
- SmartCard certificates and keys in IE - work
- ID Card tool - works
- SmartCard Login - events and PIN prompt work, login fails
(not scard patch fault, EstEID card does not have proper
certificates for windows logon anyway)
Problems:
- Debug output "[nameMapCount 0]" shown on each card open
- Protocol crashes when card is removed an then re-inserted
during the same session. The programs trying to open the
card will just hang. It doesn't matter if I close the
programs using the card before removing it (It might be the
case, that EstEID drivers don't close the card anyway, but
the problems do not show themselves with mstsc).
- Disconnect (connection closed by peer) on rare occasions
when removing/re-inserting the card during session
I'm willing to test / provide more information on request.
Thanx.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Modifications:
1) SCardStatus behaivour according to Heiko Nardmann patch.
2) Now you can enable smart card support with "./configure
--enable-smartcard" or
"./configure --enable-smartcard-debug". Read "./configure
--help" for
additional help.
3) SCardListReaders now returns exact error code.
4) Some cosmetic modifications.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Tested with the same setup. Insert-Remove events are
somewhat more stable now, but still manage to confuse the
windows end from time to time.
It's visible when using certtool -scinfo from windows
command line.
I'll attach a patch that includes both, the latest Alexey
stuff and Alons autoconf changes.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Bleh, seems like I can't post files here.
Interested parties can get an RPM for Fedora Core 4 as well
as both patches (Alexeys and Alons) from:
ftp://ftp.smartlink.ee/pub/esteid
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Modification:
1) Added additional switch "--with-pkgconfig"
in configure script. This switch instructs to
use`pkg-config` tool to correctly find pathes
of pcsc-lite files in some linux distribs.
// Accordingly to wishes of Alon Bar-Lev
2) Modified debug output for simplificaion.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Keeping in mind Alon Bar-Lev criticism:
1) Switch "--with-pkgconfig" has been removed. Now patch
requires `pkg-config` to be installed and configured if not
present.
2) Added ./configure to the patch. Now it's not required to
run autoreconf.
3) Removed switch "--enable-smartcard-debug"
4) Added switch "--with-debug-smartcard" which
allows to enable smart-card debug output.
5) Added comments to README file
6) Added smart-card subsection to man file
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In this release SCardGetStatusChange function was modified
back to pass parameters to PCSC-lite as is with little
modification. In the previous releases this function before
calling PCSC-lite had modified dwCurrentState parameter to
emulate Windows-to-Windows behavior. But I found that Alon
Bar-Lev and Reto Buerki have problems with their smart-cards
and log shows excessive calls of SCardGetStatusChange. So I
have mostly commented out this code.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Modified "tcp.c" to correctly work with several threads
which send result simultaneously.
This should solve the problem with Terminal Server which
sometimes resets connection with Protocol Error message.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For now there is no way found to correctly transmit answer
of SCardTransmit function call to Windows if receive buffer
length is larger than 448 bytes. In this case Windows simply
stop Smart-Card service and you have to relogin.
I added check of buffer length and hard limit it on 448
bytes before SCardTransmit call. This is temporarily.
If your smart-card worked before this patch it should
continue to work as it uses short buffer lengths.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=18349
Great work!
Tested with the following configuration:
- SCM Micro 3310 USB & Omnikey 4040 PCMCIA readers
- An Estonian ID card (EstEID)
- Fedora Core 4
- pcsc-lite 1.2.9-beta8
- ccid-0.9.3
- Windows 2k3 Terminal Server
- Rdesktop 1.4.1 + scard patch (of course)
Test results:
- SmartCard certificates and keys in IE - work
- ID Card tool - works
- SmartCard Login - events and PIN prompt work, login fails
(not scard patch fault, EstEID card does not have proper
certificates for windows logon anyway)
Problems:
- Debug output "[nameMapCount 0]" shown on each card open
- Protocol crashes when card is removed an then re-inserted
during the same session. The programs trying to open the
card will just hang. It doesn't matter if I close the
programs using the card before removing it (It might be the
case, that EstEID drivers don't close the card anyway, but
the problems do not show themselves with mstsc).
- Disconnect (connection closed by peer) on rare occasions
when removing/re-inserting the card during session
I'm willing to test / provide more information on request.
Thanx.
Logged In: YES
user_id=335423
Whoa, a significant piece of work.
I don't have any such equipment to test it with, but still -
impressive.
BTW, would be nicer if you'd keep the code style (braces
style etc.) of the rest of the rdesktop code.
Logged In: YES
user_id=344921
>BTW, would be nicer if you'd keep the code style (braces
>style etc.) of the rest of the rdesktop code.
The code style should basically fix itself when running
indent-all (which should always be done before commit).
Logged In: YES
user_id=1357228
Modifications:
1) SCardStatus behaivour according to Heiko Nardmann patch.
2) Now you can enable smart card support with "./configure
--enable-smartcard" or
"./configure --enable-smartcard-debug". Read "./configure
--help" for
additional help.
3) SCardListReaders now returns exact error code.
4) Some cosmetic modifications.
Logged In: YES
user_id=1157530
A path for your patch to allow compilation without scard
support and allow proper CFLAGS, LIBS of libpcsc.
diff -urNp rdesktop-1.4.1.old/configure.ac
rdesktop-1.4.1/configure.ac
--- rdesktop-1.4.1.old/configure.ac 2005-11-08
10:37:13.000000000 +0200
+++ rdesktop-1.4.1/configure.ac 2005-11-08
10:48:58.000000000 +0200
@@ -87,6 +87,10 @@ AC_ARG_ENABLE(smartcard,
[
SCARD_SUPPORT="-DWITH_SCARD"
SCARD_OBJ="scard.o"
+PCSC_CFLAGS=`pkg-config libpcsclite --cflags`
+PCSC_LIBS=`pkg-config libpcsclite --libs`
+CFLAGS="$CFLAGS $PCSC_CFLAGS"
+LIBS="$LIBS $PCSC_LIBS"
])
AC_ARG_ENABLE(smartcard-debug,
@@ -94,7 +98,7 @@ AC_ARG_ENABLE(smartcard-debug,
[
SCARD_SUPPORT="-DWITH_SCARD"
SCARD_OBJ="scard.o"
-SCARD_DEBUG="-DWITH_SCARD_DEBUG"
+SCARD_DEBUG="-DWITH_SCARD_DEBUG"
])
AC_SUBST(SCARD_SUPPORT)
diff -urNp rdesktop-1.4.1.old/Makefile.in
rdesktop-1.4.1/Makefile.in
--- rdesktop-1.4.1.old/Makefile.in 2005-11-08
10:37:13.000000000 +0200
+++ rdesktop-1.4.1/Makefile.in 2005-11-08 10:44:36.000000000
+0200
@@ -16,7 +16,7 @@ KEYMAP_PATH = $(datadir)/rdesktop/keymap
CC = @CC@
INSTALL = @INSTALL@
CFLAGS = @CFLAGS@ @X_CFLAGS@ @DEFS@
-DKEYMAP_PATH=\"$(KEYMAP_PATH)\" @SCARD_SUPPORT@ @SCARD_DEBUG@
-LDFLAGS = @LDFLAGS@ @LIBS@ @X_LIBS@ @X_EXTRA_LIBS@
-lpcsclite -lpthread
+LDFLAGS = @LDFLAGS@ @LIBS@ @X_LIBS@ @X_EXTRA_LIBS@
TARGETS = rdesktop @RDP2VNCTARGET@
VNCINC = @VNCINC@
diff -urNp rdesktop-1.4.1.old/rdpdr.c rdesktop-1.4.1/rdpdr.c
--- rdesktop-1.4.1.old/rdpdr.c 2005-11-08 10:37:13.000000000
+0200
+++ rdesktop-1.4.1/rdpdr.c 2005-11-08 10:50:59.000000000 +0200
@@ -40,7 +40,9 @@
#include <time.h>
#include <errno.h>
#include "rdesktop.h"
+#ifdef WITH_SCARD
#include "scard.h"
+#endif
#include "rdpdr.h"
#define IRP_MJ_CREATE 0x00
diff -urNp rdesktop-1.4.1.old/types.h rdesktop-1.4.1/types.h
--- rdesktop-1.4.1.old/types.h 2005-11-08 10:37:13.000000000
+0200
+++ rdesktop-1.4.1/types.h 2005-11-08 10:50:14.000000000 +0200
@@ -18,8 +18,11 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#ifdef WITH_SCARD
#include <wintypes.h>
-//typedef int BOOL;
+#else
+typedef int BOOL;
+#endif
#ifndef True
#define True (1)
Logged In: YES
user_id=18349
Tested with the same setup. Insert-Remove events are
somewhat more stable now, but still manage to confuse the
windows end from time to time.
It's visible when using certtool -scinfo from windows
command line.
I'll attach a patch that includes both, the latest Alexey
stuff and Alons autoconf changes.
Logged In: YES
user_id=18349
Bleh, seems like I can't post files here.
Interested parties can get an RPM for Fedora Core 4 as well
as both patches (Alexeys and Alons) from:
ftp://ftp.smartlink.ee/pub/esteid
Logged In: YES
user_id=1357228
odifications:
1) Added SCardState function
2) File configure.ac is now more accurate
Logged In: YES
user_id=1357228
Modification:
1) Added additional switch "--with-pkgconfig"
in configure script. This switch instructs to
use`pkg-config` tool to correctly find pathes
of pcsc-lite files in some linux distribs.
// Accordingly to wishes of Alon Bar-Lev
2) Modified debug output for simplificaion.
Logged In: YES
user_id=1357228
Keeping in mind Alon Bar-Lev criticism:
1) Switch "--with-pkgconfig" has been removed. Now patch
requires `pkg-config` to be installed and configured if not
present.
2) Added ./configure to the patch. Now it's not required to
run autoreconf.
3) Removed switch "--enable-smartcard-debug"
4) Added switch "--with-debug-smartcard" which
allows to enable smart-card debug output.
5) Added comments to README file
6) Added smart-card subsection to man file
Logged In: YES
user_id=1357228
Modifications for rdesktop-1.4.1+scard-20060603.patch.gz:
SCardTransmit function output was redesigned.
Now it's seemed to work correctly with pioRecvPci
specified.
Logged In: YES
user_id=1357228
Please test this code.
In this release SCardGetStatusChange function was modified
back to pass parameters to PCSC-lite as is with little
modification. In the previous releases this function before
calling PCSC-lite had modified dwCurrentState parameter to
emulate Windows-to-Windows behavior. But I found that Alon
Bar-Lev and Reto Buerki have problems with their smart-cards
and log shows excessive calls of SCardGetStatusChange. So I
have mostly commented out this code.
Logged In: YES
user_id=1357228
Modified SCardTransmit function.
Logged In: YES
user_id=1357228
Modified "tcp.c" to correctly work with several threads
which send result simultaneously.
This should solve the problem with Terminal Server which
sometimes resets connection with Protocol Error message.
Logged In: YES
user_id=1357228
Now works with Windows XP Remote Desktop too.
Logged In: YES
user_id=1357228
For now there is no way found to correctly transmit answer
of SCardTransmit function call to Windows if receive buffer
length is larger than 448 bytes. In this case Windows simply
stop Smart-Card service and you have to relogin.
I added check of buffer length and hard limit it on 448
bytes before SCardTransmit call. This is temporarily.
If your smart-card worked before this patch it should
continue to work as it uses short buffer lengths.
Smart Card Support for RDesktop 1.4.1 (2006-06-26)
Logged In: YES
user_id=1622901
Hi.
This patch does not work for me. After compiliing with
./configure --enable-smartcard --with-debug
--with-debug-smartcard --prefix=/usr
--mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info
running rdesktop remote_host ends with blank screen
On debug i see:
./rdesktop tshd
Architectures match, enabling little endian optimisations.
Generating client random
rc_4_key_size == 2, 128-bit encryption enabled
Sending encrypted packet:
0000 00 00 00 00 33 01 00 00 00 00 0e 00 00 00 00 00
....3...........
[...]
Connection successful.
Sending encrypted packet:
0000 22 00 17 00 ed 03 00 00 00 00 00 01 14 00 1c 00
"...............
0010 00 00 01 00 00 00 66 dd 34 45 04 00 00 c1 5b 00
......f.4E....[.
0020 00 00 ..
ERROR: send: Bad file descriptor
ERROR: recv: Bad file descriptor
Disconnecting...
running with -r scard ends with:
ERROR: send: Bad file descriptor
Connection successful.
zsh: segmentation fault ./rdesktop -r scard tshd
my system: ubuntu dapper, kernel 2.6.15
One of previous patch (155362:
rdesktop-1.4.1-scard-patch.tar.gz) works "correctly" - i am
able to login using smard card.
Logged In: YES
user_id=1622901
Sorry,
I found that it is known problem. Sollution (and patch) is
described in bug #1522500
https://sourceforge.net/tracker/?func=detail&atid=381347&aid=1522500&group_id=24366
Logged In: YES
user_id=471365
Smartcard support is now committed to rdesktop based on this patch.