The need
In some cases you need to control the smart card reader names reported by PC/SC.For real examples see some requests sent on the Pcsclite-muscle mailing list: "Possibility to disable Reader Interface?", "Deny card access for one application" and "Dynamically disable/enable specific card reader".
Ignore some readers
For example imagine you have a laptop with 2 integrated smart card readers:- Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD)
- Broadcom Corp 5880 [Contactless SmartCard] (0123456789ABCD)
To ease the life of the users you do not want them to have to select the contact reader each time an application has to use a reader and ask the user to select one.
Since the readers are integrated into the laptop you can't easily unplug the reader you don't want to use. You need a solution to ignore unwanted readers at the PC/SC level.
Extend reader names
In this use case you use a remote desktop solution (RDP) to access a Windows server from your GNU/Linux laptop. Your company has equipped users with the same laptop model. So at the PC/SC level all the readers have the same name and this PC/SC name is forwarded to Windows through RDP.Now imagine a bogus application on the Windows server (not too hard to imagine a bogus application on Windows ☺) that uses the PC/SC reader name to identify a user. Since every user is using the same laptop model they will all have the same PC/SC reader name in Windows. And the bogus Windows application is broken ☹ and can't be used.
The proposed solution
To enable these two features you need to configure pcsc-lite with--enable-filter
.Ignore some readers
If the environment variablePCSCLITE_FILTER_IGNORE_READER_NAMES
is defined then it contains a list of patterns separated by the character ":".If a pattern is found in a PC/SC reader name then this reader is ignored and will not be reported by SCardListReaders() or any other PC/SC calls.
In the example described above you would define
PCSCLITE_FILTER_IGNORE_READER_NAMES
as: "Contactless"
.Extend reader names
To differentiate the PC/SC reader names one idea is to use the host name of the system. If the IT department is doing correctly his job every laptop should have a different host name.If the environment variable
PCSCLITE_FILTER_EXTEND_READER_NAMES
is defined then it contains a string that will be added at the end of the PC/SC reader names.The computer host name is available in the variable
$HOSTNAME
. If you want to have a space character between the PC/SC reader name and host name you define PCSCLITE_FILTER_EXTEND_READER_NAMES
as:" $HOSTNAME"
.Setup
The Debian init script for pcscd contains:NAME=pcscd # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME
You then just have to create a file
PCSCLITE_FILTER_IGNORE_READER_NAMES="Contactless" PCSCLITE_FILTER_EXTEND_READER_NAMES=" $HOSTNAME"And you are good to go.
GNU/Linux systems using systemd will need a different configuration. The systemd configuration is left as an exercise for the reader.
Conclusion
These new features will be provided in the next version of pcsc-lite.If you have another special feature request for pcsc-lite, please do not hesitate to contact me.