Smart card

.vscode/c_cpp_properties.json

@@ -0,0 +1,16 @@
+{
+    "configurations": [
+        {
+            "name": "Mac",
+            "includePath": [
+                "${workspaceFolder}/**"
+            ],
+            "defines": [],
+            "compilerPath": "/usr/bin/clang",
+            "cStandard": "c17",
+            "cppStandard": "c++17",
+            "intelliSenseMode": "macos-clang-arm64"
+        }
+    ],
+    "version": 4
+}

.vscode/settings.json

@@ -0,0 +1,28 @@
+{
+    "files.associations": {
+        "client.h": "c",
+        "rdpdr.h": "c",
+        "rdpdr-smartcard.h": "c",
+        "__locale": "c",
+        "locale": "c",
+        "__config": "c",
+        "__hash_table": "c",
+        "__split_buffer": "c",
+        "array": "c",
+        "functional": "c",
+        "ios": "c",
+        "iterator": "c",
+        "ostream": "c",
+        "sstream": "c",
+        "string": "c",
+        "string_view": "c",
+        "vector": "c",
+        "unicode.h": "c",
+        "complex": "c",
+        "smartcard-pack.h": "c",
+        "scard.h": "c",
+        "smartcard-call.h": "c",
+        "unordered_map": "c",
+        "remote-smartcard.h": "c"
+    }
+}

Dockerfile

@@ -34,7 +34,7 @@ ARG BUILD_ARCHITECTURE
 # default, this is detected automatically.
 ARG BUILD_JOBS
 
-# The directory that will house the guacamole-server source during the build 
+# The directory that will house the guacamole-server source during the build
 ARG BUILD_DIR=/tmp/guacamole-server
 
 # FreeRDP version (default to version 2)
@@ -85,7 +85,7 @@ ARG FREERDP_OPTS="\
     -DWITH_OPENH264=OFF \
     -DWITH_OPENSSL=ON \
     -DWITH_OSS=OFF \
-    -DWITH_PCSC=OFF \
+    -DWITH_PCSC=ON \
     -DWITH_PKCS11=OFF \
     -DWITH_PULSE=OFF \
     -DWITH_SERVER=OFF \
@@ -183,7 +183,8 @@ RUN apk add --no-cache                \
         sdl2-dev                      \
         sdl2_ttf-dev                  \
         util-linux-dev                \
-        webkit2gtk-dev
+        webkit2gtk-dev \
+        pcsc-lite-dev
 
 # Copy generic, automatic build script
 COPY ./src/guacd-docker/bin/autobuild.sh ${BUILD_DIR}/src/guacd-docker/bin/
@@ -309,6 +310,47 @@ ARG PREFIX_DIR
 # Copy build artifacts into this stage
 COPY --from=guacamole-server ${PREFIX_DIR} ${PREFIX_DIR}
 
+RUN apk add --no-cache \
+    git \
+    build-base \
+    autoconf \
+    automake \
+    libtool \
+    linux-pam-dev \
+    libusb-dev \
+    wget \
+    xz \
+    meson \
+    ninja \
+    flex \
+    bison \
+    python3 \
+    py3-pip \
+    eudev-dev \
+    polkit \
+    polkit-dev \
+    pcsc-lite-dev
+
+# Download vsmartcard emulator and install
+RUN apk add --no-cache \
+    help2man
+
+RUN cd /opt && \
+    wget https://github.com/frankmorgner/vsmartcard/releases/download/virtualsmartcard-0.10/virtualsmartcard-0.10.tar.gz && \
+    tar -xzf virtualsmartcard-0.10.tar.gz && \
+    cd virtualsmartcard-0.10 && \
+    ./configure --sysconfdir=/etc && \
+    make && make install && \
+    chmod 777 /opt/virtualsmartcard-0.10/src/vpicc && \
+    mkdir /run/pcscd && chmod 777 /run/pcscd
+
+# Clone and build pcsc-lite from source
+RUN git clone https://github.com/LudovicRousseau/PCSC.git /opt/pcsc-lite && \
+    cd /opt/pcsc-lite && \
+    meson setup builddir -Dlibsystemd=false && \
+    meson compile -C builddir && \
+    meson install -C builddir
+
 # Bring runtime environment up to date and install runtime dependencies
 RUN apk add --no-cache                \
         ca-certificates               \

Notes.md

@@ -0,0 +1,20 @@
+## On the Desktop
+1. Open services and enable the "Smart Card" service. Ensure it is running and set to run on startup
+2. Do the same for "Smart Card Emulation Service"
+3.
+```
+net start scardsvr
+```
+4. Run the Local Group Policy Editor using the gpedit.msc command on the workstation with administrator privileges.
+5. Go to Computer configuration → Administrative Templates → Windows Components.
+6. Select Remote Desktop Services → Remote Desktop Session Host.
+7. Go to Device and Resource Redirection.
+8. Select Do not allow supported Plug and Play device redirection.
+9. Select Disabled and click ОК.
+10. Select Do not allow smart card device redirection.
+11. Select Disabled and click ОК.
+12. Open the command line as an administrator and run the command:
+```
+gpupdate /force
+```
+13. Restart the device.

configure.ac

@@ -79,7 +79,7 @@ AC_CHECK_LIB([pthread], [pthread_create], [PTHREAD_LIBS=-lpthread
 
 # Check for pthread_setattr_default_np
 AC_CHECK_DECLS([pthread_setattr_default_np], , , [[#include <pthread.h>]])
-            
+
 # librt
 AC_CHECK_FUNC([timer_create], [AC_MSG_RESULT([timer_create was found without librt.])],
               [AC_CHECK_LIB([rt], [timer_create],
@@ -692,7 +692,7 @@ then
 fi
 
 #
-# libVNCserver support for the requestedResize member, which enables the 
+# libVNCserver support for the requestedResize member, which enables the
 # client to pause frame buffer updates during a resize operation. If support
 # for this is missing, Guacamole may still attempt to send the resize requests
 # to the remote display, but there may be odd display behavior just before,
@@ -750,6 +750,10 @@ then
                              [FREERDP_PLUGIN_DIR="`$PKG_CONFIG --variable=libdir freerdp2`/freerdp2"])],
                       [freerdp_version=
                        have_freerdp=no])
+
+    PKG_CHECK_MODULES([PCSC], [libpcsclite],
+                      [CPPFLAGS="${PCSC_CFLAGS} -Werror $CPPFLAGS"],
+                      [AC_MSG_ERROR([libpcsclite is required for smartcard support])])
 fi
 
 if test "x$with_rdp" != "xno" -a "x${have_freerdp}" = "xno"

src/guacd-docker/bin/entrypoint.sh

@@ -5,6 +5,12 @@ if [ -n "$GUACD_LOG_LEVEL" ]; then
     echo "WARNING: The GUACD_LOG_LEVEL environment variable has been deprecated in favor of the LOG_LEVEL environment variable. Please migrate your configuration when possible." >&2
 fi
 
+# Start PC/SC daemon
+pcscd --disable-polkit &
+
+# Start virtual card emulator (background)
+/opt/virtualsmartcard-0.10/src/vpicc/vicc --reader 0 &
+
 # Listen on 0.0.0.0:4822, logging messages at the info level. Allow log level
 # to be overridden with LOG_LEVEL, and other behavior to be overridden with
 # additional command-line options passed to Docker.

src/protocols/rdp/Makefile.am

@@ -54,7 +54,13 @@ libguac_client_rdp_la_SOURCES =                  \
     channels/rdpdr/rdpdr-fs.c                    \
     channels/rdpdr/rdpdr-messages.c              \
     channels/rdpdr/rdpdr-printer.c               \
+    channels/rdpdr/rdpdr-smartcard.c             \
+    channels/rdpdr/smartcard-call.c              \
+    channels/rdpdr/smartcard-pack.c              \
+    channels/rdpdr/smartcard-operations.c        \
+    channels/rdpdr/remote-smartcard.c            \
     channels/rdpdr/rdpdr.c                       \
+    channels/rdpdr/msz-unicode.c                 \
     channels/rdpei.c                             \
     channels/rdpgfx.c                            \
     channels/rdpsnd/rdpsnd-messages.c            \
@@ -100,7 +106,14 @@ noinst_HEADERS =                                 \
     channels/rdpdr/rdpdr-fs.h                    \
     channels/rdpdr/rdpdr-messages.h              \
     channels/rdpdr/rdpdr-printer.h               \
+    channels/rdpdr/rdpdr-smartcard.h             \
+    channels/rdpdr/scard.h                       \
+    channels/rdpdr/remote-smartcard.h            \
+    channels/rdpdr/smartcard-call.h              \
+    channels/rdpdr/smartcard-pack.h              \
+    channels/rdpdr/smartcard-operations.h        \
     channels/rdpdr/rdpdr.h                       \
+    channels/rdpdr/msz-unicode.h                 \
     channels/rdpei.h                             \
     channels/rdpgfx.h                            \
     channels/rdpsnd/rdpsnd-messages.h            \
@@ -135,7 +148,8 @@ libguac_client_rdp_la_CFLAGS = \
     @COMMON_INCLUDE@           \
     @COMMON_SSH_INCLUDE@       \
     @LIBGUAC_INCLUDE@          \
-    @RDP_CFLAGS@
+    @RDP_CFLAGS@               \
+    @PCSC_CFLAGS@
 
 libguac_client_rdp_la_LDFLAGS = \
     -version-info 0:0:0         \
@@ -145,7 +159,8 @@ libguac_client_rdp_la_LDFLAGS = \
 
 libguac_client_rdp_la_LIBADD = \
     @COMMON_LTLIB@             \
-    @LIBGUAC_LTLIB@
+    @LIBGUAC_LTLIB@            \
+    @PCSC_LIBS@
 
 #
 # Plugins for FreeRDP