How to use LIBPCSCLITE_DELEGATE?

Remote session

Redirecting PC/SC calls is needed if you use a remote desktop and you want to use your local smart card reader in an application running in a distant GNU/Linux server.

On the server side the RDP server component will define LIBPCSCLITE_DELEGATE to use its own RDP library instead of the default libpcsclite library. The RDP PC/SC library will be in charge of communicating with the RDP client side.

You can use RDP (Remote Desktop Protocol) defined by Microsoft or another protocol.

The use of LIBPCSCLITE_DELEGATE should allow xrdp (an open-source Remote Desktop Protocol server) to redirect smart card accesses to RDP clients (from GNU/Linux or Windows clients).

This solution has been discussed in Delegate WinSCard calls to another library (for a RDP server for example) #161 and XRDP smartcard passthrough via windows RDP client #2625.

Spy the remote session

LIBPCSCLITE_DELEGATE can also be used to trace all the PC/SC calls (see PCSC API spy using LIBPCSCLITE_DELEGATE).

To do that you define LIBPCSCLITE_DELEGATE to use libpcscspy.so.0 and you define LIBPCSCLITE_SPY_DELEGATE (used by libpcscspy.so.0) to use your xrdp library instead of the default libpcsclite library.

libpcsclite.so.1 will call libpcscspy.so.0 which will call your xrdp library.

Security

Is it a new security issue?

No. It was already easy to intercept libpcsclite.so.1 functions using the dynamic linker LD_PRELOAD mechanism. This was the mechanism documented to spy PC/SC calls. See PCSC API spy, third try or PCSC API spy, update.

Conclusion

If you find new/innovative ways to use LIBPCSCLITE_DELEGATE please tell me.