Bug 1248143

Summary: SmartCard does not appear in VM at initial connection with remote-viewer
Product: Red Hat Enterprise Linux 7 Reporter: Andrei Stepanov <astepano>
Component: spiceAssignee: Default Assignee for SPICE Bugs <rh-spice-bugs>
Status: CLOSED NOTABUG QA Contact: SPICE QE bug list <spice-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.1CC: tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-31 13:17:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrei Stepanov 2015-07-29 17:18:31 UTC 
Guest OS does not see smart card.

Guest OS & Host is RHEL 7.1

spice-gtk3-0.22-2.el7.x86_64
xorg-x11-drv-qxl-0.1.1-12.el7.x86_64
spice-vdagent-0.14.0-9.el7.x86_64
spice-server-0.12.4-9.el7.x86_64
kernel-3.10.0-229.7.2.el7.x86_64
nss-tools-3.19.1-3.el7_1.x86_64
coolkey-1.1.0-28.el7.x86_64
pam_pkcs11-0.6.2-18.el7.x86_64
p11-kit-0.20.7-3.el7.x86_64


How reproducible: always

Steps to Reproduce:

Connect SmartCard reader to Client machine.
Connect to guest with:
remote-viewer 'spice://xxxxxxxx/?port=3000'  --spice-smartcard

In guest vm type: # lsusb:
Bus 003 Device 002: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap

As you can see: only 1 usb device.

I cannot login in system with it. GDM does not see it.

# pkcs11_inspect debug
DEBUG:pam_config.c:238: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:182: Initializing NSS ...
DEBUG:pkcs11_lib.c:192: Initializing NSS ... database=/etc/pki/nssdb
DEBUG:pkcs11_lib.c:210: ...  NSS Complete
DEBUG:pkcs11_inspect.c:69: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:235: Looking up module in list
DEBUG:pkcs11_lib.c:238: modList = 0x12a6610 next = 0x12b34c0

DEBUG:pkcs11_lib.c:239: dllName= <null> 

DEBUG:pkcs11_lib.c:238: modList = 0x12b34c0 next = 0x0

DEBUG:pkcs11_lib.c:239: dllName= libcoolkeypk11.so 

DEBUG:pkcs11_inspect.c:78: initialising pkcs #11 module...
DEBUG:pkcs11_inspect.c:95: no token available





While active connection with remote-viewer:
Plug off SmartCard reader from USB port.
Plug in.
type again lsusb:

Bus 003 Device 003: ID 08e6:3437 Gemalto (was Gemplus) GemPC Twin SmartCard Reader
Bus 003 Device 002: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap

Now I can login to GuestVm system with smart card.


]# pkcs11_inspect debug
DEBUG:pam_config.c:238: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:182: Initializing NSS ...
DEBUG:pkcs11_lib.c:192: Initializing NSS ... database=/etc/pki/nssdb
DEBUG:pkcs11_lib.c:210: ...  NSS Complete
DEBUG:pkcs11_inspect.c:69: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:235: Looking up module in list
DEBUG:pkcs11_lib.c:238: modList = 0xb91600 next = 0xb9e4e0

DEBUG:pkcs11_lib.c:239: dllName= <null> 

DEBUG:pkcs11_lib.c:238: modList = 0xb9e4e0 next = 0x0

DEBUG:pkcs11_lib.c:239: dllName= libcoolkeypk11.so 

DEBUG:pkcs11_inspect.c:78: initialising pkcs #11 module...
PIN for token: 
DEBUG:pkcs11_lib.c:48: PIN = [redhat]
DEBUG:pkcs11_lib.c:759: cert 0: found (spice qe:signing key for spiceqe), "UID=spiceqe,O=Token Key User"
DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
DEBUG:mapper_mgr.c:73: Loading static module for mapper 'cn'
DEBUG:mapper_mgr.c:197: Inserting mapper [cn] into list
DEBUG:mapper_mgr.c:73: Loading static module for mapper 'uid'
DEBUG:mapper_mgr.c:197: Inserting mapper [uid] into list
DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
DEBUG:mapper_mgr.c:197: Inserting mapper [pwent] into list
DEBUG:mapper_mgr.c:73: Loading static module for mapper 'null'
DEBUG:mapper_mgr.c:197: Inserting mapper [null] into list
DEBUG:pkcs11_inspect.c:128: Found '1' certificate(s)
DEBUG:pkcs11_inspect.c:132: verifing the certificate #1
DEBUG:cert_vfy.c:34: Verifying Cert: spice qe:signing key for spiceqe (UID=spiceqe,O=Token Key User)
DEBUG:pkcs11_inspect.c:146: Inspecting certificate #1
DEBUG:mapper_mgr.c:243: Cannot find cert data for mapper cn
Printing data for mapper uid:
spiceqe
DEBUG:mapper_mgr.c:243: Cannot find cert data for mapper pwent
DEBUG:mapper_mgr.c:235: Mapper 'null' has no inspect() function
DEBUG:mapper_mgr.c:214: unloading mapper module list
DEBUG:mapper_mgr.c:137: calling mapper_module_end() cn
DEBUG:mapper_mgr.c:148: Module cn is static: don't remove
DEBUG:mapper_mgr.c:137: calling mapper_module_end() uid
DEBUG:mapper_mgr.c:148: Module uid is static: don't remove
DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
DEBUG:mapper_mgr.c:137: calling mapper_module_end() null
DEBUG:mapper_mgr.c:148: Module null is static: don't remove
DEBUG:pkcs11_inspect.c:163: releasing pkcs #11 module...
DEBUG:pkcs11_inspect.c:166: Process completed