Bug 1273566

Summary:

SmartCard (passthru mode) support is broken

Product:

Red Hat Enterprise Virtualization Manager

Reporter:

Andrei Stepanov <astepano>

Component:

mingw-virt-viewer

Assignee:

Default Assignee for SPICE Bugs <rh-spice-bugs>

Status:

CLOSED DUPLICATE

QA Contact:

SPICE QE bug list <spice-qe-bugs>

Severity:

unspecified

Docs Contact:

Priority:

unspecified

Version:

3.6.0

CC:

astepano, bsanford, cfergeau, ecohen, fidencio, gklein, lsurette, rbalakri, tpelka, yeylon

Target Milestone:

---

Target Release:

---

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2015-10-21 10:43:10 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
remote-viewer.exe log	none
console vv file	none

Description Andrei Stepanov 2015-10-20 17:24:27 UTC

SmartCard support is broken.

Client: Windows 7 32 
Host: vdsm-4.17.9-1.el7ev.noarch
Guest: 3.10.0-323.el7.x86_64
virt-viewer: 2.0-48
rhev-guest-tools-iso-3.5-9.el6ev.noarch

Smartcard works as expected when client is RHEL7.2 (guest is the same)

Steps to reproduce:

* Login to Admin portal
* Select VM
* Edit VM  
* Select tab “Console”
* Check “Smartcard Enabled”
* Connect to VM
* Type in terminal pkcs11_inspect debug

DEBUG:pkcs11_inspect.c:95: no token available

Additional info:

Guest:

# lsusb
Bus 002 Device 002: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

# pkcs11_inspect debug
DEBUG:pam_config.c:238: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:182: Initializing NSS ...
DEBUG:pkcs11_lib.c:192: Initializing NSS ... database=/etc/pki/nssdb
DEBUG:pkcs11_lib.c:210: ...  NSS Complete
DEBUG:pkcs11_inspect.c:69: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:235: Looking up module in list
DEBUG:pkcs11_lib.c:238: modList = 0x154f600 next = 0x155b1d0

DEBUG:pkcs11_lib.c:239: dllName= <null> 

DEBUG:pkcs11_lib.c:238: modList = 0x155b1d0 next = 0x0

DEBUG:pkcs11_lib.c:239: dllName= libcoolkeypk11.so 

DEBUG:pkcs11_inspect.c:78: initialising pkcs #11 module...
DEBUG:pkcs11_inspect.c:95: no token available


# pkcs11-tool --module /usr/lib64/libcoolkeypk11.so -I -L
Cryptoki version 2.11
Manufacturer     Mozilla Foundation
Library          CoolKey PKCS #11 Module      (ver 1.0)
Available slots:
Slot 0 (0x1): Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface] (
  (empty)
No slot with a token was found.

# modutil -list -dbdir /etc/pki/nssdb/

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
	 slots: 2 slots attached
	status: loaded

	 slot: NSS Internal Cryptographic Services
	token: NSS Generic Crypto Services

	 slot: NSS User Private Key and Certificate Services
	token: NSS Certificate DB

  2. CoolKey PKCS #11 Module
	library name: libcoolkeypk11.so
	 slots: 1 slot attached
	status: loaded

	 slot: Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface] (
	token: 
-----------------------------------------------------------

Host:

/usr/libexec/qemu-kvm -name RHEL-7 -S -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off -cpu Nehalem -m size=3096576k,slots=16,maxmem=4294967296k -realtime mlock=off -smp 2,maxcpus=16,sockets=16,cores=1,threads=1 -numa node,nodeid=0,cpus=0-1,mem=3024 -uuid 27880bd2-8410-48fd-bd20-7c7e09610eea -smbios type=1,manufacturer=Red Hat,product=RHEV Hypervisor,version=7.2-7.el7,serial=34353736-3132-5A43-3135-333430314B33,uuid=27880bd2-8410-48fd-bd20-7c7e09610eea -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-RHEL-7/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=2015-10-20T16:08:08,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot menu=on,strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x5 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x7 -device usb-ccid,id=ccid0 -drive if=none,id=drive-ide0-1-0,readonly=on,format=raw,serial= -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=/rhev/data-center/00000001-0001-0001-0001-0000000002ae/a57f4682-87be-4902-92ee-0223ae3537be/images/9c7cae9d-af0c-4257-9ab2-61a266a96343/d3860a3c-d1bb-4803-8307-34608d9ef80b,if=none,id=drive-virtio-disk0,format=qcow2,serial=9c7cae9d-af0c-4257-9ab2-61a266a96343,cache=none,werror=stop,rerror=stop,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=27,id=hostnet0,vhost=on,vhostfd=28 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:16:01:58,bus=pci.0,addr=0x3 -chardev spicevmc,id=charsmartcard0,name=smartcard -device ccid-card-passthru,chardev=charsmartcard0,id=smartcard0,bus=ccid0.0 -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channels/27880bd2-8410-48fd-bd20-7c7e09610eea.com.redhat.rhevm.vdsm,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/27880bd2-8410-48fd-bd20-7c7e09610eea.org.qemu.guest_agent.0,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 -chardev spicevmc,id=charchannel2,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=3,chardev=charchannel2,id=channel2,name=com.redhat.spice.0 -spice port=5900,tls-port=5901,addr=10.34.73.137,x509-dir=/etc/pki/vdsm/libvirt-spice,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=33554432,vgamem_mb=16,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x9 -msg timestamp=on

Comment 1 Andrei Stepanov 2015-10-20 17:31:18 UTC

Created attachment 1084847 [details]
remote-viewer.exe log

Comment 2 Andrei Stepanov 2015-10-20 17:35:39 UTC

Created attachment 1084848 [details]
console vv file

Comment 3 Fabiano Fidêncio 2015-10-20 20:25:48 UTC

Looks like a dup of bug 1267386. Can you confirm this?

Comment 4 Andrei Stepanov 2015-10-21 10:43:10 UTC

Yes, it is.

*** This bug has been marked as a duplicate of bug 1267386 ***