Bug 1848629
Summary: | Smartcard is not detected by esc | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Radek Duda <rduda> | ||||||
Component: | esc | Assignee: | Jack Magne <jmagne> | ||||||
Status: | CLOSED ERRATA | QA Contact: | PKI QE <bugzilla-pkiqe> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 8.3 | CC: | aakkiang, jjelen, jmagne, mharmsen, spice-qe-bugs, sveerank | ||||||
Target Milestone: | rc | Keywords: | Regression, Triaged | ||||||
Target Release: | 8.0 | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2020-11-04 03:38:42 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Created attachment 1697984 [details]
opensc debug (version 0.19.0-7) - works here
I tried to reproduce this, but it behaves weirdly. In my RHEL 8.3 VM, sharing smart card does not detect it either (but this is probably because of piv driver is spelled wrongly in the configuration -- will fill different bug). I do not see any particular difference in the APDU traces collected from libcacard debug logs. In OpenSC, there are few changes in the code flow and in logging, but I do not see any functional difference what should prevent esc seeing the card correctly. Jack, can you help us to get some more verbose logs from ESC? Could there be something why the ESC does not see the emulated card with new opensc? Are there some particulart information it is looking for? In order to get some debugging info: At terminal: export NSPR_LOG_MODULES=all:5 export NSPR_LOG_FILE=/tmp/esc.log run esc from the terminal, make sure any current one is exited before doing so. Comparing the ESC logs, I am getting the difference in the following logs (the lines are a big mangled as there is probably more processes writing to the same file, but understandable): 38 CoolKeyGetFullReaderName entering: | 38 CoolKeyGetFullReaderName entering: 39 Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface] (1-0000:00:02.1:00.0-4) 00 00 | 39 Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface] (1-0000:00:02.1:00.0-4) 00 00 40 CoolKeyGetFullReaderName correct full name: | 40 CoolKeyGetFullReaderName reader: not the one. It looks like it does not recognize the reader name for some reason (even though in diff they are the same) with new OpenSC, which prevents it from continuing further. I will check either later in the evening or tomorrow why is that. Having a second look, the new OpenSC changed a way how the reader names are shortened for the PKCS #11 limitation of 65 characters. The old reader string loos like this (just cropped): Slot 0 (0x0): Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface] ( The new reader string has last three characters replaced with ellipsis: Slot 0 (0x0): Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface... This makes ESC code searching for substring failing for long reader names. I don't like much the idea of reverting this change in OpenSC for Fedora/RHEL or even in upstream. The new version is more user-readable but it somehow slipped through the list of changes (mostly because I did not know how ESC was doing this detection). Jack, would it be possible to change this in ESC to work also with the new shortening of reader names? It is most probably the same issue as in #1733643 (but fixing the configuration in ESC would be also helpful if we would be doing resping of ESC as I described in bug#1733643#c6). Moving to ESC until we will have final decission where and how we can fix this. Removing the 'need info' flag. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (esc bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4757 |
Created attachment 1697983 [details] opensc debug (version 0.20.0-2) Description of problem: Smart card is shared, but ESC does not detect it. Version-Release number of selected component (if applicable): guest rhel8.3: opensc-0.20.0-2.el8.x86_64 esc-1.1.2-12.el8.x86_64 pcsc-lite-1.8.23-3.el8.x86_64 pcsc-lite-libs-1.8.23-3.el8.x86_64 pcsc-lite-ccid-1.4.29-4.el8.x86_64 How reproducible: always Steps to Reproduce: 1.Share smartcard to guest 2. Open ESC 3. Actual results: no smartcard is displayed even thou pkcs11-tool shows right token and certificates Expected results: Smartcard is displayed in ESC. Additional info: If opensc is downgraded to opensc-0.19.0-7.el8.x86_64 it works.