Bug 806038

Summary: Coolkey always creates a phantom EGate reader even when no reader exists.
Product: Red Hat Enterprise Linux 6 Reporter: Alon Levy <alevy>
Component: coolkeyAssignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: acathrow, alevy, amarecek, cfergeau, ckannan, cwei, dblechte, ddumas, djasa, emaldona, hbrock, jrieden, mkenneth, mzhan, rpattath, rrelyea, sforsber, sradvan, tlavigne, zpeng
Target Milestone: rcKeywords: Reopened
Target Release: 6.5   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: coolkey-1.1.0-27.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 802435
: 811314 (view as bug list) Environment:
Last Closed: 2013-11-21 23:05:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 811314, 975600    
Bug Blocks: 801854, 802435, 960054    
Attachments:
Description Flags
patch 1/3 for proposed fix
none
patch 2/3 for propsed fix
none
patch 3/4 for propsed fix (previous two should be 1/4 and 2/4 respectively)
none
patch 4/4 for propsed fix none

Description Alon Levy 2012-03-22 17:56:44 UTC 
Leaving the original title for now. I don't have a reproducer without remote-viewer. Actually just using firefox should do the trick, I guess something like this:

((((---- Suggestion only

1. add libcoolkey.so provider
2. insert reader while firefox is running, and the "view certificates" dialog is open.

Results:
no card detected.

Expected:
see the card (get logging dialog).

End Suggestion only ----))))

+++ This bug was initially created as a clone of Bug #802435 +++

Steps to reproduce + environment are the same as in cloned bug, just the client cli is a bit different:
remote-viewer --spice-smartcard spice://<host>/?port=<port>

Actual results:
from user POV: nothing happens
debug console output (no matter if card is pre-inserted or not or how many times it is reinserted):
(remote-viewer:23596): GSpice-DEBUG: usb-device-manager.c:598 device added 0xb92ff0
(remote-viewer:23596): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:23596): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued

Expected results:
remote-viewer recognizes the reader and offers authentication once the card is inserted.

Additional info:
debug output when the reader is plugged in before client start:
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20258b0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025810
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20256d0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025950
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:124 smartcard-8:0: spice_channel_constructed
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:2086 Started background coroutine 0x209d998 for smartcard-8:0
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1660 smartcard-8:0: spice_channel_recv_link_msg: 1 caps
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1084 smartcard-8:0: channel up, state 5
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:424 smartcard_manager_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:459 vcard_emul_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:470 smartcard_manager_init end: 1
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:518 smartcard_manager_finish
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 3
// card insert
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:292 smartcard: card-inserted
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 5, queued
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 5
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 7
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 7, now
// guest's gdm 

(last two messages repeated many times)


+++ This bug was initially created as a clone of Bug #801854 +++

Created attachment 568960 [details]
backtrace

Description of problem:
spicec crashes (segfaults) when smartcard is plugged while guest expects smartcard auth

Version-Release number of selected component (if applicable):
spice-client-0.8.2-13.el6.x86_64
coolkey-1.1.0-19.el6.x86_64
pcsc-lite-1.5.2-6.el6.x86_64

How reproducible:
always

Steps to Reproduce:
0. unplug the reader from the client
1. boot up the RHEL guest to smartcard-enabled gdm
2. (optional: select "smartcard authentication")
3. run spicec --smartcard <other opts>
4. plug the smartcard reader
  
Actual results:
spicec crashes with segmentation fault

Expected results:
spicec continues running

Additional info:
  * does not happen when sc reader is already plugged in at the launch of spicec
  * messages in log (with DEBUG level) from reader insertion to the crash:
1331309793 INFO [23904:23916] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331309793 INFO [23904:23904] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x960dc0
  * log messages when reader is plugged at spicec launch and spiced does
    not crash:
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x28bae60
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_reader: adding 0x28bae60->0
   * log messages when user removes and re-inserts smartcard:
1331310684 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_REMOVE
1331310691 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310692 DEBUG [2326:2326] SmartCardChannel::send_atr: ATR: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:   31: recv APDU: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:  sent APDU:

--- Additional comment from djasa on 2012-03-09 17:43:29 CET ---

Created attachment 568961 [details]
pcscd debug output from card insertion to client segfault

--- Additional comment from alevy on 2012-03-13 11:44:07 EDT ---

Please provide debug information from qemu side by passing the debug flag to ccid-card-passthru:

-device ccid-card-passthru,debug=10

# I don't remember the maximum value for debug, 10 should do

Thanks,
Alon

--- Additional comment from alevy on 2012-03-13 12:28:00 EDT ---

Maybe usbredir took the device? can you try adding "--spice-disable-usbredir" to remote-viewer invocation?

Thanks,
Alon

--- Additional comment from djasa on 2012-03-16 05:32:52 EDT ---

Clearing needinfo, all info requested was provided in a debugging session.

--- Additional comment from alevy on 2012-03-19 09:43:35 EDT ---

Managed to reproduce locally, thanks for the help.

Alon

--- Additional comment from alevy on 2012-03-22 13:51:25 EDT ---

The bug is not in virt-viewer, it's in libcoolkey and libcacard:

 coolkey creates a default fake reader and then passes it on to pcscd, confusing it, causing no notifications of new readers.

 libcacard stops the per-module event blocking thread when there are no slots (caused by removing last reader)

Changing component and cloning, have patches for both upstream, will post and start the process of rebasing them.

Alon
Comment 2 Alon Levy 2012-03-26 17:04:19 UTC 
Created attachment 572809 [details]
patch 1/3 for proposed fix
Comment 3 Alon Levy 2012-03-26 17:04:44 UTC 
Created attachment 572810 [details]
patch 2/3 for propsed fix
Comment 4 Alon Levy 2012-03-26 17:05:29 UTC 
Created attachment 572811 [details]
patch 3/4 for propsed fix (previous two should be 1/4 and 2/4 respectively)
Comment 5 Alon Levy 2012-03-26 17:05:51 UTC 
Created attachment 572812 [details]
patch 4/4 for propsed fix
Comment 8 RHEL Program Management 2012-04-09 23:34:55 UTC 
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.
Comment 33 Bob Relyea 2013-08-12 19:14:41 UTC 
fixed in coolkey-1.1.0-27.el6
Comment 35 Roshni 2013-09-06 19:50:09 UTC 
I am using OmniKey CardMan 3121 00 00 with Gemalto 64K card.

I remove the smart card reader, start firefox, go to Security Devices - Nothing is listed under the Coolkey Module. 
I plugin the reader but card is not inserted - still nothing is list under the Module.
I insert the card - The card is detected and displayed under the Module.
I remove the card - The card reader is displayed under the module.
Comment 37 Bob Relyea 2013-11-12 01:17:38 UTC 
errata updated.
Comment 38 errata-xmlrpc 2013-11-21 23:05:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1699.html