Bug 1568088 - Any CAC (even a Debit Card) unlocks workstation [NEEDINFO]
Summary: Any CAC (even a Debit Card) unlocks workstation
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: opensc
Version: 7.4
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Jakub Jelen
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-16 18:25 UTC by Josip Vilicic
Modified: 2018-06-06 16:01 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-06 16:01:34 UTC
Target Upstream Version:
jjelen: needinfo? (jvilicic)


Attachments (Terms of Use)
Smart Card Manager with debit card inserted (44.49 KB, image/png)
2018-04-16 18:26 UTC, Josip Vilicic
no flags Details
output of following command when debit card is inserted: `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color` (73.17 KB, text/plain)
2018-04-16 18:27 UTC, Josip Vilicic
no flags Details
output of following command when CAC card is inserted: `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color` (120.73 KB, text/plain)
2018-04-16 18:28 UTC, Josip Vilicic
no flags Details

Description Josip Vilicic 2018-04-16 18:25:40 UTC
Description of problem:
Any CAC (even a Debit Card) unlocks workstation


Version-Release number of selected component (if applicable):
opensc


How reproducible:
consistent


Steps to Reproduce:
1) Configure SmartCard authentication
2) Initial login works
3) Pull out CAC, workstation locks as expected
3) Try to unlock workstation again with incorrect CAC


Actual results:
Workstation gets unlocked


Expected results:
Incorrect CAC cards (cards from other users, or Debit cards) shouldn't unlock system


Additional info:
- Using Oberthur ID One 128 v5.5a CAC cards and Dell Dell Smart Card Reader Keyboard

- Got customer to switch from CoolKey to OpenSC, but now they can't run `pksc11_eventmgr`:
    # pkcs11_eventmgr debug nodaemon
    DEBUG:pkcs11_eventmgr.c:379: Initializing NSS ...
    DEBUG:pkcs11_eventmgr.c:395: loading the module ...
    DEBUG:pkcs11_eventmgr.c:406: loading Module explictly, moduleSpec=<library="libopensc.so" name="SmartCard"> module=libopensc.so
    DEBUG:pkcs11_eventmgr.c:413: Failed to load SmartCard software

- # opensc-tool --atr
    Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00
    3b:db:96:00:80:1f:03:00:31:c0:64:b0:f3:10:00:07:90:00:80

- Seeing "card absent" and "card removed":
# OPENSC_DEBUG=9 pkcs11-tool -L
0x7efc3636b740 09:22:30.940 [opensc-pkcs11] ctx.c:790:sc_context_create: ===================================
0x7efc3636b740 09:22:30.940 [opensc-pkcs11] ctx.c:791:sc_context_create: opensc version: 0.16.0
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:754:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=1 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:1154:pcsc_detect_readers: called
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:1168:pcsc_detect_readers: Probing PC/SC readers
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:1196:pcsc_detect_readers: Establish PC/SC context
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1243:pcsc_detect_readers: Found new PC/SC reader 'Dell Dell Smart Card Reader Keyboard 00 00'
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:331:refresh_attributes: current  state: 0x00080012
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:332:refresh_attributes: previous state: 0x00000000
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:389:refresh_attributes: card absent
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1276:pcsc_detect_readers: Requesting reader features ... 
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1286:pcsc_detect_readers: Dell Dell Smart Card Reader Keyboard 00 00:SCardConnect(DIRECT): 0x00000000
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:999:detect_reader_features: called
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 06 found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 07 found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 0a found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 12 found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1048:detect_reader_features: Reader supports pinpad PIN verification
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1058:detect_reader_features: Reader supports pinpad PIN modification
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1087:detect_reader_features: Reader does not have a display.
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:940:part10_detect_max_data: get dwMaxAPDUDataSize property returned 65536
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:979:part10_get_vendor_product: id_vendor=413c id_product=2101
0x7efc3636b740 09:22:30.947 [opensc-pkcs11] reader-pcsc.c:1311:pcsc_detect_readers: reader's max-send-size: 65536, max-recv-size: 65536
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:1337:pcsc_detect_readers: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] misc.c:495:load_pkcs11_parameters: PKCS#11 options: max_virtual_slots=16 slots_per_card=4 hide_empty_tokens=1 lock_login=0 atomic=0 pin_unblock_style=0 zero_ckaid_for_ca_certs=0 create_slots_flags=0x8
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x0
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x1
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x2
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x3
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:168:initialize_reader: Initialize reader 'Dell Dell Smart Card Reader Keyboard 00 00': detect SC card presence
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:174:initialize_reader: Reader 'Dell Dell Smart Card Reader Keyboard 00 00' initialized
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] pkcs11-global.c:273:C_Initialize: C_Initialize() = CKR_OK
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] pkcs11-global.c:390:C_GetSlotList: C_GetSlotList(token=0, plug-n-play)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:1154:pcsc_detect_readers: called
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:1168:pcsc_detect_readers: Probing PC/SC readers
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:1337:pcsc_detect_readers: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:359:card_detect_all: Detect all cards
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:378:card_detect_all: All cards detected
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-global.c:426:C_GetSlotList: was only a size inquiry (1)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-global.c:390:C_GetSlotList: C_GetSlotList(token=0, refresh)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:359:card_detect_all: Detect all cards
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:378:card_detect_all: All cards detected
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-global.c:443:C_GetSlotList: returned 1 slots
Available slots:
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-global.c:494:C_GetSlotInfo: C_GetSlotInfo(0x0)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:359:card_detect_all: Detect all cards
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:378:card_detect_all: All cards detected
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-global.c:506:C_GetSlotInfo: C_GetSlotInfo() get slot rv 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:516:C_GetSlotInfo: C_GetSlotInfo() card detect rv 0xE0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:533:C_GetSlotInfo: C_GetSlotInfo() flags 0x6
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:534:C_GetSlotInfo: C_GetSlotInfo(0x0) = CKR_OK
Slot 0 (0x0): Dell Dell Smart Card Reader Keyboard 00 00
  (empty)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:304:C_Finalize: C_Finalize()
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] ctx.c:846:sc_cancel: called
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] reader-pcsc.c:677:pcsc_cancel: called
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] ctx.c:869:sc_release_context: called
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] reader-pcsc.c:834:pcsc_finish: called

Comment 2 Josip Vilicic 2018-04-16 18:26:38 UTC
Created attachment 1422670 [details]
Smart Card Manager with debit card inserted

Comment 3 Josip Vilicic 2018-04-16 18:27:43 UTC
Created attachment 1422671 [details]
output of following command when debit card is inserted:   `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color`

Comment 4 Josip Vilicic 2018-04-16 18:28:15 UTC
Created attachment 1422672 [details]
output of following command when CAC card is inserted:   `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color`

Comment 5 Jakub Jelen 2018-04-17 07:11:34 UTC
The log from OpenSC clearly says the card is not detected (when it is not CAC) so how is that supposed to unlock the screen?

Scanning through the sosreport from April 4th, I see that the pam_pkcs11.conf is still configured to use OpenSC. Can you share more up-to-date sos report with updated configuration files? It is also missing the nss_dir option as described in [1].

DEBUG:pkcs11_eventmgr.c:406: loading Module explictly, moduleSpec=<library="libopensc.so" name="SmartCard"> module=libopensc.so

This is really wrong. There should be no libopensc.so, but "opensc-pkcs11.so" as in the original configuration file!

That GDM lets anyone in with this misconfiguration is obviously an issue, can you verify that there is really nothing else in the system-wide NSS DB that is used (such as standalone certificates that would allow the users in) for example using certutil?

    certutil -L -d /etc/pki/nssdb/

[1] https://access.redhat.com/articles/3034441


Note You need to log in before you can comment on or make changes to this bug.