806038 – Coolkey always creates a phantom EGate reader even when no reader exists.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 806038 - Coolkey always creates a phantom EGate reader even when no reader exists.

Summary: Coolkey always creates a phantom EGate reader even when no reader exists.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	coolkey
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	6.5
Assignee:	Bob Relyea
QA Contact:	Asha Akkiangady
Docs Contact:
URL:
Whiteboard:
Depends On:	811314 975600
Blocks:	801854 802435 960054
TreeView+	depends on / blocked

Reported:	2012-03-22 17:56 UTC by Alon Levy
Modified:	2015-09-28 02:09 UTC (History)
CC List:	20 users (show)
Fixed In Version:	coolkey-1.1.0-27.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	802435
Clones:	811314 (view as bug list)
Environment:
Last Closed:	2013-11-21 23:05:16 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch 1/3 for proposed fix (1.35 KB, patch) 2012-03-26 17:04 UTC, Alon Levy	no flags	Details \| Diff
patch 2/3 for propsed fix (926 bytes, patch) 2012-03-26 17:04 UTC, Alon Levy	no flags	Details \| Diff
patch 3/4 for propsed fix (previous two should be 1/4 and 2/4 respectively) (2.35 KB, patch) 2012-03-26 17:05 UTC, Alon Levy	no flags	Details \| Diff
patch 4/4 for propsed fix (705 bytes, patch) 2012-03-26 17:05 UTC, Alon Levy	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1699	0	normal	SHIPPED_LIVE	coolkey bug fix and enhancement update	2013-11-20 21:52:09 UTC

Description Alon Levy 2012-03-22 17:56:44 UTC

Leaving the original title for now. I don't have a reproducer without remote-viewer. Actually just using firefox should do the trick, I guess something like this:

((((---- Suggestion only

1. add libcoolkey.so provider
2. insert reader while firefox is running, and the "view certificates" dialog is open.

Results:
no card detected.

Expected:
see the card (get logging dialog).

End Suggestion only ----))))

+++ This bug was initially created as a clone of Bug #802435 +++

Steps to reproduce + environment are the same as in cloned bug, just the client cli is a bit different:
remote-viewer --spice-smartcard spice://<host>/?port=<port>

Actual results:
from user POV: nothing happens
debug console output (no matter if card is pre-inserted or not or how many times it is reinserted):
(remote-viewer:23596): GSpice-DEBUG: usb-device-manager.c:598 device added 0xb92ff0
(remote-viewer:23596): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:23596): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued

Expected results:
remote-viewer recognizes the reader and offers authentication once the card is inserted.

Additional info:
debug output when the reader is plugged in before client start:
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20258b0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025810
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20256d0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025950
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:124 smartcard-8:0: spice_channel_constructed
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:2086 Started background coroutine 0x209d998 for smartcard-8:0
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1660 smartcard-8:0: spice_channel_recv_link_msg: 1 caps
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1084 smartcard-8:0: channel up, state 5
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:424 smartcard_manager_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:459 vcard_emul_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:470 smartcard_manager_init end: 1
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:518 smartcard_manager_finish
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 3
// card insert
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:292 smartcard: card-inserted
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 5, queued
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 5
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 7
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 7, now
// guest's gdm 

(last two messages repeated many times)


+++ This bug was initially created as a clone of Bug #801854 +++

Created attachment 568960 [details]
backtrace

Description of problem:
spicec crashes (segfaults) when smartcard is plugged while guest expects smartcard auth

Version-Release number of selected component (if applicable):
spice-client-0.8.2-13.el6.x86_64
coolkey-1.1.0-19.el6.x86_64
pcsc-lite-1.5.2-6.el6.x86_64

How reproducible:
always

Steps to Reproduce:
0. unplug the reader from the client
1. boot up the RHEL guest to smartcard-enabled gdm
2. (optional: select "smartcard authentication")
3. run spicec --smartcard <other opts>
4. plug the smartcard reader
  
Actual results:
spicec crashes with segmentation fault

Expected results:
spicec continues running

Additional info:
  * does not happen when sc reader is already plugged in at the launch of spicec
  * messages in log (with DEBUG level) from reader insertion to the crash:
1331309793 INFO [23904:23916] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331309793 INFO [23904:23904] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x960dc0
  * log messages when reader is plugged at spicec launch and spiced does
    not crash:
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x28bae60
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_reader: adding 0x28bae60->0
   * log messages when user removes and re-inserts smartcard:
1331310684 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_REMOVE
1331310691 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310692 DEBUG [2326:2326] SmartCardChannel::send_atr: ATR: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:   31: recv APDU: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:  sent APDU:

--- Additional comment from djasa on 2012-03-09 17:43:29 CET ---

Created attachment 568961 [details]
pcscd debug output from card insertion to client segfault

--- Additional comment from alevy on 2012-03-13 11:44:07 EDT ---

Please provide debug information from qemu side by passing the debug flag to ccid-card-passthru:

-device ccid-card-passthru,debug=10

# I don't remember the maximum value for debug, 10 should do

Thanks,
Alon

--- Additional comment from alevy on 2012-03-13 12:28:00 EDT ---

Maybe usbredir took the device? can you try adding "--spice-disable-usbredir" to remote-viewer invocation?

Thanks,
Alon

--- Additional comment from djasa on 2012-03-16 05:32:52 EDT ---

Clearing needinfo, all info requested was provided in a debugging session.

--- Additional comment from alevy on 2012-03-19 09:43:35 EDT ---

Managed to reproduce locally, thanks for the help.

Alon

--- Additional comment from alevy on 2012-03-22 13:51:25 EDT ---

The bug is not in virt-viewer, it's in libcoolkey and libcacard:

 coolkey creates a default fake reader and then passes it on to pcscd, confusing it, causing no notifications of new readers.

 libcacard stops the per-module event blocking thread when there are no slots (caused by removing last reader)

Changing component and cloning, have patches for both upstream, will post and start the process of rebasing them.

Alon

Comment 2 Alon Levy 2012-03-26 17:04:19 UTC

Created attachment 572809 [details]
patch 1/3 for proposed fix

Comment 3 Alon Levy 2012-03-26 17:04:44 UTC

Created attachment 572810 [details]
patch 2/3 for propsed fix

Comment 4 Alon Levy 2012-03-26 17:05:29 UTC

Created attachment 572811 [details]
patch 3/4 for propsed fix (previous two should be 1/4 and 2/4 respectively)

Comment 5 Alon Levy 2012-03-26 17:05:51 UTC

Created attachment 572812 [details]
patch 4/4 for propsed fix

Comment 8 RHEL Program Management 2012-04-09 23:34:55 UTC

Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Comment 33 Bob Relyea 2013-08-12 19:14:41 UTC

fixed in coolkey-1.1.0-27.el6

Comment 35 Roshni 2013-09-06 19:50:09 UTC

I am using OmniKey CardMan 3121 00 00 with Gemalto 64K card.

I remove the smart card reader, start firefox, go to Security Devices - Nothing is listed under the Coolkey Module. 
I plugin the reader but card is not inserted - still nothing is list under the Module.
I insert the card - The card is detected and displayed under the Module.
I remove the card - The card reader is displayed under the module.

Comment 37 Bob Relyea 2013-11-12 01:17:38 UTC

errata updated.

Comment 38 errata-xmlrpc 2013-11-21 23:05:16 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1699.html

Note You need to log in before you can comment on or make changes to this bug.

acathrow
alevy
amarecek
cfergeau
ckannan
cwei
dblechte
ddumas
djasa
emaldona
hbrock
jrieden
mkenneth
mzhan
rpattath
rrelyea
sforsber
sradvan
tlavigne
zpeng