Bug 975600 - remote-viewer does not utilize smart card reader plugged when the client is running
remote-viewer does not utilize smart card reader plugged when the client is r...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss (Show other bugs)
5.10
Unspecified Linux
medium Severity medium
: rc
: ---
Assigned To: Elio Maldonado Batiz
Hubert Kario
: Reopened
Depends On: 811314
Blocks: 802435 801854 806038
  Show dependency treegraph
 
Reported: 2013-06-18 17:57 EDT by Aleš Mareček
Modified: 2013-09-30 18:43 EDT (History)
18 users (show)

See Also:
Fixed In Version: nss-3.14.3-11.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 811314
Environment:
Last Closed: 2013-09-30 18:43:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aleš Mareček 2013-06-18 17:57:39 EDT
+++ This bug was initially created as a clone of Bug #811314 +++

+++ This bug was initially created as a clone of Bug #806038 +++

Leaving the original title for now. I don't have a reproducer without remote-viewer. Actually just using firefox should do the trick, I guess something like this:

((((---- Suggestion only

1. add libcoolkey.so provider
2. insert reader while firefox is running, and the "view certificates" dialog is open.

Results:
no card detected.

Expected:
see the card (get logging dialog).

End Suggestion only ----))))

+++ This bug was initially created as a clone of Bug #802435 +++

Steps to reproduce + environment are the same as in cloned bug, just the client cli is a bit different:
remote-viewer --spice-smartcard spice://<host>/?port=<port>

Actual results:
from user POV: nothing happens
debug console output (no matter if card is pre-inserted or not or how many times it is reinserted):
(remote-viewer:23596): GSpice-DEBUG: usb-device-manager.c:598 device added 0xb92ff0
(remote-viewer:23596): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:23596): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued

Expected results:
remote-viewer recognizes the reader and offers authentication once the card is inserted.

Additional info:
debug output when the reader is plugged in before client start:
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20258b0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025810
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20256d0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025950
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:124 smartcard-8:0: spice_channel_constructed
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:2086 Started background coroutine 0x209d998 for smartcard-8:0
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1660 smartcard-8:0: spice_channel_recv_link_msg: 1 caps
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1084 smartcard-8:0: channel up, state 5
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:424 smartcard_manager_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:459 vcard_emul_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:470 smartcard_manager_init end: 1
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:518 smartcard_manager_finish
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 3
// card insert
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:292 smartcard: card-inserted
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 5, queued
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 5
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 7
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 7, now
// guest's gdm 

(last two messages repeated many times)


+++ This bug was initially created as a clone of Bug #801854 +++

Created attachment 568960 [details]
backtrace

Description of problem:
spicec crashes (segfaults) when smartcard is plugged while guest expects smartcard auth

Version-Release number of selected component (if applicable):
spice-client-0.8.2-13.el6.x86_64
coolkey-1.1.0-19.el6.x86_64
pcsc-lite-1.5.2-6.el6.x86_64

How reproducible:
always

Steps to Reproduce:
0. unplug the reader from the client
1. boot up the RHEL guest to smartcard-enabled gdm
2. (optional: select "smartcard authentication")
3. run spicec --smartcard <other opts>
4. plug the smartcard reader
  
Actual results:
spicec crashes with segmentation fault

Expected results:
spicec continues running

Additional info:
  * does not happen when sc reader is already plugged in at the launch of spicec
  * messages in log (with DEBUG level) from reader insertion to the crash:
1331309793 INFO [23904:23916] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331309793 INFO [23904:23904] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x960dc0
  * log messages when reader is plugged at spicec launch and spiced does
    not crash:
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x28bae60
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_reader: adding 0x28bae60->0
   * log messages when user removes and re-inserts smartcard:
1331310684 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_REMOVE
1331310691 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310692 DEBUG [2326:2326] SmartCardChannel::send_atr: ATR: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:   31: recv APDU: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:  sent APDU:
Comment 2 RHEL Product and Program Management 2013-06-18 18:17:20 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 4 Elio Maldonado Batiz 2013-07-01 11:09:18 EDT
Regarding testing, I have marked it as fixed in nss-3.14.3-11.el5 as this is the latest build. I could have marked it as nss-3.14.3-1.el5 as this was the first build with the rebase which is where the fix appears.
Comment 8 errata-xmlrpc 2013-09-30 18:43:22 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1318.html

Note You need to log in before you can comment on or make changes to this bug.