Bug 975600 - remote-viewer does not utilize smart card reader plugged when the client is running
Summary: remote-viewer does not utilize smart card reader plugged when the client is r...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss
Version: 5.10
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Elio Maldonado Batiz
QA Contact: Hubert Kario
URL:
Whiteboard:
Depends On: 811314
Blocks: 801854 802435 806038
TreeView+ depends on / blocked
 
Reported: 2013-06-18 21:57 UTC by Aleš Mareček
Modified: 2013-09-30 22:43 UTC (History)
18 users (show)

Fixed In Version: nss-3.14.3-11.el5
Doc Type: Bug Fix
Doc Text:
Clone Of: 811314
Environment:
Last Closed: 2013-09-30 22:43:22 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1318 0 normal SHIPPED_LIVE nss bug fix and enhancement update 2013-09-30 21:13:17 UTC

Description Aleš Mareček 2013-06-18 21:57:39 UTC
+++ This bug was initially created as a clone of Bug #811314 +++

+++ This bug was initially created as a clone of Bug #806038 +++

Leaving the original title for now. I don't have a reproducer without remote-viewer. Actually just using firefox should do the trick, I guess something like this:

((((---- Suggestion only

1. add libcoolkey.so provider
2. insert reader while firefox is running, and the "view certificates" dialog is open.

Results:
no card detected.

Expected:
see the card (get logging dialog).

End Suggestion only ----))))

+++ This bug was initially created as a clone of Bug #802435 +++

Steps to reproduce + environment are the same as in cloned bug, just the client cli is a bit different:
remote-viewer --spice-smartcard spice://<host>/?port=<port>

Actual results:
from user POV: nothing happens
debug console output (no matter if card is pre-inserted or not or how many times it is reinserted):
(remote-viewer:23596): GSpice-DEBUG: usb-device-manager.c:598 device added 0xb92ff0
(remote-viewer:23596): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:23596): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued

Expected results:
remote-viewer recognizes the reader and offers authentication once the card is inserted.

Additional info:
debug output when the reader is plugged in before client start:
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20258b0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025810
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x20256d0
(remote-viewer:24142): GSpice-DEBUG: usb-device-manager.c:598 device added 0x2025950
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:124 smartcard-8:0: spice_channel_constructed
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:2086 Started background coroutine 0x209d998 for smartcard-8:0
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1660 smartcard-8:0: spice_channel_recv_link_msg: 1 caps
(remote-viewer:24142): GSpice-DEBUG: spice-channel.c:1084 smartcard-8:0: channel up, state 5
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:424 smartcard_manager_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:459 vcard_emul_init
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:470 smartcard_manager_init end: 1
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:273 smartcard: reader-added
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 3, queued
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:518 smartcard_manager_finish
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 3
// card insert
(remote-viewer:24142): GSpice-DEBUG: smartcard-manager.c:292 smartcard: card-inserted
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 5, queued
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 2
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:488 smartcard: in flight 5
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:484 smartcard: handle msg 7
(remote-viewer:24142): GSpice-DEBUG: channel-smartcard.c:314 smartcard: send message 7, now
// guest's gdm 

(last two messages repeated many times)


+++ This bug was initially created as a clone of Bug #801854 +++

Created attachment 568960 [details]
backtrace

Description of problem:
spicec crashes (segfaults) when smartcard is plugged while guest expects smartcard auth

Version-Release number of selected component (if applicable):
spice-client-0.8.2-13.el6.x86_64
coolkey-1.1.0-19.el6.x86_64
pcsc-lite-1.5.2-6.el6.x86_64

How reproducible:
always

Steps to Reproduce:
0. unplug the reader from the client
1. boot up the RHEL guest to smartcard-enabled gdm
2. (optional: select "smartcard authentication")
3. run spicec --smartcard <other opts>
4. plug the smartcard reader
  
Actual results:
spicec crashes with segmentation fault

Expected results:
spicec continues running

Additional info:
  * does not happen when sc reader is already plugged in at the launch of spicec
  * messages in log (with DEBUG level) from reader insertion to the crash:
1331309793 INFO [23904:23916] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331309793 INFO [23904:23904] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x960dc0
  * log messages when reader is plugged at spicec launch and spiced does
    not crash:
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_READER_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_unallocated_reader: adding unallocated reader 0x28bae60
1331310580 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310580 INFO [2326:2326] SmartCardChannel::add_reader: adding 0x28bae60->0
   * log messages when user removes and re-inserts smartcard:
1331310684 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_REMOVE
1331310691 INFO [2326:2338] SmartCardChannel::cac_card_events_thread_main: VEVENT_CARD_INSERT
1331310692 DEBUG [2326:2326] SmartCardChannel::send_atr: ATR: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:   31: recv APDU: 
1331310692 DEBUG [2326:2326] VSCMessageEvent::response:  sent APDU:

Comment 2 RHEL Program Management 2013-06-18 22:17:20 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 4 Elio Maldonado Batiz 2013-07-01 15:09:18 UTC
Regarding testing, I have marked it as fixed in nss-3.14.3-11.el5 as this is the latest build. I could have marked it as nss-3.14.3-1.el5 as this was the first build with the rebase which is where the fix appears.

Comment 8 errata-xmlrpc 2013-09-30 22:43:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1318.html


Note You need to log in before you can comment on or make changes to this bug.