Am 09.10.20 um 13:18 schrieb Nikos
Mavrogiannopoulos:
This the unchanged output:LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color | tee log.txt
[root@localhost-live liveuser]# LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color | tee log.txt
00000000 debuglog.c:299:DebugLogSetLevel() debug level=debug
00000040 debuglog.c:320:DebugLogSetCategory() Debug options: APDU
00000017 [140407890258048] pcscdaemon.c:353:main() Force colored logs
00000464 [140407890258048] utils.c:81:GetDaemonPid() Can't open /run/pcscd/pcscd.pid: No such file or directory
00000235 [140407890258048] configfile.l:293:DBGetReaderListDir() Parsing conf directory: /etc/reader.conf.d
00000043 [140407890258048] configfile.l:329:DBGetReaderListDir() Skipping non regular file: .
00000009 [140407890258048] configfile.l:369:DBGetReaderList() Parsing conf file: /etc/reader.conf.d/libccidtwin
00000271 [140407890258048] configfile.l:329:DBGetReaderListDir() Skipping non regular file: ..
00000035 [140407890258048] pcscdaemon.c:663:main() pcsc-lite 1.9.0 daemon ready.
00010542 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000277 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000282 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x058F, PID: 0x6387, path: /dev/bus/usb/001/002
00000288 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000280 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1286, PID: 0x204C, path: /dev/bus/usb/001/004
00000267 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1286, PID: 0x204C, path: /dev/bus/usb/001/004
00000250 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000360 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x045E, PID: 0x09C0, path: /dev/bus/usb/001/003
00000412 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0003, path: /dev/bus/usb/002/001
00000243 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0003, path: /dev/bus/usb/002/001
00000288 [140407890258048] hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x045E, PID: 0x090C, path: /dev/bus/usb/002/002
95411976 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000024 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 7
00000003 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 7
00595098 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000019 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 13
00000003 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 13
00222759 [140407873467968] auth.c:137:IsClientAuthorized() Process 33327 (user: 1001) is NOT authorized for action: access_pcsc
00000125 [140407873467968] winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000065 [140407873467968] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=7, threadContext @0x555c31f5c610
00000027 [140407873467968] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f5c610
00000101 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000014 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 7
00000011 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 7
40774480 [140407774111296] winscard_svc.c:340:ContextThread() Authorized PC/SC client
00000013 [140407774111296] winscard_svc.c:343:ContextThread() Thread is started: dwClientID=13, threadContext @0x555c31f6fe40
00000009 [140407774111296] winscard_svc.c:361:ContextThread() Received command: CMD_VERSION from client 13
00000004 [140407774111296] winscard_svc.c:373:ContextThread() Client is protocol version 4:4
00000002 [140407774111296] winscard_svc.c:396:ContextThread() CMD_VERSION rv=0x0 for client 13
00000045 [140407774111296] winscard_svc.c:361:ContextThread() Received command: ESTABLISH_CONTEXT from client 13
00000007 [140407774111296] winscard.c:215:SCardEstablishContext() Establishing Context: 0x1A91F22B
00000003 [140407774111296] winscard_svc.c:461:ContextThread() ESTABLISH_CONTEXT rv=0x0 for client 13
00000045 [140407774111296] winscard_svc.c:361:ContextThread() Received command: CMD_GET_READERS_STATE from client 13
00000093 [140407774111296] winscard_svc.c:361:ContextThread() Received command: CMD_GET_READERS_STATE from client 13
00000079 [140407774111296] winscard_svc.c:361:ContextThread() Received command: CMD_GET_READERS_STATE from client 13
00000034 [140407774111296] winscard_svc.c:361:ContextThread() Received command: CMD_GET_READERS_STATE from client 13
00000305 [140407774111296] winscard_svc.c:361:ContextThread() Received command: RELEASE_CONTEXT from client 13
00000008 [140407774111296] winscard.c:229:SCardReleaseContext() Releasing Context: 0x1A91F22B
00000003 [140407774111296] winscard_svc.c:476:ContextThread() RELEASE_CONTEXT rv=0x0 for client 13
00000028 [140407774111296] winscard_svc.c:354:ContextThread() Client die: 13
00000012 [140407774111296] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=13, threadContext @0x555c31f6fe40
00000002 [140407774111296] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f6fe40
00032436 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000024 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 13
00000002 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 13
02193775 [140407765718592] auth.c:137:IsClientAuthorized() Process 33327 (user: 1001) is NOT authorized for action: access_pcsc
00000894 [140407765718592] winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000053 [140407765718592] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=7, threadContext @0x555c31f5bf50
00000010 [140407765718592] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f5bf50
00000520 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000049 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 7
00000009 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 7
01026171 [140407774111296] auth.c:137:IsClientAuthorized() Process 33529 (user: 1001) is NOT authorized for action: access_pcsc
00000046 [140407774111296] winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000053 [140407774111296] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=13, threadContext @0x555c31f6fe40
00000010 [140407774111296] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f6fe40
00000381 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000043 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 13
00000009 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 13
00527231 [140407765718592] auth.c:137:IsClientAuthorized() Process 33327 (user: 1001) is NOT authorized for action: access_pcsc
00000037 [140407765718592] winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000042 [140407765718592] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=7, threadContext @0x555c31f5bf50
00000009 [140407765718592] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f5bf50
00000495 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000053 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 7
00000010 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 7
00492770 [140407774111296] auth.c:137:IsClientAuthorized() Process 33529 (user: 1001) is NOT authorized for action: access_pcsc
00000011 [140407774111296] winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000018 [140407774111296] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=13, threadContext @0x555c31f6fe40
00000003 [140407774111296] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f6fe40
00000127 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000012 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 13
00000002 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 13
00615458 [140407765718592] auth.c:137:IsClientAuthorized() Process 33327 (user: 1001) is NOT authorized for action: access_pcsc
00000033 [140407765718592] winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000037 [140407765718592] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=7, threadContext @0x555c31f5bf50
00000008 [140407765718592] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f5bf50
00409330 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000019 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 7
00000002 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 7
02333423 [140407774111296] auth.c:137:IsClientAuthorized() Process 33529 (user: 1001) is NOT authorized for action: access_pcsc
00000016 [140407774111296] winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000031 [140407774111296] winscard_svc.c:1055:MSGCleanupClient() Thread is stopping: dwClientID=13, threadContext @0x555c31f6fe40
00000003 [140407774111296] winscard_svc.c:1063:MSGCleanupClient() Freeing SCONTEXT @0x555c31f6fe40
00000083 [140407890258048] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
00000013 [140407890258048] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 13
00000002 [140407890258048] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 13
Main-problem with it: ABORT just loops to the same requester again and again, resulting in an endless loop.
First thing to change to pcscd, accept an abort for what it is and don't ask again.
That would solve the major problem, still anoying, but at least it doesn't stop the session login.
Second thing to chance: just ask, if a usable hw is found. Asking permission for an impossible task is the definition of madness.
Back to your request to change the policy:
I don't see any restrictions for remote access. ( F33 has same as https://pastebin.com/Mn8mzjVp )
<allow any>auth_admin
<allow_inactive>auth_admin
<allow_active>yes
and I have no clue, besides setting those above to "no", which had the hoped result(tested), how to change the file to ignore or skip the request it generates via polkit when gnome starts.But I'm pretty sure, changing the policy file, just makes thing unusable in case a smartcardread is really available in the system.
As all the opensc tools supplied just return "No smart card readers found.", an invoke of the accessrequest should only be made, if a smartcard is really accessed and not everytime someone logs in.
And from what i can see on the net, you're the man who knows the answeres ;)
To test it, just start the xrdp on your local machine and rdp to 127.0.0.1 OR run it in boxen and connect to the virtual ip of the started vm.
It doesn't matter if it's a real hw or not. You will instantly see the problem yourself. Here is a screenshot :
https://marius.bloggt-in-braunschweig.de/files/2020/10/remmina_Fedora-33_192.168.122.19_2020108-9353733515-1536x864.png
best regards,
Marius
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx