search

LudovicRousseau / pcsc-tools

Some tools to be used with smart cards and PC/SC
https://pcsc-tools.apdu.fr/
GNU General Public License v2.0
185 stars 63 forks source link

Running pcsc_scan as normal user results in SCardEstablishContext: RPC transport error because of missing polkit rule in Gentoo/Funtoo. #40

Closed zdavatz closed 3 years ago

zdavatz commented 3 years ago

Running pcsc_scan as normal user results in SCardEstablishContext: RPC transport error.

I am trying to get my SCM Microsystems, Inc. CLOUD 2700 R Smart Card Reader working on Funtoo.

  1. lsusb works. It shows the reader.
  2. dmsg shows the Reader as well.
  3. sudo /etc/init.d/pcscd start is working as well.
  4. When I do: pcsc_scan
  5. I get: SCardEstablishContext: RPC transport error.
  6. pcsc-lite is at version 1.8.25 installed
  7. sys-apps/pcsc-tools 1.5.3 installed
  8. app-crypt/ccid 1.4.30 installed.
  9. I have to do sudo /usr/sbin/pcscd -a -f
  10. Then sudo pcsc_scan works perfectly well.
  11. Of course I do not want to run my App with Root privileges and I do not want to manually have to start sudo /usr/sbin/pcscd -a -f.
  12. This issue is also reported in https://wiki.gentoo.org/wiki/Talk:PCSC-Lite

this is the Funtoo Bug report: https://bugs.funtoo.org/browse/FL-7563

zdavatz commented 3 years ago

~> opensc-tool --list-readers No smart card readers found. ~> sudo opensc-tool --list-readers Passwort: Detected readers (pcsc) Nr. Card Features Name 0 No Identive CLOUD 2700 R Smart Card Reader [CCID Interface] (53691321200649) 00 00

LudovicRousseau commented 3 years ago

If I understand correctly the problem reported in https://wiki.gentoo.org/wiki/Talk:PCSC-Lite is that pcscd is not started as the correct user (or that the configuration is not complete so that pcscd can run as a non-root user).

In your case does this configuration works:

zdavatz commented 3 years ago

No this does not work, get the same error SCardEstablishContext: RPC transport error.

In the other screen I get:

00000018 [140235057317760] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_msg_srv.c:266:ProcessEventsServer() ProcessCommonChannelRequest detects: 14
00000006 [140235057317760] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 14
00005333 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/auth.c:135:IsClientAuthorized() Process 5569 (user: 1000) is NOT authorized for action: access_pcsc
00000169 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000017 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_svc.c:1053:MSGCleanupClient() Thread is stopping: dwClientID=14, threadContext @0x55faae2a05b0
00000007 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_svc.c:1061:MSGCleanupClient() Freeing SCONTEXT @0x55faae2a05b
LudovicRousseau commented 3 years ago

It is a configuration issue in your system. Maybe your user needs to be in the group pcscd or something similar. See also the policykit configuration of your system.

zdavatz commented 3 years ago

My user is in the pcscd group.

When I compile version 1.9.0 from source according to: https://pcsclite.apdu.fr/ pcsc_scan without sudo works but it does not read the card.

sudo /usr/local/sbin/pcscd --foreground --debug

results in

00000012 [140356365488320] hotplug_libudev.c:440:HPAddDevice() Adding USB device: Identiv uTrust 2700 R Smart Card Reader
00000058 [140356365488320] readerfactory.c:1079:RFInitializeReader() Attempting startup of Identiv uTrust 2700 R Smart Card Reader [CCID Interface] (53691321200649) 00 00 using /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35
00000170 [140356365488320] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: libusb-0.1.so.4: cannot open shared object file: No such file or directory
00000010 [140356365488320] readerfactory.c:1087:RFInitializeReader() RFLoadReader failed: 0x80100014
00000006 [140356365488320] readerfactory.c:380:RFAddReader() Identiv uTrust 2700 R Smart Card Reader [CCID Interface] (53691321200649) init failed.
00000007 [140356365488320] hotplug_libudev.c:526:HPAddDevice() Failed adding USB device: Identiv uTrust 2700 R Smart Card Reader
00000012 [140356365488320] utils.c:125:CheckForOpenCT() File /var/run/openct/status found. Remove OpenCT and try again
LudovicRousseau commented 3 years ago

00000170 [140356365488320] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: libusb-0.1.so.4: cannot open shared object file: No such file or directory

The driver is complaining that libusb-0.1.so.4 is missing.

Maybe you should use my ccid driver instead of the proprietary SCM driver.

zdavatz commented 3 years ago

How do I install your ccid driver? I am using the one provided by Funtoo/Gentoo.

LudovicRousseau commented 3 years ago

Maybe you should not use Gentoo if you are now able to find a package https://packages.gentoo.org/packages/app-crypt/ccid

zdavatz commented 3 years ago

that is what I am using, version 1.4.30 from Gentoo.

Your CCID gives me the following configure error:

  1. ./bootstrap
  2. ./configure 
    ./configure: line 2236: syntax error near unexpected token `1.8'
./configure: line 2236: `AM_INIT_AUTOMAKE(1.8 dist-bzip2 no-dist-gzip subdir-objects foreign)'
LudovicRousseau commented 3 years ago

You should report the problem to the Gentoo ccid package if you can't rebuild it.

zdavatz commented 3 years ago

Above error is from your code. Not from Gentoo. Gentoo compiles fine. https://github.com/LudovicRousseau/CCID/blob/master/INSTALL

LudovicRousseau commented 3 years ago

Then use the Gentoo version of the ccid driver.

I note that the "Identiv uTrust 2700 R Smart Card Reader" is NOT in the list of readers supported by my CCID driver. https://ccid.apdu.fr/select_readers/?any~uTrust

So using the SCM proprietary driver may be the only option. But you can check with https://ccid.apdu.fr/#CCID_compliant

zdavatz commented 3 years ago

why does it then work very well on Ubuntu without any problems? I do not think this is about the drivers. This is about wrong permissions.

LudovicRousseau commented 3 years ago

What works well on Ubuntu? Please provide a full pcscd log.

zdavatz commented 3 years ago

What works well on Ubuntu?

Reading a smartcard with my "Identiv uTrust 2700 R Smart Card Reader".

Please provide a full pcscd log.

Where do I find the log on Ubuntu? Or do you want the log from Funtoo?

LudovicRousseau commented 3 years ago

Follow https://ccid.apdu.fr/#support to generate the log on Ubuntu

zdavatz commented 3 years ago

I done the following steps:

  1. sudo /etc/init.d/pcscd stop
  2. sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color | tee log.txt
  3. Insert my card
  4. Press Ctrl+c
  5. Upload the log from Ubuntu log.txt
LudovicRousseau commented 3 years ago

I understand now. With my CCID driver the reader is named "Identive CLOUD 2700 R Smart Card Reader" without the "uTrust" so I did not found it. Your reader is https://ccid.apdu.fr/ccid/shouldwork.html#0x04E60x5810

I propose to remove the SCM driver from your system and install the CCID driver from Gentoo.

If you can't install the Gentoo package app-crypt/ccid then report the problem to Gentoo. I can't help with Gentoo packages. Or follow the instructions from https://ccid.apdu.fr/#download and use a released .tar.bz2 file.

zdavatz commented 3 years ago

Ok I will try to use a released .tar.bz2 file. I CAN install the Gentoo package app-crypt/ccid.

LudovicRousseau commented 3 years ago

So I am lost. In https://github.com/LudovicRousseau/pcsc-tools/issues/40#issuecomment-715499178 you reported an error when installing app-crypt/ccid. And now you write that you CAN install the package?

zdavatz commented 3 years ago

If you click the link in the comment above then you see that the error comes from compiling your software. The Gentoo package installs fine. I already stated that twice above.

zdavatz commented 3 years ago

Your CCID gives me the following configure error:

  1. ./bootstrap
  2. ./configure 
    ./configure: line 2236: syntax error near unexpected token `1.8'
./configure: line 2236: `AM_INIT_AUTOMAKE(1.8 dist-bzip2 no-dist-gzip subdir-objects foreign)'

    I never installed an SCM Driver. I only worked with the Gentoo package. And then I tried to compile from your source and got above error.

LudovicRousseau commented 3 years ago

The SCM driver is /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35 I don"t know where you get it but it is in your logs from https://github.com/LudovicRousseau/pcsc-tools/issues/40#issuecomment-715495090

zdavatz commented 3 years ago

Ok, I removed /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35

zdavatz commented 3 years ago

Still it only works with "sudo pcsc_scan"

zdavatz commented 3 years ago

Ok installing https://ccid.apdu.fr/files/ccid-1.4.32.tar.bz2 from source works fine.

zdavatz commented 3 years ago

Where does pcscd ask for User permissions?

zdavatz commented 3 years ago

I installed this from source: http://ludovic.rousseau.free.fr/softwares/pcsc-tools/pcsc-tools-1.5.7.tar.bz2 and I get the same error when I run 

~/.software/pcsc-tools-1.5.7> /usr/local/bin/pcsc_scan 
SCardEstablishContext: RPC transport error.
zdavatz commented 3 years ago

What is the meaning of this error:

~/.software/pcsc-lite-1.9.0> sudo /usr/local/sbin/pcscd -f
00000000 [140096375455936] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: cannot open shared object file: No such file or directory
zdavatz commented 3 years ago

starting pcscd-lite-1.9.0 from source I get this error:

~/.software/pcsc-lite-1.9.0> sudo /usr/local/sbin/pcscd -f
00000000 [139853325185216] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: cannot open shared object file: No such file or directory
00000016 [139853325185216] readerfactory.c:1082:RFInitializeReader() RFLoadReader failed: 0x80100014
00000007 [139853325185216] readerfactory.c:376:RFAddReader() Identiv uTrust 2700 R Smart Card Reader [CCID Interface] (53691321200649) init failed.
00000007 [139853325185216] hotplug_libudev.c:526:HPAddDevice() Failed adding USB device: Identiv uTrust 2700 R Smart Card Reader
zdavatz commented 3 years ago

When I install pcsc-lite-1.9.0 from source, what do I have to set for the compiler flags for PCSC?

LudovicRousseau commented 3 years ago

Your problem is with this line https://github.com/LudovicRousseau/PCSC/blob/master/src/auth.c#L125

Your pcsc-lite has been configured with --enable-polkit but your user do not have the correct access rights. It is a local configuration problem. It is not a problem with pcsc_tools.

Ask Gentoo for help. Or read polkit documentation.

zdavatz commented 3 years ago

Thank you for your help! For future reference for Gentoo and Funtoo: https://bugs.funtoo.org/browse/FL-7563?focusedCommentId=46328&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-46328 so other user can save some time.