348116 – pcscd cannot open ActivIdentity USB SIM now that daemon process is nobody.

Bug 348116 - pcscd cannot open ActivIdentity USB SIM now that daemon process is nobody.

Summary: pcscd cannot open ActivIdentity USB SIM now that daemon process is nobody.

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-12-08 06:00 UTC by Lyall Pearce
Modified:	2010-12-09 03:00 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lyall Pearce 2010-12-08 06:00:46 UTC

Recent changes in pcsc-lite have changed the user:group that daemon pcscd runs under from root to nobody:pcscd.
If I have pcscd running and insert an ActivIdentity SIM USB key, the key no longer works.


Reproducible: Always

Steps to Reproduce:
1. Disable auto pcscd start in /lib/udev/rules.d/99-pcscd-hotplug.rules
2. /etc/init.d/pcscd stop
3. Create /etc/conf.d/pcscd file containing "EXTRA_OPTS=--debug" 
4. env-update
5. Plug in the ActivIdenty SIM
6. /etc/init.d/pcscd start
7. Refer to /var/log/messages for diagnostic

It is not necessary to setup the EXTRA_OPTS, but it does display a bit more info in the messages log file.
Actual Results:  
Dec  8 16:27:30 lyalls-pc pcscd: pcscdaemon.c:553:main() pcsc-lite 1.6.5 daemon ready.
Dec  8 16:27:30 lyalls-pc pcscd: hotplug_libusb.c:478:HPAddHotPluggable() Adding USB device: 2:13
Dec  8 16:27:30 lyalls-pc pcscd: readerfactory.c:931:RFInitializeReader() Attempting startup of Activkey Sim 00 00 using /usr/lib/readers/usb/ifd-ccid.bundle/Contents/Linux/libccid.so
Dec  8 16:27:30 lyalls-pc pcscd: readerfactory.c:821:RFBindFunctions() Loading IFD Handler 3.0
Dec  8 16:27:30 lyalls-pc pcscd: ifdhandler.c:1727:init_driver() Driver version: 1.4.1
Dec  8 16:27:30 lyalls-pc pcscd: ifdhandler.c:1745:init_driver() LogLevel: 0x0003
Dec  8 16:27:30 lyalls-pc pcscd: ifdhandler.c:1766:init_driver() DriverOptions: 0x0000
Dec  8 16:27:30 lyalls-pc pcscd: ifdhandler.c:79:IFDHCreateChannelByName() lun: 0, device: usb:09c3/0014:libusb-1.0:2:13
Dec  8 16:27:30 lyalls-pc pcscd: ccid_usb.c:266:OpenUSBByName() ifdManufacturerString: Ludovic Rousseau (ludovic.rousseau@free.fr)
Dec  8 16:27:30 lyalls-pc pcscd: ccid_usb.c:267:OpenUSBByName() ifdProductString: Generic CCID driver
Dec  8 16:27:30 lyalls-pc pcscd: ccid_usb.c:268:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
Dec  8 16:27:30 lyalls-pc pcscd: ccid_usb.c:439:OpenUSBByName() Can't libusb_open(2/13): -3
Dec  8 16:27:30 lyalls-pc pcscd: readerfactory.c:1298:RFWaitForReaderInit() Waiting init for reader: Activkey Sim 00 00
Dec  8 16:27:30 lyalls-pc pcscd: ifdhandler.c:101:IFDHCreateChannelByName() failed
Dec  8 16:27:30 lyalls-pc pcscd: readerfactory.c:962:RFInitializeReader() Open Port 0x200000 Failed (usb:09c3/0014:libusb-1.0:2:13)
Dec  8 16:27:30 lyalls-pc pcscd: readerfactory.c:273:RFAddReader() Activkey Sim init failed.
Dec  8 16:27:30 lyalls-pc pcscd: readerfactory.c:982:RFUnInitializeReader() Attempting shutdown of Activkey Sim 00 00.
Dec  8 16:27:30 lyalls-pc pcscd: readerfactory.c:858:RFUnloadReader() Unloading reader driver.
Dec  8 16:27:30 lyalls-pc pcscd: hotplug_libusb.c:386:HPEstablishUSBNotifications() Driver ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active polling instead.
Dec  8 16:27:30 lyalls-pc pcscd: hotplug_libusb.c:395:HPEstablishUSBNotifications() Polling forced every 1 second(s)


Expected Results:  
ActivIdentity SIM would open and the LED would change from Red to Green and I would be able to extract certificate information.

The error diagnostic -3, as returned by libusb_open() is a permission denied error. (as identified in libusb-1.0.8/libusb/libusb.h)

enum libusb_error {
	/** Success (no error) */
	LIBUSB_SUCCESS = 0,

	/** Input/output error */
	LIBUSB_ERROR_IO = -1,

	/** Invalid parameter */
	LIBUSB_ERROR_INVALID_PARAM = -2,

	/** Access denied (insufficient permissions) */
	LIBUSB_ERROR_ACCESS = -3,
<snip>



I have disabled the /lib/udev/rules.d/99-pcscd-hotplug-rules
I have enabled --debug on pcscd in /etc/env.d/pcscd to obtain the detailed log messages.
Package versions listed after emerge --info

# emerge --info
Portage 2.1.9.24 (default/linux/x86/10.0/desktop, gcc-4.4.4, glibc-2.11.2-r3, 2.6.35-gentoo-r12 i686)
=================================================================
System uname: Linux-2.6.35-gentoo-r12-i686-Intel-R-_Core-TM-2_Quad_CPU_Q9400_@_2.66GHz-with-gentoo-1.12.14
Timestamp of tree: Tue, 07 Dec 2010 05:15:01 +0000
app-shells/bash:     4.1_p7
dev-java/java-config: 2.1.11-r1
dev-lang/python:     2.6.5-r3::pentoo, 3.1.2-r4
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 1.12.14-r1
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13::<unknown repository>, 2.65-r1
sys-devel/automake:  1.7.9-r2, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /lib/udev/rules.d /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo"
CXXFLAGS="-O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe"
DISTDIR="/portage/Repository/distfiles"
FEATURES="assume-digests binpkg-logs collision-protect distlocks fixlafiles fixpackages news nostrip parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="ftp://mirror.internode.on.net/pub/gentoo ftp://mirror.pacific.net.au/linux/Gentoo http://mymirror.asiaosc.org/gentoo/ http://www.zentek-international.com/mirrors/gentoo/ http://open-systems.ufl.edu/mirrors/gentoo http://www.ibiblio.org/pub/Linux/distributions/gentoo"
LANG="en_AU"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j8"
PKGDIR="/portage/Repository/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/portage/Repository"
PORTDIR_OVERLAY="/portage/Repository/local/layman/jokey /portage/Repository/local/layman/sunrise /portage/Repository/local/layman/oss-overlay /portage/Repository/local/layman/java-overlay /portage/Repository/local/layman/pentoo /portage/Repository/local"
SYNC="rsync://mirror.internode.on.net/gentoo-portage"
USE="X a52 aac acl acpi alsa amr apache2 avahi berkdb bindist bluetooth branding bzip2 cairo cdb cddb cdparanoia cdr cleartype cli consolekit corefonts cracklib crypt css cups cxx daap dbus dri dts dvb dvd dvdr emacs emboss encode esd exif fam ffmpeg firefox flac fortran gdbm gif gpm gtk hal iconv ipod ipv6 java javascript joystick jpeg jpeg2k kde latin1 lcms ldap libnotify lm_sensors mad mikmod mmx mmxext mng modules mp3 mp4 mpeg mplayer mudflap mysql ncurses nls nptl nptlonly nsplugin nvidia ogg opengl openmp oss pam pango pcre pdf perl png posix ppds pppd python qt3support qt4 readline rss samba sdl server session smp spell sqlite sse2 sse3 ssl startup-notification svg sysfs tcpd threads tiff transcode truetype type1 unicode usb v4l v4l2 vcd vorbis wifi wma x264 x86 xcb xcomposite xine xinerama xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia vesa fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS




# eix pcsc-lite
[I] sys-apps/pcsc-lite
     Available versions:  1.5.5 1.6.1 (~)1.6.4 (~)1.6.5-r1 {hal kernel_linux static usb}
     Installed versions:  1.6.5-r1(16:04:21 08/12/10)(kernel_linux usb)
     Homepage:            http://pcsclite.alioth.debian.org/
     Description:         PC/SC Architecture smartcard middleware library


# eix ccid
[I] app-crypt/ccid
     Available versions:  1.3.11 1.3.13-r1 (~)1.4.0 (~)1.4.1-r1 {twinserial +usb}
     Installed versions:  1.4.1-r1(15:51:00 08/12/10)(usb -twinserial)
     Homepage:            http://pcsclite.alioth.debian.org/ccid.html
     Description:         CCID free software driver


# eix libusb
[I] dev-libs/libusb
     Available versions:  
	(0)	0.1.11 0.1.12!t 0.1.12-r1!t ~0.1.12-r2!t ~0.1.12-r3!t ~0.1.12-r4!t 0.1.12-r5!t ~0.1.12-r6!t ~0.1.12-r7!t
	(1)	~1.0.1 ~1.0.2 ~1.0.3 ~1.0.4 ~1.0.5 ~1.0.6 ~1.0.7 1.0.8
	{debug doc nocxx}
     Installed versions:  0.1.12-r5!t(00:20:52 27/06/10)(-debug -doc -nocxx) 1.0.8(1)(15:38:15 08/12/10)(-debug -doc)
     Homepage:            http://libusb.org/
     Description:         Userspace access to USB devices

* dev-libs/libusb-compat
     Available versions:  ~0.1.0 ~0.1.3 {debug}
     Homepage:            http://libusb.sourceforge.net/
     Description:         Userspace access to USB devices (libusb-0.1 compat wrapper)

[I] virtual/libusb
     Available versions:  
	(0)	0
	(1)	1
     Installed versions:  0(11:21:07 14/06/09) 1(1)(21:20:23 01/10/10)
     Description:         Virtual for libusb

Found 3 matches.

Comment 1 Lyall Pearce 2010-12-09 03:00:33 UTC

My apologies, after reading up on udev rules, I found that when I disabled the /lib/udev/rules.d/99-pcscd-hotplug.rules rule entry to not start the pcscd daemon (by commenting it out), I also wiped the 'GROUP' setting.

Simply removing the RUN+= part of the rule and re-instating the GROUP='pcscd' fixes the problem.