Running pcsc_scan as normal user results in SCardEstablishContext: RPC transport error because of missing polkit rule in Gentoo/Funtoo.

[zdavatz]

Running pcsc_scan as normal user results in SCardEstablishContext: RPC transport error.

I am trying to get my SCM Microsystems, Inc. CLOUD 2700 R Smart Card Reader working on Funtoo.

1. lsusb works. It shows the reader.
2. dmsg shows the Reader as well.
3. sudo /etc/init.d/pcscd start is working as well.
4. When I do: pcsc_scan
5. I get: SCardEstablishContext: RPC transport error.
6. pcsc-lite is at version 1.8.25 installed
7. sys-apps/pcsc-tools 1.5.3 installed
8. app-crypt/ccid 1.4.30 installed.
9. I have to do sudo /usr/sbin/pcscd -a -f
10. Then sudo pcsc_scan works perfectly well.
11. Of course I do not want to run my App with Root privileges and I do not want to manually have to start sudo /usr/sbin/pcscd -a -f.
12. This issue is also reported in https://wiki.gentoo.org/wiki/Talk:PCSC-Lite

this is the Funtoo Bug report: https://bugs.funtoo.org/browse/FL-7563

[zdavatz]

~> opensc-tool --list-readers
No smart card readers found.
~> sudo opensc-tool --list-readers
Passwort:
Detected readers (pcsc)
Nr. Card Features Name
0 No Identive CLOUD 2700 R Smart Card Reader [CCID Interface] (53691321200649) 00 00

[LudovicRousseau]

If I understand correctly the problem reported in https://wiki.gentoo.org/wiki/Talk:PCSC-Lite is that pcscd is not started as the correct user (or that the configuration is not complete so that pcscd can run as a non-root user).

In your case does this configuration works:

• sudo /usr/sbin/pcscd --foreground --debug
• in another terminal pcsc_scan (not using sudo)

[zdavatz]

No this does not work, get the same error SCardEstablishContext: RPC transport error.

In the other screen I get:

00000018 [140235057317760] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_msg_srv.c:266:ProcessEventsServer() ProcessCommonChannelRequest detects: 14
00000006 [140235057317760] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 14
00005333 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/auth.c:135:IsClientAuthorized() Process 5569 (user: 1000) is NOT authorized for action: access_pcsc
00000169 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
00000017 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_svc.c:1053:MSGCleanupClient() Thread is stopping: dwClientID=14, threadContext @0x55faae2a05b0
00000007 [140234901677824] /var/tmp/portage/sys-apps/pcsc-lite-1.8.25/work/pcsc-lite-1.8.25/src/winscard_svc.c:1061:MSGCleanupClient() Freeing SCONTEXT @0x55faae2a05b

[LudovicRousseau]

It is a configuration issue in your system.
Maybe your user needs to be in the group pcscd or something similar.
See also the policykit configuration of your system.

[zdavatz]

My user is in the pcscd group.

When I compile version 1.9.0 from source according to: https://pcsclite.apdu.fr/ pcsc_scan without sudo works but it does not read the card.

sudo /usr/local/sbin/pcscd --foreground --debug

results in

00000012 [140356365488320] hotplug_libudev.c:440:HPAddDevice() Adding USB device: Identiv uTrust 2700 R Smart Card Reader
00000058 [140356365488320] readerfactory.c:1079:RFInitializeReader() Attempting startup of Identiv uTrust 2700 R Smart Card Reader [CCID Interface] (53691321200649) 00 00 using /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35
00000170 [140356365488320] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: libusb-0.1.so.4: cannot open shared object file: No such file or directory
00000010 [140356365488320] readerfactory.c:1087:RFInitializeReader() RFLoadReader failed: 0x80100014
00000006 [140356365488320] readerfactory.c:380:RFAddReader() Identiv uTrust 2700 R Smart Card Reader [CCID Interface] (53691321200649) init failed.
00000007 [140356365488320] hotplug_libudev.c:526:HPAddDevice() Failed adding USB device: Identiv uTrust 2700 R Smart Card Reader
00000012 [140356365488320] utils.c:125:CheckForOpenCT() File /var/run/openct/status found. Remove OpenCT and try again

[LudovicRousseau]

00000170 [140356365488320] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: libusb-0.1.so.4: cannot open shared object file: No such file or directory

The driver is complaining that libusb-0.1.so.4 is missing.

Maybe you should use my ccid driver instead of the proprietary SCM driver.

[zdavatz]

How do I install your ccid driver? I am using the one provided by Funtoo/Gentoo.

[LudovicRousseau]

Maybe you should not use Gentoo if you are now able to find a package
https://packages.gentoo.org/packages/app-crypt/ccid

[zdavatz]

that is what I am using, version 1.4.30 from Gentoo.

Your CCID gives me the following configure error:

1. ./bootstrap
2. ./configure

./configure: line 2236: syntax error near unexpected token `1.8'
./configure: line 2236: `AM_INIT_AUTOMAKE(1.8 dist-bzip2 no-dist-gzip subdir-objects foreign)'

[LudovicRousseau]

You should report the problem to the Gentoo ccid package if you can't rebuild it.

[zdavatz]

Above error is from your code. Not from Gentoo. Gentoo compiles fine. https://github.com/LudovicRousseau/CCID/blob/master/INSTALL

[LudovicRousseau]

Then use the Gentoo version of the ccid driver.

I note that the "Identiv uTrust 2700 R Smart Card Reader" is NOT in the list of readers supported by my CCID driver.
https://ccid.apdu.fr/select_readers/?any~uTrust

So using the SCM proprietary driver may be the only option.
But you can check with https://ccid.apdu.fr/#CCID_compliant

[zdavatz]

why does it then work very well on Ubuntu without any problems? I do not think this is about the drivers. This is about wrong permissions.

[LudovicRousseau]

What works well on Ubuntu?
Please provide a full pcscd log.

[zdavatz]

What works well on Ubuntu?

Reading a smartcard with my "Identiv uTrust 2700 R Smart Card Reader".

Please provide a full pcscd log.

Where do I find the log on Ubuntu? Or do you want the log from Funtoo?

[LudovicRousseau]

Follow https://ccid.apdu.fr/#support to generate the log on Ubuntu

[zdavatz]

I done the following steps:

1. sudo /etc/init.d/pcscd stop
2. sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color | tee log.txt
3. Insert my card
4. Press Ctrl+c
5. Upload the log from Ubuntu log.txt

[LudovicRousseau]

I understand now. With my CCID driver the reader is named "Identive CLOUD 2700 R Smart Card Reader" without the "uTrust" so I did not found it.
Your reader is https://ccid.apdu.fr/ccid/shouldwork.html#0x04E60x5810

I propose to remove the SCM driver from your system and install the CCID driver from Gentoo.

If you can't install the Gentoo package app-crypt/ccid then report the problem to Gentoo. I can't help with Gentoo packages.
Or follow the instructions from https://ccid.apdu.fr/#download and use a released .tar.bz2 file.

[zdavatz]

Ok I will try to use a released .tar.bz2 file. I CAN install the Gentoo package app-crypt/ccid.

[LudovicRousseau]

So I am lost.
In #40 (comment) you reported an error when installing app-crypt/ccid.
And now you write that you CAN install the package?

[zdavatz]

If you click the link in the comment above then you see that the error comes from compiling your software. The Gentoo package installs fine. I already stated that twice above.

[zdavatz]

Your CCID gives me the following configure error:

1. ./bootstrap
2. ./configure

./configure: line 2236: syntax error near unexpected token `1.8'
./configure: line 2236: `AM_INIT_AUTOMAKE(1.8 dist-bzip2 no-dist-gzip subdir-objects foreign)'

I never installed an SCM Driver. I only worked with the Gentoo package. And then I tried to compile from your source and got above error.

[LudovicRousseau]

The SCM driver is /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35
I don"t know where you get it but it is in your logs from #40 (comment)

[zdavatz]

Ok, I removed /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35

[zdavatz]

Still it only works with "sudo pcsc_scan"

[zdavatz]

Ok installing https://ccid.apdu.fr/files/ccid-1.4.32.tar.bz2 from source works fine.

[zdavatz]

Where does pcscd ask for User permissions?

[zdavatz]

I installed this from source: http:https://ludovic.rousseau.free.fr/softwares/pcsc-tools/pcsc-tools-1.5.7.tar.bz2 and I get the same error when I run

~/.software/pcsc-tools-1.5.7> /usr/local/bin/pcsc_scan 
SCardEstablishContext: RPC transport error.

[zdavatz]

What is the meaning of this error:

~/.software/pcsc-lite-1.9.0> sudo /usr/local/sbin/pcscd -f
00000000 [140096375455936] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: cannot open shared object file: No such file or directory

[zdavatz]

starting pcscd-lite-1.9.0 from source I get this error:

~/.software/pcsc-lite-1.9.0> sudo /usr/local/sbin/pcscd -f
00000000 [139853325185216] dyn_unix.c:58:DYN_LoadLibrary() /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: /usr/local/lib/pcsc/drivers/scmccid.bundle/Contents/Linux/libscmccid.so.5.0.35: cannot open shared object file: No such file or directory
00000016 [139853325185216] readerfactory.c:1082:RFInitializeReader() RFLoadReader failed: 0x80100014
00000007 [139853325185216] readerfactory.c:376:RFAddReader() Identiv uTrust 2700 R Smart Card Reader [CCID Interface] (53691321200649) init failed.
00000007 [139853325185216] hotplug_libudev.c:526:HPAddDevice() Failed adding USB device: Identiv uTrust 2700 R Smart Card Reader

[zdavatz]

When I install pcsc-lite-1.9.0 from source, what do I have to set for the compiler flags for PCSC?

[LudovicRousseau]

Your problem is with this line https://github.com/LudovicRousseau/PCSC/blob/master/src/auth.c#L125

Your pcsc-lite has been configured with --enable-polkit but your user do not have the correct access rights.
It is a local configuration problem. It is not a problem with pcsc_tools.

Ask Gentoo for help. Or read polkit documentation.

[zdavatz]

Thank you for your help! For future reference for Gentoo and Funtoo: https://bugs.funtoo.org/browse/FL-7563?focusedCommentId=46328&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-46328 so other user can save some time.