You are not logged in.

#1 2023-04-03 13:51:36

Registered: 2015-05-08
Posts: 13

After pcscd upgrade sssd user no longer authorized to access

Setup of GnuPG with pcscd no longer works on a sssd user

[2023-04-02T19:52:51+0200] [ALPM] upgraded pcsclite (1.9.9-2 -> 1.9.9-3)
[2023-04-02T19:53:45+0200] [ALPM] upgraded pcsc-tools (1.6.0-1 -> 1.6.2-1)

Getting this error

Apr 03 15:23:38 <host> systemd[1]: Started PC/SC Smart Card Daemon.
Apr 03 15:23:38 <host> pcscd[18957]: 00000000 auth.c:119:IsClientAuthorized() Error in authorization: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dfile_2derror_2dquark.Code4: Failed to
 open file “/proc/6196/status”: No such file or directory
Apr 03 15:23:38 <host> pcscd[18957]: 00000020 auth.c:137:IsClientAuthorized() Process 6196 (user: 30000) is NOT authorized for action: access_pcsc
Apr 03 15:23:39 <host> pcscd[18957]: 00000081 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
Apr 03 15:23:39 <host> gpg-agent[6196]: scdaemon[6196]: pcsc_establish_context failed: inserted card (0x8010006a)
Apr 03 15:23:39 <host> gpg-agent[1624]: no device present
Apr 03 15:23:39 <host> gpg-agent[1624]: smartcard decryption failed: Operation cancelled
Apr 03 15:23:39 <host> gpg-agent[1624]: command 'PKDECRYPT' failed: Operation cancelled <Pinentry>

The process(6196) not authorized is the scdaemon run by the sssd user with the id 30000

Tried adding polkit rules as mentioned in since it has the same error message but it does not help.

Anyone has a clue?


#2 2023-06-14 19:36:12

Registered: 2016-07-29
Posts: 12

Re: After pcscd upgrade sssd user no longer authorized to access

Hey there. I think I figured it out. This seems to be because the arch packagess enabled the polkit support flag in the latest build which enables certain policies/rules. However, the pcsc package seems to be using GDBus to check for authority explicitly and since on my system I'm using kde polkit the authorization fails. This happens whether or not a correctly permissive rules for access is created. There are two solutions. To downgrade pcsclite to .9-2 or to compile the most recent one yourself without the --enable-polkit flag. I'm not an expert in how the auth check is made so I have no idea what bug report to file or where.


#3 2023-06-18 20:42:31

Registered: 2020-10-26
Posts: 5

Re: After pcscd upgrade sssd user no longer authorized to access


Board footer

Powered by FluxBB