[Bug 298139] New: Smart card authentication doesn' t work with 32-bit Firefox on x86_64
https://bugzilla.novell.com/show_bug.cgi?id=298139#c11 Summary: Smart card authentication doesn't work with 32-bit Firefox on x86_64 Product: openSUSE 10.3 Version: Alpha 7 Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Firefox AssignedTo: bnc-team-mozilla@forge.provo.novell.com ReportedBy: sbrys@novell.com QAContact: qa@suse.de Found By: --- The Belgian electronic identity card (eID) can be used for web site authentication with Firefox on i386 architecture, and with a 64-bit Firefox on x86_64 architecture (as was the case in the previous 10.3 Alphas since Alpha 3). Now that we're back to packaging a 32-bit Firefox on x86_64 in openSUSE 10.3 (see bug 264228), smart card authentication no longer works with Firefox on x86_64. I assume the reason it doesn't work is because Firefox and libnss are 32-bit and the eID PKCS#11 module and the underlying PCSC are 64-bit. Even if the 32-bit versions of the PKCS#11 module and pcsc-lite libraries are installed next to the 64-bit versions, this still leaves the 64-bit pcscd. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139 Simon Brys <sbrys@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jdebaer@novell.com Severity|Normal |Major OS/Version|Other |openSUSE 10.3 Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139#c1 JP Rosevear <jpr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |jberkman@novell.com --- Comment #1 from JP Rosevear <jpr@novell.com> 2007-08-08 06:12:51 MST --- I'm not sure this is the reason, pcscd is a separate daemon that should now work with 32bit clients over IPC. Jacob? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139#c2 --- Comment #2 from Simon Brys <sbrys@novell.com> 2007-08-08 09:48:18 MST --- 1. Here everything is 64-bit and working fine: ---------------------------------------/snip/--------------------------------------- sbrys@linux-lju2:~/Work> beid-pkcs11-tool -L --module /usr/lib64/pkcs11/libbeidpkcs11.so Available slots: Slot 0 O2 Micro Oz776 00 00 manufacturer: Zetes hardware ver: 1.0 firmware ver: 1.0 flags: token present, removable device, hardware slot token label: BELPIC (Basic PIN) token manuf: Axalto token model: Belgium eID token flags: rng, PIN initialized, token initialized Slot 1 O2 Micro Oz776 00 00 manufacturer: Zetes hardware ver: 1.0 firmware ver: 1.0 flags: removable device, hardware slot .. ---------------------------------------/snip/--------------------------------------- 2. Install pcsc-lite-32bit, opensc-32bit, libopensc2-32bit (not sure if they are all necessary) and 32-bit eID middleware libraries, pkcs#11 module and tools. So here everything is 32-bit except the 64-bit pcscd: ---------------------------------------/snip/--------------------------------------- sbrys@linux-lju2:~/Work> ./usr/bin/beid-pkcs11-tool -L --module /usr/lib/pkcs11/libbeidpkcs11.so winscard_clnt.c:477:SCardEstablishContextTH() Your pcscd is too old and does not support CMD_VERSION winscard_clnt.c:477:SCardEstablishContextTH() Your pcscd is too old and does not support CMD_VERSION No slots found No slots... ---------------------------------------/snip/--------------------------------------- 3. Install libusb-32bit, 32-bit pcscd and 32-bit pcsc-ccid driver and run the 32-bit pcscd. Now I get the same output as a complete 64-bit (i.e. slots and eID card found). Web site authentication with the 32-bit Firefox also works at this point. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139#c3 --- Comment #3 from Simon Brys <sbrys@novell.com> 2007-08-08 10:02:26 MST --- I guess running a 32-bit testpcsc against a 64-bit pcscd says enough. It already fails at SCardEstablishContext(). -------------------------------------/snip/------------------------------------- sbrys@linux-lju2:~/Work> file ./testpcsc /testpcsc: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), stripped sbrys@linux-lju2:~/Work> ltrace -f -o testpcsc.txt ./testpcsc MUSCLE PC/SC Lite unitary test Program THIS PROGRAM IS NOT DESIGNED AS A TESTING TOOL FOR END USERS! Do NOT use it unless you really know what you do. winscard_clnt.c:477:SCardEstablishContextTH() Your pcscd is too old and does not support CMD_VERSION Testing SCardEstablishContext : RPC transport error. sbrys@linux-lju2:~/Work> cat testpcsc.txt 5435 __libc_start_main(0x8048ca0, 1, 0xffd21f64, 0x8049a50, 0x8049a40 <unfinished ...> 5435 puts("\nMUSCLE PC/SC Lite unitary test "...) = 41 5435 puts("\033[35mTHIS PROGRAM IS NOT DESIGNE"...) = 67 5435 puts("Do NOT use it unless you really "...) = 55 5435 __printf_chk(1, 0x8049e20, 0xf7fc4756, 1, 0) = 32 5435 SCardEstablishContext(2, 0, 0, 0xffd21828, 0) = 0x80100013 5435 pcsc_stringify_error(0x80100013, 0xf7fcb770, 0, 0xffd2180c, 0xf7fd3ca0) = 0xf7f9d180 5435 __printf_chk(1, 0x8049b1b, 0xf7f9d180, 0xffd2180c, 0xf7fd3ca0) = 33 5435 SCardReleaseContext(0, 0x8049b1b, 0xf7f9d180, 0xffd2180c, 0xf7fd3ca0) = 0x80100003 5435 exit(-1 <unfinished ...> 5435 +++ exited (status 255) +++ -------------------------------------/snip/------------------------------------- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139#c4 --- Comment #4 from Simon Brys <sbrys@novell.com> 2007-08-09 05:55:25 MST --- It seems to work (i.e. 32-bit testpcsc can talk to 64-bit pcscd) when using pcsc-lite-1.4.3-5 instead of pcsc-lite-1.4.3-3. Will do some more tests with beta1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139#c5 Simon Brys <sbrys@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|jberkman@novell.com | Resolution| |FIXED --- Comment #5 from Simon Brys <sbrys@novell.com> 2007-08-10 03:38:30 MST --- In Beta1 (pcsc-lite-1.4.3-5), 32-bit apps can talk to the 64-bit pcscd. I guess this is a result of the new pcsc-lite-1.4.3-64bit-compat2.patch. So shipping 32-bit eID libraries could be an option to make eID work with a 32-bit Firefox (or other 32-bit apps for that matter). However, in Beta1, Firefox is back to 64-bit on x86_64, so I'm closing this bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139#c6 --- Comment #6 from jacob berkman <jberkman@novell.com> 2007-08-13 09:29:42 MST --- i think the beID package includes its own copy of pcscd/libpcsclite, which would need to be patched with the 64-bit compat pcsc-lite patch as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=298139#c7 --- Comment #7 from Simon Brys <sbrys@novell.com> 2007-08-13 09:59:21 MST --- No, it's enough to run the openSUSE pcscd that has the pcsc-lite-1.4.3-64bit-compat2.patch patch (in other words: at least pcsc-lite-1.4.3-5). If I put the 32-bit eID libs on openSUSE 10.3 x86_64 Beta1, it works. Anyway, as of Beta1, Firefox is back to 64-bit, and I'm not aware of any 32-bit apps on openSUSE 10.3 x86_64 that could use eID, so there currently is no need for 32-bit eID libs on openSUSE 10.3 x86_64. Just out of interest: are we planning to release a pcscd on SLED10 that has the pcsc-lite-1.4.3-64bit-compat2.patch patch? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com