[Bug 438131] New: ctapi-cyberjack uses resmgr for device access

newer
[Bug 471084] New: smartcard not...

older
[Bug 473741] New: alsa lookig for...

bugzilla_noreply＠novell.com

23 Oct 2008 23 Oct '08

10:11

https://bugzilla.novell.com/show_bug.cgi?id=438131 Summary: ctapi-cyberjack uses resmgr for device access Product: openSUSE 11.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: sbrabec@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: dkukawka@novell.com Found By: Development /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi refers to resmgr for device access which is gone. Instead of <merge key="resmgr.class" type="string">usb</merge> use something like <append key="info.capabilities" type="strlist">cardreader</append> hal needs to be taught about the cardreader privilege then as well -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

3 Nov 3 Nov

18:44

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c1 Stanislav Brabec changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #1 from Stanislav Brabec 2008-11-03 11:44:31 MST --- Which files need update? policy file to include upper mentioned capabilities. /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi /usr/share/PolicyKit/policy/org.freedesktop.hal.device-access.policy It seems to be insufficient. Note that the same problem affects other Smart Card drivers. Fix must be done with care, as some drivers work via openct ifdhandlers with daemon privileges (pcsc-openct), other devices via pcscd (pcsc-lite drivers). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

4 Nov 4 Nov

07:58

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c2 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|lnussel@novell.com | --- Comment #2 from Ludwig Nussel 2008-11-04 00:58:10 MST --- In addition to the change in /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi we need entries in the files you mentioned, yes. Just reassign to Danny so he can adapt hal. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

26 Dec 26 Dec

13:39

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User kwbolte@gmx.de added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c3 Kai-Wilhelm Bolte changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kwbolte@gmx.de --- Comment #3 from Kai-Wilhelm Bolte 2008-12-26 06:39:43 MST --- Bug confirmed for 11.1 final. I'm using a "Reiner SCT Cyberjack e-com". The "cyberjack" driver test as user writes: --- BEGIN: ermittle und teste angeschlossene Leser (5/6) libusb couldn't open USB device /dev/bus/usb/005/009: Permission denied. libusb requires write access to USB device nodes. usb_open() failed (13=Permission denied) --- So of course moneyplax isn't working, too. What files should I change for testing? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12 Jan 12 Jan

10:09

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c4 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wolfgang@rosenauer.org --- Comment #4 from Ludwig Nussel 2009-01-12 03:09:46 MST --- *** Bug 465221 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=465221 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:15

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User wolfgang@rosenauer.org added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c5 --- Comment #5 from Wolfgang Rosenauer 2009-01-12 03:15:51 MST --- So now as 11.1 is released it's an issue to change files like /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi and PolicyKit. Is there a workaround to get this working by changes in the cyberjack package? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:35

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c6 --- Comment #6 from Ludwig Nussel 2009-01-12 03:35:35 MST --- PolicyKit needs no change, hal will be updated anyways due to bug 408252 so there is a chance to have the fix for this bug here included as well if a fix is available in time. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:51

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User wolfgang@rosenauer.org added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c7 --- Comment #7 from Wolfgang Rosenauer 2009-01-12 03:51:39 MST --- Created an attachment (id=264451) --> (https://bugzilla.novell.com/attachment.cgi?id=264451) fdi file I also couldn't get it to work by adding /usr/share/hal/fdi/information/20thirdparty/80-cyberjack.fdi and adding <match key="info.capabilities" contains="ctapi"> <append key="info.capabilities" type="strlist">access_control</append> <merge key="access_control.type" type="string">ctapi</merge> <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> </match> to 20-acl-management.fdi. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:52

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 Wolfgang Rosenauer changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #264451|application/octet-stream |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15:05

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c8 Stanislav Brabec changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #8 from Stanislav Brabec 2009-01-12 08:05:54 MST --- What I need to change in ctapi-cyberjack (and other smart card packages) to make it working again? How should I define policy for smart cards: Only user logged physically at the desk can use it. This is what I did in openct. It seems to work. Is it correct? /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi: ?xml version="1.0" encoding="UTF-8"?>  <deviceinfo version="0.2"> <device> <match key="info.subsystem" string="usb_device"> <match key="usb_device.vendor_id" int="0x0973"> <match key="usb_device.product_id" int="0x0001"> <merge key="info.category" type="string">smart_card_reader</merge> <append key="info.addons" type="strlist">hald-addon-openct</append> </match> </match> .. where hald-addon-openct starts with: chown daemon:daemon $HAL_PROP_LINUX_DEVICE_FILE -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15:21

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c9 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|lnussel@novell.com | --- Comment #9 from Ludwig Nussel 2009-01-12 08:21:14 MST --- (In reply to comment #8)

...

What I need to change in ctapi-cyberjack (and other smart card packages) to make it working again? How should I define policy for smart cards: Only user logged physically at the desk can use it.

Have a look at /etc/hal/fdi/policy/10osvendor/70-scanner.fdi, ie merge some keyword into info.category according to vendor and product id. You need to merge that property into the proper object. Use e.g. gnome-device-manager to visualize the objects hal knows about. Your property needs to end up in the object that has /dev/bus/usb/*/* as linux.device_file. The hal package will handle the rest, ie Danny has to modify /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi and /usr/share/PolicyKit/policy/org.freedesktop.hal.device-access.policy For testing you could try merging 'scanner' into info.category.

...

This is what I did in openct. It seems to work. Is it correct?

/usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi:

<append key="info.addons" type="strlist">hald-addon-openct</append>

where hald-addon-openct starts with:

chown daemon:daemon $HAL_PROP_LINUX_DEVICE_FILE

No. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

18:25

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c10 Stanislav Brabec changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #10 from Stanislav Brabec 2009-01-12 11:25:14 MST --- Attaching my best attempt (live system patch), but still not working. Please help me with following files (packages pcsc-lite, opensc, pcsc-cyberjack): /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi /etc/udev/rules.d/pcscd_ccid.rules /etc/udev/rules.d/99-pcsc_lite.rules And the same for UPS devices: /etc/udev/rules.d/52_nut-usbups.rules .. and the whole nut-hal package. I was not able to make it working, so I disabled it completely. What is the correct value for match key="info.subsystem" string="usb..." "usb" or "usb_device"? Half of files use "usb_device", another half "usb". And what is correct here: <append key="info.capabilities" type="strlist">smart-card-reader</append> ^ append or merge? ^ capabilities or category? ^ smart-card-reader or smart_card_reader For use of pcsc-lite and openct, "daemon" UID must be also allowed to use the card. How should I do it? udev? hald-addon? anything else? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

18:27

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c11 --- Comment #11 from Stanislav Brabec 2009-01-12 11:27:14 MST --- Created an attachment (id=264604) --> (https://bugzilla.novell.com/attachment.cgi?id=264604) hal-smart-card.patch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

18:34

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c12 --- Comment #12 from Stanislav Brabec 2009-01-12 11:34:47 MST --- Just another question. How can I test, that capabilities were properly set? getfactl? Or 'echo ""

...

/dev/bus/usb/003/002' with local user privileges?

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13 Jan 13 Jan

09:33

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c13 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|lnussel@novell.com |dkukawka@novell.com --- Comment #13 from Ludwig Nussel 2009-01-13 02:33:02 MST --- (In reply to comment #10)

...

Attaching my best attempt (live system patch), but still not working.

Please help me with following files (packages pcsc-lite, opensc, pcsc-cyberjack): /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi

Should be moved to /usr/share/hal/fdi/information/20thirdparty

...

/etc/udev/rules.d/pcscd_ccid.rules /etc/udev/rules.d/99-pcsc_lite.rules

And the same for UPS devices: /etc/udev/rules.d/52_nut-usbups.rules ... and the whole nut-hal package. I was not able to make it working, so I disabled it completely.

Those change ownerships are wrong, see below.

...

What is the correct value for match key="info.subsystem" string="usb..."

"usb" or "usb_device"? Half of files use "usb_device", another half "usb".

Depends on what you want to match. An usb device ("usb_device") device may have multiple interfaces ("usb"). Only the usb device actually has a device node in /dev/bus/usb. If you are only going to match for vendor/product place you match at "usb_device". If you need to look at interface properties a little more magic is required to get the correct values into the parent.

...

And what is correct here: <append key="info.capabilities" type="strlist">smart-card-reader</append> ^ append or merge?

append is used to append a value to a lists, merge will overwrite

...

^ capabilities or category?

http://people.freedesktop.org/~david/hal-spec/hal-spec.html "...two textual properties, info.category and info.capabilities. The former describes what the device is (as a single alphanumeric keyword) and the latter describes what the device does (as a number of alphanumeric keywords separated by whitespace)". So if the only function of the device a card reader using 'category' would be correct.

...

^ smart-card-reader or smart_card_reader

I don't know what the naming guidelines on hal are. That's a question Danny can probably give some advice on.

...

For use of pcsc-lite and openct, "daemon" UID must be also allowed to use the card. How should I do it? udev? hald-addon? anything else?

Not at all. Use of the daemon group is rather unspecified so don't use it to assign privileges. Your daemon uses a dedicated user for it's opereration, does it? So you could grant privileges explicitly to that user. Unfortunately there is no framework to do that in a clean way yet so you have to call polkit-auth manually in %pre or %post. See for example hal.

...

How can I test, that capabilities were properly set? getfactl? Or 'echo ""

...
/dev/bus/usb/003/002' with local user privileges?

getfacl. $ polkit-auth |grep sound org.freedesktop.hal.device-access.sound $ getfacl /dev/dsp getfacl: Removing leading '/' from absolute path names # file: dev/dsp # owner: root # group: audio user::rw- user:lnussel:rw- <- here I have access group::rw- mask::rw- other::--- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:15

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User wolfgang@rosenauer.org added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c14 Wolfgang Rosenauer changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #264451|0 |1 is obsolete| | --- Comment #14 from Wolfgang Rosenauer 2009-01-13 09:15:49 MST --- Created an attachment (id=264812) --> (https://bugzilla.novell.com/attachment.cgi?id=264812) cyberjack fdi I finally got my cyberjack reader working. Here is the fdi file I use in /usr/share/hal/fdi/information/20thirdparty/80-cyberjack.fdi I've chosen the capability name "smartcard-ctapi" to be able to differentiate between those which are only accessible through pcsc-lite or similar. I'll attach the needed policykit and hal changes asap. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:16

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User wolfgang@rosenauer.org added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c15 --- Comment #15 from Wolfgang Rosenauer 2009-01-13 09:16:45 MST --- Created an attachment (id=264813) --> (https://bugzilla.novell.com/attachment.cgi?id=264813) hal/policykit changes for smartcard-ctapi devices -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:17

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 Wolfgang Rosenauer changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #264812|application/octet-stream |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:19

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User wolfgang@rosenauer.org added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c16 --- Comment #16 from Wolfgang Rosenauer 2009-01-13 09:19:33 MST --- (From update of attachment 264813)

...

--- org.freedesktop.hal.device-access.policy.old 2009-01-13 17:02:06.000000000 +0100 +++ org.freedesktop.hal.device-access.policy 2009-01-13 17:02:32.000000000 +0100 @@ -28,6 +28,15 @@ </defaults> </action>

+ <action id="org.freedesktop.hal.device-access.smartcard-ctapi"> + <description>Directly access to smartcard readers</description>

And now some nits: "Directly access smartcard readers" without "to"

...

+ <match key="info.capabilities" contains="ctapi">

<match key="info.capabilities" contains="smartcard-ctapi"> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15 Jan 15 Jan

17:21

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c17 --- Comment #17 from Stanislav Brabec 2009-01-15 10:21:57 MST --- While trying to set the stuff properly, I got totally confused. It works for USB-to-serial converter based devices, but not for native CCID Smart Card readers. I have created upper mentioned policies and all needed files. Then I defined testing rule for two devices. One of them is a generic USB-to-serial converter, second one is a Smart Card reader. For USB-to-serial, assigning capabilities work correctly and ACL is set, for Smart Cart reader not only that ACL is not set, but also <append key="info.capabilities" type="strlist">smart_card_reader</append> is ignored. I see no obvious reason for this behavior. My testing file: /usr/share/hal/fdi/information/20thirdparty/70-test.fdi: --------- <?xml version="1.0" encoding="UTF-8"?> <deviceinfo version="0.2"> <device> <match key="info.subsystem" string="usb"> <match key="usb.vendor_id" int="Ox076b"> <match key="usb.product_id" int="0x3821"> <append key="info.capabilities" type="strlist">smart_card_reader</append> </match> </match> </match> <match key="info.subsystem" string="usb"> <match key="usb.vendor_id" int="0x10c4"> <match key="usb.product_id" int="0xea60"> <append key="info.capabilities" type="strlist">smart_card_reader</append> </match> </match> </match> </device> </deviceinfo> --------- Relevant output of lshal for serial device: udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001' info.linux.driver = 'usb' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_1d6b_1_0000_00_10_2' (string) info.product = 'CP210x Composite Device' (string) info.subsystem = 'usb_device' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001' (string) info.vendor = 'Cygnal Integrated Products, Inc.' (string) linux.device_file = '/dev/bus/usb/003/037' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2' (string) usb_device.bus_number = 3 (0x3) (int) usb_device.can_wake_up = false (bool) usb_device.device_class = 0 (0x0) (int) usb_device.device_protocol = 0 (0x0) (int) usb_device.device_revision_bcd = 256 (0x100) (int) usb_device.device_subclass = 0 (0x0) (int) usb_device.is_self_powered = false (bool) usb_device.linux.device_number = 37 (0x25) (int) usb_device.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2' (string) usb_device.num_configurations = 1 (0x1) (int) usb_device.num_ports = 0 (0x0) (int) usb_device.product = 'CP210x Composite Device' (string) usb_device.product_id = 60000 (0xea60) (int) usb_device.serial = '0001' (string) usb_device.speed = 12.0 (12) (double) usb_device.vendor = 'Cygnal Integrated Products, Inc.' (string) usb_device.vendor_id = 4292 (0x10c4) (int) usb_device.version = 1.1 (1.1) (double) udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' access_control.file = '/dev/bus/usb/003/037' (string) access_control.type = 'smart-card-reader' (string) info.callouts.add = {'hal-acl-tool --add-device'} (string list) info.callouts.remove = {'hal-acl-tool --remove-device'} (string list) info.capabilities = {'smart_card_reader', 'access_control'} (string list) info.linux.driver = 'cp2101' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001' (string) info.product = 'USB Vendor Specific Interface' (string) info.subsystem = 'usb' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2/3-2:1.0' (string) usb.bus_number = 3 (0x3) (int) usb.can_wake_up = false (bool) usb.device_class = 0 (0x0) (int) usb.device_protocol = 0 (0x0) (int) usb.device_revision_bcd = 256 (0x100) (int) usb.device_subclass = 0 (0x0) (int) usb.interface.class = 255 (0xff) (int) usb.interface.number = 0 (0x0) (int) usb.interface.protocol = 0 (0x0) (int) usb.interface.subclass = 0 (0x0) (int) usb.is_self_powered = false (bool) usb.linux.device_number = 37 (0x25) (int) usb.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2/3-2:1.0' (string) usb.num_configurations = 1 (0x1) (int) usb.num_ports = 0 (0x0) (int) usb.product = 'USB Vendor Specific Interface' (string) usb.product_id = 60000 (0xea60) (int) usb.serial = '0001' (string) usb.speed = 12.0 (12) (double) usb.vendor = 'Cygnal Integrated Products, Inc.' (string) usb.vendor_id = 4292 (0x10c4) (int) usb.version = 1.1 (1.1) (double) udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0_serial_usb_0' access_control.file = '/dev/ttyUSB0' (string) access_control.type = 'modem' (string) info.callouts.add = {'hal-acl-tool --add-device'} (string list) info.callouts.remove = {'hal-acl-tool --remove-device'} (string list) info.capabilities = {'serial', 'access_control'} (string list) info.category = 'serial' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' (string) info.product = 'CP210x Composite Device' (string) info.subsystem = 'tty' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0_serial_usb_0' (string) linux.device_file = '/dev/ttyUSB0' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'tty' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2/3-2:1.0/ttyUSB0/tty/ttyUSB0' (string) serial.device = '/dev/ttyUSB0' (string) serial.originating_device = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' (string) serial.port = 0 (0x0) (int) serial.type = 'usb' (string) As you can see, capabilities and acl was correctly assigned. And here is the output with Smart Card reader: udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial' info.linux.driver = 'usb' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_1d6b_1_0000_00_10_2' (string) info.product = 'CardMan 3821' (string) info.subsystem = 'usb_device' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial' (string) info.vendor = 'OmniKey AG' (string) linux.device_file = '/dev/bus/usb/003/038' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1' (string) usb_device.bus_number = 3 (0x3) (int) usb_device.can_wake_up = false (bool) usb_device.device_class = 0 (0x0) (int) usb_device.device_protocol = 0 (0x0) (int) usb_device.device_revision_bcd = 1536 (0x600) (int) usb_device.device_subclass = 0 (0x0) (int) usb_device.is_self_powered = false (bool) usb_device.linux.device_number = 38 (0x26) (int) usb_device.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1' (string) usb_device.num_configurations = 1 (0x1) (int) usb_device.num_ports = 0 (0x0) (int) usb_device.product = 'CardMan 3821' (string) usb_device.product_id = 14369 (0x3821) (int) usb_device.speed = 12.0 (12) (double) usb_device.vendor = 'OmniKey AG' (string) usb_device.vendor_id = 1899 (0x76b) (int) usb_device.version = 2.0 (2) (double) udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0' info.parent = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial' (string) info.product = 'USB Chip/Smartcard Interface' (string) info.subsystem = 'usb' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1/3-1:1.0' (string) usb.bus_number = 3 (0x3) (int) usb.can_wake_up = false (bool) usb.device_class = 0 (0x0) (int) usb.device_protocol = 0 (0x0) (int) usb.device_revision_bcd = 1536 (0x600) (int) usb.device_subclass = 0 (0x0) (int) usb.interface.class = 11 (0xb) (int) usb.interface.number = 0 (0x0) (int) usb.interface.protocol = 0 (0x0) (int) usb.interface.subclass = 0 (0x0) (int) usb.is_self_powered = false (bool) usb.linux.device_number = 38 (0x26) (int) usb.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1/3-1:1.0' (string) usb.num_configurations = 1 (0x1) (int) usb.num_ports = 0 (0x0) (int) usb.product = 'USB Chip/Smartcard Interface' (string) usb.product_id = 14369 (0x3821) (int) usb.speed = 12.0 (12) (double) usb.vendor = 'OmniKey AG' (string) usb.vendor_id = 1899 (0x76b) (int) usb.version = 2.0 (2) (double) As you can see, second item matches the upper mentioned FDI. Not only that ACL are not created, but also info.capabilities does not exist there. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:22

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 Stanislav Brabec changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16 Jan 16 Jan

14:34

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c19 Stanislav Brabec changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|dkukawka@novell.com | --- Comment #19 from Stanislav Brabec 2009-01-16 07:34:04 MST --- OOPS. Stupid typo (int="Ox076b"). Here is my plan: 1. Dedicated user or group for the openct/pcsc daemons. 2. Split openct to two pages following the HAL recommendation: 2.1 hal/information info.category would be "smart_card_reader" for all devices with known USB IDs. info.capabilities would be one or more of: "smart_card_reader" any smart card reader "openct" smart card reader supported by openct hotplug .. 2.2 hal/policy It would read info.capabilities and call PolicyKit and/or hotplug helpers 3. Define "smart-card-reader" policy for PolicyKit allowing access to the card to local user and smart card daemon (polkit-auth --user xy --grant). 3. Serial devices: Wait for static database HAL prober (FATE#100304) or for its successor. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

20 Jan 20 Jan

17:11

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c20 Stanislav Brabec changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #20 from Stanislav Brabec 2009-01-20 10:11:53 MST --- Updated package hal was placed to OBS security:chipcard. More packages will come. I decided to use simple keywords: "smart-card-reader" (policy) and "smart_card_reader" (category and capability), as direct access covers more than only ctapi. Proposal for recommended keys (use in /usr/share/hal/fdi/information): <merge key="info.category" type="string">smart_card_reader</merge> <append key="info.capabilities" type="strlist">smart_card_reader</append> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

18:28

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c21 --- Comment #21 from Stanislav Brabec 2009-01-20 11:28:22 MST --- HAL patch upstreamed with further ideas to think about: http://bugs.freedesktop.org/show_bug.cgi?id=19663 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

21 Jan 21 Jan

15:39

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c22 --- Comment #22 from Stanislav Brabec 2009-01-21 08:38:53 MST --- I have submitted new aatempt to fix to security:chipcard. Please update hal and ctapi-cyberjack from this repository and let me know. It uses category: smart_card_reader and keyword smart_card_reader in capabilities. Note that pcscd access need pcsc-lite update (in progress). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

30 Jan 30 Jan

17:51

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User dkukawka@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c23 Danny Kukawka changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin@pley.de --- Comment #23 from Danny Kukawka 2009-01-30 10:51:41 MST --- *** Bug 336330 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=336330 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

1 Feb 1 Feb

12:32

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User wolfgang@rosenauer.org added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c24 --- Comment #24 from Wolfgang Rosenauer 2009-02-01 05:32:14 MST --- (In reply to comment #22)

...

I have submitted new aatempt to fix to security:chipcard.

Please update hal and ctapi-cyberjack from this repository and let me know.

It uses category: smart_card_reader and keyword smart_card_reader in capabilities.

Hmm, I have the hal changes done locally but isn't the PolicyKit change not needed in addition? At least I have them to be able to access the reader finally. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

9 Feb 9 Feb

07:27

New subject: [Bug 438131] ctapi-cyberjack uses resmgr for device access

https://bugzilla.novell.com/show_bug.cgi?id=438131 User kwbolte@gmx.de added comment https://bugzilla.novell.com/show_bug.cgi?id=438131#c25 --- Comment #25 from Kai-Wilhelm Bolte 2009-02-09 00:27:12 MST --- I did an update with lib:chipcard repository but the cyberkack e-com is still not working. The user is in cyberjack - group and rights of libctapi-cyberjack*.so are root:cyberjack. If I use the cyberjack - command as user to test the reader in step 5/6 it says: --- libusb couldn't open USB device /dev/bus/usb/001/008: Permission denied. libusb requires write access to USB device nodes. usb_open() failed (13=Permission denied) --- Exactly the same message when testing it in moneyplex. I'm getting tired starting old Suse 10.3 for online banking, so what can I do? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

5556

Age (days ago)

5665

Last active (days ago)

List overview

Download

27 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com

[Bug 438131] New: ctapi-cyberjack uses resmgr for device access

tags

participants (1)