Hello Gian,
Le 31/07/2024 à 22:14, Gian Piero Carrubba a écrit :
Package: pcscd
Version: 2.2.3-1
Severity: normal
Today I've rebooted my unattended-upgrades-enabled sid laptop after a
long time (almost 70 days) and discovered I could not access my smart
cards anymore.
from syslog:
pcscd: ../src/auth.c:145:IsClientAuthorized() Process 31413 (user: 1000) is NOT
authorized for action: access_pcsc
pcscd: ../src/winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC
client
I had to add a polkit rule in order to allow my unprivileged self to use
the cards:
sudo cat /etc/polkit-1/rules.d/40-allow-pcscd.rules
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("plugdev")
&& (
action.id === "org.debian.pcsc-lite.access_pcsc"
|| action.id === "org.debian.pcsc-lite.access_card"
)
) {
return polkit.Result.YES;
}
return polkit.Result.NOT_HANDLED;
});
Given the long time since the previous reboot, I don't know when the
problem has started or where it has originated.
polkit is enabled by default since pcsc-lite 2.0.1 from Nov 2023.
See https://blog.apdu.fr/posts/2023/11/new-version-of-pcsc-lite-201/
So I am surprised you have the issue only now.
Maybe pcscd has started being linked against polkit only recently? If
this is the case, I suggest shipping with the package a polkit rule
similar to the one above and adding a NEWS entry to warn the users. This
would particularly benefit users that depend on the smart card for
logging in.
Local users should have access to pcsc-lite by default
See https://blog.apdu.fr/posts/2023/11/pcsc-lite-and-polkit/
Your problem occurs on the login screen?
Or after you are logged in?
Bye
--
Dr. Ludovic Rousseau
