FedoraForum.org - Fedora Support Forums and Community
Results 1 to 4 of 4
  1. #1
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    36

    Question F26 - pcscd - apache - NOT authorized for action: access_pcsc

    I upgraded from F25 to F26 Yesterday and then /var/log/messages started getting a pair of these lines 1-2 times a minute:

    Code:
    2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 03445385 auth.c:137:IsClientAuthorized() Process 48952 (user: 48) is NOT authorized for action: access_pcsc
    2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 00000279 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
    User 48 is apache and pcscd is the PC/SC Smart Card Daemon. Why apache suddenly is doing something related to that I don't know. Perhaps it always has, but something else changed in the upgrade.

    I noticed that httpd.x86_64 was downgraded from 2.4.27-3.fc25 to 2.4.27-2.fc26 when I made the upgrade.

    Any clues what may have caused this or what to do to fix it?

    Br,
    Ted
    Last edited by Ted Lyngmo; 21st September 2017 at 07:50 PM. Reason: typo

  2. #2
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    36

    Re: F26 - pcscd - apache - NOT authorized for action: access_pcsc

    I sent the above question author of pcsc along with this extra bit:

    Perhaps I can help searching for the cause somehow but I don't know where to start. What triggers pcscd to call IsClientAuthorized? Is it a library call or someone trying to connect to the /var/run/pcscd/pcscd.comm socket or something else?

    Edit: Just made a program that connected to the file system socket and got the same result (but with my userid), so it seems apache is really trying to connect to that socket too. Odd. I take it you don't know of any situation when that would make sense?
    ...and I got this reply:

    pcscd is the daemon. The client is libpcsclite.so.1 library.

    My first guess is that apache is configured to use a smart card to store a TLS private key. Maybe through a PKCS#11 library like OpenSC.

    You will have to find why apache is, indirectly, using libpcsclite.so.1.
    I haven't changed my apache configuration lately, nor have I ever tried configuring apache to use a smart card to store a TLS private key so I've no clue why apache suddenly started doing this. I don't see anything in the apache logs at the same time when the pcscd entries come in so it's hard to find out what apache is trying to do.

    Any ideas?

  3. #3
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    36

    Re: F26 - pcscd - apache - NOT authorized for action: access_pcsc

    It turns out to be a wget call (made by apache) that causes the pcscd log entries.

    My site collects information from many places and only one of them enforces https instead of http and that seems to trigger the pcscd log entries. If I try one of the sites that accepts both http and https, only the https one will generate the log entries.

    Code:
    # tail -f /var/log/messages | grep pcscd &
    [1] 20260
    # inotifywait -m /usr/lib64/libpcsclite.so.1.0.0 &
    [2] 20261
    Setting up watches.
    Watches established.
    # sudo -u apache wget -qO/dev/null http://masalakitchen.se/lindholmen/lunchmeny/ ; echo $?
    0
    # sudo -u apache wget -qO/dev/null https://masalakitchen.se/lindholmen/lunchmeny/ ; echo $?
    /usr/lib64/libpcsclite.so.1.0.0 OPEN
    /usr/lib64/libpcsclite.so.1.0.0 ACCESS
    2017-10-10T16:49:40+02:00 ninja pcscd[2758]: 83431667 auth.c:137:IsClientAuthorized() Process 20791 (user: 48) is NOT authorized for action: access_pcsc
    2017-10-10T16:49:40+02:00 ninja pcscd[2758]: 00000231 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
    /usr/lib64/libpcsclite.so.1.0.0 CLOSE_NOWRITE,CLOSE
    0
    #
    All users but root seems to trigger this but the returned data is ok for all of them. So, it's got nothing to do with apache but instead it's wget that's doing something funny whenever https is involved.

    curl does not trigger these log entries. What is wget trying to do and why? Any ideas?

  4. #4
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    36

    Re: F26 - pcscd - apache - NOT authorized for action: access_pcsc


Similar Threads

  1. Not authorized to nothing after installing wine
    By sonam in forum Using Fedora
    Replies: 1
    Last Post: 30th July 2014, 06:24 PM
  2. Authorized error problem
    By rootvn in forum Using Fedora
    Replies: 0
    Last Post: 16th March 2011, 12:57 PM
  3. F11 x86_64 pcscd (card reader daemon)
    By prudy in forum Hardware & Laptops
    Replies: 0
    Last Post: 20th September 2009, 06:44 PM
  4. problem with pcscd
    By barq in forum Using Fedora
    Replies: 1
    Last Post: 6th February 2008, 04:29 PM
  5. pcscd with acr38u driver burns CPU cycles
    By fcorneli in forum Hardware & Laptops
    Replies: 1
    Last Post: 20th June 2007, 03:10 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •