Skip to content

pcsclite: polkit policy actions not registered #280826

New issue
New issue
Closed
#283452
Closed
pcsclite: polkit policy actions not registered#280826
#283452
Labels
0.kind: bugSomething is broken
@foolnotion

Description

@foolnotion
foolnotion
opened on Jan 13, 2024

Describe the bug

pcsc-lite uses two actions org.debian.pcsc-lite.access_pcsc and org.debian.pcsc-lite.access_pcsc do get necessary authorization via polkit. but these actions are not properly registed, leading to error:

journalctl --unit=pcscd --follow
Jan 13 23:34:19 jaghut pcscd[79235]: 00607239 auth.c:125:IsClientAuthorized() Error in authorization: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.debian.pcsc-lite.access_pcsc is not registered
Jan 13 23:34:19 jaghut pcscd[79235]: 00000005 auth.c:143:IsClientAuthorized() Process 79228 (user: 1000) is NOT authorized for action: access_pcsc
Jan 13 23:34:19 jaghut pcscd[79235]: 00000039 winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC client
Jan 13 23:34:19 jaghut pcscd[79235]: 00141489 auth.c:125:IsClientAuthorized() Error in authorization: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.debian.pcsc-lite.access_pcsc is not registered
Jan 13 23:34:19 jaghut pcscd[79235]: 00000005 auth.c:143:IsClientAuthorized() Process 79228 (user: 1000) is NOT authorized for action: access_pcsc
Jan 13 23:34:19 jaghut pcscd[79235]: 00000037 winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC client
Jan 13 23:34:19 jaghut pcscd[79235]: 00002007 auth.c:125:IsClientAuthorized() Error in authorization: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.debian.pcsc-lite.access_pcsc is not registered

(It can be verified that these actions don't exist by using pkaction)

This breaks yubioauth-flutter and gpg.

I tried both pcsclite 1.9.5 and 2.0.1 ending up with the same error.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Set services.pcscd.enable = true and security.polkit.enable = true in configuration.nix, configure your smartcard (yubikey)
  2. Try to use yubikey
  3. Get error

Expected behavior

There actions are registered correctly and usable.

Notify maintainers

@anthonyroussel

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

I'm using flakes (no channels).

[user@system:~]$  nix-shell -I nixpkgs=./src/nixpkgs -p nix-info --run "nix-info -m"
this path will be fetched (0.00 MiB download, 0.00 MiB unpacked):
  /nix/store/2bk3cqpj26fi3fwgshgg3k0fxwz0h55g-nix-info
copying path '/nix/store/2bk3cqpj26fi3fwgshgg3k0fxwz0h55g-nix-info' from 'https://cache.nixos.org'...
 - system: `"x86_64-linux"`
 - host os: `Linux 6.7.0, NixOS, 24.05 (Uakari), 24.05.20240113.76a31fd`
 - multi-user?: `no`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.1`
 - channels(root): `""`
 - nixpkgs: `not found`

Add a 👍 reaction to issues you find important.

Metadata

Metadata

Assignees

No one assigned

    Labels

    0.kind: bugSomething is broken

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions