Bug 4511

Summary: rdesktop distorts SCardGetAttrib()
Product: ThinLinc Reporter: Pierre Ossman <ossman@cendio.se>
Component: Smart cardAssignee: Pierre Ossman <ossman@cendio.se>
Status: CLOSED FIXED QA Contact: Bugzilla mail exporter <bugzilla-qa@cendio.se>
Severity: Normal    
Priority: P2 CC: astrand@cendio.se
Version: trunkKeywords: astrand_tester, relnotes
Target Milestone: 4.1.1   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:
Bug Depends on:    
Bug Blocks: 4732    

Description From cendio 2012-12-21 11:00:44
The Novell client complains that it cannot find any certificates, and dumps
this in its log:

00000020 [16:06:34 0x00000AD4] [LogonUI.exe]Running Method: 37, esclcm.dll
00000021 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] LCM started
00000022 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Using PC/SC
00000023 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Card Login
Config: Login Required
00000024 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Created PCSC
00000025 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Found reader:
Lenovo Integrated Smart Card Reader 0
00000026 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Connecting to
card in reader Lenovo Integrated Smart Card Reader 0
00000027 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Connected to card
00000028 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Error: 0x8010001d
00000029 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] Error:
-2146435043, unable to open slot: 0
00000030 [16:06:34 0x00000AD4] [LogonUI.exe] [Method] [NESCM] number of certs
selected: 0

0x8010001d is SCARD_E_NO_SERVICE, indicating that the smart card tunnel is not
properly connected. NetID can communicate with the card just fine though.
------- Comment #2 From cendio 2012-12-21 12:33:10 -------
PCSCTUN log from the same thing:

** (process:23681): DEBUG: PC/SC tunnel library loaded.
** (process:23681): DEBUG: ScardEstablishContext(2)
** (process:23681): DEBUG: Connecting to
** (process:23681): DEBUG: Connected.
** (process:23681): DEBUG: Authenticating...
** (process:23681): DEBUG: Authenticated (server version 2).
** (process:23681): DEBUG: SCardReleaseContext(0x1036890)
** (process:23681): DEBUG: Disconnecting.
Autoselected keyboard map en-us
WARNING: Remote desktop does not support colour depth 24; falling back to 
** (process:23681): DEBUG: ScardEstablishContext(2)
** (process:23681): DEBUG: Connecting to
** (process:23681): DEBUG: Connected.
** (process:23681): DEBUG: Authenticating...
** (process:23681): DEBUG: Authenticated (server version 2).
** (process:23681): DEBUG: SCardListReaders(0x7f83b80013e0, 
0x7f83a80008d8, 1024)
** (process:23681): DEBUG: SCardConnect(0x7f83b80013e0, Lenovo Integrated 
Smart Card Reader 0, 2, 3)
** (process:23681): DEBUG: SCardGetAttrib(0x7f83a8001ec0, 771)
** (process:23681): DEBUG: SCardDisconnect(0x7f83a8001ec0, 0)
** (process:23681): DEBUG: SCardReleaseContext(0x7f83b80013e0)
** (process:23681): DEBUG: Disconnecting.
** (process:23681): DEBUG: PC/SC tunnel library unloaded.
------- Comment #3 From cendio 2012-12-21 12:33:30 -------
The problem only happens with a Windows client, not a Linux one.
------- Comment #4 From cendio 2012-12-21 12:39:18 -------
I believe this particular piece of lunacy in rdesktop is to blame:

    dwAttrId = dwAttrId & 0x0000FFFF;

This is just horribly wrong. It happens to work by pure chance in most of the
cases with pcsc-lite, but I'm not even a little surprised it breaks with
Windows. And there's no justification why that crap is in there.

We really need to do bug 3404.
------- Comment #7 From cendio 2013-02-05 13:55:30 -------
We've had reports that the proposed patch in comment #4 did not help or was not
enough to fully solve the problem.
------- Comment #8 From cendio 2013-02-05 13:56:34 -------
Resetting target milestone to '---' to raise this for further discussion at the
next development meeting.
------- Comment #9 From cendio 2013-07-05 16:31:45 -------
Reducing this bug to just the SCardGetAttr() problem. Other issues found will
be handled on other bugs.
------- Comment #10 From cendio 2013-07-05 16:54:56 -------
Fixed in r27622.
------- Comment #11 From cendio 2013-10-21 13:35:55 -------
Basic RDP smart card tests done:

* Against efti.thinlinc.com: Checked certs using NetID

* Against Trouble: Logged in to Apoteket.se using my BankID card. Checked the
BankID application. 

Good enough for me.