Server: CentOS 7, ThinLinc 4.5.0, Windows 2012R2 Client: Fedora 23, ThinLinc 4.5.0 1. Connect to server (with smart card redirection). 2. Connect to Windows server with tl-run-rdesktop 3. Try any other smart card operation, such as pkcs15-tool -c 4. Wait forever. Backtrace from pcsctun: > (gdb) thread apply all bt > > Thread 2 (Thread 0x7ff3f818f700 (LWP 24077)): > #0 0x00007ff3f848cd83 in select () from /lib64/libc.so.6 > #1 0x00007ff3f8b80bbc in MessageReceiveTimeout () from /lib64/libpcsclite.so.1 > #2 0x00007ff3f8b7d6a6 in SCardGetStatusChange () from /lib64/libpcsclite.so.1 > #3 0x000000000040714e in ?? () > #4 0x0000000000428c9f in ?? () > #5 0x00007ff3f875c60a in start_thread () from /lib64/libpthread.so.0 > #6 0x00007ff3f8496a9d in clone () from /lib64/libc.so.6 > > Thread 1 (Thread 0x7ff3f8f78700 (LWP 24028)): > #0 0x00007ff3f876489d in __lll_lock_wait () from /lib64/libpthread.so.0 > #1 0x00007ff3f875e9cd in pthread_mutex_lock () from /lib64/libpthread.so.0 > #2 0x00007ff3f8b7c16f in SCardGetAndLockContext () from /lib64/libpcsclite.so.1 > #3 0x00007ff3f8b7e18c in SCardListReaders () from /lib64/libpcsclite.so.1 > #4 0x0000000000407057 in ?? () > #5 0x000000000040768d in ?? () > #6 0x0000000000414778 in ?? () > #7 0x0000000000414ab8 in ?? () > #8 0x0000000000414e82 in ?? () > #9 0x0000000000404c27 in ?? () > #10 0x00007ff3f83b4580 in __libc_start_main () from /lib64/libc.so.6 > #11 0x0000000000404e85 in ?? () > #12 0x00007ffd7f34e5c8 in ?? () > #13 0x00007ff3f8fa6fa0 in ?? () from /lib64/ld-linux-x86-64.so.2 > #14 0x0000000000000008 in ?? () > #15 0x00007ffd7f34efe6 in ?? () > #16 0x0000000000000000 in ?? ()
This also means that if you have a rdesktop connection with an exported smart card reader and your ThinLinc client configured to connecting using smart cards - the ThinLinc client will hang.
Given a ThinLinc session with smart card redirection enabled, starting another ThinLinc client nested inside the session and enabling smart card authentication can potentially result in a deadlock where the nested client becomes unresponsive. This deadlock is very temperamental and only happens intermittently but has been observed with the following setup: • Smart card: Cygate card with an HID Omnikey reader • Client: 4.13.0 running on Fedora 34 • Server: 4.13.0 running on Fedora 34 with XFCE4 • Nested client: 4.13.0 Based on the diagnostics information below, and the fact that I have been unable to reproduce the issue on macOS/Windows, I find it likely that the client-side pcsc-lite daemon is responsible for entering the deadlocked state which in turn hangs the client. This seems to stem from an indefinite wait on another smart card transaction. I also left the hanged client overnight without any signs of not being very much hanged the next morning. A way to get around this issue is restarting the client-side pcsc-lite daemon when the nested client has hanged (possibly in combination with replugging the smart card reader): > # systemctl restart pcscd Diagnostics information ═══════════════════════ Client `pcscd --foreground --debug' output ────────────────────────────────────────── We get the following repeating output from pcscd: > 00100159 winscard_svc.c:361:ContextThread() Received command: > CMD_GET_READERS_STATE from client 12 00000147 > winscard_svc.c:361:ContextThread() Received command: STATUS from > client 12 00000022 readerfactory.c:852:RFReaderInfoById() > RefReader() count was: 1 00000002 winscard.c:1300:SCardStatus() > UnrefReader() count was: 2 00000001 > winscard_svc.c:638:ContextThread() STATUS rv=0x8010000B for client > 12 Where rv=0x8010000B indicates a `SCARD_E_SHARING_VIOLATION' error. Nested tlclient stack trace ─────────────────────────── > (gdb) bt #0 0x00007ffff75a57dd in syscall () from /lib64/libc.so.6 > #1 0x00007ffff51469c3 in g_cond_wait () from /lib64/libglib-2.0.so.0 > #2 0x00007ffff55d233e in ?? () from > /opt/thinlinc/lib64/libpcsclite.so.1 #3 0x00007ffff55d0b46 in > SCardTransmit () from /opt/thinlinc/lib64/libpcsclite.so.1 #4 > 0x00007ffff5864538 in pcsc_internal_transmit ( > reader=reader@entry=0xa5b150, sendbuf=0x7fffec003ae0 "", sendsize=5, > recvbuf=recvbuf@entry=0x9b8f00 "\200?\230", > recvsize=recvsize@entry=0x7fffffff94f0, control=0) at > reader-pcsc.c:230 #5 0x00007ffff5866d6a in pcsc_transmit > (reader=0xa5b150, apdu=0x7fffffff9650) at reader-pcsc.c:289 #6 > 0x00007ffff593d70a in sc_single_transmit (card=card@entry=0xa5bf00, > apdu=apdu@entry=0x7fffffff9650) at apdu.c:387 #7 0x00007ffff593db6f > in sc_transmit (card=card@entry=0xa5bf00, > apdu=apdu@entry=0x7fffffff9650) at apdu.c:523 #8 0x00007ffff593e8db > in sc_transmit_apdu (card=card@entry=0xa5bf00, > apdu=apdu@entry=0x7fffffff9650) at apdu.c:632 #9 0x00007ffff5939d95 > in iso7816_get_response (card=0xa5bf00, count=0x7fffffff9718, > buf=0x7fffffff9720 "") at iso7816.c:757 #10 0x00007ffff593d951 in > sc_get_response (card=card@entry=0xa5bf00, > apdu=apdu@entry=0x7fffffff99b0, olen=olen@entry=261) at apdu.c:467 > #11 0x00007ffff593dbe4 in sc_transmit (card=card@entry=0xa5bf00, > apdu=apdu@entry=0x7fffffff99b0) at apdu.c:540 #12 0x00007ffff593e8db > in sc_transmit_apdu (card=card@entry=0xa5bf00, > apdu=apdu@entry=0x7fffffff99b0) at apdu.c:632 #13 0x00007ffff593a3d2 > in iso7816_select_file (card=0xa5bf00, in_path=0x7fffffff9d20, > file_out=0xa5cf70) at iso7816.c:561 #14 0x00007ffff586ae41 in > setcos_select_file (card=0xa5bf00, in_path=<optimized out>, > file=0xa5cf70) at card-setcos.c:924 #15 0x00007ffff5849518 in > sc_select_file (card=card@entry=0xa5bf00, > in_path=in_path@entry=0x7fffffff9d20, file=file@entry=0xa5cf70) at > card.c:775 #16 0x00007ffff58529c3 in sc_pkcs15_bind_internal > (p15card=p15card@entry=0xa5cf50, aid=aid@entry=0xa5cb18) at > pkcs15.c:1096 #17 0x00007ffff58539fb in sc_pkcs15_bind > (card=0xa5bf00, aid=aid@entry=0xa5cb18, > p15card_out=p15card_out@entry=0xa5ccf0) at pkcs15.c:1236 #18 > 0x00007ffff58344f4 in pkcs15_bind (p11card=0xa5beb0, > app_info=<optimized out>) at framework-pkcs15.c:317 #19 > 0x00007ffff582f15f in card_detect (reader=reader@entry=0xa5b150) at > slot.c:354 #20 0x00007ffff582f4d8 in initialize_reader > (reader=0xa5b150) at slot.c:167 #21 0x00007ffff582a4cb in > C_Initialize (pInitArgs=0x0) at pkcs11-global.c:278 #22 > 0x0000000000461d2e in PKCS11Module::Open (this=0x986da0, libpath=…) > at tlclient_pkcs11.cc:239 #23 0x000000000042012e in > MainWindow::UpdateCerts (this=this@entry=0x9940c0) at > tlclient_mainwindow.cc:1119 #24 0x0000000000422108 in > MainWindow::CheckCerts (data=0x9940c0) at > tlclient_mainwindow.cc:1271 #25 0x000000000048167d in Fl::wait > (time_to_wait=time_to_wait@entry=1) at > /local/home/ossman/devel/cenbuild/repo/rpmbuild/BUILD/fltk-1.3.5/src/Fl.cxx:595 > #26 0x0000000000418e8d in TLClient::runApplication (this=0x98c7b0) > at tlclient_tlclient.cc:487 #27 0x0000000000412816 in main (argc=1, > argv=0x7fffffffde18) pcsctun stack trace ─────────────────── > (gdb) bt #0 0x00007f4d9bd9eb35 in clock_nanosleep@GLIBC_2.2.5 () > from /lib64/libc.so.6 #1 0x00007f4d9bda3d57 in nanosleep () from > /lib64/libc.so.6 #2 0x00007f4d9bed735d in SCardStatus () from > /lib64/libpcsclite.so.1 #3 0x0000000000406969 in cb_SCardStatus > (c=0x1011a70, p=0x1012130) at main.c:905 #4 0x000000000040768d in > parse_packet (p=0x1012130, c=0x1011a70) at main.c:1699 #5 data_avail > (c=0x1011a70) at main.c:1848 #6 conn_event (source=<optimized out>, > cond=G_IO_IN, data=0x1011a70) at main.c:1890 #7 0x0000000000414778 > in g_main_dispatch (context=0x100f4e0) at ../../glib/gmain.c:2715 #8 > g_main_context_dispatch (context=context@entry=0x100f4e0) at > ../../glib/gmain.c:3219 #9 0x0000000000414ab8 in > g_main_context_iterate (context=0x100f4e0, block=block@entry=1, > dispatch=dispatch@entry=1, self=<optimized out>) at > ../../glib/gmain.c:3290 #10 0x0000000000414e82 in g_main_loop_run > (loop=0x100c540) at ../../glib/gmain.c:3484 #11 0x0000000000404c27 > in main (argc=1, argv=0x7ffefe62fc18) at main.c:2061
