Bug 5957 - CA certificate can prevent automatic login
Summary: CA certificate can prevent automatic login
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Smart card (show other bugs)
Version: pre-1.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.7.0
Assignee: Pierre Ossman
URL:
Keywords: prosaic, thomas_tester
Depends on:
Blocks:
 
Reported: 2016-08-15 14:20 CEST by Pierre Ossman
Modified: 2016-09-23 10:14 CEST (History)
2 users (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2016-08-15 14:20:57 CEST
We have a bug in the code that handles automatic login on insertion of smart card where it fails to trigger. The issue is that the visible list and the trigger condition are not calculated the same way.

One easy way to trigger this is to have a card with a single user certificate, and the associated CA certificate. The visible list will filter out the CA certificate, but the login fails to trigger as it "sees" both certificates.

We have no such cards here, but you can provoke it with any card where you can construct a filter that only matches a single cert. Simply add a second filter after that which matches "Certificate signing" and "CRL signing". The second filter will cause the CA certificate(s) to also be included and screw up the logic.
Comment 2 Pierre Ossman cendio 2016-08-15 14:24:39 CEST
A workaround is to add a filter that doesn't match the CA certificates. Most filters will do this and the default filter you get when you click "New" will probably work for most cards.
Comment 4 Pierre Ossman cendio 2016-08-15 16:39:09 CEST
Tester should verify this problematic corner case, and do regression testing for other cases to make sure we trigger only when there is a single certificate in the filtered list.
Comment 5 Thomas Nilefalk cendio 2016-08-18 11:05:33 CEST
Tested on Windows7 with cards 

1) with a single [identification] certificate, which triggers autologin
2) with a [ROOT CA] and 2 [identification] and 2 [sign] which presents the correct dropdown selection of 2 certificates
3) with a [ROOT CA] and a [identification], which correctly triggers autologin (thu bugfix)

Filtering card 2) to show a single [identification] also correctly triggers autologin.

Note You need to log in before you can comment on or make changes to this bug.