Bugzilla – Bug 438131
ctapi-cyberjack uses resmgr for device access
Last modified: 2009-06-12 10:15:26 UTC
/etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi refers to resmgr for device access which is gone. Instead of <merge key="resmgr.class" type="string">usb</merge> use something like <append key="info.capabilities" type="strlist">cardreader</append> hal needs to be taught about the cardreader privilege then as well
Which files need update? policy file to include upper mentioned capabilities. /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi /usr/share/PolicyKit/policy/org.freedesktop.hal.device-access.policy It seems to be insufficient. Note that the same problem affects other Smart Card drivers. Fix must be done with care, as some drivers work via openct ifdhandlers with daemon privileges (pcsc-openct), other devices via pcscd (pcsc-lite drivers).
In addition to the change in /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi we need entries in the files you mentioned, yes. Just reassign to Danny so he can adapt hal.
Bug confirmed for 11.1 final. I'm using a "Reiner SCT Cyberjack e-com". The "cyberjack" driver test as user writes: --- BEGIN: ermittle und teste angeschlossene Leser (5/6) libusb couldn't open USB device /dev/bus/usb/005/009: Permission denied. libusb requires write access to USB device nodes. usb_open() failed (13=Permission denied) --- So of course moneyplax isn't working, too. What files should I change for testing?
*** Bug 465221 has been marked as a duplicate of this bug. ***
So now as 11.1 is released it's an issue to change files like /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi and PolicyKit. Is there a workaround to get this working by changes in the cyberjack package?
PolicyKit needs no change, hal will be updated anyways due to bug 408252 so there is a chance to have the fix for this bug here included as well if a fix is available in time.
Created attachment 264451 [details] fdi file I also couldn't get it to work by adding /usr/share/hal/fdi/information/20thirdparty/80-cyberjack.fdi and adding <match key="info.capabilities" contains="ctapi"> <append key="info.capabilities" type="strlist">access_control</append> <merge key="access_control.type" type="string">ctapi</merge> <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> </match> to 20-acl-management.fdi.
What I need to change in ctapi-cyberjack (and other smart card packages) to make it working again? How should I define policy for smart cards: Only user logged physically at the desk can use it. This is what I did in openct. It seems to work. Is it correct? /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi: ?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- --> <deviceinfo version="0.2"> <device> <match key="info.subsystem" string="usb_device"> <match key="usb_device.vendor_id" int="0x0973"> <match key="usb_device.product_id" int="0x0001"> <merge key="info.category" type="string">smart_card_reader</merge> <append key="info.addons" type="strlist">hald-addon-openct</append> </match> </match> ... where hald-addon-openct starts with: chown daemon:daemon $HAL_PROP_LINUX_DEVICE_FILE
(In reply to comment #8) > What I need to change in ctapi-cyberjack (and other smart card packages) to > make it working again? How should I define policy for smart cards: Only user > logged physically at the desk can use it. Have a look at /etc/hal/fdi/policy/10osvendor/70-scanner.fdi, ie merge some keyword into info.category according to vendor and product id. You need to merge that property into the proper object. Use e.g. gnome-device-manager to visualize the objects hal knows about. Your property needs to end up in the object that has /dev/bus/usb/*/* as linux.device_file. The hal package will handle the rest, ie Danny has to modify /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi and /usr/share/PolicyKit/policy/org.freedesktop.hal.device-access.policy For testing you could try merging 'scanner' into info.category. > This is what I did in openct. It seems to work. Is it correct? > > /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi: > > <append key="info.addons" type="strlist">hald-addon-openct</append> > > where hald-addon-openct starts with: > > chown daemon:daemon $HAL_PROP_LINUX_DEVICE_FILE No.
Attaching my best attempt (live system patch), but still not working. Please help me with following files (packages pcsc-lite, opensc, pcsc-cyberjack): /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi /etc/udev/rules.d/pcscd_ccid.rules /etc/udev/rules.d/99-pcsc_lite.rules And the same for UPS devices: /etc/udev/rules.d/52_nut-usbups.rules ... and the whole nut-hal package. I was not able to make it working, so I disabled it completely. What is the correct value for match key="info.subsystem" string="usb..." "usb" or "usb_device"? Half of files use "usb_device", another half "usb". And what is correct here: <append key="info.capabilities" type="strlist">smart-card-reader</append> ^ append or merge? ^ capabilities or category? ^ smart-card-reader or smart_card_reader For use of pcsc-lite and openct, "daemon" UID must be also allowed to use the card. How should I do it? udev? hald-addon? anything else?
Created attachment 264604 [details] hal-smart-card.patch
Just another question. How can I test, that capabilities were properly set? getfactl? Or 'echo "" >/dev/bus/usb/003/002' with local user privileges?
(In reply to comment #10) > Attaching my best attempt (live system patch), but still not working. > > Please help me with following files (packages pcsc-lite, opensc, > pcsc-cyberjack): > /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi > /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi Should be moved to /usr/share/hal/fdi/information/20thirdparty > /etc/udev/rules.d/pcscd_ccid.rules > /etc/udev/rules.d/99-pcsc_lite.rules > > And the same for UPS devices: > /etc/udev/rules.d/52_nut-usbups.rules > ... and the whole nut-hal package. I was not able to make it working, so I > disabled it completely. Those change ownerships are wrong, see below. > What is the correct value for match key="info.subsystem" string="usb..." > > "usb" or "usb_device"? Half of files use "usb_device", another half "usb". Depends on what you want to match. An usb device ("usb_device") device may have multiple interfaces ("usb"). Only the usb device actually has a device node in /dev/bus/usb. If you are only going to match for vendor/product place you match at "usb_device". If you need to look at interface properties a little more magic is required to get the correct values into the parent. > And what is correct here: > <append key="info.capabilities" type="strlist">smart-card-reader</append> > ^ append or merge? append is used to append a value to a lists, merge will overwrite > ^ capabilities or category? http://people.freedesktop.org/~david/hal-spec/hal-spec.html "...two textual properties, info.category and info.capabilities. The former describes what the device is (as a single alphanumeric keyword) and the latter describes what the device does (as a number of alphanumeric keywords separated by whitespace)". So if the only function of the device a card reader using 'category' would be correct. > ^ smart-card-reader or > smart_card_reader I don't know what the naming guidelines on hal are. That's a question Danny can probably give some advice on. > For use of pcsc-lite and openct, "daemon" UID must be also allowed to use the > card. How should I do it? udev? hald-addon? anything else? Not at all. Use of the daemon group is rather unspecified so don't use it to assign privileges. Your daemon uses a dedicated user for it's opereration, does it? So you could grant privileges explicitly to that user. Unfortunately there is no framework to do that in a clean way yet so you have to call polkit-auth manually in %pre or %post. See for example hal. > How can I test, that capabilities were properly set? getfactl? Or 'echo "" > >/dev/bus/usb/003/002' with local user privileges? getfacl. $ polkit-auth |grep sound org.freedesktop.hal.device-access.sound $ getfacl /dev/dsp getfacl: Removing leading '/' from absolute path names # file: dev/dsp # owner: root # group: audio user::rw- user:lnussel:rw- <- here I have access group::rw- mask::rw- other::---
Created attachment 264812 [details] cyberjack fdi I finally got my cyberjack reader working. Here is the fdi file I use in /usr/share/hal/fdi/information/20thirdparty/80-cyberjack.fdi I've chosen the capability name "smartcard-ctapi" to be able to differentiate between those which are only accessible through pcsc-lite or similar. I'll attach the needed policykit and hal changes asap.
Created attachment 264813 [details] hal/policykit changes for smartcard-ctapi devices
Comment on attachment 264813 [details] hal/policykit changes for smartcard-ctapi devices >--- org.freedesktop.hal.device-access.policy.old 2009-01-13 17:02:06.000000000 +0100 >+++ org.freedesktop.hal.device-access.policy 2009-01-13 17:02:32.000000000 +0100 >@@ -28,6 +28,15 @@ > </defaults> > </action> > >+ <action id="org.freedesktop.hal.device-access.smartcard-ctapi"> >+ <description>Directly access to smartcard readers</description> And now some nits: "Directly access smartcard readers" without "to" >+ <match key="info.capabilities" contains="ctapi"> <match key="info.capabilities" contains="smartcard-ctapi">
While trying to set the stuff properly, I got totally confused. It works for USB-to-serial converter based devices, but not for native CCID Smart Card readers. I have created upper mentioned policies and all needed files. Then I defined testing rule for two devices. One of them is a generic USB-to-serial converter, second one is a Smart Card reader. For USB-to-serial, assigning capabilities work correctly and ACL is set, for Smart Cart reader not only that ACL is not set, but also <append key="info.capabilities" type="strlist">smart_card_reader</append> is ignored. I see no obvious reason for this behavior. My testing file: /usr/share/hal/fdi/information/20thirdparty/70-test.fdi: --------- <?xml version="1.0" encoding="UTF-8"?> <deviceinfo version="0.2"> <device> <match key="info.subsystem" string="usb"> <match key="usb.vendor_id" int="Ox076b"> <match key="usb.product_id" int="0x3821"> <append key="info.capabilities" type="strlist">smart_card_reader</append> </match> </match> </match> <match key="info.subsystem" string="usb"> <match key="usb.vendor_id" int="0x10c4"> <match key="usb.product_id" int="0xea60"> <append key="info.capabilities" type="strlist">smart_card_reader</append> </match> </match> </match> </device> </deviceinfo> --------- Relevant output of lshal for serial device: udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001' info.linux.driver = 'usb' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_1d6b_1_0000_00_10_2' (string) info.product = 'CP210x Composite Device' (string) info.subsystem = 'usb_device' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001' (string) info.vendor = 'Cygnal Integrated Products, Inc.' (string) linux.device_file = '/dev/bus/usb/003/037' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2' (string) usb_device.bus_number = 3 (0x3) (int) usb_device.can_wake_up = false (bool) usb_device.device_class = 0 (0x0) (int) usb_device.device_protocol = 0 (0x0) (int) usb_device.device_revision_bcd = 256 (0x100) (int) usb_device.device_subclass = 0 (0x0) (int) usb_device.is_self_powered = false (bool) usb_device.linux.device_number = 37 (0x25) (int) usb_device.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2' (string) usb_device.num_configurations = 1 (0x1) (int) usb_device.num_ports = 0 (0x0) (int) usb_device.product = 'CP210x Composite Device' (string) usb_device.product_id = 60000 (0xea60) (int) usb_device.serial = '0001' (string) usb_device.speed = 12.0 (12) (double) usb_device.vendor = 'Cygnal Integrated Products, Inc.' (string) usb_device.vendor_id = 4292 (0x10c4) (int) usb_device.version = 1.1 (1.1) (double) udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' access_control.file = '/dev/bus/usb/003/037' (string) access_control.type = 'smart-card-reader' (string) info.callouts.add = {'hal-acl-tool --add-device'} (string list) info.callouts.remove = {'hal-acl-tool --remove-device'} (string list) info.capabilities = {'smart_card_reader', 'access_control'} (string list) info.linux.driver = 'cp2101' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001' (string) info.product = 'USB Vendor Specific Interface' (string) info.subsystem = 'usb' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2/3-2:1.0' (string) usb.bus_number = 3 (0x3) (int) usb.can_wake_up = false (bool) usb.device_class = 0 (0x0) (int) usb.device_protocol = 0 (0x0) (int) usb.device_revision_bcd = 256 (0x100) (int) usb.device_subclass = 0 (0x0) (int) usb.interface.class = 255 (0xff) (int) usb.interface.number = 0 (0x0) (int) usb.interface.protocol = 0 (0x0) (int) usb.interface.subclass = 0 (0x0) (int) usb.is_self_powered = false (bool) usb.linux.device_number = 37 (0x25) (int) usb.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2/3-2:1.0' (string) usb.num_configurations = 1 (0x1) (int) usb.num_ports = 0 (0x0) (int) usb.product = 'USB Vendor Specific Interface' (string) usb.product_id = 60000 (0xea60) (int) usb.serial = '0001' (string) usb.speed = 12.0 (12) (double) usb.vendor = 'Cygnal Integrated Products, Inc.' (string) usb.vendor_id = 4292 (0x10c4) (int) usb.version = 1.1 (1.1) (double) udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0_serial_usb_0' access_control.file = '/dev/ttyUSB0' (string) access_control.type = 'modem' (string) info.callouts.add = {'hal-acl-tool --add-device'} (string list) info.callouts.remove = {'hal-acl-tool --remove-device'} (string list) info.capabilities = {'serial', 'access_control'} (string list) info.category = 'serial' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' (string) info.product = 'CP210x Composite Device' (string) info.subsystem = 'tty' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0_serial_usb_0' (string) linux.device_file = '/dev/ttyUSB0' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'tty' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-2/3-2:1.0/ttyUSB0/tty/ttyUSB0' (string) serial.device = '/dev/ttyUSB0' (string) serial.originating_device = '/org/freedesktop/Hal/devices/usb_device_10c4_ea60_0001_if0' (string) serial.port = 0 (0x0) (int) serial.type = 'usb' (string) As you can see, capabilities and acl was correctly assigned. And here is the output with Smart Card reader: udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial' info.linux.driver = 'usb' (string) info.parent = '/org/freedesktop/Hal/devices/usb_device_1d6b_1_0000_00_10_2' (string) info.product = 'CardMan 3821' (string) info.subsystem = 'usb_device' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial' (string) info.vendor = 'OmniKey AG' (string) linux.device_file = '/dev/bus/usb/003/038' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1' (string) usb_device.bus_number = 3 (0x3) (int) usb_device.can_wake_up = false (bool) usb_device.device_class = 0 (0x0) (int) usb_device.device_protocol = 0 (0x0) (int) usb_device.device_revision_bcd = 1536 (0x600) (int) usb_device.device_subclass = 0 (0x0) (int) usb_device.is_self_powered = false (bool) usb_device.linux.device_number = 38 (0x26) (int) usb_device.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1' (string) usb_device.num_configurations = 1 (0x1) (int) usb_device.num_ports = 0 (0x0) (int) usb_device.product = 'CardMan 3821' (string) usb_device.product_id = 14369 (0x3821) (int) usb_device.speed = 12.0 (12) (double) usb_device.vendor = 'OmniKey AG' (string) usb_device.vendor_id = 1899 (0x76b) (int) usb_device.version = 2.0 (2) (double) udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0' info.parent = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial' (string) info.product = 'USB Chip/Smartcard Interface' (string) info.subsystem = 'usb' (string) info.udi = '/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'usb' (string) linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1/3-1:1.0' (string) usb.bus_number = 3 (0x3) (int) usb.can_wake_up = false (bool) usb.device_class = 0 (0x0) (int) usb.device_protocol = 0 (0x0) (int) usb.device_revision_bcd = 1536 (0x600) (int) usb.device_subclass = 0 (0x0) (int) usb.interface.class = 11 (0xb) (int) usb.interface.number = 0 (0x0) (int) usb.interface.protocol = 0 (0x0) (int) usb.interface.subclass = 0 (0x0) (int) usb.is_self_powered = false (bool) usb.linux.device_number = 38 (0x26) (int) usb.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:10.2/usb3/3-1/3-1:1.0' (string) usb.num_configurations = 1 (0x1) (int) usb.num_ports = 0 (0x0) (int) usb.product = 'USB Chip/Smartcard Interface' (string) usb.product_id = 14369 (0x3821) (int) usb.speed = 12.0 (12) (double) usb.vendor = 'OmniKey AG' (string) usb.vendor_id = 1899 (0x76b) (int) usb.version = 2.0 (2) (double) As you can see, second item matches the upper mentioned FDI. Not only that ACL are not created, but also info.capabilities does not exist there.
OOPS. Stupid typo (int="Ox076b"). Here is my plan: 1. Dedicated user or group for the openct/pcsc daemons. 2. Split openct to two pages following the HAL recommendation: 2.1 hal/information info.category would be "smart_card_reader" for all devices with known USB IDs. info.capabilities would be one or more of: "smart_card_reader" any smart card reader "openct" smart card reader supported by openct hotplug ... 2.2 hal/policy It would read info.capabilities and call PolicyKit and/or hotplug helpers 3. Define "smart-card-reader" policy for PolicyKit allowing access to the card to local user and smart card daemon (polkit-auth --user xy --grant). 3. Serial devices: Wait for static database HAL prober (FATE#100304) or for its successor.
Updated package hal was placed to OBS security:chipcard. More packages will come. I decided to use simple keywords: "smart-card-reader" (policy) and "smart_card_reader" (category and capability), as direct access covers more than only ctapi. Proposal for recommended keys (use in /usr/share/hal/fdi/information): <merge key="info.category" type="string">smart_card_reader</merge> <append key="info.capabilities" type="strlist">smart_card_reader</append>
HAL patch upstreamed with further ideas to think about: http://bugs.freedesktop.org/show_bug.cgi?id=19663
I have submitted new aatempt to fix to security:chipcard. Please update hal and ctapi-cyberjack from this repository and let me know. It uses category: smart_card_reader and keyword smart_card_reader in capabilities. Note that pcscd access need pcsc-lite update (in progress).
*** Bug 336330 has been marked as a duplicate of this bug. ***
(In reply to comment #22) > I have submitted new aatempt to fix to security:chipcard. > > Please update hal and ctapi-cyberjack from this repository and let me know. > > It uses category: smart_card_reader and keyword smart_card_reader in > capabilities. Hmm, I have the hal changes done locally but isn't the PolicyKit change not needed in addition? At least I have them to be able to access the reader finally.
I did an update with lib:chipcard repository but the cyberkack e-com is still not working. The user is in cyberjack - group and rights of libctapi-cyberjack*.so are root:cyberjack. If I use the cyberjack - command as user to test the reader in step 5/6 it says: --- libusb couldn't open USB device /dev/bus/usb/001/008: Permission denied. libusb requires write access to USB device nodes. usb_open() failed (13=Permission denied) --- Exactly the same message when testing it in moneyplex. I'm getting tired starting old Suse 10.3 for online banking, so what can I do?
Wolfgang provided a correct FDI file. hal package in security:chipcard now contains upstream smart card integration. If you are logged in a local session and update both, you should get proper permissions. Could you verify that it works?
The updates from security:chipcard weren't enough, but with the new cyberjack driver ( http://support.reiner-sct.de/downloads/LINUX/V3.3.1/ctapi-cyberjack-3.3.1-1.suse11.1.i586.rpm ) it finally works. Thanks a lot! So for me this could be marked as RESOLVED.
Same here, with the new Driver at last it works! Too sad it allways takes that long after an new openSuse Version until the cardreaders are usable again!
pcsc-cyberjack package in security:chipcard was updated to version 3.3.1. Could you retest it (without third party ctapi-cyberjack package installed)?
I'm unable to use a cyberjack card reader as well. The packages mentioned in #29 are all installed (hal, hal-32bit, ctapi-cyberjack, ctapi-cyberjack-32bit, pcsc-cyberjack). The package from the manufacturer is not installed. some output: # lsusb Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 004: ID 0c4b:0300 Reiner SCT Kartensysteme GmbH cyberJack pinpad(a) Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 005: ID 046d:c03d Logitech, Inc. M-BT69a Pilot Optical Mouse Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub # cyberjack BEGIN: ermittle Distribution (0/6) END : ermittle Distribution (1/6) [OK] BEGIN: ermittle Systeminformationen (1/6) END : ermittle Systeminformationen (2/6) [OK] BEGIN: ermittle Gruppeninformation (2/6) END : ermittle Gruppeninformation (3/6) [ERROR] BEGIN: ermittle laufende Dienste (3/6) END : ermittle laufende Dienste (4/6) [OK] BEGIN: ermittle installierten Treiber (4/6) END : ermittle installierten Treiber (5/6) [OK] BEGIN: ermittle und teste angeschlossene Leser (5/6) CTAPI: Could not open device at 0 END : ermittle und teste angeschlossene Leser (6/6) [ERROR] Es wurden 3 Dateien im aktuellen Verzeichnis angelegt: - cyberjack-report.log: Enthaelt die Ergebnisse der Tests - cyberjack-hints.log : Enthaelt moeglicherweise Hinweise zu gefundenen Problemen und deren Behebung. - cyberjack.xml : Enthaelt die Testergebnisse in fuer den Support aufbereiteter Form. Bitte senden Sie bei Problemen die Datei "cyberjack.xml" an den Linux-Support von Reiner SCT. as a normal user: :~> cyberjack BEGIN: ermittle Distribution (0/6) END : ermittle Distribution (1/6) [OK] BEGIN: ermittle Systeminformationen (1/6) END : ermittle Systeminformationen (2/6) [OK] BEGIN: ermittle Gruppeninformation (2/6) END : ermittle Gruppeninformation (3/6) [ERROR] BEGIN: ermittle laufende Dienste (3/6) END : ermittle laufende Dienste (4/6) [OK] BEGIN: ermittle installierten Treiber (4/6) END : ermittle installierten Treiber (5/6) [OK] BEGIN: ermittle und teste angeschlossene Leser (5/6) CTAPI: Could not open device at 0 END : ermittle und teste angeschlossene Leser (6/6) [ERROR] Es wurden 3 Dateien im aktuellen Verzeichnis angelegt: - cyberjack-report.log: Enthaelt die Ergebnisse der Tests - cyberjack-hints.log : Enthaelt moeglicherweise Hinweise zu gefundenen Problemen und deren Behebung. - cyberjack.xml : Enthaelt die Testergebnisse in fuer den Support aufbereiteter Form. Bitte senden Sie bei Problemen die Datei "cyberjack.xml" an den Linux-Support von Reiner SCT. Output from /var/log/messages: Apr 9 13:11:31 mama kernel: usb 2-1: new full speed USB device using ohci_hcd and address 6 Apr 9 13:11:32 mama kernel: usb 2-1: configuration #1 chosen from 1 choice Apr 9 13:11:32 mama kernel: usb 2-1: New USB device found, idVendor=0c4b, idProduct=0300 Apr 9 13:11:32 mama kernel: usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Apr 9 13:11:32 mama kernel: usb 2-1: Product: cyberJack pinpad(a) Apr 9 13:11:32 mama kernel: usb 2-1: Manufacturer: Reiner-SCT Apr 9 13:11:32 mama kernel: usb 2-1: SerialNumber: 6216211736 Apr 9 13:11:32 mama pcscd: hotplug_libhal.c:342:HPAddDevice() Adding USB device: usb_device_c4b_300_6216211736_if0 Apr 9 13:11:33 mama pcscd: readerfactory.c:999:RFInitializeReader() Attempting startup of REINER SCT CyberJack pp_a (6216211736) 00 00 using /usr/lib64/readers/ifd-cyberjack.bundle/Contents/Linux/ifd-cyberja ck.so Apr 9 13:11:33 mama pcscd: readerfactory.c:873:RFBindFunctions() Loading IFD Handler 3.0 Apr 9 13:11:33 mama pcscd: readerfactory.c:248:RFAddReader() Using the pcscd polling thread Apr 9 13:11:58 mama kernel: usb 2-1: usbfs: interface 0 claimed by usbfs while 'cyberjack' sets config #1 thanks for your help :-)
Did you install hal package from security:chipcard project? Only this one contains PolicyKit integration patch. If not: Please try it again with hal package from security:chipcard (11.0 i586 is missing due to bug 492431). If yes: Please provide output of your lshal while your smart card reader is plugged.
ah, looks like there can be only one software accessing the card at any time and pcsc was blocking it, so ctapi didn't work. I did "/etc/init.d/pcscd stop" and now it works. So your fixed packages apear to be correct :-) ps: I had to manually tell Yast Software update to use the hal package from security:chipcard project, choosing "Update all packages, where a newer version exists" wasn't sufficient.
Well, issue from the comment #32 is a well known problem without any simple solution. Direct access to the reader is deprecated for this reason, but it is still in use. I am just changing "force start while upgrading" for pcsc and openct to "force start in new installations" in bug 466430 fix. Then I will add README.SUSE to pcsc-cyberjack about this problem. There is no better fix. hal: There is a problem with linking one package from multiple distros to one repository. It probably causes breakage of release number sequence: bug 492431, bug 492427.
Sorry for not responding so long. I tried the new ctapi-cyberjack-3.3.1-21.8.i586.rpm from security:chipcard and there is again the USB-permission error mentioned above (e.g. in moneyplex: "libusb couldn't open USB device /dev/bus/usb/005/011: Permission denied"). When I install the original driver from reiner-sct.com everything works fine.
This should be already fixed. Please update package hal from security:chipcard repository.
Ok, with hal-0.5.12-10.15.1 and ctapi-cyberjack-3.3.1-21.8.i586.rpm from security:chipcard it doens't work (at least not with moneyplex). But this could be another issue because there's no USB error-message anymore (see #34). With hal-0.5.12-10.13.1 from OS repository and ctapi-cyberjack-3.3.1-1.suse11.1.i586.rpm from reiner-sct.com it works. The only thing I'm finding in syslog is this: kernel: usb 5-6.1: usbfs: process 5216 (moneyplex) did not claim interface 0 before use (but this comes in both cases so it shouldn't be the error)
Sorry to say that but something is wrong on your system then. I'm using these versions together with moneyplex and everything works here. Please test with cjgeldkarte if accessing a chipcard works. If so something is wrong in your moneypley/driver setup probably. If it doesn't work we probably get more insight what's still wrong on your system.
Which version of libusb are you using? The version from libusb (0) or libusb-compat? Does anybody else see the "did not claim interface"? http://libusb.sourceforge.net/doc/function.usbclaiminterface.html says: Not claiming an interface is an error.
comment #37: cjgeldkarte with driver from reiner-sct.com and hal-0.5.12-10.13.1: Current account balance: 000XXXX cjgeldkarte with ctapi-cyberjack-3.3.1-21.8.i586.rpm and hal-0.5.12-10.15.1: Error doing CT_init. (Return code:-127) /var/log/messages: usb 1-6.1: usbfs: process 14371 (cjgeldkarte) did not claim interface 0 before use comment #38: zypper se -i libusb S | Name | Zusammenfassung | Typ --+--------------+-----------------+------ i | libusb-0_1-4 | USB Libraries | Paket i | libusb-1_0-0 | USB Library | Paket I upgraded this system from Beta so I will test it with an other install when I've time.
Please try rpm -qi libusb-0_1-4 does it tell you that it is a compatibility layer or you are using native libusb0? The message from cjgeldcarte appears for both drivers or only for openSUSE ones. Which version have your reiner-sct.com driver? (Our drivers recycle their sources.)
Thaks for the hint with libusb - I had the old libusb 0.99.9.2 (Compatibility Library from openSUSE:Factory) which was not upgraded for some reason. So now I have: rpm -qi libusb-0_1-4 Name : libusb-0_1-4 Relocations: (not relocatable) Version : 0.1.12 Vendor: openSUSE Release : 136.10 Build Date: Mi 03 Dez 2008 08:46:44 CET Install Date: Fr 12 Jun 2009 11:06:53 CEST Build Host: build11 Group : System/Libraries Source RPM: libusb-0.1.12-136.10.src.rpm Size : 66772 License: LGPL v2.1 or later Signature : RSA/8, Mi 03 Dez 2008 08:47:04 CET, Key ID b88b2fd43dbdc284 Packager : http://bugs.opensuse.org URL : http://libusb.sourceforge.net/ Summary : USB Libraries Description : Libusb is a library that allows userspace access to USB devices. But still: kernel: usb 5-6.1: usbfs: process 4845 (cjgeldkarte) did not claim interface 0 before use Working driver was: ctapi-cyberjack-3.3.1-1.suse11.1.i586.rpm from reiner-sct.com
Strange, their driver has the same version number. You can try various libusb version: libusb1 + compat layer: standard version: home:sbrabec:Factory full debugging enabled: home:sbrabec:libusb1-debug original libusb0: standard version: home:sbrabec:libusb0 full debugging enabled: home:sbrabec:libusb0-debug Activation of full debugging: export USB_DEBUG=255