[Pcsclite-muscle] Change the error code when PC/SC access is refused by polkit?

Ludovic Rousseau ludovic.rousseau at gmail.com
Fri Jul 29 07:32:58 PDT 2022


I am using PC/SC on CentOS/RedHat and I am often surprised when I get the error:
$ pcsc_scan
SCardEstablishContext: RPC transport error.

The error code is SCARD_F_COMM_ERROR

>From the pcscd logs I see:
00000003 [139737213696960] pcscdaemon.c:133:SVCServiceRunLoop() A new
context thread creation is requested: 10
00019807 [139737012623104] auth.c:139:IsClientAuthorized() Process
41685 (user: 1000) is NOT authorized for action: access_pcsc
00000107 [139737012623104] winscard_svc.c:335:ContextThread() Rejected
unauthorized PC/SC client

So I get SCARD_F_COMM_ERROR because auth.c (in fact polkit) decided I
should not have access to PC/SC.
For example this happens when I connect to the computer using ssh, and
not from the console.

The error is even more confusing if you enable logs in the client:
$ PCSCLITE_DEBUG=0 pcsc_scan
winscard_clnt.c:605:SCardEstablishContextTH() Your pcscd is too old
and does not support CMD_VERSION
SCardEstablishContext: RPC transport error.

The problem is NOT that pcscd is too old :-)

I was thinking: maybe a more explicit error code would be better?

I do not want to invent a new WinSCard return value.
We should use one form the list

I don't know if it is easy to implement. When polkit refuses the
connection the pcscd server just closes the socket without sending
*anything* to the client.

Any comment?


 Dr. Ludovic Rousseau

More information about the pcsclite-muscle mailing list