Re: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcsc

From:	Tim Rühsen
Subject:	Re: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcscd - polkit
Date:	Sat, 28 Oct 2017 18:12:30 +0200
User-agent:	KMail/5.2.3 (Linux/4.13.0-1-amd64; KDE/5.37.0; x86_64; ; )

Hi,

> Whenever a user is using wget to fetch a webpage via https, I'll get

p11-kit and dependencies are not directly used by wget, but your wget is 
likely build with GnuTLS (check it !). I know that GnuTLS is using p11-kit, 
especially Redhat/Fedora are the driving force behind it.

So the next step further down is to ask on the gnutls mailing list (gnutls-
address@hidden or address@hidden).

But be prepared to be redirected to somewhere else.

Looking at the error messages... are you sure that your user (userid 48) has 
all permissions (maybe certain group membership) ?

Regards, Tim

On Samstag, 28. Oktober 2017 08:36:43 CEST Ted Lyngmo wrote:
> Hi!
> 
> wget        1.19.1-3.fc26
> p11-kit     0.23.9-2.fc26
> opensc      0.17.0-1.fc26
> pcsc-lite   1.8.22-1.fc26
> polkit      0.113-8.fc26
> 
> Whenever a user is using wget to fetch a webpage via https, I'll get
> messages like this in /var/log/messages:
> 
> 2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 03445385
> auth.c:137:IsClientAuthorized() Process 48952 (user: 48) is NOT
> authorized for action: access_pcsc
> 2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 00000279
> winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
> 
> This started after upgrading to F26 (or possibly F25 which was installed
> for a few days). I have no idea why wget (via one of the libraries
> involved) would try to access the smart card reader without the user
> telling it to. Even though it fails getting access to a reader (which
> I've currently got none), the https pages are received just fine.
> 
> curl works without triggering these kinds of messages.
> 
> I'm not sure if it's actually wget's fault or if it's one of the libs
> it's using that's to blame.
> 
> References
> ----------
> Fedora forum:
> https://forums.fedoraforum.org/showthread.php?t=315778
> 
> Discussion with pcsc's creator who helped me narrowing the problem down
> a bit:
> https://github.com/LudovicRousseau/PCSC/issues/26
> 
> Denied bug report in polkit:
> https://bugs.freedesktop.org/show_bug.cgi?id=103483
> 
> Br,
> Ted
> 
> Ps. I added two polkit rules to grant everyone smart card access to stop
> the log messages, but can't keep it like that if I decide to connect a
> smart card reader.

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcscd - polkit, Ted Lyngmo, 2017/10/28
- Re: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcscd - polkit, Tim Rühsen <=
- Re: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcscd - polkit, Ted Lyngmo, 2017/10/29

Prev by Date: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcscd - polkit
Next by Date: [Bug-wget] Support for HTTP 308 (Permanent Redirect)
Previous by thread: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcscd - polkit
Next by thread: Re: [Bug-wget] Fedora 26 server - wget - p11-kit/OpenSC - pcsc-lite/pcscd - polkit
Index(es):
- Date
- Thread