[Pcsclite-muscle] How to find out which process is accessing the card?

František Řezáč frantisek.rezac at calavera.info
Tue Oct 24 08:28:35 UTC 2017


I was surprised by your solution based on proc/maps, I expected something
more specific to the pcsc stack, but I gave it a try and I think I have
found what I'm looking for. But it wasn't straightforward so I'm sending
some notes back.

Most importantly I was surprised how many processes are running with pcsc
lib all the time. For example I definitely wasn't expecting wpasupplicant.
Those processes however were not accessing smart card at all so I had to
conduct a better analysis looking at those processes found by your tool for
a longer time and I found a behavior pattern which pointed to the final
offender (gdm-session-worker). So although it wasn't as simple as I would
like, your tool helped a lot, thanks.

2017-09-28 14:45 GMT+02:00 Ludovic Rousseau <ludovic.rousseau at gmail.com>:

> 2017-09-27 21:58 GMT+02:00 František Řezáč <frantisek.rezac at calavera.info>
> :
>
>> Hi,
>>
>
> Hello,
>
>
>>
>> I'm using smart card for almost everything in my daily work, but I have a
>> problem which drives me crazy. I'm using YubiKey in two scenarios: pkcs11
>> based PAM and SSH authentication and also as a GPG‎ smart card. I
>> understand that accesing one card via pkcs11 and scdaemon in turns is
>> troubling, because GPG tends to lock the access to the card for itself full
>> time, but I can handle that by manualy terminating scdaemon.
>>
>> But I have also come across the opossite situation many times - something
>> locks access to the card via pkcs11 which prevents the access from scdaemon
>> with the dreaded "PC/SC OPEN failed: sharing violation". The problem is
>> that I don't know which process is using the card so I don't know how to
>> deal with it except for restarting the whole pcscd. Also this problem seems
>> to happen randomly so I don't have any clue if it's pam module or ssh agent
>> or something else and it also randomly disappears. If I know what is using
>> the card, I could try to configure it better or deal with it more gently.
>>
>> And that's my question - how to find out what is currently
>> accessing/locking the card at a given time? I tried to figure it out
>> myself, but after I have seen this schema https://blog.flameeyes.
>> eu/2011/04/additional-notes-about-the-smartcard-components-diagram/ I
>> realized that I don't even know at which level I should look for that
>> information.
>>
>
> I just wrote a script for you.
> https://github.com/LudovicRousseau/contrib/blob/
> master/list_pcsc_applications.sh
>
> Please tell me if it works for you or if you need something different.
>
> Bye
>
> --
>  Dr. Ludovic Rousseau
>
> _______________________________________________
> Pcsclite-muscle mailing list
> Pcsclite-muscle at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
>



-- 
František
http://calavera.info/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20171024/e9eacdb8/attachment.html>


More information about the Pcsclite-muscle mailing list