I am having no success getting my CAC to read with an SCR243 reader. I verified yesterday that the CAC is valid (this is the first I've actually had to use the PKI cert on the card) so the problem is somewhere between the PCMCIA device and OSX. (As far as I know I'm running all the latest patches to 10.4.6)
I have reviewed as much as I can find on the assorted lists, and have tried the Info.plist hack for securityd that were recommended for 10.4.0 - 10.4.5 (I'm running 10.4.6, but you never know)
The keychain is not showing up in Keychain Access, so I'm hoping it's a stupid user trick. . .but I sure can't find it. Thus having just enough system knowledge to be dangerous, I decided to dive under the hood.
As best I can tell the hardware is recognizing the card and loading the low lever driver. I get the following lines in /var/log/system.log
Apr 19 11:48:00 Overhill kernel[0]: IOPCCard16Device: binding socket 0 function 0 to card services. Apr 19 11:48:00 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:00 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo[0], "SCR241 PCMCIA"(match string) != "SCR243 PCMCIA"(CIS string). Apr 19 11:48:00 Overhill kernel[0]: pccardffff,1: family specific matching fails Apr 19 11:48:00 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:00 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo matched. Apr 19 11:48:00 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable found a match. Apr 19 11:48:00 Overhill kernel[0]: pccardffff,1: stalling for module Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo[0], "SCR241 PCMCIA"(match string) != "SCR243 PCMCIA"(CIS string). Apr 19 11:48:01 Overhill kernel[0]: pccardffff,1: family specific matching fails Apr 19 11:48:01 Overhill kernel[0]: Matching service count = 0 Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo matched. Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable found a match. Apr 19 11:48:01 Overhill kernel[0]: Matching service count = 1 Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo[0], "SCR24x PCMCIA"(match string) != "SCR243 PCMCIA"(CIS string). Apr 19 11:48:01 Overhill kernel[0]: pccardffff,1: family specific matching fails Apr 19 11:48:01 Overhill kernel[0]: Matching service count = 1 Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo[0], "HP"(match string) != "SCR243 PCMCIA"(CIS string). Apr 19 11:48:01 Overhill kernel[0]: pccardffff,1: family specific matching fails Apr 19 11:48:01 Overhill kernel[0]: Matching service count = 1 Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo[0], "SCR241 PCMCIA"(match string) != "SCR243 PCMCIA"(CIS string). Apr 19 11:48:01 Overhill kernel[0]: pccardffff,1: family specific matching fails Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo matched. Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable found a match. Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo[0], "SCR24x PCMCIA"(match string) != "SCR243 PCMCIA"(CIS string). Apr 19 11:48:01 Overhill kernel[0]: pccardffff,1: family specific matching fails Apr 19 11:48:01 Overhill kernel[0]: IOPCCard16Device::matchPropertyTable entered. Apr 19 11:48:01 Overhill kernel[0]: IOPCCardDevice: VersionOneInfo[0], "HP"(match string) != "SCR243 PCMCIA"(CIS string). Apr 19 11:48:01 Overhill kernel[0]: pccardffff,1: family specific matching fails Apr 19 11:48:01 Overhill kernel[0]: com_scm_driver_scr24x::probe(pccardffff,1) Apr 19 11:48:01 Overhill kernel[0]: com_scm_driver_scr24x::start(pccardffff,1) <1> Apr 19 11:48:01 Overhill kernel[0]: IOPCCard info: IOPCCard16Enabler::configure using index 0x01: Vcc 5.0, irq 255, io 0x0000-0x000f Apr 19 11:48:01 Overhill kernel[0]: com_scm_driver_scr24x: IoBase: 0 Apr 19 11:48:01 Overhill kernel[0]: com_scm_driver_scr24x: IFDGetInterfaceDetails in Apr 19 11:48:01 Overhill kernel[0]: com_scm_driver_scr24x:GetInterfaceDetails FwVer: 2.3 Apr 19 11:48:01 Overhill kernel[0]: com_scm_driver_scr24x: IFDGetInterfaceDetailsIFDGetInterfaceDetails out Apr 19 11:48:12 Overhill kernel[0]: com_scm_driver_scr24x! Card Status change
Securityd seems to notice the inserting event, because if I have not modified the plist for securityd, I can see pcscd start with ps, but there are no messages recorded in any log file I can find. After a time pcscd goes away, still with no log message.
I have made the plist mods to securityd, and they work somewhat. pcscd IS started at system startup, but dies within a few minutes.
I have started pcscd by hand, and received the following error messages
overhill:/usr/libexec/SmartCardServices donslife$ sudo /usr/sbin/pcscd -a -d stdout src/PCSC/debuglog.c:171 Debug options: APDU src/PCSC/pcscdaemon.c:314 main: debug messages to stdout src/PCSC/pcscdaemon.c:505 main: warning: no reader.conf found
src/PCSC/pcscdaemon.c:523 main: pcsc-lite daemon ready. src/PCSC/hotplug_macosx.c:297 error getting product friendly name from bundle pcscd(1048) malloc: *** Deallocation of a pointer not malloced: 0x18380; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug src/PCSC/hotplug_macosx.c:297 error getting product friendly name from bundle pcscd(1048,0x1801200) malloc: *** Deallocation of a pointer not malloced: 0x18380; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug src/PCSC/hotplug_macosx.c:297 error getting product friendly name from bundle pcscd(1048,0x1801200) malloc: *** Deallocation of a pointer not malloced: 0x18380; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug src/PCSC/hotplug_macosx.c:297 error getting product friendly name from bundle pcscd(1048,0x1801200) malloc: *** Deallocation of a pointer not malloced: 0x18380; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug src/PCSC/hotplug_macosx.c:297 error getting product friendly name from bundle pcscd(1048,0x1801200) malloc: *** Deallocation of a pointer not malloced: 0x18380; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
Now I have yet to program in osx, but in a previous life I had MAJOR problems with frees with no malloc. . .so off to review the pcscd source to try and discover what was wrong.
It seems the file /usr/libexec/SmartCardServices/drivers/SCR24Xhndlr.bundle was missing a idfFriendlyName tag. Adding the following at least removed the malloc erros and got a "daemon ready" message from pcscd.
Lines added to SCR24Xhndlr's Info.plist file
<key>ifdFriendlyName</key> <string>SCR243 PCMCIA</string>
I now get the following from pcscd:
overhill:/usr/libexec/SmartCardServices donslife$ sudo /usr/sbin/pcscd -a -d stdout src/PCSC/debuglog.c:171 Debug options: APDU src/PCSC/pcscdaemon.c:314 main: debug messages to stdout src/PCSC/pcscdaemon.c:505 main: warning: no reader.conf found
src/PCSC/pcscdaemon.c:523 main: pcsc-lite daemon ready.
SUCCESS! (Sort of) The card is still not showing up in keychain access
I've tried both pcsctest and pcsctool, and have included the output below.
pcstest output
slife$ pcsctest
MUSCLE PC/SC Lite Test Program
Testing SCardEstablishContext : Command successful. Testing SCardGetStatusChange <time passes. . . .get bored> ctl-c
pcscd output while running pcstest
src/PCSC/winscard_svc.c:246 MSGServerProcessEvents: Common channel packet arrival src/PCSC/pcscdaemon.c:159 SVCServiceRun: Client 6 has disappeared.
pcstool output
slife$ pcsctool Select the approprate token driver: ----------------------------------- 1. commonAccessCard.bundle 2. GSCISPlugin.bundle 3. mscMuscleCard.bundle 4. slbCryptoflex.bundle ----------------------------------- Enter the number: 1
Insert your token in: <time passes. . . .get bored> ctl-c
pcscd output while running pcstool
src/PCSC/winscard_svc.c:246 MSGServerProcessEvents: Common channel packet arrival src/PCSC/pcscdaemon.c:159 SVCServiceRun: Client 6 has disappeared. src/PCSC/pcscdaemon.c:159 SVCServiceRun: Client 6 has disappeared.
(NOTE: The first "Client 6" message was right after entering "1" and the second was after the ctl-c)
After still more diging in the darwin source, it appears that what was supposed to happen is pcscd walks the list of pcmcia devices (among other lists) and looks for hardware it recognizes based on VendorID and ProduceID. However for whatever reason, it is not recognizing the card I have. System profiles reports the following about my card.
Smart Card Reader:
Function: Unknown Vendor: SCR243 PCMCIA Type: PC Card Vendor ID: 65535 Device ID: 1
I know this was very long and drawn out, but I am running out of ideas about how to make this work. This list seems to say this type of card will work, but I can't seem to get it going.
Any thoughts or insights would be appreciated!
Don Slife SDS International
|