Error loading shared library for smart card authentication to server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vmware-view-client (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Description: Ubuntu 13.10
Release: 13.10
host OS: Xubuntu 13.10
kernel: 3.11.0-15-generic (32-bit)
Product: VMware Horizon View Client
Version: 2.1.0
Build: 1213173
Gtk+ version: 2.24.20
Glib version: 2.38.1
OpenSC version: 0.13.0-3ubuntu1
When starting the VMware Horizon View Client and attempting to use a FIPS 201-compliant smart card for authentication to the server, it is expected that the user is presented with the dialog listing available authentication certificates, and given the option to provided the master PIN to unlock/access the smart card and certificates for authentication to the VMware Horizon View server.
Instead, the client fails to load /usr/lib/
Using log file /tmp/vmware-
Jan 13 17:46:12.527: vmware-view.bin 16562| Could not open module /usr/lib/
When a symlink is created from /usr/lib/
Jan 13 17:46:12.528: vmware-view.bin 16562| Could not resolve C_Initialize from /usr/lib/
Per prior bug reports for this package and on this topic, these issues have been known for some time and can be resolved by:
a) Creating a custom build of the OpenSC libraries that exports all symbols, including C_Initialize, and place that in the loader search path, ahead of the installed system library.
b) Creating a custom build of the OpenSC libraries that explicitly exports C_Initialize and place that in the loader search path, ahead of the installed system library.
The problem with these solutions, particularly since the pcsclite, opensc-pkcs11.so, and libopensc.so libraries have been made parts of the system-installed libraries, is that race conditions and memory leaks can be created that either impact the performance or the stability of the application.
The most correct fix would appear to be to have EMC/VMware fix the dynamic load code in the client to properly initialize the opensc-pkcs11.so library, and link it against the current system libraries.
The second option is to simply fix the exports on the OpenSC libraries to explicitly export C_Initialize (at a minimum).
So. I encountered this when VMWare View was completely unable to connect to our view server using 14.04 LTS. /github. com/OpenSC/ OpenSC/ issues/ 183 /github. com/OpenSC/ OpenSC/ commit/ 162e71419ba9b84 d37321acc05e329 80a438ae9a
After digging through the log, encountered this bug report.
Some further digging turned up:
https:/
and
https:/
where people argue for a very very long time about adding 2 functions to the .exports :p
For anyone here using ubuntu who is finding the VMWare View package non-functional, you have to: vmware/ view/pkcs11/ vmware/ view/pkcs11/ x86_64- linux-gnu/ opensc- pkcs11. so libopensc-pkcs11.so
1) sudo mkdir -p /usr/lib/
2) cd /usr/lib/
3) sudo ln -s /usr/lib/
This fixes the bad plugin path in the vmware package. Now you have to fix the exports from the opensc package.
--- opensc- 0.13.0. orig/src/ pkcs11/ opensc- pkcs11. exports 0.13.0/ src/pkcs11/ opensc- pkcs11. exports 0.13.0. orig/src/ pkcs11/ pkcs11- spy.exports 0.13.0/ src/pkcs11/ pkcs11- spy.exports
+++ opensc-
@@ -1 +1,3 @@
C_GetFunctionList
+C_Initialize
+C_Finalize
--- opensc-
+++ opensc-
@@ -1 +1,3 @@
C_GetFunctionList
+C_Initialize
+C_Finalize
This patch was autogenerated after editing the exports files. I don't think pkcs11-spy was necessary, but, eh, why not...
1) apt-get source opensc
2) get prompted for some build deps, apt-get install those... for me it was apt-get install dh-autoreconf libpcsclite-dev libreadline-dev
3) go to the sources and either put that patch in debian/patches or just edit src/pkcs11 exports files and add those 2 lines
4) dpkg-buildpackage
theeeen just dpkg -i the resulting .deb and enjoy your finally-working vmware-view. YAY!
(Note that this all assumes you setup smartcard support in ubuntu in the first place - there are docs for that)