Bug 1462005

Summary: Smartcard reader removal does not lock the screen
Product: Red Hat Enterprise Linux 7 Reporter: Roshni <rpattath>
Component: gnome-settings-daemonAssignee: Carlos Garnacho <cgarnach>
Status: CLOSED WONTFIX QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: jkoten, mboisver, rpattath, tpelka
Target Milestone: rc   
Target Release: 7.8   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-15 07:38:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1738389    

Description Roshni 2017-06-15 21:51:18 UTC 
Description of problem:
Smartcard reader removal does not lock the screen

Version-Release number of selected component (if applicable):
opensc-0.16.0-5.20170227git777e2a3.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1. Enable "Require smartcard for login" and "Lock" as removal action using authconfig
2. Reboot and login using smartcard
3. Remove the smartcard reader after login

Actual results:
Screen does not lock

Expected results:


Additional info:
Comment 2 Jakub Jelen 2017-06-16 12:21:39 UTC 
Again,
I have no idea how to reproduce it. Can you point me out to your test case you are executing? Add a commands that you ran? Specific changes you made in the configuration? Card you were using? Post some debug logs that would make it possible for me to see what could go wrong?
Comment 3 Roshni 2017-06-16 15:15:49 UTC 
Some mesages in journalctl

Jun 16 11:09:12 dhcp129-112.rdu.redhat.com fprintd[3542]: No devices in use, exit
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: debug
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: don't always_allow_localname
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no ignore_afs
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no null_afs
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: cred_session
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no ignore_k5login
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: user_check
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: will try previously set password first
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: will let libkrb5 ask questions
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no use_shmem
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no external
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no multiple_ccaches
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: validate
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: warn
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: banner: Kerberos 5
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: ccache dir: /tmp
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: ccname template: KEYRING:persistent:%{uid}
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: keytab: FILE:/etc/krb5.keytab
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: token strategy: 2b
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: no creds for user 'root', skipping session setup
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: pam_setcred(PAM_ESTABLISH_CRED) returning 0 (Success)
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: (root) PAM ERROR (Failure setting user credentials)
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: (root) FAILED to authorize user with PAM (Failure setting user credentials)
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com kernel: usb 5-1: USB disconnect, device number 4
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com pcscd[1850]: 99999999 ccid_usb.c:693:WriteUSB() write failed (5/4): -4 No such device
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com pcscd[1850]: 00000922 winscard.c:240:SCardConnect() Reader OMNIKEY AG CardMan 3021 00 00 Not Found
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com pcscd[1850]: 00131153 winscard.c:240:SCardConnect() Reader OMNIKEY AG CardMan 3021 00 00 Not Found
Jun 16 11:10:39 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:39 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:40 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:40 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: new full-speed USB device number 5 using uhci_hcd
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: New USB device found, idVendor=076b, idProduct=3021
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: Product: Smart Card Reader USB
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: Manufacturer: OMNIKEY AG
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com mtp-probe[3619]: checking bus 5, device 5: "/sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1"
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com mtp-probe[3619]: bus: 5, device: 5 was not an MTP device
Jun 16 11:10:43 dhcp129-112.rdu.redhat.com xulrunner[3631]: g_slice_set_config: assertion 'sys_page_size == 0' failed


Info of the card used

[root@dhcp129-112 ~]# pkcs11-tool -O -l --module=/usr/lib64/opensc-pkcs11.so
Using slot 0 with a present token (0x0)
Logging in to "kdcuser2 (kdcuser2)".
Please enter User PIN: 
Private Key Object; RSA 
  label:      
  ID:         01
  Usage:      sign
Public Key Object; RSA 1024 bits
  label:      
  ID:         01
  Usage:      verify
Certificate Object; type = X.509 cert
  label:      signing key for kdcuser2
  ID:         01
Private Key Object; RSA 
  label:      
  ID:         02
  Usage:      decrypt, unwrap
Public Key Object; RSA 1024 bits
  label:      
  ID:         02
  Usage:      encrypt, wrap
Certificate Object; type = X.509 cert
  label:      encryption key for kdcuser2
  ID:         02
Comment 4 Jakub Jelen 2017-06-16 15:42:08 UTC 
Not sure what could go wrong here from the above logs, nor I was able to interpret any of the above errors.
Moving to Gnome developers, which will hopefully have better insight into the gnome-settings code or will know how to debug it further in case it will be needed.
Comment 7 RHEL Program Management 2021-01-15 07:38:18 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.