Bug 1740776
| Summary: | OpenSC behavior when smartcard reader is removed | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Sneha Veeranki <sveerank> |
| Component: | gnome-settings-daemon | Assignee: | Ray Strode [halfline] <rstrode> |
| Status: | CLOSED WONTFIX | QA Contact: | Desktop QE <desktop-qa-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.1 | CC: | jjelen, rstrode |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-13 07:35:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sneha Veeranki
2019-08-13 15:33:08 UTC
I think I saw similar behavior with Fedora that I discussed with Sumit here: https://pagure.io/SSSD/sssd/issue/4057 I was able to workaround this by setting p11_uri in sssd.conf (to some extent). Additionally, this might be related also the p11-kit, which is forwarding the pkcs11 calls around. I actually saw even some crashes. Can you check the logs, whether there was some crash or something similar around that time when you expect the screen to lock? https://bugzilla.redhat.com/show_bug.cgi?id=1722294 Reassigning to p11-kit since this is very unlikely something that could be fixed in OpenSC. We had recently also an issue in upstream where somebody is using OpenSC and SoftHSM loaded in p11-kit and because of SoftHSM not supporting WaitForSlotEvent(), p11-kit does not report its support either and NSS has to fall back to polling, which causes some other issues. Do you have softhsm2 installed in your system? Could p11-kit support WaitForSlotEvent even if some of the loaded modules do not support it lets say using separate threads? Actually, yes, the removal of the reader is really not detected even in my setup even with the modification to the p11-kit configuration and with using p11_uri in sssd.conf, when it is the only reader in the system (= yubikey). When I add another reader, it starts to work. Interestingly enough, if I try to trace gsd-smartcard process with gdb, stopping in synchronize_token_now(), which is triggering the lock screen, I can not reproduce the issue so it actually looks like some timing problem. Some scripted debugging shows that function synchronize_token_now() already fails to lookup the token in the token table in [1], but I was not able to figure out why. I am able to workaround the issue by inserting one second delay in the start of the function synchronize_token_now() (before g_hash_table_lookup()) with gdb. In this case, it will correctly lock the screen on removal: $ cat gsd-smartcard-wait.gdb break gsd-smartcard-service.c:552 commands 1 print object_path shell sleep 1 continue end continue $ gdb --batch --command=gsd-smartcard-wait.gdb --pid $(pidof gsd-smartcard) If I read the code right, there is another thread from gsd-smartcard-manager.c, which is pushing the events to the *-service.c thread and if executed immediately, the first step fails and the event is ignored. I would be This means, that neither p11-kit will have anything to do with this (probably) so I will move it to gnome-settings-daemon and hopefully Ray will be able to point out some further troubleshooting steps. [1] https://github.com/GNOME/gnome-settings-daemon/blob/master/plugins/smartcard/gsd-smartcard-service.c#L540 After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. |