Bug 1128463 - sddm does not open kde wallet with pam_wallet.so
Summary: sddm does not open kde wallet with pam_wallet.so
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: sddm
Version: 21
Hardware: All
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Martin Bříza
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: SDDMDefault
TreeView+ depends on / blocked
 
Reported: 2014-08-10 16:42 UTC by Orion Poplawski
Modified: 2014-10-31 02:43 UTC (History)
7 users (show)

Fixed In Version: sddm-0.9.0-2.20141007git6a28c29b.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-28 06:46:38 UTC


Attachments (Terms of Use)

Description Orion Poplawski 2014-08-10 16:42:15 UTC
Description of problem:

New F21 install with stock sddm config:

# cat /etc/pam.d/sddm
auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth        substack      password-auth
-auth        optional      pam_gnome_keyring.so
-auth        optional      pam_kwallet.so
auth        include       postlogin

account     required      pam_nologin.so
account     include       password-auth

password    include       password-auth

session     required      pam_selinux.so close
session     required      pam_loginuid.so
session     optional      pam_console.so
-session    optional    pam_ck_connector.so
session     required      pam_selinux.so open
session     optional      pam_keyinit.so force revoke
session     required      pam_namespace.so
session     include       password-auth
-session     optional      pam_gnome_keyring.so auto_start
-session     optional      pam_kwallet.so
session     include       postlogin

but wallet is not opened automatically.   There was at least one report a while back on the kde list that the gnome keyring was not being opened either, so perhaps it just is not processing PAM correctly.

Version-Release number of selected component (if applicable):
sddm-0.2.0-0.31.20140627gitf49c2c79.fc21.x86_64
pam-kwallet-0-0.4.20140428gitaf786456.fc21.x86_64

Comment 1 Rex Dieter 2014-09-21 15:52:41 UTC
I'm seeing this too.  Just a data point /var/log/audit/audit.log includes some perhaps relavent success messages:

type=USER_AUTH msg=audit(1410517707.399:347): pid=1134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantor=pam_unix,pam_kwallet acct="rdieter1" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=? res=success'
type=USER_ACCT msg=audit(1410517707.402:348): pid=1134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantor=pam_unix,pam_localuser acct="rdieter1" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1410517707.408:349): avc:  denied  { write } for  pid=1106 comm="sddm" name="sddm.conf" dev="sda4" ino=6160881 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0
type=CRED_ACQ msg=audit(1410517707.409:350): pid=1134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantor=pam_unix,pam_kwallet acct="rdieter1" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=? res=success'
type=LOGIN msg=audit(1410517707.409:351): pid=1134 uid=0 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=1 res=1
type=USER_ROLE_CHANGE msg=audit(1410517707.508:352): pid=1134 uid=0 auid=1000 ses=1 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0 res=success'
type=USER_ACCT msg=audit(1410517707.530:353): pid=1139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantor=pam_unix,pam_localuser acct="rdieter1" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_START msg=audit(1410517707.531:354): pid=1139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantor=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rdieter1" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1410517707.539:355): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="user@1000" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_START msg=audit(1410517707.565:356): pid=1134 uid=0 auid=1000 ses=1 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantor=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_kwallet,pam_lastlog acct="rdieter1" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0 res=success'

Comment 2 Fedora Update System 2014-10-07 09:26:31 UTC
sddm-0.9.0-1.20141007git6a28c29b.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/sddm-0.9.0-1.20141007git6a28c29b.fc21

Comment 3 Fedora Update System 2014-10-07 09:27:34 UTC
sddm-0.9.0-1.20141007git6a28c29b.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/sddm-0.9.0-1.20141007git6a28c29b.fc20

Comment 4 Fedora Update System 2014-10-07 09:28:26 UTC
sddm-0.9.0-1.20141007git6a28c29b.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/sddm-0.9.0-1.20141007git6a28c29b.fc19

Comment 5 Fedora Update System 2014-10-08 18:57:56 UTC
Package sddm-0.9.0-1.20141007git6a28c29b.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sddm-0.9.0-1.20141007git6a28c29b.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-12308/sddm-0.9.0-1.20141007git6a28c29b.fc20
then log in and leave karma (feedback).

Comment 6 Branko Grubić 2014-10-17 12:33:17 UTC
This still doesn't work for me with sddm-0.9.0-2.20141007git6a28c29b.fc21.x86_64 after logging in, and networkmanager asks for opening kwallet, kwallet isn't opened by default?

Comment 7 Rex Dieter 2014-10-22 02:23:47 UTC
It's not working yet for me either, I'll dig some more to see if I can find out what's going wrong.

Comment 8 Orion Poplawski 2014-10-23 03:32:27 UTC
I'm pretty sure this was working for me for a while, but has stopped again recently.  However, sddm is started kwalletd:

sddm-helper(1039)─┬─kwalletd(1109)
                  ├─startkde(1114)─┬─kwrapper4(1354)
                  │                └─ssh-agent(1155)

But I end up with two kwalletd processes:

orion     1109  1039  0 21:17 ?        00:00:00 /usr/bin/kwalletd --pam-login 20 24
orion     1590     1  0 21:17 ?        00:00:00 kdeinit4: kwalletd [kdeinit]

$ grep -E 'wallet|ssh' .xsession-errors
klauncher(1277)/kio (KLauncher) KLauncher::processRequestReturn: "/bin/ssh-add" (pid 1562) up and running.
ksshaskpass(1563)/kdeui (Wallet) KWallet::Wallet::openWallet: Pass a valid window to KWallet::Wallet::openWallet().
klauncher(1277)/kio (KLauncher) KLauncher::processRequestReturn: "/bin/kwalletd" (pid 1589) up and running.
ksshaskpass(1563)/kdeui (Wallet) KWallet::KWalletDLauncher::getInterface: The kwalletd service has been registered
kwalletd(1590)/kdeui (Wallet) kdemain: kwalletd started
kwalletd(1590)/kdeui (Wallet) kdemain: Not pam login
kwalletd(1590) KWallet::Backend::setPassword: Setting useNewHash to true
kwalletd(1590) KWallet::Backend::openInternal: Wallet new enough, using new hash
kwalletd(1590)/kdeui (Wallet) KWalletD::setupDialog: Application ' "Ksshaskpass" ' using kwallet without parent window! 
kwalletd(1590) KWallet::Backend::setPassword: Setting useNewHash to true
kwalletd(1590) KWallet::Backend::openInternal: Wallet new enough, using new hash

So we may be facing a new bug, but I'm not sure where or what.  But ksshaskpass should have found the already opened wallet.

Comment 9 Orion Poplawski 2014-10-23 04:26:31 UTC
I've filed bug #1155873 for this new issue.

Comment 10 Fedora Update System 2014-10-28 06:46:38 UTC
sddm-0.9.0-2.20141007git6a28c29b.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2014-10-31 02:43:16 UTC
sddm-0.9.0-2.20141007git6a28c29b.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.