Red Hat Bugzilla – Bug 1532820
Screen locks soon after smartcard login
Last modified: 2018-05-17 10:39:45 EDT
Created attachment 1379243 [details] /var/log/messages during screen lock Description of problem: Screen locks soon after smartcard login Version-Release number of selected component (if applicable): gnome-session-3.26.1-8.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Enable Smartcard authentication and Screen lock on smartcard removal options in authconfig UI 2. Login using smartcard 3. Actual results: Screen locks soon after login Expected results: Should take to the desktop screen soon after login Additional info: Attaching /var/log/messages
can you try the same steps in a fresh 7.4 install and confirm the problem doesn't happen in that release?
(In reply to Ray Strode [halfline] from comment #3) > can you try the same steps in a fresh 7.4 install and confirm the problem > doesn't happen in that release? I do not see this issue on RHEL 7.4
https://bugzilla.redhat.com/show_bug.cgi?id=1450176 was a similar is a similar bug that was detected and fixed in RHEL 7.4
I'm seeing this in 7.5 beta, but I also had it in 7.4. In 7.4 it started quite recently, in the last couple of weeks or so, running gnome-shell-3.22.3-17. I haven't had any relevant updates on my machine except the meltdown/spectre patches, so I don't know what made the issue arise so suddenly. I can't really see in the logs either what causes it, so I can't pinpoint exactly when it started to happen.
I can add that I have colleagues that do not see this in 7.4, but in 7.5 it seems to happen to everyone.
Created attachment 1394005 [details] smartcard: Wait until smartcards are inspected before locking screen There's a race condition in the code where we check if the screen should be locked (because the smartcard is removed) before we necessarly check the smartcard's insertion status. This commit fixes the race by iterating through all smartcards at startup and checking their status explicitly.
Created attachment 1394007 [details] smartcard: handle a smartcard getting removed very shortly after login Right now we depend on the smartcard used at login time to be inserted, at least long enough to read some basic stats about it. This assumption, of course doesn't necessarly need to hold true. A user could remove the smartcard immediately after login and we would misreport that the card wasn't used for login at all. This commit addresses that edge case by creating a login_token smartcard alias object that's around even if the login token isn't. Once the login token does show up it gets synchronized with it, so both object paths refer to the same underlying token.
roshni can you quack?
Could you ask someone from Desktop QE to ACK?
i guess so, but you usually ack smartcard bugs and you filed this one... tpelka do you mind?
(In reply to Ray Strode [halfline] from comment #16) > i guess so, but you usually ack smartcard bugs and you filed this one... > > tpelka do you mind? Ack, assuming Roshni will verify.
Yes I can verify this bug.
(In reply to Roshni from comment #18) > Yes I can verify this bug. Thanks please go ahead.
[root@dhcp129-188 nssdb]# rpm -qi gnome-settings-daemon Name : gnome-settings-daemon Version : 3.26.2 Release : 8.el7 Architecture: x86_64 Install Date: Mon 12 Feb 2018 03:39:19 PM EST Group : Unspecified Size : 5409618 License : GPLv2+ Signature : (none) Source RPM : gnome-settings-daemon-3.26.2-8.el7.src.rpm Build Date : Mon 12 Feb 2018 12:21:54 PM EST Build Host : x86-040.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : https://download.gnome.org/sources/gnome-settings-daemon Summary : The daemon sharing settings from GNOME to GTK+/KDE applications I do not see the issue in the bug description with this build.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0770