After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 726245 - useradd fails to find pam_sm_close_session
useradd fails to find pam_sm_close_session
Status: RESOLVED FIXED
Product: gnome-keyring
Classification: Core
Component: pam
3.11.x
Other Linux
: Normal critical
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on:
Blocks: 726196
 
 
Reported: 2014-03-13 14:13 UTC by Vadim Rutkovsky
Modified: 2014-03-14 14:43 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
pam: Export a pam_sm_close_session() function entry point (983 bytes, patch)
2014-03-13 19:28 UTC, Stef Walter
committed Details | Review
pam: Allow unlock_keyring() to be called with a NULL password (842 bytes, patch)
2014-03-13 19:32 UTC, Stef Walter
none Details | Review
pam: Allow unlock_keyring() to be called with a NULL password (2.50 KB, patch)
2014-03-13 19:44 UTC, Stef Walter
committed Details | Review

Description Vadim Rutkovsky 2014-03-13 14:13:10 UTC
Commit https://git.gnome.org/browse/gnome-keyring/commit/?id=90a3ae6656960b36a1d2277f336222bd49d5eece has broken autologin on build.gnome.org, from http://build.gnome.org/continuous/buildmaster/builds/2014/03/12/28/smoketest/work-gnome-continuous-x86_64-runtime/journal.txt:

systemd: PAM unable to resolve symbol: pam_sm_close_session
systemd: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
systemd: Started User Manager for UID 82.
gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0)
gdm-session-worker: gdm-launch-environment]: ../pam/gkr-pam-module.c:632: unlock_keyring: Assertion `password' failed.
gdm: Freeing conversation 'gdm-launch-environment' with active job
Comment 1 Colin Walters 2014-03-13 19:23:14 UTC
I think the symbol thing is innocuous; the real error is:

gdm-session-worker: gdm-launch-environment]: ../pam/gkr-pam-module.c:632:
unlock_keyring: Assertion `password' failed.
Comment 2 Stef Walter 2014-03-13 19:28:18 UTC
Created attachment 271782 [details] [review]
pam: Export a pam_sm_close_session() function entry point

Some PAM callers want this even though we don't do anything
interesting in here.
Comment 3 Stef Walter 2014-03-13 19:32:29 UTC
Created attachment 271783 [details] [review]
pam: Allow unlock_keyring() to be called with a NULL password

This happens when doing auto-login. The various side effects
of unlock_keyring (including setting *need_daemon) are valuable
even in the cases where password is NULL.

http://bugzilla.gnome.org/show_bug.cgi?id=726245
Comment 4 Stef Walter 2014-03-13 19:44:01 UTC
Created attachment 271784 [details] [review]
pam: Allow unlock_keyring() to be called with a NULL password

This happens when doing auto-login. The various side effects
of unlock_keyring (including setting *need_daemon) are valuable
even in the cases where password is NULL.

Add a test that checks that the daemon starts as expected when
the user did not authenticate.

http://bugzilla.gnome.org/show_bug.cgi?id=726245
Comment 5 Stef Walter 2014-03-14 10:28:08 UTC
Vadim, are you able to give these patches a test?
Comment 6 Vadim Rutkovsky 2014-03-14 14:36:10 UTC
Review of attachment 271782 [details] [review]:

Tested this on my gnome-continuous instance - the error about the missing symbol is gone
Comment 7 Vadim Rutkovsky 2014-03-14 14:36:17 UTC
Review of attachment 271784 [details] [review]:

Tested this on my gnome-continuous instance - user with empty password logs in correctly
Comment 8 Stef Walter 2014-03-14 14:43:32 UTC
Attachment 271782 [details] pushed as d1c549a - pam: Export a pam_sm_close_session() function entry point
Comment 9 Stef Walter 2014-03-14 14:43:48 UTC
Attachment 271784 [details] pushed as ce8b568 - pam: Allow unlock_keyring() to be called with a NULL password