[Bug 850807] New: fprintd broken
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c0 Summary: fprintd broken Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: abonilla@suse.com QAContact: qa-bugs@suse.de Found By: Field Engineer Blocker: --- After a few attempts to get everything working fine, which did. I decided to upgrade all packages which brought me to a broken pam_fprintd # fprintd-enroll list_devices failed: Unit fprintd.service failed to load: No such file or directory. pam_fprint-32bit-0.2-19.1.x86_64 Fri Nov 15 21:56:09 2013 pam_fprint-0.2-19.1.x86_64 Fri Nov 15 21:56:09 2013 libfprint0-0.5.1-45.1.x86_64 Fri Nov 15 21:56:09 2013 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c zhang jiajun <jzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jzhang@suse.com AssignedTo|bnc-team-screening@forge.pr |ro@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c1 Jan Ritzerfeld <suse@bugs.jan.ritzerfeld.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse@bugs.jan.ritzerfeld.or | |g --- Comment #1 from Jan Ritzerfeld <suse@bugs.jan.ritzerfeld.org> 2013-11-19 19:20:22 UTC --- These are packages from the hardware repository, aren't they? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c2 --- Comment #2 from Alejandro Bonilla <abonilla@suse.com> 2013-11-20 01:00:45 UTC --- Yes - I sent a pull request already -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c3 --- Comment #3 from Ruediger Oertel <ro@suse.com> 2014-02-04 14:48:57 UTC --- well. factory has libfprint and pam_fprint in hardware we still have pam_fprint, but we also have the more recent fprintd which builds a fprintd-pam subpackage with the comment in the specfile: # do not obsolete pam_fprint until yast2-fingerprint-reader has been ported to fprintd #Obsoletes: pam_fprint < 0.2-7 #Provides: pam_fprint = %{version}-%{release} so this looks like yast2-fingerprint-reader needs porting first -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c4 --- Comment #4 from Ruediger Oertel <ro@suse.com> 2014-02-04 14:53:15 UTC --- yast2-fingerprint-reader was dropped by fate#313128 in August 2013, so we should drop "pam_fprint" from openSUSE:Factory now and add the obsoletes ... creating requests now -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
fprintd-list ro found 1 devices Device at /net/reactivated/Fprint/Device/0 Using device /net/reactivated/Fprint/Device/0 ListEnrolledFingers failed: Did not receive a reply. Possible causes include:
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c5 Ruediger Oertel <ro@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #5 from Ruediger Oertel <ro@suse.com> 2014-02-04 15:20:09 UTC --- added 32bit package for fprintd-pam to be able to run "pam-config --add --fprintd" enrolled finger-prints as root worked, listing and verifying as well. all do not work as user, what does need to happen with dbus policies here ? the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c6 Joachim Banzhaf <joachim.banzhaf@googlemail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joachim.banzhaf@googlemail. | |com --- Comment #6 from Joachim Banzhaf <joachim.banzhaf@googlemail.com> 2014-02-21 18:10:03 UTC --- Could you please elaborate on why working fprint yast module is removed before a working fprintd replacement exists? What is fate#313128 (I did not find that number in openSUSE Fate)? For anyone arriving here, pulling his hair because fprint authentication no longer works, like me: look here https://forums.opensuse.org/showthread.php/492941-Fingerprint-reader-configu... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c7 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|security-team@suse.de |ro@suse.com --- Comment #7 from Marcus Meissner <meissner@suse.com> 2014-04-02 06:32:42 UTC --- rudi, were there any messages in /var/log/messages dbus should report issues there, if a dialog did not pop up -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c8 Ruediger Oertel <ro@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|ro@suse.com | --- Comment #8 from Ruediger Oertel <ro@suse.com> 2014-07-01 23:28:36 UTC --- Created an attachment (id=596934) --> (http://bugzilla.novell.com/attachment.cgi?id=596934) screenshot I do get this popup, but even if I can enter the password, I can not click "Ok" after that, only cancel and then (or when doing nothing) I get: failed to claim device: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c9 Ruediger Oertel <ro@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |meissner@suse.com --- Comment #9 from Ruediger Oertel <ro@suse.com> 2014-07-01 23:29:18 UTC --- and no messages from dbus in system log -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c10 --- Comment #10 from Marcus Meissner <meissner@suse.com> 2014-07-04 11:43:41 UTC --- 13.1 has no fprintd ... whjere did you get this from? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c11 --- Comment #11 from Marcus Meissner <meissner@suse.com> 2014-07-04 13:29:11 UTC --- hardware/fprintd apparently -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c12 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|meissner@suse.com | --- Comment #12 from Marcus Meissner <meissner@suse.com> 2014-07-04 13:56:47 UTC --- a dup of bug 792095 in the end. we set the permissions too strict and Rudi, this happens because this dialog also wants to have the (root) fingerprint first :/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c13 --- Comment #13 from Sebastian Krahmer <krahmer@suse.com> 2014-07-14 12:47:22 UTC --- We can discuss whether enrolling is something that should be possible by users or admin-only (do not forget to include the fix http://bugzillafiles.novell.org/attachment.cgi?id=542285 in either case.) However I wonder that verify needs to be whitelisted for users, because fprintd is contacted via pam_fprint, which means the code that tries to verify the user already runs privileged via the PAM stack. So auth_admin:auth_admin:auth_admin should work at least. What might happen is that you try to authorize via sudo-like program and the PAM stack is running with euid=0 and uid=user so that the polkit stack is confused and returns 'user' when looking up the originator of the dbus-connection thats initiated by pam_fprint. In fact it should alredy return 'admin' as its triggered from the PAM stack during an already privileged operation. I'd try to check with my setup and if we can make a small fix for pam_fprint. If that doesnt work we have to relax the polkit rules :/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c14 Ruediger Oertel <ro@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |krahmer@suse.com --- Comment #14 from Ruediger Oertel <ro@suse.com> 2014-07-14 13:07:05 UTC --- please note that I'm talking about enrolling a fingerprint for a specific user (which means in the end writing a file in the home-directory structure of that user like /home/$USER/.fprint/$NUMBER1/$NUMBER2/$NUMBER3 , so why would we need admin privs for such a thing ?) this is like requiring admin privs when a normal user calls up "passwd" to change his password. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c15 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|krahmer@suse.com | --- Comment #15 from Sebastian Krahmer <krahmer@suse.com> 2014-07-15 08:32:17 UTC --- Ok, I am changing it to no:no:yes in our default privs. The fprints are stored in /var/lib/fprint however (pam_fprint vs. pam_fprintd) Please include above fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c16 --- Comment #16 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-07-15 11:00:12 CEST --- This is an autogenerated message for OBS integration: This bug (850807) was mentioned in https://build.opensuse.org/request/show/241022 Factory / polkit-default-privs -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c17 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #17 from Marcus Meissner <meissner@suse.com> 2014-07-15 09:13:09 UTC --- fixed for Factory -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com