[Bug 213598] New: xdm does not use PAM / pam_resmgr ?
https://bugzilla.novell.com/show_bug.cgi?id=213598 Summary: xdm does not use PAM / pam_resmgr ? Product: openSUSE 10.2 Version: Alpha 5 plus Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: X.Org AssignedTo: sndirsch@novell.com ReportedBy: dmueller@novell.com QAContact: sndirsch@novell.com Hi, when logging in with xdm, resmgr doesn't get told about the new session. apparently pam_resmgr is not used, even though it is listed in /etc/pam.d/xdm -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |dmueller@novell.com ------- Comment #1 from sndirsch@novell.com 2006-10-19 07:56 MST ------- Do you see the same errors in /var/log/xdm.errors or is this unrelated? xdm error (pid 6318): pam_authenticate failure: User not known to the underlying authentication module xdm error (pid 6318): pam_authenticate failure: Authentication failure -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|dmueller@novell.com | ------- Comment #2 from dmueller@novell.com 2006-10-19 10:10 MST ------- No, I don't see such messages in the xdm logfile. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |dmueller@novell.com ------- Comment #3 from sndirsch@novell.com 2006-10-23 05:19 MST ------- How did you figure out that pam_resmgr is not used. What should have happened, when it would have been used, i.e. how can I reproduce this issue? Honestly I have no idea of PAM in general. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #4 from lnussel@novell.com 2006-10-23 05:26 MST ------- to find out whether pam_resmgr talks to resmgrd you can kill resmgrd and run it with "resmgr -d" in a terminal. It dumps all communication to stdout then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #5 from dmueller@novell.com 2006-10-23 05:48 MST ------- I found out about the issue because I don't have access to my sound hardware anymore after logging in with xdm of 7.2. it worked fine before. some debugging with the help of Ludwig showed that apparently pam_resmgr is not used, aka /etc/pam.d/xdm doesn't seem to be used at all. maybe it tries to use something else which isn't there, or maybe it doesn't use anything at all, I have no idea how to debug this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|dmueller@novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mc@novell.com, kukuk@novell.com ------- Comment #6 from dmueller@novell.com 2006-10-23 05:48 MST ------- any idea how to trace this? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #7 from kukuk@novell.com 2006-10-23 06:00 MST ------- Enable debug option with pam-config (pam-config --pam-debug) and look what is called by xdm and what not. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #8 from kukuk@novell.com 2006-10-23 06:03 MST ------- Current xdm in STABLE is not calling pam_start (it has not even a reference to it). So it looks like it is not using PAM at all anymore? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |lnussel@novell.com ------- Comment #9 from dmueller@novell.com 2006-10-23 06:46 MST ------- it seems according to pam-config --pam-debug it does use PAM. so it looks like pam_resmgr is for some reason not working. could it be that it gets the wrong tty or similar? is there some debug option in pam_resmgr? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #10 from dmueller@novell.com 2006-10-23 06:46 MST ------- Oct 23 14:39:20 oldboy : pam_unix2(xdm:auth): pam_sm_authenticate() called Oct 23 14:39:20 oldboy : pam_unix2(xdm:auth): user=1, password=1, at_same_time=1 Oct 23 14:39:26 oldboy : pam_unix2(xdm:auth): username=[dmueller] Oct 23 14:39:26 oldboy : pam_unix2(xdm:auth): wrong password, return PAM_AUTH_ERR Oct 23 14:39:26 oldboy : pam_unix2(xdm:account): pam_sm_acct_mgmt() called Oct 23 14:39:26 oldboy : pam_unix2(xdm:account): username=[dmueller] Oct 23 14:39:26 oldboy : pam_unix2(xdm:setcred): pam_sm_setcred() called Oct 23 14:39:26 oldboy : pam_unix2(xdm:setcred): username=[dmueller] Oct 23 14:39:26 oldboy : pam_unix2(xdm:setcred): pam_sm_setcred: PAM_SUCCESS Oct 23 14:39:26 oldboy : pam_unix2(xdm:session): session started for user dmueller, service xdm Oct 23 14:39:26 oldboy : pam_unix2(xdm:setcred): pam_sm_setcred() called Oct 23 14:39:26 oldboy : pam_unix2(xdm:setcred): username=[dmueller] Oct 23 14:39:26 oldboy : pam_unix2(xdm:setcred): pam_sm_setcred: PAM_SUCCESS -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|lnussel@novell.com | ------- Comment #11 from lnussel@novell.com 2006-10-23 06:58 MST ------- it doesn't have debug options. Now that you mention it indeed there are some cases where pam_resmgr silently exits. Normally it logs any kind of failure via syslog LOG_WARNING. I'm going to fix that independent of this bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|xdm does not use PAM / |xdm sets PAM_TTY=NULL which is incompatible with |pam_resmgr ? |resmgr ------- Comment #12 from lnussel@novell.com 2006-10-23 08:59 MST ------- You were right, xdm sets PAM_TTY=NULL but resmgr needs a tty string to work with. In case of xdm the tty should be set to $DISPLAY -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mhopf@novell.com, eich@novell.com Priority|P5 - None |P2 - High ------- Comment #13 from sndirsch@novell.com 2006-10-23 21:35 MST ------- Argh. PAM conversation has been rewritten between xdm 1.0.5 and 1.1.0 by Alan Coopersmith. :-( Changelog: Sun bug 6459557: remote logins to xdm fail since recent PAM fixes http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6459557 When stripping :<display> off the end of the display name so that we can pass the remote hostname to PAM, make sure we modify the copy we made for PAM, not the original which is used to set $DISPLAY for the session being created. I think I should go back to xdm 1.0.5 for Beta1. Not sure what to do for the future ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |dmueller@novell.com ------- Comment #14 from sndirsch@novell.com 2006-10-24 02:03 MST -------
I think I should go back to xdm 1.0.5 for Beta1. done.
Could you please test again with xorg-x11 package in /work/built/mbuild/shannon-sndirsch-105? Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #15 from lnussel@novell.com 2006-10-24 02:33 MST ------- Created an attachment (id=102410) --> (https://bugzilla.novell.com/attachment.cgi?id=102410&action=view) patch to set PAM_TTY The link you posted is unrelated to the problem, the just used strrchr() on the wrong variable. AFAICS all that's missing is a pam_set_item call. This (untested) patch adds it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
grep "implicit de" /work/built/dists/all/i386/packs-i386/xorg-x11/xorg-x11-7.2/Logfile.xorg-x11.spec
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #16 from lnussel@novell.com 2006-10-24 02:38 MST ------- There are quite some implicit declaration warnings in the build log btw: menus.c:2377: warning: implicit declaration of function 'putenv' Login.c:608: warning: implicit declaration of function 'strdup' Login.c:608: warning: incompatible implicit declaration of built-in function 'strdup' Login.c:681: warning: incompatible implicit declaration of built-in function 'strdup' Login.c:1562: warning: implicit declaration of function 'strcasecmp' greet.c:529: warning: implicit declaration of function 'strdup' greet.c:529: warning: incompatible implicit declaration of built-in function 'strdup' greet.c:737: warning: incompatible implicit declaration of built-in function 'strdup' xdmshell.c:88: warning: implicit declaration of function 'vfork' os/config.c:667: warning: implicit declaration of function 'SnfSetFormat' io.c:1036: warning: implicit declaration of function 'swab' GetUrl.c:129: warning: implicit declaration of function '_HttpTransOpenCOTSClient' GetUrl.c:132: warning: implicit declaration of function '_HttpTransConnect' NewNDest.c:69: warning: implicit declaration of function 'waitpid' -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #17 from sndirsch@novell.com 2006-10-24 02:53 MST ------- Well, that was the changelog, which matches best the changes between 1.0.5 and 1.1.0. It might be unrelated though. When diffing 1.0.5 and 1.10 you can see, that "pam_set_item(*pamhp, PAM_TTY, d->name);" has been used before and has been removed completely - (hopefully) being replaced by some other mechanism? I've added your patch (to 1.1.0) and will provide packages for testing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #18 from sndirsch@novell.com 2006-10-24 03:00 MST ------- (In reply to comment #17)
I've added your patch (to 1.1.0) and will provide packages for testing.
--> /work/built/mbuild/shannon-sndirsch-106 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #19 from lnussel@novell.com 2006-10-24 03:43 MST ------- works fine for me now. Maybe the call was removed by accident, there is no alternative way to set it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #20 from sndirsch@novell.com 2006-10-24 03:48 MST ------- (In reply to comment #19)
works fine for me now. Ok.
Maybe the call was removed by accident I don't think so. :-( I'll attach the diff between 1.0.5 and 1.1.0.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #21 from sndirsch@novell.com 2006-10-24 03:51 MST ------- Created an attachment (id=102413) --> (https://bugzilla.novell.com/attachment.cgi?id=102413&action=view) xdm-105_110.diff Diff between xdm 1.0.5 and 1.1.0 (JFYI). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #22 from sndirsch@novell.com 2006-10-24 03:55 MST ------- It would be very interesting for me to know if the new xorg-x11 packages in /work/built/mbuild/shannon-sndirsch-105 /work/built/mbuild/shannon-sndirsch-106 work both. I can't see any differences between the current xorg-x11 from STABLE and the new xorg-x11 packages. My /dev/snd/* devices are always set to root.audio (with write permissions for root and audio), which isn't a problem for me since my user is in group audio. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|dmueller@novell.com | ------- Comment #23 from lnussel@novell.com 2006-10-24 04:17 MST ------- Maybe you have additional problems with hal or something. Check whether "/sbin/resmgr classes" outputs anything instead. The owner of the device files will not change anyways, hal-resmgr installs ACLs instead you can see it using e.g. "getfacl /dev/dsp". Both builds work. The newer xdm looks like it has better pam support indeed though. It also doesn't set PAM_RHOST to an empty string which was weird behavior IMHO. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #24 from dmueller@novell.com 2006-10-24 04:21 MST ------- the patched xdm from Ludwig works fine with me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #25 from sndirsch@novell.com 2006-10-24 04:25 MST ------- Ok. Let's go with xdm 1.1.0 (as it is in STABLE now) + Ludwig's patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 ------- Comment #26 from sndirsch@novell.com 2006-10-24 06:27 MST ------- (In reply to comment #23)
Maybe you have additional problems with hal or something.
I killed resmgrd before to check all communcations with "resmgrd -d" and forgot about no longer running it.
Check whether "/sbin/resmgr classes" outputs anything instead.
Looks good now: # sbin/resmgr classes desktop dvb v4l sound video input cdrom floppy usb camera scanner pda audioplayer desktop-console
The owner of the device files will not change anyways, hal-resmgr installs ACLs instead you can see it using e.g. "getfacl /dev/dsp".
getfacl /dev/snd/* mentions it writable for sndirsch. Good.
Both builds work. The newer xdm looks like it has better pam support indeed though. It also doesn't set PAM_RHOST to an empty string which was weird behavior IMHO.
Yes, this has been one of the changes to no longer set PAM_RHOST at all. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213598 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #27 from sndirsch@novell.com 2006-10-24 06:31 MST ------- fixed for buildservice and STABLE (openSUSE 10.2 Beta2). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com