[Bug 755603] New: The gnome keyring socket is not owned with the same credentials as the user login
https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c0 Summary: The gnome keyring socket is not owned with the same credentials as the user login Classification: openSUSE Product: openSUSE 12.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: mvyskocil@suse.com QAContact: qa-bugs@suse.de CC: vuntz@suse.com, vcizek@suse.com Found By: Development Blocker: --- Created an attachment (id=484752) --> (http://bugzilla.novell.com/attachment.cgi?id=484752) copy the credential checking code from git.gnome.org Running command via sudo fills my log errors as appears in $SUBJECT $ sudo ls Password: xxxx and then log contains following Apr 4 10:20:01 zelva sudo: The gnome keyring socket is not owned with the same credentials as the user login: /run/user/mvyskocil/keyring-5MIqXs/control Apr 4 10:20:01 zelva sudo: gkr-pam: couldn't unlock the login keyring. Apr 4 10:20:01 zelva sudo: mvyskocil : TTY=pts/5 ; PWD=/home/mvyskocil ; USER=root ; COMMAND=/usr/bin/ls Apr 4 10:20:01 zelva systemd[1]: Got D-Bus request: org.freedesktop.DBus.NameOwnerChanged() on /org/freedesktop/DBus However that's not true $ echo $GNOME_KEYRING_CONTROL /run/user/mvyskocil/keyring-5MIqXs $ ls -n $GNOME_KEYRING_CONTROL/* srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/control srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/gpg srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/pkcs11 srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/ssh $ id uid=10112(mvyskocil) gid=100(users) groups=100(users),10(wheel),33(video),41(xok),113(vboxusers),404(lighttpd),1194(vpn) $ id -u 10112 $ id -ru 10112 so the 10112 is my *real* id and keyring sockets are really owned by this id. $ cat /proc/$GNOME_KEYRING_PID/loginuid 10112 and even the process runs with the same uid, so there is really **no** surprise in my configuration. I did a bit more and copy the part of gnome-keyring-daemon, however even getsockopt returns the id 10112, like getuid does. $ ./creds uid=10112, geteuid()=10112 I would say the best way to debug would be patch gnome-keyring-daemon and print the values of uid and getuid on error, but I haven't a time to do that yet. BTW: as google returns most of suse related things for $SUBJ, I suspect some misconfiguration in our pam stack. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c1
--- Comment #1 from Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c2
--- Comment #2 from Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c3
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c4
--- Comment #4 from Guido Berhörster
unlocking the screensaver. So we need to at least add gnome-screensaver to the only_if. I don't know what services are used to authenticate when unlocking a screensaver on xfce and lxde. Guido, do you know?
Xfce/LXDE use xscreensaver by default whose pam service name is also "xscreensaver". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c5
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c6
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c7
Thorsten Kukuk
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c8
Joe Fidler
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c9
Dominique Leuenberger
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c10
Thorsten Kukuk
Thorsten,
Do you have any hints / pointers you can give to implement this? I'm assuming you won't have resources anytime soon, then it would be good to at least guide some willing volunteer on opensuse-factory on what needs to be done.
Look at the pam-config source code, it's in OBS, especially on mod_pam_gnome_keyring.c, and there at the different switch cases. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c11
Markus Elfring
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c12
Andreas Schneider
https://bugzilla.novell.com/show_bug.cgi?id=755603
https://bugzilla.novell.com/show_bug.cgi?id=755603#c13
Guido Berhörster
http://bugzilla.novell.com/show_bug.cgi?id=755603
Jia Ban Yovan Toh
participants (1)
-
bugzilla_noreply@novell.com