Created attachment 63230 [details] [review] pam_conv hack Enabling pam support on my machine results in this issue every time I successfully authenticate. I'm currently using sys-auth/polkit-0.106-r2 from gentoo. In my testing (which was by no means thorough) the pam_conv function was only being called upon *successful* authentication so I simply applied the attached patch to bypass the issue. https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/875402 http://linux.die.net/man/3/pam_conv
Looks like a problem with your PAM configuration - or my interpretation of how it works (in particular that pam_open_session() should not start a conversation). What does your /etc/pam.d/polkit-1 file (and the files it point to) look like?
Comment on attachment 63230 [details] [review] pam_conv hack Review of attachment 63230 [details] [review]: ----------------------------------------------------------------- ::: src/programs/pkexec.c.orig @@ +141,1 @@ > } I don't think it's right to return PAM_SUCCESS (we'd have to set resp to something) - does it work if you just return PAM_CONV_ERR ? It would also be helpful to try and print the arguments passed to the conversation function to get an idea of what it's trying to do...
Created attachment 63240 [details] system-login
Created attachment 63241 [details] system-auth
(In reply to comment #2) > I don't think it's right to return PAM_SUCCESS (we'd have to set resp to > something) - does it work if you just return PAM_CONV_ERR ? Seems to work as well. > > It would also be helpful to try and print the arguments passed to the > conversation function to get an idea of what it's trying to do... I'm pretty bad with C. Can you perhaps attach a patch with whatever you'd like to see printed out for me?
Travis, /etc/pam.d/polkit-1 should look like: #%PAM-1.0 auth include system-local-login account include system-local-login password include system-local-login session include system-local-login Since we pass: ./configure --with-pam-include=system-local-login And system-local-login looks like: auth include system-login account include system-login password include system-login session include system-login And system-login looks like what you pasted here but I don't see you attaching system-local-login here at all... Does that mean your /etc/pam.d/polkit-1 is referring system-login instead of system-local-login? In Gentoo we really need to use system-local-login to use proper modules from the sys-auth/pambase "Gentoo specific" package.
(In reply to comment #6) > Travis, /etc/pam.d/polkit-1 should look like: > > #%PAM-1.0 > > auth include system-local-login > account include system-local-login > password include system-local-login > session include system-local-login > > Since we pass: > > ./configure --with-pam-include=system-local-login > > And system-local-login looks like: > > auth include system-login > account include system-login > password include system-login > session include system-login > > And system-login looks like what you pasted here but I don't see you attaching > system-local-login here at all... Does that mean your /etc/pam.d/polkit-1 is > referring system-login instead of system-local-login? > > In Gentoo we really need to use system-local-login to use proper modules from > the sys-auth/pambase "Gentoo specific" package. Yes I have those. I simply left out the stuff that was only including other files. Hope it didn't cause too much confusion.
(In reply to comment #7) > Yes I have those. I simply left out the stuff that was only including other > files. Hope it didn't cause too much confusion. I ran 'diff -u' between my system-{auth,login} and your and the only difference is that I have pam_gnome_keyring.so in system-login like: auth optional pam_gnome_keyring.so [ ... snip ... ] session optional pam_gnome_keyring.so auto_start Otherwise our pam.d files are identical. It's working fine here so I don't understand :-/
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/polkit/polkit/issues/35.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.