mcdope
Login on tty is looping
Which version of pam_usb are you running?
0.8.3
Which distribution are you using?
Fedora 37
Which login manager and desktop environment are you using?
lightdm and gnome-shell 43.3
What happened?
On tty login is drops me back to login again
Output of "pamusb-check --debug whoami"
pamusb-check --debug `whoami`
* Authentication request for user "rex" (pamusb-check)
[src/local.c:223] deny_remote is disabled. Skipping local check.
[src/device.c:038] Searching for "adata" in the hardware database...
* Authentication device "adata" is connected.
* Performing one time pad verification...
[src/volume.c:098] Searching for volume with uuid C624-FEB6.
[src/volume.c:123] Found mount points: /run/media/rex/USB-UV128
[src/volume.c:138] Found volume C624-FEB6.
[src/volume.c:165] Volume C624-FEB6 is already mounted.
[src/pad.c:326] Loading device pad...
[src/pad.c:336] Loading system pad...
[src/pad.c:352] Pad match.
[src/pad.c:187] Checking whether pads are expired or not...
[src/pad.c:215] Pads were generated 697 seconds ago, not updating.
* Access granted.
Output of "w"
w
19:08:11 up 9 min, 1 user, load average: 2.26, 2.60, 1.53
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
rex tty1 19:00 8:51 21.34s 0.09s /usr/libexec/gnome-session-binary
Output of "loginctl"
loginctl
SESSION UID USER SEAT TTY
6 1000 rex seat0
1 sessions listed.
Interesting, this was already fixed once. Seems it sneaked back in - though the fix back then was more a workaround anyway. Also interesting: it happens for you with deny_remote disabled - back then it was CAUSED by the local check (at least it seemed like that).
Works for me on Debian and Fedora though, using a current development build of pam_usb. How did you install pam_usb, from source or via my RPM?
There are currently two "experimental" (like in "needs feedback") dev builds available:
- https://www.dropbox.com/sh/h5qxy3kyr12ymq3/AACKxDpJvIsUdYCXuj0EbYUKa?dl=0 for #184
- https://www.dropbox.com/sh/008urzj2wpr7ir8/AADESu6gDcTEkLCpb5FFqReYa?dl=0 for #196
You could try if either of them fixes your problem. But I assume not since you already have deny_remote disabled.
Interesting, this was already fixed once. Seems it sneaked back in - though the fix back then was more a workaround anyway. Also interesting: it happens for you with deny_remote disabled - back then it was CAUSED by the local check (at least it seemed like that).
Works for me on Debian and Fedora though, using a current development build of pam_usb. How did you install pam_usb, from source or via my RPM?
It was from source ,simple make install
There are currently two "experimental" (like in "needs feedback") dev builds available:
- https://www.dropbox.com/sh/h5qxy3kyr12ymq3/AACKxDpJvIsUdYCXuj0EbYUKa?dl=0 for [Refactor] Remove whitelist, replace with default service definitions #184
- https://www.dropbox.com/sh/008urzj2wpr7ir8/AADESu6gDcTEkLCpb5FFqReYa?dl=0 for [Local check] Improve loginctl handling #196
You could try if either of them fixes your problem. But I assume not since you already have deny_remote disabled.
Thanks ,but just like you said the problem is slill there.But the builds seemed to work just fine except for in tty in may case.
Do you know what this means,
libdisks2-CRITICAL: 10/251.666: udisks_client_get_object manager: assertion 'UDISKS IS CLIENT (client)' failed
It shows up for a fraction of a second before it drops me back to login ??
That will most likely be caused by device.c:31, calling https://github.com/storaged-project/udisks/blob/e52bca0c06e7f46e3563a27cb7da115c12be6c11/udisks/udisksclient.c#L578
Never seen that one. You have dbus running, right?
Am Mo., 20. März 2023 um 10:42 Uhr schrieb Rex Ackermann < @.***>:
Do you know what this means,
libdisks2-CRITICAL: 10/251.666: udisks_client_get_object manager: assertion 'UDISKS IS CLIENT (client)' failed
It shows up for a fraction of a second before it drops me back to login ??
— Reply to this email directly, view it on GitHub https://github.com/mcdope/pam_usb/issues/199#issuecomment-1475907106, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZI2UYV2GHKR4STKWNTHV3W5AQ7HANCNFSM6AAAAAAWADLKSM . You are receiving this because you commented.Message ID: @.***>
There was a similar thing last year, but it was in gui and with weird software. https://github.com/mcdope/pam_usb/issues/141
Maybe it's the same issue, back then I never found a proper cause or solution.
Am Mo., 20. März 2023 um 11:15 Uhr schrieb Tobias Bäumer < @.***>:
That will most likely be caused by device.c:31, calling https://github.com/storaged-project/udisks/blob/e52bca0c06e7f46e3563a27cb7da115c12be6c11/udisks/udisksclient.c#L578
Never seen that one. You have dbus running, right?
Am Mo., 20. März 2023 um 10:42 Uhr schrieb Rex Ackermann < @.***>:
Do you know what this means,
libdisks2-CRITICAL: 10/251.666: udisks_client_get_object manager: assertion 'UDISKS IS CLIENT (client)' failed
It shows up for a fraction of a second before it drops me back to login ??
— Reply to this email directly, view it on GitHub https://github.com/mcdope/pam_usb/issues/199#issuecomment-1475907106, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZI2UYV2GHKR4STKWNTHV3W5AQ7HANCNFSM6AAAAAAWADLKSM . You are receiving this because you commented.Message ID: @.***>
Do you happen to have SELinux installed? If so: how is it configured?
I've found some posts mentioning dbus issues caused by it for some processes.
Am Mo., 20. März 2023 um 11:56 Uhr schrieb Tobias Bäumer < @.***>:
There was a similar thing last year, but it was in gui and with weird software. https://github.com/mcdope/pam_usb/issues/141
Maybe it's the same issue, back then I never found a proper cause or solution.
Am Mo., 20. März 2023 um 11:15 Uhr schrieb Tobias Bäumer < @.***>:
That will most likely be caused by device.c:31, calling https://github.com/storaged-project/udisks/blob/e52bca0c06e7f46e3563a27cb7da115c12be6c11/udisks/udisksclient.c#L578
Never seen that one. You have dbus running, right?
Am Mo., 20. März 2023 um 10:42 Uhr schrieb Rex Ackermann < @.***>:
Do you know what this means,
libdisks2-CRITICAL: 10/251.666: udisks_client_get_object manager: assertion 'UDISKS IS CLIENT (client)' failed
It shows up for a fraction of a second before it drops me back to login ??
— Reply to this email directly, view it on GitHub https://github.com/mcdope/pam_usb/issues/199#issuecomment-1475907106, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZI2UYV2GHKR4STKWNTHV3W5AQ7HANCNFSM6AAAAAAWADLKSM . You are receiving this because you commented.Message ID: @.***>
Please recompile & install from branch issue-199-tty-login. It's master + a commit adding error catching on udisks client creation and output of the error received.
This won't fix your problem, but at least tell us what's the cause.
Do you happen to have SELinux installed? If so: how is it configured? I've found some posts mentioning dbus issues caused by it for some processes. Am Mo., 20. März 2023 um 11:56 Uhr schrieb Tobias Bäumer < @.>: … There was a similar thing last year, but it was in gui and with weird software. #141 Maybe it's the same issue, back then I never found a proper cause or solution. Am Mo., 20. März 2023 um 11:15 Uhr schrieb Tobias Bäumer < @.>: > That will most likely be caused by device.c:31, calling > https://github.com/storaged-project/udisks/blob/e52bca0c06e7f46e3563a27cb7da115c12be6c11/udisks/udisksclient.c#L578 > > Never seen that one. You have dbus running, right? > > Am Mo., 20. März 2023 um 10:42 Uhr schrieb Rex Ackermann < > @.>: > >> Do you know what this means, >> >> libdisks2-CRITICAL: 10/251.666: udisks_client_get_object manager: >> assertion 'UDISKS IS CLIENT (client)' failed >> >> It shows up for a fraction of a second before it drops me back to login >> ?? >> >> — >> Reply to this email directly, view it on GitHub >> <#199 (comment)>, >> or unsubscribe >> https://github.com/notifications/unsubscribe-auth/AAZI2UYV2GHKR4STKWNTHV3W5AQ7HANCNFSM6AAAAAAWADLKSM >> . >> You are receiving this because you commented.Message ID: >> @.> >> >
It's in enforcing.
Please recompile & install from branch
issue-199-tty-login. It'smaster+ a commit adding error catching on udisks client creation and output of the error received.This won't fix your problem, but at least tell us what's the cause.
Okay ,but how do I get the Output ? The tty loops.
It's SELinux ,setting it to permissive does the trick.Do you know how to give permission through SELinux.It would be nice to know and thanks for the support @mcdope .
Ha nice, guess I have changed that in my Fedora VM already earlier - cant remember lol.
Actually, no - i got no clue. Never fiddled with SELinux and in fact i actively avoid it for my own systems. But will look into it.
For installs from source I guess I can only add documentation, but for the rpm it should be possible to ship a config i guess.
Thank you very much for the help debugging this!
Am Di., 21. März 2023 um 14:58 Uhr schrieb Rex Ackermann < @.***>:
It's SELinux ,setting it to permissive does the trick.Do you know how to give permission through SELinux.It would be nice to know and thanks for the support @mcdope https://github.com/mcdope .
— Reply to this email directly, view it on GitHub https://github.com/mcdope/pam_usb/issues/199#issuecomment-1477887061, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZI2U6U7MQ6UKSFHNVDGEDW5GX2FANCNFSM6AAAAAAWADLKSM . You are receiving this because you were mentioned.Message ID: @.***>
FYI: A proper fix / SELinux config will be researched and implemented in #201.
Re-opening, since clearly there is more then SELinux involved here. I've managed to repro this on my main machine even with deny_remote on and successfully validating "localness"...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Authentication request for user "mcdope" (login)
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Checking whether the caller (login) is local or not...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011Checking pid 37820 (/bin/login)...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011Checking pid 1 (/sbin/init)...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011Trying to check for remote access by loginctl
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011'loginctl' returned nothing.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011Trying to get tty by loginctl
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011'loginctl' returned nothing.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011Failed, could not obtain tty from loginctl - see line before this for reason.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011Fallback: Using TTY /dev/tty4 from ttyname() for search
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011utmp entry for tty "tty4" found
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011#011utmp->ut_pid: 37820
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011#011utmp->ut_user: LOGIN
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011Checking utmp->ut_addr_v6[0]
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011Checking utmp->ut_addr_v6[1]
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011Checking utmp->ut_addr_v6[2]
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011#011Checking utmp->ut_addr_v6[3]
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: #011utmp check successful, request originates from a local source!
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: No remote access detected, seems to be local request - allowing.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Searching for "verbatim" in the hardware database...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Authentication device "verbatim" is connected.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Performing one time pad verification...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Searching for volume with uuid 4A5C9565274EA95D.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Found mount points: /media/mcdope/STORENGO
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Found volume 4A5C9565274EA95D.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Volume 4A5C9565274EA95D is already mounted.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Loading device pad...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Loading system pad...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Pad match.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Checking whether pads are expired or not...
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Pads were generated 1310 seconds ago, not updating.
Mar 23 16:27:55 pc-tobi-desktop pam_usb[37820]: Access granted.
Mar 23 16:27:55 pc-tobi-desktop login[37820]: pam_unix(login:session): session opened for user mcdope(uid=1000) by LOGIN(uid=0)
Mar 23 16:27:55 pc-tobi-desktop systemd-logind[1889]: New session 7 of user mcdope.
Mar 23 16:27:55 pc-tobi-desktop login[37820]: pam_unix(login:session): session closed for user mcdope
Mar 23 16:27:55 pc-tobi-desktop systemd-logind[1889]: Session 7 logged out. Waiting for processes to exit.
Mar 23 16:27:55 pc-tobi-desktop systemd-logind[1889]: Removed session 7.
But actually it seems like it's pam_unix in this case which terminates the session...
From syslog: maybe pam_usb crashes getty?
Mar 23 18:01:18 pc-tobi-desktop rtkit-daemon[2323]: Supervising 6 threads of 3 processes of 1 users.
Mar 23 18:01:18 pc-tobi-desktop systemd[1]: [email protected]: Deactivated successfully.
Mar 23 18:01:18 pc-tobi-desktop systemd[1]: [email protected]: Scheduled restart job, restart counter is at 2.
Mar 23 18:01:18 pc-tobi-desktop systemd[1]: Stopped Getty on tty4.
Mar 23 18:01:18 pc-tobi-desktop systemd[1]: Started Getty on tty4.
Mar 23 18:01:18 pc-tobi-desktop systemd[1]: session-5.scope: Deactivated successfully.
Mar 23 18:01:18 pc-tobi-desktop rtkit-daemon[2323]: Successfully made thread 19229 of process 3510 owned by '1000' RT at priority 5.
Mar 23 18:01:18 pc-tobi-desktop rtkit-daemon[2323]: Supervising 7 threads of 3 processes of 1 users.
Mar 23 18:01:22 pc-tobi-desktop systemd[1]: Started Session 6 of User mcdope.
Mar 23 18:01:22 pc-tobi-desktop systemd[1]: [email protected]: Deactivated successfully.
Mar 23 18:01:22 pc-tobi-desktop systemd[1]: [email protected]: Scheduled restart job, restart counter is at 3.
Mar 23 18:01:22 pc-tobi-desktop systemd[1]: Stopped Getty on tty4.
Mar 23 18:01:22 pc-tobi-desktop systemd[1]: Started Getty on tty4.
Mar 23 18:01:22 pc-tobi-desktop systemd[1]: session-6.scope: Deactivated successfully.
Fail with user having a device, success with user not having a device.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Checking whether the caller (login) is local or not...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011Checking pid 50869 (/bin/login)...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011Checking pid 1 (/sbin/init)...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011Trying to check for remote access by loginctl
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011'loginctl' returned nothing.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011Trying to get tty by loginctl
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011'loginctl' returned nothing.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011Failed, could not obtain tty from loginctl - see line before this for reason.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011Fallback: Using TTY /dev/tty4 from ttyname() for search
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011utmp entry for tty "tty4" found
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011#011utmp->ut_pid: 50869
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011#011utmp->ut_user: LOGIN
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011Checking utmp->ut_addr_v6[0]
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011Checking utmp->ut_addr_v6[1]
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011Checking utmp->ut_addr_v6[2]
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011#011Checking utmp->ut_addr_v6[3]
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: #011utmp check successful, request originates from a local source!
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: No remote access detected, seems to be local request - allowing.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Searching for "verbatim" in the hardware database...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Authentication device "verbatim" is connected.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Performing one time pad verification...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Searching for volume with uuid 4A5C9565274EA95D.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Found mount points: /media/mcdope/STORENGO
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Found volume 4A5C9565274EA95D.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Volume 4A5C9565274EA95D is already mounted.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Loading device pad...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Loading system pad...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Pad match.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Checking whether pads are expired or not...
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Pads were generated 3234 seconds ago, not updating.
Mar 23 18:42:08 pc-tobi-desktop pam_usb[50869]: Access granted.
Mar 23 18:42:08 pc-tobi-desktop login[50869]: pam_unix(login:session): session opened for user mcdope(uid=1000) by LOGIN(uid=0)
Mar 23 18:42:08 pc-tobi-desktop systemd-logind[1891]: New session 17 of user mcdope.
Mar 23 18:42:08 pc-tobi-desktop login[50869]: pam_unix(login:session): session closed for user mcdope
Mar 23 18:42:08 pc-tobi-desktop systemd-logind[1891]: Session 17 logged out. Waiting for processes to exit.
Mar 23 18:42:08 pc-tobi-desktop systemd-logind[1891]: Removed session 17.
Mar 23 18:42:09 pc-tobi-desktop gdm-password][3486]: accountsservice: ActUserManager: sending user-changed signal for user mcdope
Mar 23 18:42:09 pc-tobi-desktop gdm-password][3486]: accountsservice: ActUserManager: sent user-changed signal for user mcdope
Mar 23 18:42:09 pc-tobi-desktop gdm-password][3486]: accountsservice: ActUserManager: updating user mcdope
Mar 23 18:42:09 pc-tobi-desktop gdm-password][3486]: accountsservice: ActUserManager: sending user-changed signal for user mcdope
Mar 23 18:42:09 pc-tobi-desktop gdm-password][3486]: accountsservice: ActUserManager: sent user-changed signal for user mcdope
Mar 23 18:42:09 pc-tobi-desktop gdm-password][3486]: accountsservice: ActUserManager: updating user mcdope
Mar 23 18:42:40 pc-tobi-desktop pam_usb[51005]: No authentication device configured for user "wrp".
Mar 23 18:42:40 pc-tobi-desktop login[51005]: pam_unix(login:auth): username [wrp] obtained
Mar 23 18:42:42 pc-tobi-desktop login[51005]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty4 ruser= rhost= user=wrp
Mar 23 18:42:46 pc-tobi-desktop login[51005]: FAILED LOGIN (1) on '/dev/tty4' FOR 'wrp', Authentication failure
Mar 23 18:42:48 pc-tobi-desktop pam_usb[51005]: No authentication device configured for user "wrp".
Mar 23 18:42:48 pc-tobi-desktop login[51005]: pam_unix(login:auth): username [wrp] obtained
Mar 23 18:42:50 pc-tobi-desktop login[51005]: pam_unix(login:session): session opened for user wrp(uid=1001) by LOGIN(uid=0)
Mar 23 18:42:50 pc-tobi-desktop systemd-logind[1891]: New session 18 of user wrp.
Mar 23 18:42:50 pc-tobi-desktop systemd: pam_unix(systemd-user:session): session opened for user wrp(uid=1001) by (uid=0)
Maybe some memory stuff in udisks handling?
At https://www.dropbox.com/scl/fo/kmll4q7tz3z0agbk4q30x/h?rlkey=da59dbbovgv3ip1qch3hy6lz4&dl=0 are prebuilt packages of the upcoming v0.8.4.
This issue COULD be fixed by that update, I'm not sure.
Doesn't happen for me anymore. Further fixes in #229 should finally solve all maybe causes for this. Closing for now.