Find pam_open_session in src/libraries/session.c, a child-branch of a fork() call: <Honoome> if I got it right, consolekit gets a connection to dbus <Honoome> and as long as that connection is open, it is considered an active session <Honoome> but since the process that opened the session (and thus the dbus connection) is execve()'ing away, that connection is dropped If pam_open_session is moved before the fork call, ConsoleKit gets a session as seen by `ck-list-sessions`. The attached patch is a quick hack to accomplish this, propably not Portage ready as is. So this bug is more a reminder for flameeyes ;-)
Created attachment 254027 [details, diff] The hack to allow qingy work with consolekit
Here's the matching upstream bug: http://sourceforge.net/tracker/?func=detail&aid=3107455&group_id=82854&atid=567417
Hi, can you please me explain exactly how it fails? I tried with original source code, then with patch applied, and in both cases I'm able to login successfully and /var/log/messages reports: Dec 3 13:32:44 khazad-dum qingy: pam_unix(qingy:session): session opened for user thorin by (uid=0) Dec 3 13:32:44 khazad-dum qingy: pam_ck_connector(qingy:session): using 1001 as uid Dec 3 13:32:44 khazad-dum qingy: pam_ck_connector(qingy:session): open session result: 1 Dec 3 13:32:44 khazad-dum qingy: pam_ck_connector(qingy:session): registered uid=1001 on tty='/dev/tty6' with ConsoleKit Then, when I log out, it reads: Dec 3 13:36:50 khazad-dum qingy: pam_unix(qingy:session): session closed for user thorin Dec 3 13:36:50 khazad-dum qingy: pam_mail(qingy:session): pam_putenv: delete non-existent entry; MAIL My /etc/pam.d/qingy is as follows: # File autogenerated by pamd_mimic in pam eclass auth include system-local-login account include system-local-login password include system-local-login session include system-local-login session optional pam_loginuid.so session optional pam_ck_connector.so debug Using qingy-0.9.9, consolekit-0.4.2-r4, pam-1.1.3.
Try ck-list-sessions → it will not list anything. You can find the full dissection of why (without patch) it won't work on my blog post: http://blog.flameeyes.eu/2010/11/15/qingy-and-consolekit
Diego, thanks for the heads up. I have read your blog post and found it very interesting. Now, to start, know that I'm the author of qingy, so it is in my best interest that patches are merged upstream ;-) To comment your blog post, you are very right. There are surely a lot of features in PAM that qingy simply does not support, such as nifty fingerprint-based authentication systems. And you are also right when you notice that qingy does some things internally, such as lastlog management, without relying on existing PAM modules. The answer is simple, when qingy was first developed, PAM did not exist yet, or if it did it was at the very beginnings and still was not the standard for Linux authentication. In fact, qingy support for PAM is optional and it works nicely on PAM-less system (such as ancient passwd or passwd+shadow systems). As such, the many little things that surround user authentication, qingy has always handled internally. The main problem: I'm not knowledgeable about PAM, or at least any reasonably modern version of PAM. As you surely have noticed, qingy-provided pam file is broken and useless and Gentoo ebuild mercilessly (and rightly) replaces it with something resembling decency. For the scope of this bug: I tried to run ck-list-sessions and it reports nothing, be it that login occurrs using patched or unpatched qingy, or standard agetty, so something is definitely wrong in my setup and I cannot reproduce (let alone fix) the issue. Would you please provide me with a set of USE flags to try and packages to re-emerge in order to be able to reproduce this (and have agetty work correctly with consolekit, too)? For the broader scope, can you provide me with an explanation (or links to documentation) so that I can learn what features (such as lastlog) are available within PAM and how to support them in qingy, so that it does them internally only when PAM support is not enabled at compile time? If you want to take this discussion outside here (maybe to your blog), I'm fine with that since I'm going off-topic. Thanks, Michele
you propably need to remove "nox11" parameter from pam_ck_connector.so from /etc/pam.d/system-login before ck-list-sessions will print anything (bug 342345) with the patch attached here.
(In reply to comment #6) > you propably need to remove "nox11" parameter from pam_ck_connector.so from > /etc/pam.d/system-login before ck-list-sessions will print anything (bug > 342345) with the patch attached here. My issue was much more lame than that and I will decently refrain from explaining it here :-P I was able to make my agetty with consolekit, and subsequently reproduce this issue with unpathed qingy (patched version works). I'll make the necessary adjustments in qingy and release a new version.
The issue is now fixed in qingy svn repository. I'll release a new version as soon as possible.
(In reply to comment #8) > The issue is now fixed in qingy svn repository. I'll release a new version as > soon as possible. > cool. thanks.
(In reply to comment #4) > Try ck-list-sessions → it will not list anything. You can find the full > dissection of why (without patch) it won't work on my blog post: > > http://blog.flameeyes.eu/2010/11/15/qingy-and-consolekit Funny how Diego goes to great extent in analyzing a problem, then when the package author tries to get some feedback, he falls silent.
Michele, I spent the weekend out of home, yesterday working on two paid jobs and today I'm waiting for Yamato to rebuild its storage system after replacing the two build disks... and you haven't mailed me, you left a bug comment that I only look at when I have time. I pour in time whenever I can, I have poured a lot on ConsoleKit, and right now it's far from my priorities. We can discuss about qingy by mail if you wish, but don't pretend an immediate response on the bug when it was opened almost a month ago.
Released fixed qingy version and related ebuild.
(In reply to comment #11) OK Diego, you are right, sorry. I, too, devote what little time I have when I have it. Right now I released a version that fixes only the specific issue reported in this bug, but I would like to bring qingy up to date with modern PAM systems. If you wish to answer my previous post, please e-mail me separately, any feedback will be appreciated. Bye, Michele
