Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 199106 - gnome-base/gdm-2.18.4 behaves strangely (including crashing) when sys-auth/thinkfinger-0.3 is installed and set up in /etc/pam.d/system-auth
Summary: gnome-base/gdm-2.18.4 behaves strangely (including crashing) when sys-auth/th...
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GNOME (show other bugs)
Hardware: AMD64 Linux
: High normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-13 23:59 UTC by rhywek
Modified: 2008-02-20 02:44 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
The relevant part of /var/log/messages showing the crash of gdm. (gdm.log,72.11 KB, text/plain)
2007-11-14 00:01 UTC, rhywek
Details

Note You need to log in before you can comment on or make changes to this bug.
Description rhywek 2007-11-13 23:59:59 UTC
The gnome-base/gdm-2.18.4 works OK standard pam configuration. This is my /etc/X11/gdm/custom.conf:

# grep '^[^#]' /etc/X11/gdm/custom.conf
[daemon]
[security]
[xdmcp]
[gui]
[greeter]
GraphicalTheme=happygnome-list
[chooser]
[debug]
[servers]

My local user is visible in the face browser and I can select the user by clicking on her picture or username instead of typing the username.

Only emerging sys-auth/thinkfinger-0.3 does not change anything. However, things are not so nice when the file /etc/pam.d/system-auth is modified according to the ebuild messages, which are the same as in the howto located at http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader_with_ThinkFinger.

The file looks like that when everything is OK:
# head -n 5 /etc/pam.d/system-auth
#%PAM-1.0

auth       required     pam_env.so
#auth     sufficient     pam_thinkfinger.so
auth       sufficient   pam_unix.so try_first_pass likeauth nullok

When I uncomment the thinkfinger line, gdm still works, although in a limited fashion. It allows the user to type in the username and password or type in the username and use fingerprint reading for authentication. What is missing is selecting the user in the face browser. It cannot automatically fill the face browser list of users from /etc/passwd. This can be remedied by manually adding the following line:
Include=username
into the [greeter] section of /etc/X11/gdm/custom.conf file, where username of course must be a valid username. If this is done, the user is visible in the face browser, but when the picture is clicked, gdm crashes. I have enabled the debug option in /etc/X11/gdm/custom.conf, and the relevant part of /var/log/messages is available in attachment. I tried to click the picture precisely at 22:41 of my local time, so the crash is visible in the log at 22:41:01. After the crash gdm is restarted.


Reproducible: Always

Steps to Reproduce:
Sequence A:
1. Emerge gnome-base/gdm-2.18.4 and add GraphicalTheme=happygnome-list in [greeter] section of /etc/X11/gdm/custom.conf
2. Emerge sys-auth/thinkfinger-0.3
3. Add the line:
auth     sufficient     pam_thinkfinger.so
before the line:
auth       sufficient   pam_unix.so try_first_pass likeauth nullok
(as explained in thinkfinger's emerge messages).
4. Start gdm

Sequence B:
1. Emerge gnome-base/gdm-2.18.4 and add GraphicalTheme=happygnome-list in [greeter] section of /etc/X11/gdm/custom.conf
2. Emerge sys-auth/thinkfinger-0.3
3. Add the line:
auth     sufficient     pam_thinkfinger.so
before the line:
auth       sufficient   pam_unix.so try_first_pass likeauth nullok
(as explained in thinkfinger's emerge messages).
5. Force your user into gdm's face browser list by adding an entry:
Include=username
into the [greeter] section of /etc/X11/gdm/custom.conf file, where username of course must be a valid username.
6. Start gdm
7. Click on a user's picture in the face browser.

Actual Results:  
Sequence A: Face browser's list of users is empty.
Sequence B: gdm crashes.


Expected Results:  
Sequence A: Face browser's list contains all users from /etc/passwd with uid>=1000.
Sequence B: The user should be selected as if typing own username.

# emerge --info
Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.22-gentoo-r9 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r9 x86_64 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Timestamp of tree: Tue, 13 Nov 2007 16:46:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=nocona -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=nocona -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch userpriv"
GENTOO_MIRRORS="http://mirror.uni-c.dk/pub/gentoo/"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acl alsa amd64 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv ipv6 isdnlog midi mmx mudflap ncurses nls nptl nptlonly nsplugin nvidia openmp pam pcre perl pppd python readline reflection session spl sse sse2 ssl ssse3 tcpd truetype truetype-fonts type1-fonts unicode xorg xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="vesa nv nvidia"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 1 rhywek 2007-11-14 00:01:34 UTC
Created attachment 135925 [details]
The relevant part of /var/log/messages showing the crash of gdm.
Comment 2 Gilles Dartiguelongue gentoo-dev 2007-11-18 11:57:29 UTC
this is more likely to be an upstream issue. Try reporting this to either the pam module developer or on bugzilla.gnome.org.
Comment 3 Gilles Dartiguelongue gentoo-dev 2008-01-11 23:39:30 UTC
what's going on here ? Is it fixed in 2.20, was a bug filled upstream ?
Comment 4 Gilles Dartiguelongue gentoo-dev 2008-02-02 13:08:50 UTC
please get back to us
Comment 5 Daithi O'hAonghusa 2008-02-20 02:44:37 UTC
I have an almost identical setup to the one in the report. Seems this problem still exists when using:

gdm-2.20.3
pam-0.99.9.0
thinkfinger-0.3

I don't know if any bugs have been reported upstream to the PAM people, I'm about to check that out. Looks like nothing has been submitted to ThinkFinger.

Meanwhile, I ran through GDM code and put in some gdm_debug()s. Now I don't know how GDM works - first time I looked at it's code - but anyway, the last debug message that gets printed seems to be in daemon/pam-verify.c just before

if ((pamerr = pam_authenticate (pamh, null_tok)) != PAM_SUCCESS) {


I enabled PAM debugging but didn't see anything interesting.

Also noteworthy: There is a bug logged against ThinkFinger, someone says it makes their sshd segfault.

Finally: It's known that ThinkFinger can crash gksu/gksudo because of the "Password:" prompt. Even with the prompt changed back to "Password:", GDM still segfaults.