Comments (12)
Thanks for the detailed report!
At a glance, we can tell that the helper process isn't receiving the expected number of arguments, though we can't tell what arguments it is getting; I'll make a note to show this information when debugging is enabled, and add it next change.
This error is triggered by having an argc value of less than 3, which is meant to prevent running the helper with fewer than two arguments (since the executable name usually counts as the first), but maybe this doesn't quite work as I expected in a exec() context...
Let me do some research on my end.
from pam-cryptsetup.
Indeed I did make an oversight; making a call to an exec() function does not set the first argument to the absolute path to the binary for the process being run; let me commit a fix for that.
from pam-cryptsetup.
That should fix it; please pull the repo and follow the build+install directions, and let me know the results.
from pam-cryptsetup.
Sorry for delay in getting back to you, I have just seen your response.
I have rebuilt the pc, installed in the same manner, and got the following in the logs when logging in:
gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=<user>
gdm-password]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=<user>
gdm-password]: pam_cryptsetup(gdm-password:auth): Debugging enabled
gdm-password]: pam_cryptsetup(gdm-password:auth): Raw flag variable: 0x0
gdm-password]: pam_cryptsetup(gdm-password:auth): Spawned encryption process under PID 2533
gdm-password]: pam_cryptsetup(gdm-password:auth): Module run failed: Failed to write to helper process.
gdm-password]: pam_unix(gdm-password:session): session opened for user <user> by (uid=0)
When using sudo however I do see the arguments being past:
PamCryptsetup_Helper[3530]: Starting
PamCryptsetup_Helper[3530]: uid: 0; euid: 0
PamCryptsetup_Helper[3530]: Process memory locked
PamCryptsetup_Helper[3530]: Argument 0: /usr/lib/pam-cryptsetup/pam_cryptsetup_helper
PamCryptsetup_Helper[3530]: Argument 1: nvme0n1p3_crypt
PamCryptsetup_Helper[3530]: Argument 2: <user>
PamCryptsetup_Helper[3530]: Reading argument 1
PamCryptsetup_Helper[3530]: Reading argument 2
PamCryptsetup_Helper[3530]: Reading password from login module.
Any other ideas?
from pam-cryptsetup.
Just also noticed that if I run sudo /usr/lib/pam-cryptsetup/pam_cryptsetup_helper, I get the following back:
PamCryptsetup_Helper[3662]: Starting
PamCryptsetup_Helper[3662]: uid: 0; euid: 0
PamCryptsetup_Helper[3662]: Process memory locked
PamCryptsetup_Helper[3662]: Argument 0: /usr/lib/pam-cryptsetup/pam_cryptsetup_helper
PamCryptsetup_Helper[3662]: Argument 1: nvme0n1p3_crypt
PamCryptsetup_Helper[3662]: Argument 2: <user>
PamCryptsetup_Helper[3662]: Reading argument 1
PamCryptsetup_Helper[3662]: Reading argument 2
PamCryptsetup_Helper[3662]: Reading password from login module.
PamCryptsetup_Helper[3664]: Starting
PamCryptsetup_Helper[3664]: uid: 0; euid: 0
PamCryptsetup_Helper[3664]: Process memory locked
PamCryptsetup_Helper[3664]: Argument 0: /usr/lib/pam-cryptsetup/pam_cryptsetup_helper
PamCryptsetup_Helper[3664]: Too few arguments. Expected: volume_name username [cache_path].
PamCryptsetup_Helper[3662]: Did not receive password token from login module.
from pam-cryptsetup.
@taniahagan I fixed those issues in my fork but, I haven't had the time to setup the CLA stuff so I didn't open a PR yet. You might want to take a look here.
from pam-cryptsetup.
Looks like the consensus is that I need better testing of the module -> helper interface since I missed these problems during manual testing; I'll definitely be working on that when I get the opportunity.
@feexd Thanks for the mentioned corrections; the CLA stuff shouldn't take more than a minute or two to sign, so would you mind making a pull request?
from pam-cryptsetup.
@warrenpw I've opened the PR #6. Pinging you here in case you didn't get a notification.
from pam-cryptsetup.
from pam-cryptsetup.
Change has been merged; plan to work on better testing for the module->helper interface when I get a chance.
@taniahagan Can you confirm if the most recent commit has resolved your issue?
from pam-cryptsetup.
Hi Warren,
Apologies for the delay, I was on holiday. I can now confirm that the most recent commit has resolved the issue, thank you very much for your time on this.
Many Thanks,
Tania
from pam-cryptsetup.
Glad to hear everything is working for you now; I'll mark this issue as resolved for now, and move my work to make a better test harness to a separate issue.
from pam-cryptsetup.
Related Issues (8)
- Logging
- Failed to retrieve valid crypt volume key: Operation not permitted HOT 2
- Build failed error: unknown option after ‘#pragma GCC diagnostic’
- dokumentation pam with Authentication mode
- Ubuntu 21.04: "Failed to retrieve current crypt slot: Failed to find keyslot holding password: Operation not permitted (1)"
- Ubuntu 18.04, causes su and polkit to hang HOT 2
- Improve Testing of Module -> Helper Interface
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pam-cryptsetup.