Module run failed: Failed to write to helper process about pam-cryptsetup HOT 12 CLOSED

Thanks for the detailed report!

At a glance, we can tell that the helper process isn't receiving the expected number of arguments, though we can't tell what arguments it is getting; I'll make a note to show this information when debugging is enabled, and add it next change.

This error is triggered by having an argc value of less than 3, which is meant to prevent running the helper with fewer than two arguments (since the executable name usually counts as the first), but maybe this doesn't quite work as I expected in a exec() context...

Let me do some research on my end.

from pam-cryptsetup.

Indeed I did make an oversight; making a call to an exec() function does not set the first argument to the absolute path to the binary for the process being run; let me commit a fix for that.

from pam-cryptsetup.

That should fix it; please pull the repo and follow the build+install directions, and let me know the results.

from pam-cryptsetup.

Sorry for delay in getting back to you, I have just seen your response.

I have rebuilt the pc, installed in the same manner, and got the following in the logs when logging in:

gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost=  user=<user>
gdm-password]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=<user>
gdm-password]: pam_cryptsetup(gdm-password:auth): Debugging enabled
gdm-password]: pam_cryptsetup(gdm-password:auth): Raw flag variable: 0x0
gdm-password]: pam_cryptsetup(gdm-password:auth): Spawned encryption process under PID 2533
gdm-password]: pam_cryptsetup(gdm-password:auth): Module run failed: Failed to write to helper process.
gdm-password]: pam_unix(gdm-password:session): session opened for user <user> by (uid=0)

When using sudo however I do see the arguments being past:

PamCryptsetup_Helper[3530]: Starting
PamCryptsetup_Helper[3530]: uid: 0; euid: 0
PamCryptsetup_Helper[3530]: Process memory locked
PamCryptsetup_Helper[3530]: Argument 0: /usr/lib/pam-cryptsetup/pam_cryptsetup_helper
PamCryptsetup_Helper[3530]: Argument 1: nvme0n1p3_crypt
PamCryptsetup_Helper[3530]: Argument 2: <user>
PamCryptsetup_Helper[3530]: Reading argument 1
PamCryptsetup_Helper[3530]: Reading argument 2
PamCryptsetup_Helper[3530]: Reading password from login module.

Any other ideas?

from pam-cryptsetup.

Just also noticed that if I run sudo /usr/lib/pam-cryptsetup/pam_cryptsetup_helper, I get the following back:

PamCryptsetup_Helper[3662]: Starting
PamCryptsetup_Helper[3662]: uid: 0; euid: 0
PamCryptsetup_Helper[3662]: Process memory locked
PamCryptsetup_Helper[3662]: Argument 0: /usr/lib/pam-cryptsetup/pam_cryptsetup_helper
PamCryptsetup_Helper[3662]: Argument 1: nvme0n1p3_crypt
PamCryptsetup_Helper[3662]: Argument 2: <user>
PamCryptsetup_Helper[3662]: Reading argument 1
PamCryptsetup_Helper[3662]: Reading argument 2
PamCryptsetup_Helper[3662]: Reading password from login module.
PamCryptsetup_Helper[3664]: Starting
PamCryptsetup_Helper[3664]: uid: 0; euid: 0
PamCryptsetup_Helper[3664]: Process memory locked
PamCryptsetup_Helper[3664]: Argument 0: /usr/lib/pam-cryptsetup/pam_cryptsetup_helper
PamCryptsetup_Helper[3664]: Too few arguments. Expected: volume_name username [cache_path].
PamCryptsetup_Helper[3662]: Did not receive password token from login module.

from pam-cryptsetup.

@taniahagan I fixed those issues in my fork but, I haven't had the time to setup the CLA stuff so I didn't open a PR yet. You might want to take a look here.

from pam-cryptsetup.

Looks like the consensus is that I need better testing of the module -> helper interface since I missed these problems during manual testing; I'll definitely be working on that when I get the opportunity.

@feexd Thanks for the mentioned corrections; the CLA stuff shouldn't take more than a minute or two to sign, so would you mind making a pull request?

from pam-cryptsetup.

@warrenpw I've opened the PR #6. Pinging you here in case you didn't get a notification.

from pam-cryptsetup.

from pam-cryptsetup.

Change has been merged; plan to work on better testing for the module->helper interface when I get a chance.

@taniahagan Can you confirm if the most recent commit has resolved your issue?

from pam-cryptsetup.

Hi Warren,

Apologies for the delay, I was on holiday. I can now confirm that the most recent commit has resolved the issue, thank you very much for your time on this.

Many Thanks,
Tania

from pam-cryptsetup.

Glad to hear everything is working for you now; I'll mark this issue as resolved for now, and move my work to make a better test harness to a separate issue.

from pam-cryptsetup.