Bug 433223 - [Systemd, X11] KWallet doesn't unlock automatically when user logs in
Summary: [Systemd, X11] KWallet doesn't unlock automatically when user logs in
Status: RESOLVED FIXED
Alias: None
Product: plasmashell
Classification: Plasma
Component: general (show other bugs)
Version: 5.21.0
Platform: Arch Linux Linux
: HI normal
Target Milestone: 1.0
Assignee: David Edmundson
URL:
Keywords:
: 432752 433940 434110 436442 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-02-19 06:31 UTC by Matej Mrenica
Modified: 2022-06-17 15:33 UTC (History)
13 users (show)

See Also:
Latest Commit:
Version Fixed In: 5.23
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matej Mrenica 2021-02-19 06:31:42 UTC
SUMMARY
User is asked for a password after they already entered one when logging in, which is not supposed to happen.

SOFTWARE/OS VERSIONS
KDE Plasma Version: 5.21.0
KDE Frameworks Version: 5.79
Qt Version: 5.15.2

ADDITIONAL INFORMATION
The new systemd startup has to be enabled, tested in X11 session.
Comment 1 David Edmundson 2021-02-19 13:25:51 UTC
*** Bug 432752 has been marked as a duplicate of this bug. ***
Comment 2 Nate Graham 2021-02-19 14:16:22 UTC
Happens to me too.
Comment 3 David Edmundson 2021-02-20 15:08:17 UTC
Potentially this is just a manifestation of 427340

Needs checking on a real distro
Comment 4 Nate Graham 2021-02-21 23:24:44 UTC
FWIW this stopped happening to me with git master everything 2 days ago.
Comment 5 flinux 2021-02-28 09:30:48 UTC
(In reply to Nate Graham from comment #4)
> FWIW this stopped happening to me with git master everything 2 days ago.

will the fix be in the next application update?
Comment 6 Nate Graham 2021-03-01 23:51:31 UTC
There hasn't been a formal fix, it just stopped happening to me.
Comment 7 Nate Graham 2021-03-04 17:24:04 UTC
*** Bug 433940 has been marked as a duplicate of this bug. ***
Comment 8 David Edmundson 2021-03-08 17:09:39 UTC
*** Bug 434110 has been marked as a duplicate of this bug. ***
Comment 9 David Edmundson 2021-03-08 17:41:11 UTC
I have a possible theory on what's up.

The time we perform the unlocking has got moved. It used to be in parallel with plasmashell and very early actions. With the systemd boot it is quite late; bundled with the other user-level autostart actions.

Potentially after the wifi or whatever has started and requested a password.

We need some logs to confirm
Comment 10 Claude Durocher 2021-07-08 21:09:47 UTC
I have this problem on Solus Plasma (Plasma 5.22.2, KDE framework 5.83, QT 5.16.3, kernel 5.13.0). Here's my log:

2021-07-08 16 h 45	sddm-greeter	Reading from "/usr/share/xsessions/plasma.desktop"
2021-07-08 16 h 45	sddm	Message received from greeter: Login
2021-07-08 16 h 45	sddm	Reading from "/usr/share/xsessions/plasma.desktop"
2021-07-08 16 h 45	sddm	Reading from "/usr/share/xsessions/plasma.desktop"
2021-07-08 16 h 45	sddm	Session "/usr/share/xsessions/plasma.desktop" selected, command: "/usr/bin/startplasma-x11"
2021-07-08 16 h 45	sddm-helper	[PAM] Starting...
2021-07-08 16 h 45	sddm-helper	[PAM] Authenticating...
2021-07-08 16 h 45	sddm-helper	[PAM] Preparing to converse...
2021-07-08 16 h 45	sddm-helper	[PAM] Conversation with 1 messages
2021-07-08 16 h 45	sddm-helper	pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
2021-07-08 16 h 45	sddm-helper	[PAM] returning.
2021-07-08 16 h 45	sddm	Authenticated successfully
2021-07-08 16 h 45	sddm-helper	pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
2021-07-08 16 h 45	sddm-helper	pam_unix(sddm:session): session opened for user myusername by (uid=0)
2021-07-08 16 h 45	sddm-helper	pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
2021-07-08 16 h 45	sddm-greeter	Message received from daemon: LoginSucceeded
2021-07-08 16 h 45	sddm-helper	[PAM] Closing session
2021-07-08 16 h 45	sddm-helper	pam_unix(sddm-greeter:session): session closed for user sddm
2021-07-08 16 h 45	sddm-helper	[PAM] Ended.
2021-07-08 16 h 45	sddm	Auth: sddm-helper exited successfully
2021-07-08 16 h 45	sddm	Greeter stopped.
2021-07-08 16 h 45	systemd	session-c7.scope: Succeeded.
2021-07-08 16 h 45	systemd	session-c7.scope: Consumed 2.530s CPU time.
2021-07-08 16 h 45	systemd-logind	Removed session c7.
2021-07-08 16 h 45	sddm-helper	pam_kwallet5: final socket path: /tmp/kwallet5_myusername.socket
2021-07-08 16 h 45	audit	SYSCALL arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffe40ceffd0 a2=4 a3=0 items=0 ppid=869 pid=161725 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sddm-helper" exe="/usr/lib64/sddm/sddm-helper" subj=unconfined key=(null)
2021-07-08 16 h 45	audit	PROCTITLE proctitle=2F7573722F6C696236342F7364646D2F7364646D2D68656C706572002D2D736F636B6574002F746D702F7364646D2D6175746837393638376231342D373333642D343961332D396535382D343134633037323932326533002D2D6964003133002D2D7374617274002F7573722F62696E2F7374617274706C61736D612D783131
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0188] policy: auto-activating connection 'tplink' (1859bd96-b0e2-46ba-9493-92815743acfc)
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0197] device (wlp2s0): Activation: starting connection 'tplink' (1859bd96-b0e2-46ba-9493-92815743acfc)
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0199] device (wlp2s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0204] manager: NetworkManager state is now CONNECTING
2021-07-08 16 h 45	systemd	Created slice User Slice of UID 1000.
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0209] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0213] device (wlp2s0): Activation: (wifi) access point 'tplink' has security, but secrets are required.
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0213] device (wlp2s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
2021-07-08 16 h 45	systemd	Starting User Runtime Directory /run/user/1000...
2021-07-08 16 h 45	NetworkManager	<warn>  [1625777116.0244] device (wlp2s0): no secrets: No agents were available for this request.
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0245] device (wlp2s0): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0252] manager: NetworkManager state is now CONNECTED_LOCAL
2021-07-08 16 h 45	systemd-logind	New session 7 of user myusername.
2021-07-08 16 h 45	NetworkManager	<warn>  [1625777116.0270] device (wlp2s0): Activation: failed for connection 'tplink'
2021-07-08 16 h 45	NetworkManager	<info>  [1625777116.0276] device (wlp2s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
2021-07-08 16 h 45	systemd	Finished User Runtime Directory /run/user/1000.
2021-07-08 16 h 45	systemd	Starting User Manager for UID 1000...
2021-07-08 16 h 45	systemd	pam_warn(systemd-user:setcred): function=[pam_sm_setcred] flags=0x8002 service=[systemd-user] terminal=[<unknown>] user=[myusername] ruser=[<unknown>] rhost=[<unknown>]
2021-07-08 16 h 45	systemd	pam_unix(systemd-user:session): session opened for user myusername by (uid=0)
Comment 11 Nate Graham 2021-07-13 13:54:46 UTC
Raising to HI priority based on number of duplicates, annoyance factor, and the facts that we want to enable systemd boot by default and Fedora has done so already.
Comment 12 David Edmundson 2021-07-13 14:41:14 UTC
It may be high priority, but it's completely inactionable at present.

>We need some logs to confirm

The important question we need to answer is "is it actually broken or does it just come later after someone has already prompted"

Which maybe is doable by getting a dbus-monitor log from the start, or disabling everything (wifi) that uses kwallet on startup and confirming that it then works correctly
Comment 13 Claude Durocher 2021-07-13 20:06:59 UTC
Did this test:

1-disable NetworkManager
2-enable Plasma systemd startup
3-reboot
4-login: no password asked
5-enable NetworkManager
6-start NetworkManger: kwallet asks for password
Comment 14 David Edmundson 2021-07-16 16:03:55 UTC
Git commit 11cc88ec3881e0931f598b14c5cddccdd3bfda79 by David Edmundson.
Committed on 16/07/2021 at 15:04.
Pushed by davidedmundson into branch 'master'.

Add explicit systemd service for kwallet pam

Whilst the generator does automatically build services for autostart
applications it deliberately does not follow "X-KDE-autostart-phase=0"

It turns out this is quite important for making sure the bridge is up
before the first kwallet request gets made.

Adding an explicit systemd service allows us to have finer control over
ordering.

M  +4    -0    CMakeLists.txt
M  +1    -0    pam_kwallet_init.desktop.cmake
A  +10   -0    plasma-kwallet-pam.service.in

https://invent.kde.org/plasma/kwallet-pam/commit/11cc88ec3881e0931f598b14c5cddccdd3bfda79
Comment 15 David Edmundson 2021-07-29 22:29:10 UTC
*** Bug 436442 has been marked as a duplicate of this bug. ***
Comment 16 Rex Dieter 2021-07-30 18:19:35 UTC
See small followup fix, in case anyone tries to backport like I just did for fedora packaging:
https://invent.kde.org/plasma/kwallet-pam/-/commit/bcc592233845b9c748c75190e0bf77f58013baed
Comment 17 Ed Greshko 2021-07-31 12:37:52 UTC
This was reported to be fixed in fedora.  However, in testing, it did not fix my
problem.

I rebooted my system before testing.  My wifi and chrome info are in the wallet.  When I login I get a dialogue box asking for my KDE wallet password.  The same thing happens if I logout/login and then start chrome.

Some log entries at first login after reboot are:

[egreshko@meimei ~]$ journalctl -b 0 | grep wallet
Jul 31 13:44:25 meimei.greshko.com sddm-helper[2608]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
Jul 31 13:44:25 meimei.greshko.com sddm-helper[2608]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Jul 31 13:44:26 meimei.greshko.com sddm-helper[2608]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
Jul 31 13:44:26 meimei.greshko.com sddm-helper[2629]: pam_kwallet5: final socket path: /run/user/1026/kwallet5.socket
Jul 31 13:44:26 meimei.greshko.com audit[2608]: USER_START pid=2608 uid=0 auid=1026 ses=2 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_kwallet5,pam_umask,pam_lastlog acct="egreshko" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0 res=success'
Jul 31 13:44:27 meimei.greshko.com systemd[2613]: Started Unlock kwallet from pam credentials.
Jul 31 13:44:27 meimei.greshko.com kwalletd5[2630]: Wallet failed to get opened by PAM, error code is -9
Jul 31 13:44:30 meimei.greshko.com kwalletd5[2630]: Application ' "kded5" ' using kwallet without parent window!
Jul 31 13:45:07 meimei.greshko.com kwalletd5[2630]: qt.qpa.xcb: QXcbConnection: XCB error: 3 (BadWindow), sequence: 1294, resource id: 16777374, major code: 40 (TranslateCoords), minor code: 0
Comment 18 Rex Dieter 2021-07-31 13:55:06 UTC
Possible there are multiple issues.  For me, it was race condition, that kwallet was opening too late in the login orocess.  For you, appears kwallet is not opening *at all*
Comment 19 Nate Graham 2021-07-31 14:55:23 UTC
Yeah, please open new bug reports for different issues.
Comment 20 Ed Greshko 2021-07-31 22:23:29 UTC
(In reply to Nate Graham from comment #19)
> Yeah, please open new bug reports for different issues.

I have reopened my original report.  https://bugs.kde.org/show_bug.cgi?id=436442

This was marked as a duplicate.  But, since the fix for this issue didn't work, that is not the case.

Is that sufficient?

My issue is causing me as much frustration/irritation as this bz. So, I hope
it can get similar attention.
Comment 21 Nate Graham 2022-01-14 21:40:06 UTC
*** Bug 436442 has been marked as a duplicate of this bug. ***
Comment 22 Mathieu Jobin 2022-04-10 04:20:53 UTC
What is the resolution?

I use 5.24.4 on Kubuntu 22.04

I just upgraded my wife's laptop from 20.04
And still have same problem...
Comment 23 Claude Durocher 2022-04-10 13:53:44 UTC
(In reply to Mathieu Jobin from comment #22)
> What is the resolution?
> 
> I use 5.24.4 on Kubuntu 22.04
> 
> I just upgraded my wife's laptop from 20.04
> And still have same problem...

On Solus, a possible explanation is an outdated polkit version (https://dev.getsol.us/T10014) but it has not been tested.
Comment 24 Claude Durocher 2022-04-10 13:54:54 UTC
(In reply to Claude Durocher from comment #23)
> (In reply to Mathieu Jobin from comment #22)
> > What is the resolution?
> > 
> > I use 5.24.4 on Kubuntu 22.04
> > 
> > I just upgraded my wife's laptop from 20.04
> > And still have same problem...
> 
> On Solus, a possible explanation is an outdated polkit version
> (https://dev.getsol.us/T10014) but it has not been tested.

Sorry, wrong thread.