search

ellerh / softfido

A software FIDO2/U2F authenticator
37 stars 7 forks source link

Failure prompting for PIN #3

Closed tomm87 closed 1 year ago

tomm87 commented 1 year ago

Hi, me again.

After a successful build (thank you!), I was able to initialize a token with softhsm2-util, but when I launch softfido I get the following:

root@debian-vbox:/home/tom/Desktop/softfido-master/target/debug# RUST_BACKTRACE=1 ./softfido --token-label softfido
No $DBUS_SESSION_BUS_ADDRESS found, falling back to curses
thread 'main' panicked at 'Can't read PIN: ProtocolError("S ERROR gnome3.isatty 83918950 ")', src/crypto.rs:51:39
stack backtrace:
   0: rust_begin_unwind
             at /usr/src/rustc-1.59.0/library/std/src/panicking.rs:498:5
   1: core::panicking::panic_fmt
             at /usr/src/rustc-1.59.0/library/core/src/panicking.rs:116:14
   2: core::result::unwrap_failed
             at /usr/src/rustc-1.59.0/library/core/src/result.rs:1690:5
   3: core::result::Result<T,E>::expect
             at /usr/src/rustc-1.59.0/library/core/src/result.rs:975:23
   4: softfido::crypto::login
             at /home/tom/Desktop/softfido-master/src/crypto.rs:51:13
   5: softfido::crypto::open_token
             at /home/tom/Desktop/softfido-master/src/crypto.rs:117:13
   6: softfido::main::{{closure}}
             at /home/tom/Desktop/softfido-master/src/main.rs:37:27
   7: softfido::crypto::globals::with_ctx
             at /home/tom/Desktop/softfido-master/src/crypto.rs:97:24
   8: softfido::main
             at /home/tom/Desktop/softfido-master/src/main.rs:31:5
   9: core::ops::function::FnOnce::call_once
             at /usr/src/rustc-1.59.0/library/core/src/ops/function.rs:227:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
root@debian-vbox:/home/tom/Desktop/softfido-master/target/debug#

I think this has something to do with not being able to launch a GUI PIN entry screen? I'm running softfido as root, because doing so avoids an earlier error that I suspect is related to the SoftHSM token storage folder being readable only by root. But I'm not logged into my XFCE desktop as root, so to allow root to put a window on the desktop, I tried the following, in a terminal as the (non-root) XFCE user:

dbus-update-activation-environment --systemd DBUS_SESSION_BUS_ADDRESS DISPLAY XAUTHORITY

but this made no noticeable difference when running softfido. I don't understand D-bus, so I don't know if I used that command correctly.

I also tried manually setting XAUTHORITY and DISPLAY, and this allows me to run xcalc as root, but makes no noticeable difference to softfido.

It said it would try to fall back to curses, but that didn't seem to happen. That would be a perfectly good solution also.

I'm doing this on:

Thanks for any suggestions, Tom

tomm87 commented 1 year ago

Problem solved, please disregard!

Quick solution: Add non-root user to group softhsm, then run softhsm2-util and softfido as that user.

Longer explanation: I re-thought running softfido as root. I was doing so because SoftHSM seemed to need be run as root because it's config file isn't readable by the non-root XFCE user, so I initialized the token as root, and then the token storage was readable only by root, so I ran softfido as root so it could use SoftHSM.

I retraced my steps from the beginning to ensure I'd overlooked nothing, and noticed that the SoftHSM config file is readable not only by root but by the softhsm group. So I added my non-root XFCE user to that group, and was able to run SoftHSM just fine, and the token storage was readable by me (as non-root) also.

This in turn allowed running softfido as myself, which solved the PIN entry problem -- the GUI PIN prompt displays fine, and also the prompts to allow authentication & registration ceremonies.

So, problem solved, softfido is awesome, and thank you!