[kscreenlocker] [Bug 438099] New: Endless loop when using PAM module pam_systemd_home.so after wrong password

Fri, 04 Jun 2021 17:41:43 -0700 

https://bugs.kde.org/show_bug.cgi?id=438099

            Bug ID: 438099
           Summary: Endless loop when using PAM module pam_systemd_home.so
                    after wrong password
           Product: kscreenlocker
           Version: unspecified
          Platform: Archlinux Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: plasma-b...@kde.org
          Reporter: r...@posteo.de
                CC: bhus...@gmail.com
  Target Milestone: ---

Created attachment 139007
  --> https://bugs.kde.org/attachment.cgi?id=139007&action=edit
Working but but probably no where near correct fix - beware!

SUMMARY
Trying to unlock screen as a user created with systemd-homed (or more specific:
homectl) results in an loop when using wrong password. kscreenlocker/kcheckpass
will try to authenticate forever.

I can see this behavior in current Arch Linux and Fedora 34.

STEPS TO REPRODUCE
1. Get current Arch Linux installation or VM with KDE. (Systemd-homed is
ready-to-use in Arch, but not in Fedora 34.)
2. Create user as root: homectl create testuser --storage=directory --uid=12345
   Setting the UID here as users with UIDs over 60000 (which are otherwise
chosen by default) are not shown in SDDM.
3. Log in SDDM as this new user (X11/Wayland-Session doesn't matter)
4. Switch to TTY and as root run: journalctl -f
3. Switch back, lock screen and try to unlock but with a wrong password.
4. Switch to TTY to watch error messages. Kill kcheckpass to end loop and use
"loginctl unlock-session $(session)" to unlock.

OBSERVED RESULT
The endless loop will hit the systemd-homed authentication rate limit on first
try with a wrong password (see "homectl inspect testuser"). kscreenlocker won't
allow another authentication attempt.

EXPECTED RESULT
Another authentication attempt with kscreenlocker acquiring new user password.


SOFTWARE/OS VERSIONS

Linux/KDE Plasma: Updated Arch Linux or Fedora 34
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
It seems that the PAM module pam_systemd_home.so tries to reacquire a new
password after initial failed attempt and continues the PAM-conversation. But
kcheckpass continues (without actually reacquiring a new PW from user) where it
should probably bail.

The whole thing can be debugged with "kcheckpass_test --direct".
I found that the attached patch fixes the problem for me. But I can't in any
way assess if this is a proper solution.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to