GNOME Bugzilla – Bug 608234
Fix hang when password is wrong on Ubuntu
Last modified: 2011-11-24 13:28:32 UTC
Created attachment 152384 [details] [review] Patch against current master In Ubuntu Karmic, entering an wrong current password makes the dialog hang forever. This is because passwd outputs > passwd: Authentication token manipulation error which does not correspond to any of the errors the code is looking for. Attached is a patch that fixes the problem. It's the solution I'm using in users-admin, for which I've adapted the code from gnome-about-me-password.c. I can commit it if you agree.
Created attachment 152388 [details] [review] Fix another hang with pam-cracklib by the way I've just bumped into another report[1] about a problem when pam-cracklib is enabled. We need to check for "dictionary" and assimilate this case to the "Password is to simple" error. 1: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/338976
Comment on attachment 152388 [details] [review] Fix another hang with pam-cracklib by the way Pushed as 51befc4. Thanks for the quick feedback!
Created attachment 152398 [details] [review] Add "dictionary" to the first list of known error strings Hmm, actually there's another check where the new word should be added, what the new patch does. This doesn't feel right to me, as it means that unknown errors lead to hangs, while it seems we could simply detect them and return "Unknown error". Maybe I'm wrong, but I think PASSWD_STATE_RETYPE already means we have to do something rather than break. I don't really have time for that now, but it could be nice to check I'm correct, and improve this to avoid similar bugs in the future.
Comment on attachment 152398 [details] [review] Add "dictionary" to the first list of known error strings (In reply to comment #3) > This doesn't feel right to me, as it means that unknown errors lead to hangs, > while it seems we could simply detect them and return "Unknown error". Maybe > I'm wrong, but I think PASSWD_STATE_RETYPE already means we have to do > something rather than break. I don't really have time for that now, but it > could be nice to check I'm correct, and improve this to avoid similar bugs in > the future. Sigh. In fact, the whole "call passwd and parse its output" scheme is butt-ugly and needs to die a horrible death. Hopefully something that could be fixed by using PolicyKit/ConsoleKit instead.
Comment on attachment 152398 [details] [review] Add "dictionary" to the first list of known error strings Pushed as 4ad6f3e. Yeah, that hack is quite ugly, but I've been forced to use it in users-admin since using PAM directly is not allowed (need setuid root), and we need PAM so that we don't break keyrings and encrypted dirs. In the future, the new accounts-dialog should use a PAM conversation over D-Bus to change password, just like GDM does to authenticate.
The problem still occurs for Ubuntu 10.04 when used with Active Directory authentication due to the messages that pam_winbind obtain form the AD server, which are ... unexpected. I am attaching a patch that fixes it. As Milan Bouchet-Valat mentioned, in case PASSWD_STATE_RETYPE there is no code to handle an unmatched error message and the password dialog simply exibhits the busy mouse pointer forever. I also agree that the "call passwd and parse its output" isn't pretty. Anyway the attached patch implements error handling for when there is an unexpected error message and displays the first line of that message. NOTE: Don't try to increase BUFSIZE and display the complete message unless you want to remove the hardcoded strings list. Otherwyse you will see false matches due to the verbosity of what AD + winbind makes appesar: the first line is the error condition and the remaining ones are a description of requirements for passwords.
Created attachment 202029 [details] [review] fix gnome-about-me hanging on password change with Active Directory with pam_winbind authentication
Gustavo: please file a new bug, there's no point in adding several issues to the same report. And gnome-about-me is deprecated, please select the "Users" component, you'll get more attention. Thanks!
Since gnome-about-me is deprecated I don't know if I should open a new bug report. Is this "Users" component still based on "call passwd and parse its output"? I haven't yet used Gnome 3. My point with this bug report is leaving the code for whoever needs it. I also left notes on two downstream reports, on Launchpad. If you think Gnome 3 is still using this kind of code I can open a new one.
(In reply to comment #9) > Since gnome-about-me is deprecated I don't know if I should open a new bug > report. Is this "Users" component still based on "call passwd and parse its > output"? I haven't yet used Gnome 3. > > My point with this bug report is leaving the code for whoever needs it. I also > left notes on two downstream reports, on Launchpad. Yeah, but Ubuntu devs are unlikely to review your patch, let alone apply it downstream. > If you think Gnome 3 is still using this kind of code I can open a new one. Yes, it is, but in the Users component (new users control center applet). That's why I asked you to file a report. ;-)