Bug 428613 - Doesn't communicate to the user what's going on when the session has been locked due to excessive password attempt when pam_deny is in use
Summary: Doesn't communicate to the user what's going on when the session has been loc...
Status: RESOLVED FIXED
Alias: None
Product: kscreenlocker
Classification: Plasma
Component: general (show other bugs)
Version: unspecified
Platform: unspecified Linux
: VHI normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords: usability
: 426902 431743 432889 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-11-02 21:22 UTC by medin
Modified: 2022-01-20 19:45 UTC (History)
13 users (show)

See Also:
Latest Commit:
Version Fixed In: 5.24
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description medin 2020-11-02 21:22:43 UTC
I let my laptop locked without saving any opened file, after returning home I found that my nephew has tried typing password many times and now even if I enter my correct passsword the unlock fails with message "Unlocking failed".

I already reported the same problem but with different cause
https://bugs.kde.org/show_bug.cgi?id=426902
Comment 1 Justin Zobel 2020-11-02 23:47:03 UTC
Sorry I've gotta ask, caps lock isn't on?
Comment 2 David Edmundson 2020-11-03 00:06:57 UTC
Probably means your pam config has pam_deny in it, it blocks for 10 minutes on too many attempts.

We don't forward this to the user very well though.
Comment 3 medin 2020-11-03 09:32:04 UTC
(In reply to Justin Zobel from comment #1)
> Sorry I've gotta ask, caps lock isn't on?

Caps lock is off and my keyboard layout in the right one selected.
Comment 4 medin 2020-11-03 09:39:21 UTC
Ye(In reply to David Edmundson from comment #2)
> Probably means your pam config has pam_deny in it, it blocks for 10 minutes
> on too many attempts.
> 
> We don't forward this to the user very well though.

But the password text input is still enabled and I can type text inside it and when I press enter it gives me the message "Unlocking failed" with correct password entered, so how do I know that my session is really blocked for 10min when there is nothing indicating that.
Comment 5 Justin Zobel 2020-11-03 21:30:57 UTC
(In reply to medin from comment #4)
> Ye(In reply to David Edmundson from comment #2)
> > Probably means your pam config has pam_deny in it, it blocks for 10 minutes
> > on too many attempts.
> > 
> > We don't forward this to the user very well though.
> 
> But the password text input is still enabled and I can type text inside it
> and when I press enter it gives me the message "Unlocking failed" with
> correct password entered, so how do I know that my session is really blocked
> for 10min when there is nothing indicating that.

That's what David is saying, there is no feedback to the user currently to say that too many attempts have been made.
Comment 6 David Edmundson 2020-11-16 11:19:59 UTC
Preparatory patch: https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/15

Ignore the title, it's mostly about creating a decent working in-process PAM backend so that we have access to all messages and data.
Comment 7 David Edmundson 2020-12-05 23:16:11 UTC
*** Bug 426902 has been marked as a duplicate of this bug. ***
Comment 8 Wachid Adi Nugroho 2021-01-15 18:17:40 UTC
Can't unlock on kscreenlocker, it said "Unlocking failed" even though I have entered the password correctly

Operating system : Arch Linux x86_64
kscreenlocker-git: v5.19.90.r13.g8c267ff-1

> ❯  /usr/lib/libexec/kscreenlocker_greet --testing
> qt.qpa.wayland: qtvirtualkeyboard currently is not supported at client-side, use QT_IM_MODULE=qtvirtualkeyboard at compositor-side.
> file:///usr/share/plasma/wallpapers/org.kde.slideshow/contents/ui/main.qml:67: TypeError: Property 'setAction' of object ScreenLocker::WallpaperIntegration(0x5587add281c0) is not a function
> Locked at 1610733974
> file:///usr/share/plasma/wallpapers/org.kde.slideshow/contents/ui/main.qml:118:9: QML Image: Cannot open: file:///usr/share/wallpapers/Next
> qt.svg: <input>:406:376: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:407:130: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:408:130: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:408:393: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:409:130: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:410:129: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:411:129: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:412:129: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:413:129: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:413:379: Could not add child element to parent element because the types are incorrect.
> qt.svg: <input>:413:631: Could not add child element to parent element because the types are incorrect.
> qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
> qt.virtualkeyboard.hunspell: Hunspell dictionary is missing for "en_US" . Search paths ("/usr/share/qt/qtvirtualkeyboard/hunspell", "/usr/share/hunspell", "/usr/share/myspell/dicts")
> Authentication failure
> Authentication failure
> Authentication failure
> Authentication failure
> Authentication failure
Comment 9 postix 2021-01-17 17:42:05 UTC
*** Bug 431743 has been marked as a duplicate of this bug. ***
Comment 10 David Rubio 2021-01-22 22:00:57 UTC
(In reply to Wachid Adi Nugroho from comment #8)
> Can't unlock on kscreenlocker, it said "Unlocking failed" even though I have
> entered the password correctly
> 
> Operating system : Arch Linux x86_64
> kscreenlocker-git: v5.19.90.r13.g8c267ff-1
> 
> > ❯  /usr/lib/libexec/kscreenlocker_greet --testing
> > qt.qpa.wayland: qtvirtualkeyboard currently is not supported at client-side, use QT_IM_MODULE=qtvirtualkeyboard at compositor-side.
> > file:///usr/share/plasma/wallpapers/org.kde.slideshow/contents/ui/main.qml:67: TypeError: Property 'setAction' of object ScreenLocker::WallpaperIntegration(0x5587add281c0) is not a function
> > Locked at 1610733974
> > file:///usr/share/plasma/wallpapers/org.kde.slideshow/contents/ui/main.qml:118:9: QML Image: Cannot open: file:///usr/share/wallpapers/Next
> > qt.svg: <input>:406:376: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:407:130: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:408:130: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:408:393: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:409:130: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:410:129: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:411:129: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:412:129: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:413:129: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:413:379: Could not add child element to parent element because the types are incorrect.
> > qt.svg: <input>:413:631: Could not add child element to parent element because the types are incorrect.
> > qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
> > qt.virtualkeyboard.hunspell: Hunspell dictionary is missing for "en_US" . Search paths ("/usr/share/qt/qtvirtualkeyboard/hunspell", "/usr/share/hunspell", "/usr/share/myspell/dicts")
> > Authentication failure
> > Authentication failure
> > Authentication failure
> > Authentication failure
> > Authentication failure

I see the same issue. I can login on TTY just fine, I can login anywhere just fine, but kscreenlocker says that. I guess that's worth another bug report though, so I'll file it.
Comment 11 Nicolas Fella 2021-02-13 14:02:04 UTC
*** Bug 432889 has been marked as a duplicate of this bug. ***
Comment 12 David Edmundson 2022-01-19 12:50:32 UTC
I was investigating some other stuff in PAM. This is a pam info message which is (at least in theory) already all hooked up and sent to the greeter. This should be fixable in 5.24 lifetime.
Comment 13 nyanpasu64 2022-01-19 15:41:37 UTC
Interestingly, on the Plasma lock screen, I get a message saying "(10 minutes left to unlock)" for 1-2 frames, before it's replaced by "Unlocking failed". So it does *somewhat* communicate to the user, but not properly.

If I login to another account in a TTY and run `sudo faillock --user nyanpasu64 --reset`, this resets the timer.

Operating System: Arch Linux
KDE Plasma Version: 5.23.90
KDE Frameworks Version: 5.90.0
Qt Version: 5.15.2
Kernel Version: 5.16.1-zen1-1-zen (64-bit)
Graphics Platform: X11
Processors: 12 × AMD Ryzen 5 5600X 6-Core Processor
Memory: 15.6 GiB of RAM
Graphics Processor: NVIDIA GeForce GT 730/PCIe/SSE2
Comment 14 Bug Janitor Service 2022-01-20 13:20:42 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/1385
Comment 15 David Edmundson 2022-01-20 15:50:07 UTC
Git commit 7ef45eb058d887967bb5ed442699fee0b79d6b89 by David Edmundson.
Committed on 20/01/2022 at 15:38.
Pushed by davidedmundson into branch 'master'.

Fix warning when an account is locked

We had all of this wired up correctly in the backend, it just turns out
that we overwrite all messages with "Unlocking failed" immediately.

M  +6    -3    lookandfeel/contents/lockscreen/LockScreenUi.qml

https://invent.kde.org/plasma/plasma-workspace/commit/7ef45eb058d887967bb5ed442699fee0b79d6b89
Comment 16 Nate Graham 2022-01-20 16:03:36 UTC
Git commit ab8acc9a3745a7a2002585938029cd3803d71cbc by Nate Graham, on behalf of David Edmundson.
Committed on 20/01/2022 at 16:03.
Pushed by ngraham into branch 'Plasma/5.24'.

Fix warning when an account is locked

We had all of this wired up correctly in the backend, it just turns out
that we overwrite all messages with "Unlocking failed" immediately.


(cherry picked from commit 7ef45eb058d887967bb5ed442699fee0b79d6b89)

M  +6    -3    lookandfeel/contents/lockscreen/LockScreenUi.qml

https://invent.kde.org/plasma/plasma-workspace/commit/ab8acc9a3745a7a2002585938029cd3803d71cbc