Bug#934185: libkscreenlocker5: fails to accept correct pin after entering pin less than 6 chars with libpam-poldi
Package: libkscreenlocker5
Version: 5.14.5-1
Severity: grave
Justification: causes non-serious data loss
Greetings,
I am working on a machine that is configured to use libpam-poldi for
user authentication with GPG smart cards.
When the screen locker is engaged and the user enters a PIN that is under
six characters in length, two things happen:
1. The screen locker will no longer accept a valid PIN.
2. The /var/log/auth.log file fills up with "PIN too short" messages.
The messages in auth.log appear as below:
Aug 2 09:10:46 hostname kcheckpass[9734]: PIN too short
Aug 2 09:10:46 hostname kcheckpass[9734]: PIN too short
Aug 2 09:10:46 hostname kcheckpass[9734]: PIN too short
...
This problem is clearly due to some issue at the boundary of kcheckpass
and libpam-poldi. However, I am not yet able to determine which of the
two is responsible.
I have pulled down the source code of both packages, and I am actively
working on fixing the problem. I can see where libpam-poldi obviously
will not accept a PIN less than 6 chars in length. Refer to the
libpam-poldi source tree in the file...
src/pam/auth-support/getpin-cb.c
to confirm this.
Ideally, I would need to do the following to fix this issue:
1. Compile libpam-poldi with debugging support.
2. Compile kcheckpass with debugging support.
3. Run kcheckpass with GDB to find where the conversation breaks down
when a short PIN is provided.
This would tell us if the bug is with kcheckpass or with libpam-poldi.
Let me know if you can help me implement the plan of attack above,
especially if you can offer or refer me to instructions on building and
running kcheckpass from the shell. That would be very helpful!
I am quite invested in fixing this, and I'll gladly help in any way
I can. Please advise on a course of action.
Best wishes,
Jason Franklin
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable'), (100, 'unstable'), (10, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libkscreenlocker5 depends on:
ii kpackagetool5 5.54.0-1
ii libc6 2.28-10
ii libkf5configcore5 5.54.0-1
ii libkf5configgui5 5.54.0-1
ii libkf5coreaddons5 5.54.0-1
ii libkf5crash5 5.54.0-1
ii libkf5declarative5 5.54.0-1
ii libkf5globalaccel-bin 5.54.0-1
ii libkf5globalaccel5 5.54.0-1
ii libkf5i18n5 5.54.0-1
ii libkf5idletime5 5.54.0-1
ii libkf5notifications5 5.54.0-1
ii libkf5package5 5.54.0-1
ii libkf5quickaddons5 5.54.0-1
ii libkf5waylandclient5 4:5.54.0-1
ii libkf5waylandserver5 4:5.54.0-1
ii libkf5windowsystem5 5.54.0-1
ii libpam0g 1.3.1-5
ii libqt5core5a 5.11.3+dfsg1-1
ii libqt5dbus5 5.11.3+dfsg1-1
ii libqt5gui5 5.11.3+dfsg1-1
ii libqt5network5 5.11.3+dfsg1-1
ii libqt5qml5 5.11.3-4
ii libqt5quick5 5.11.3-4
ii libqt5widgets5 5.11.3+dfsg1-1
ii libqt5x11extras5 5.11.3-2
ii libseccomp2 2.3.3-4
ii libstdc++6 8.3.0-6
ii libwayland-client0 1.16.0-1
ii libwayland-server0 1.16.0-1
ii libx11-6 2:1.6.7-1
ii libxcb-keysyms1 0.4.0-1+b2
ii libxcb1 1.13.1-2
ii libxi6 2:1.7.9-1
Versions of packages libkscreenlocker5 recommends:
ii kde-config-screenlocker 5.14.5-1
libkscreenlocker5 suggests no packages.
-- no debconf information
Reply to: