search

sddm / sddm

QML based X11 and Wayland display manager
GNU General Public License v2.0
1.91k stars 333 forks source link

Failed login attempts wrongly recognised by OS #1750

Open MitchiLaser opened 1 year ago

MitchiLaser commented 1 year ago

When a login attempt failed the username which was entered into the login prompt is visible when calling $ who even if this user is not existing at all.

When trying to log in with a not existing username, e.g. + then calling $ who lists this as a logged in user:

$who
+                     2023-06-20 13:28
...

Some Information about the operating system and the installed package:

$ zypper info sddm

Information for package sddm:
-----------------------------
Repository     : openSUSE-Leap-15.4-1
Name           : sddm
Version        : 0.19.0-lp154.3.6
Arch           : x86_64
Vendor         : openSUSE
Installed Size : 4.7 MiB
Installed      : Yes
Status         : up-to-date
Source package : sddm-0.19.0-lp154.3.6.src
Upstream URL   : https://github.com/sddm/sddm
Vogtinator commented 1 year ago

Looks like SDDM unconditionally writes into /var/run/utmp, I guess it probably shouldn't do that

https://github.com/sddm/sddm/blob/387674c86026737647b33e1748952f72884ebf31/src/helper/HelperApp.cpp#L347

MitchiLaser commented 1 year ago

journalctl provides the following information:

Jun 20 13:28:06 fphct18 sddm-greeter[1748]: Hunspell dictionary is missing for "en_GB" . Search paths ("/usr/share/qt5/qtvirtualkeyboard/hunspell", "/usr/share/hunspell", "/usr/share/myspell/dicts")

Jun 20 13:28:32 fphct18 sddm-greeter[1748]: Reading from "/usr/share/xsessions/plasma5.desktop"
Jun 20 13:28:32 fphct18 sddm[1719]: Message received from greeter: Login
Jun 20 13:28:32 fphct18 sddm[1719]: Reading from "/usr/share/xsessions/plasma5.desktop"
Jun 20 13:28:32 fphct18 sddm[1719]: Reading from "/usr/share/xsessions/plasma5.desktop"
Jun 20 13:28:32 fphct18 sddm[1719]: Session "/usr/share/xsessions/plasma5.desktop" selected, command: "/usr/bin/startplasma-x11"
Jun 20 13:28:32 fphct18 sddm-helper[16896]: [PAM] Starting...
Jun 20 13:28:32 fphct18 sddm-helper[16896]: [PAM] Authenticating...
Jun 20 13:28:32 fphct18 sddm-helper[16896]: pam_unix(sddm:auth): bad username [+      ]
Jun 20 13:28:32 fphct18 sddm-helper[16896]: pam_listfile(sddm:auth): Refused user +       for service sddm
Jun 20 13:28:32 fphct18 sddm-helper[16896]: pam_sss(sddm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=+
Jun 20 13:28:32 fphct18 sddm-helper[16896]: pam_sss(sddm:auth): received for user +      : 10 (User not known to the underlying authentication module)
Jun 20 13:28:32 fphct18 sddm-helper[16896]: [PAM] authenticate: Authentication failure
Jun 20 13:28:32 fphct18 sddm-helper[16896]: [PAM] returning.
Jun 20 13:28:32 fphct18 sddm[1719]: Authentication error: "Authentication failure"
Jun 20 13:28:32 fphct18 sddm-helper[16896]: [PAM] Ended.
Jun 20 13:28:32 fphct18 sddm[1719]: Auth: sddm-helper exited with 1
Jun 20 13:28:33 fphct18 sddm-greeter[1748]: Message received from daemon: LoginFailed

It seems like the login attempt fails but it will still be writte in utemp. Therefore $ who reports a logged in user while $ loginctl list-sessions has no information about that login attempt.