Bug#597020: libgksu: sudo mode: no second attempt and no feedback when wrong password entered

Wed, 15 Sep 2010 16:06:19 -0700 

Package: libgksu
Version: 2.0.13~pre1-1
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch maverick

Hello,

we got a lot of bug reports in Ubuntu (which uses sudo by default)
about the password dialog that is presented only allowing one attempt.
If the wrong password is entered, the dialog simply disappears, and
nothing else happens. (https://launchpad.net/bugs/298217)

I debugged this, and the problem is in this part:

          /* ignore the first newline that comes right after sudo receives
             the password */
          fgets (buffer, 255, infile);
          /* this is the status we are interessted in */
          fgets (buffer, 255, infile);
          [...]
          if (!strcmp (buffer, "Sorry, try again.\n"))

So what happens with sudo 1.7.2p7 at least (but presumably with a lot
of older versions, given how old the Ubuntu bug is), that the first
fgets() gets "Sorry, try again.", the message we are really interested
in. The second gets "GNOME_SUDO_PASSSorry, try again.".

One possible solution is to just drop the first fgets, so that the
strcmp() will match on the correct string.  Now, I suppose ignoring
the first line made sense at some point with some version of sudo, so
I left the structure as it is, and instead made the string comparison
cover this case as well. This should provide full backwards
compatibility, and fixes this bug.

Thanks for considering!

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

Description: Be more careful when checking the "wrong password" output, there might be a new prompt before.
Author: Martin Pitt <martin.p...@ubuntu.com>
Bug-Ubuntu: https://launchpad.net/bugs/298217 

--- libgksu//libgksu/libgksu.c	2010-09-16 00:47:18.901166002 +0200
+++ libgksu.new//libgksu/libgksu.c	2010-09-16 00:48:08.031166001 +0200
@@ -2946,7 +2946,7 @@
 	  fprintf (stderr, "%s", buffer);
 	}
 
-      if (!strcmp (buffer, "Sorry, try again.\n"))
+      if (!strcmp (buffer, "Sorry, try again.\n") || !strcmp(buffer, "GNOME_SUDO_PASSSorry, try again.\n"))
 	g_set_error (error, gksu_quark, GKSU_ERROR_WRONGPASS,
 		     _("Wrong password."));
       else if (!strncmp (buffer, "Sorry, user ", 12))

Attachment: signature.asc
Description: Digital signature

Reply via email to