Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Special characters causes [swaylock-1.7/pam.c:105] pam_authenticate failed: invalid credentials #268

Open
mvasi90 opened this issue Dec 3, 2022 · 6 comments
Labels
bug Something isn't working

Comments

@mvasi90
Copy link

mvasi90 commented Dec 3, 2022

After three years of keeping my system session opened (unprotected with a password), and after reading all the related bugs, opening bugs in Arch and Gentoo bugzilla, I discovered the problem of: "[swaylock-1.7/pam.c:105] pam_authenticate failed: invalid credentials".

The problem is the password length. All my passwords are between 40 and 70 characters. Who the hell dares to question the size of my passwords?

I don't know if this is a PAM or a SwayLock buffer issue.
Please let me know if I should report a bug in any other place.

Possible related bugs:
#119
#169
swaywm/sway#3631
swaywm/sway#2773
swaywm/sway#2743
swaywm/sway#3632
https://bugs.gentoo.org/show_bug.cgi?id=829685

@kennylevinsen
Copy link
Member

Assuming your swaylock PAM stack (/etc/pam.d/swaylock) is similar to that of your login manager, then PAM having an issue with your password would make all logins fail. I assume that the password works in all other PAM promps on the system (login(1), sudo, graphical login managers, ...)?

On the other hand, swaylock's password buffer is 1024 characters so length isn't meant to be an issue, and 40 isn't a particularly long password in the first place. To prove that the issue is length, you could try setting shorter passwords to find if a certain password length triggers the issue.

Who the hell dares to question the size of my passwords?

Calm down.

@mvasi90
Copy link
Author

mvasi90 commented Dec 4, 2022

Hi, @kennylevinsen.

Assuming your swaylock PAM stack (/etc/pam.d/swaylock) is similar to that of your login manager

It's a fresh Arch Linux installation.

/etc/pam.d/swaylock
#
# PAM configuration file for the swaylock screen locker. By default, it includes
# the 'login' configuration file (see /etc/pam.d/login)
#

auth include login
/etc/pam.d/login
#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
account    include      system-local-login
session    include      system-local-login
password   include      system-local-login
/etc/pam.d/sudo
#%PAM-1.0
auth		include		system-auth
account		include		system-auth
session		include		system-auth

I assume that the password works in all other PAM promps on the system (login(1), sudo, graphical login managers, ...)?

Of course, it works.

I thought it could be because of the special characters or spaces, but not. The keyboard layout is correct, I can log in with special characters like: ¡¿!?#@/|.

Then I tried with half of the password and it worked. This has been my mistake, because the last part contains tilde and accents like: ñ áéíóú àèìòù. (I will change my affected passwords because, now, the structure is public, and it is easy to make a mask in tools like hashcat if someone get the hash).

To prove that the issue is length, you could try setting shorter passwords to find if a certain password length triggers the issue.

I tested it and it works. The buffer is not the problem. The problem is the accented characters: áéíóú...

I changed my password to: á

Login
Shell login Works
sudo Works
swaylock Doesn't work

@mvasi90 mvasi90 changed the title Password length causes: [swaylock-1.7/pam.c:105] pam_authenticate failed: invalid credentials Special characters causes [swaylock-1.7/pam.c:105] pam_authenticate failed: invalid credentials Dec 4, 2022
@emersion
Copy link
Member

emersion commented Dec 4, 2022

That's helpful, probably a bug with our UTF-8 functions then.

@emersion emersion added the bug Something isn't working label Dec 4, 2022
@emersion
Copy link
Member

emersion commented Dec 5, 2022

Our UTF-8 handling seems correct to me.

@mvasi90
Copy link
Author

mvasi90 commented Dec 5, 2022

My config:

/etc/locale.gen
...
en_US.UTF-8
...
locale
LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=
/etc/vconsole.conf
KEYMAP=es
/etc/sway/config
...
input "type:keyboard" {
	xkb_layout es
}
...

I also tested with the locale es_ES.UTF-8 but it does not work.

swaylock with --show-keyboard-layout shows Spanish.

@hamletmun
Copy link

Maybe Unicode normalization forms?

'á' could be '\u00E1' or '\u0061\u0301'
'é' could be '\u00E9' or '\u0065\u0301'
'ñ' could be '\u00F1' or '\u006E\u0303'

See puemos/hls-downloader#344

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Development

No branches or pull requests

4 participants