no second attempt and no feedback when wrong password entered

I do not have this behaviour with Intrepid 8.10 and gksudo 2.0.0-5ubuntu3.

When i hit a wrong password, it asks me again saying I entered a wrong password and that I should try again.

thank you for your bug report, what ubuntu version do you use?

Ubuntu Jaunty including updates & proposed.

$ apt-cache policy gksu
gksu:
  Installed: 2.0.2-1ubuntu2
  Candidate: 2.0.2-1ubuntu2
  Version table:
 *** 2.0.2-1ubuntu2 0
        500 http://ubuntu.media.mit.edu jaunty/main Packages
        100 /var/lib/dpkg/status

If you have any other console commands to show relevant versions, I can put those in too.

I should also clarify a few things. First, Synaptic was just an example. This happens any time the gksu prompt appears. Second, I have thinkfinger integration enabled (via /usr/lib/pam-thinkfinger/pam-thinkfinger-enable), and gksu also gives up after a single finger swipe.

Still valid for Lucid: 2.0.2-2ubuntu1

I'm also having this problem

xpd259@Mars:~/Workspaces/hb-trunk$ apt-cache policy gksu
gksu:
  Installed: 2.0.2-2ubuntu2
  Candidate: 2.0.2-2ubuntu2
  Version table:
 *** 2.0.2-2ubuntu2 0
        500 http://gb.archive.ubuntu.com/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status

I feel the bug in Lucid is a regression. I do not have this problem in an up-to-date Ubuntu 9.10. If I type in an incorrect password, a new screen comes up stating that I've entered an incorrect password and prompting me to try again. In Lucid, I don't get the second prompt.

I can confirm that my 9.04 system works correctly with an "Incorrect password... try again" message, but in 10.04 there is no opportunity to re-enter the password and gain su access once you enter an incorrect password.

This is indeed a regression from previous release functionality.

This is still occurring in Lucid with all updates applied. (gksu 2.0.2-2ubuntu2)

However, if 'gksu-properties' is run and Authentication mode is changed from 'su' to 'sudo' , the expected behaviour of prompting three times for a password occurs.

Apologies, it should read if you swap 'sudo' to 'su'.

On the command line, you see the following when entering a wrong password:

$ gksu --description /usr/share/applications/synaptic.desktop /usr/sbin/synaptic
GNOME_SUDO_PASSSorry, try again.
sudo: 3 incorrect password attempts

This is with current 10.04 and pretty annoying.

arab@arab-laptop:~$ gksu nautilus
GNOME_SUDO_PASSSorry, try again.
sudo: 3 incorrect password attempts

I still have this problem in the final release.

As this bug is a regression, is it possible there could still be a fix submitted as a SRU?

This is not a bug in gksu, at least not as of Lucid. It is a bug in sudo. Downgrading sudo to the version in the Karmic-Updates repository fixes this problem. However downgrading the gksu package does not fix it, indicating the issue is with the sudo package alone.

I can confirm that downgrading as described in post #15 does fix this issue on my 64-bit 10.04 system.

For long time ubuntu users, that are used to each new release bringing new bugs where things previously worked nice, this might not present a big problem. However, I think it will be very confusing to new users. Not sure whats the criteria for the importance-settings of bugs, but I think bugs like this, that will actually affect all users of the system, should have higher importance.

I have updated and the problem still persist. Hope the Ubuntu team is working to fix it soon.

I confirm this. 10.04 LTS x64 system.
Indeed, this bug should have a higher importance.

Present in 10.10 too

Ubuntu 10.04 amd64, this bug is very annoying.

@Sebastien Bacher: Why is it declined for Maverick?

@Sebastien: For that matter, why is this declined for Lucid? As a regression bug, the fix should surely be SRU'd into an LTS release.

Will there be no fix forthcoming?

I think this will make a fine SRU, it's a simple patch.

libgksu (2.0.10-1ubuntu2) maverick; urgency=low

  * 20_better_usleep.patch: Drop *.rej file part, which causes problems on
    clean.
  * Add 23_sudo_wrong_pwd_check.patch: Be more careful when checking the
    "wrong password" output, there might be a new prompt before. (LP: #298217)

 -- Martin Pitt <email address hidden> Thu, 16 Sep 2010 00:52:49 +0200

Sorry, this is the correct changelog for Maverick:

libgksu (2.0.13~pre1-1ubuntu5) maverick; urgency=low

  * Add 27_sudo_wrong_pwd_check.patch: Be more careful when checking the
    "wrong password" output, there might be a new prompt before. (LP: #298217)

 -- Martin Pitt <email address hidden> Thu, 16 Sep 2010 01:04:43 +0200

uploaded to lucid-proposed, this now needs an ACK from another SRU team member.

I compiled libgksu 2.0.13~pre1-1ubuntu5 from source on Lucid, and the problem persists.

Twisted Lincoln,

the update hasn't been accepted yet.

Accepted libgksu into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Tested libgksu from lucid-proposed. This appears to have fixed the issue. gksu is now prompting when an incorrect password is entered.

Thank you so much Martin. I love to see regression fixes!

I just tested the libgksu package from lucid-proposed (now that it is there for real...). It fixed the issue on a fresh install of lucid, but on two of my machines with existing installs, the problem persists.

Any idea where the inconsistency could be? Both of the existing installs were upgrades from Karmic.

twistedlincoln,

first, please check with

  dpkg -l libgksu2-0

that you really have 2.0.13~pre1-1ubuntu4.1 installed. If that's the case, please do

  gksu -d whoami

then enter a wrong password, and copy&paste the entire output of the command here.

Thanks!

@Martin:

I have the same problem as Twisted Lincoln. My installation of Lucid was a clean install.

Current version of libgksu2-0 is 2.0.13~pre1-1ubuntu4.1

Output from gksu -d whoami is:

No ask_pass set, using default!
xauth: /tmp/libgksu-raKlv9/.Xauthority
STARTUP_ID: gksu/whoami/3503-0-ja-desktop_TIME21500095
cmd[0]: /usr/bin/sudo
cmd[1]: -H
cmd[2]: -S
cmd[3]: -p
cmd[4]: GNOME_SUDO_PASS
cmd[5]: -u
cmd[6]: root
cmd[7]: --
cmd[8]: whoami
buffer: -GNOME_SUDO_PASS-
brute force GNOME_SUDO_PASS ended...
Yeah, we're in...
xauth: /tmp/libgksu-raKlv9/.Xauthority
xauth_env: /var/run/gdm/auth-for-ja-naBCR8/database
dir: /tmp/libgksu-raKlv9

Update:
gksu is behaving correctly on my EeePC, which is an Openbox system built up from a command-line install. Not sure what would be causing the difference.

Same for me: issue is fixed on Maverick though still exists on Ubuntu Lucid (several times upgraded from Hardy over Jaunty...). Attached is gksu output on Lucid.

Indeed, the correct package is installed according to "dpkg -l libgksu2-0"

The results of "gksu -d whoami" is attached.

This bug was fixed in the package libgksu - 2.0.13~pre1-1ubuntu4.1

---------------
libgksu (2.0.13~pre1-1ubuntu4.1) lucid-proposed; urgency=low

  * Add 27_sudo_wrong_pwd_check.patch: Be more careful when checking the
    "wrong password" output, there might be a new prompt before. (LP: #298217)
 -- Martin Pitt <email address hidden> Thu, 16 Sep 2010 01:04:43 +0200

As stated by myself and Jean-Peer Lorenz, this bug is NOT fixed on Lucid systems that have been upgraded from previous versions.

What other info do you need from us to help fix this?

I believe I have found the solution to users that have upgraded from previous versions to Lucid:

arab80ps reported above that typing "gksu natuilus" and entering the wrong password returned the following for him:

GNOME_SUDO_PASSSorry, try again.
sudo: 3 incorrect password attempts

For me, it returns:

GNOME_SUDO_PASSGNOME_SUDO_PASSSorry, try again.
sudo: 3 incorrect password attempts

Thus changing line 14 of the "27_sudo_wrong_pwd_check.patch" that was recently added to libgksu from:

+ if (g_str_has_prefix (buffer, "Sorry, try again.") || g_str_has_prefix (buffer, "GNOME_SUDO_PASSSorry, try again."))

to

+ if (g_str_has_prefix (buffer, "Sorry, try again.") || g_str_has_prefix (buffer, "GNOME_SUDO_PASSGNOME_SUDO_PASSSorry, try again.") || g_str_has_prefix (buffer, "GNOME_SUDO_PASSSorry, try again."))

and recompiling and reinstalling the resulting deb fixes the issue for me. I have tested this fix on a fresh lucid install as well, and the fix works there too.

Since this issue at present is a regression for those upgrading to Lucid (and presumably Maverick as well), it is my hope that this trivial fix could be incorporated officially ASAP, provided it can be confirmed by others as fixing the problem.

Unfortunately, this is no longer working correctly. This is on a clean install of Lucid with

libgksu2-0:
  Installed: 2.0.13~pre1-1ubuntu4.1

:~$ gksu -d whoami
No ask_pass set, using default!
xauth: /tmp/libgksu-vatwCy/.Xauthority
STARTUP_ID: gksu/whoami/2727-0-valhalla_TIME11925681
cmd[0]: /usr/bin/sudo
cmd[1]: -H
cmd[2]: -S
cmd[3]: -p
cmd[4]: GNOME_SUDO_PASS
cmd[5]: -u
cmd[6]: root
cmd[7]: --
cmd[8]: whoami
buffer: -GNOME_SUDO_PASS-
brute force GNOME_SUDO_PASS ended...
Yeah, we're in...
sudo: 3 incorrect password attempts
 try again.
xauth: /tmp/libgksu-vatwCy/.Xauthority
xauth_env: /var/run/gdm/auth-for-marc-2BxVtr/database
dir: /tmp/libgksu-vatwCy

Any news on if anyone else has confirmed my fix in post #40?

The function works correctly on my 10.04 system (using Lucid proposed and backports repositories) with the same libgksu2-0 version as in post #41.

I get prompted 3 times with bad passwords, then get the "wrong password" message. Logging in with a good password works correctly and the sudo password is cached until either the timeout period or a "sudo -K" is done.

If gparted uses the same file it isn't working!

https://bugs.launchpad.net/ubuntu/+source/libgksu/+bug/298217/comments/40

Thanks your updated patch works for me on Maverick!

The previous update 2.0.13~pre1-1ubuntu5 did nothing to fix the issue but decided to get my hands dirty when i saw your request for testing. Found patching a deb not as difficult as I thought it might be :D

>As stated by myself and Jean-Peer Lorenz, this bug is NOT fixed on Lucid systems that have been upgraded from previous
>versions.
>
>What other info do you need from us to help fix this?

Still not fixed. Should I reopen it?

Yes, that would be nice!

This bug continues on... now affecting natty 11.04 release as well.

I too have seen this bug resurface in Natty on 3 different machines, all fresh installs.

can confirm for up-to-date natty as well

Confirmed for natty, see #773284 and various duplicates.

For convenience (so Launchpad makes a URL out of it), Felix is referring to "bug 773284".

Confirmed for up-to-date natty

Tested and confirmed for Natty as of August 2nd.

Bug 773284 has recently been marked a duplicate of this bug. Does that mean this bug should be reopened for releases where it is occurring again? (Or is bug 773284 to be considered separate from this?)

Now that both bug #773284 AND bug #777136 have been marked duplicates of this old report, will someone with the launchpad credentials to alter the status please update the status of libgksu (Ubuntu) to "New" or "Confirmed", or "Triaged"??

Duplicate Bug #773284 was triaged by Robert Roth (evfool) on 06-01-2011 with medium importance.

This issue has been confirmed as a bug repeatedly for a current, up-to-date Natty 11.04

Wow, I can't believe this obvious (and surely easy to fix!) bug is still not fixed! After having skimmed the libgksu code though, I'm not surprised -- it does call-outs to the shell all over the place. Obviously a very bad idea:

  tmp = g_strdup_printf ("%s list %s | "
                         "head -1 | awk '{ print $3 }'",
                         xauth_bin,
                         display);
  if ((xauth_output = popen (tmp, "r")) == NULL)

--------

      cmd[i] = g_strdup ("/bin/su"); i++;
      if (context->login_shell)
        {
          cmd[i] = g_strdup ("-"); i++;
        }
      cmd[i] = g_strdup (context->user); i++;
      if (context->keep_env)
        {
          cmd[i] = g_strdup ("-p"); i++;
        }
      cmd[i] = g_strdup ("-c"); i++;

      /* needs to get X authorization prior to running the program */
      cmd[i] = g_strdup_printf ("%s \"%s\"", auxcommand,
                                context->command); i++;

      cmd[i] = NULL;

      /* executes the command */
      if (execv (cmd[0], cmd) == -1)
        {
          fprintf (stderr,
                   "Unable to run /bin/su: %s",
                   strerror(errno));
        }

-----------

Such a terrible practice. When is someone going to write "exec() considered harmful"?

A suggested patch for solving the missing prompts when mistyping the password. libgksu ignored unconditionally the first line, assuming it just contains a newline. The patch checks if this assumption is true and ignores only lines containing solely a newline.

A PPA with a package containing the patch is being created at ppa:tspindler/libgksu-298217

The upstream bug report is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597020

Patch worked on fully updated natty. I've been waiting since Karmic for this.... Mucho Kudos to Torsten for fixing an ancient and very visible bug.

This bug was fixed in the package libgksu - 2.0.13~pre1-4ubuntu2

---------------
libgksu (2.0.13~pre1-4ubuntu2) oneiric; urgency=low

  * debian/patches/32_checknewline.patch:
    - Check if buffer is really a single newline before
      discarding it. (LP: #298217)
 -- Torsten Spindler (Canonical) <email address hidden> Tue, 13 Sep 2011 11:09:10 +0200

Thanks Torsten! I sponsored all your debdiffs, with a few minor tweaks (bug reference, distro target, version number).

Looks like this patch is superseded by a security update and needs to be re-submitted.

Meanwhile, I've installed a clean copy of Debian stable 6.0.2 and see that this bug does not exist in libgksu2-0 (2.0.13~pre1-3). I can't find any reference in the changelog as to what was fixed upstream or if the bug ever existed there.

I guess I am confused by the need for an Ubuntu patch when there is a working, stable Debian package?

Hello Ryan, or anyone else affected,

Accepted libgksu into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello Ryan, or anyone else affected,

Accepted libgksu into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello Ryan, or anyone else affected,

Accepted libgksu into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I can confirm this patch fixes the problem on Natty 11.04. Also, it fails correctly after 3 incorrect password entry attempts.
I've attached output from:

gksu -d whoami

I can confirm that the patch works for Lucid. Three attempts with incorrect password results in

"Failed to run ____ as user root.
Wrong password"

Indeed libgksu/natty-proposed accepts password 3 times, from this aspect -proposed package works fine.
But gksu outputs "3 incorrect password attempts" per 1 attempt. Although it seems not to have actual harm, this behaviour is strange.

==========
$ gksu 'echo 1'
GNOME_SUDO_PASS #### <- beginning of first attempt
Sorry, try again.
GNOME_SUDO_PASS
Sorry, try again.
sudo: 3 incorrect password attempts
GNOME_SUDO_PASS #### <- beginning of second attempt
Sorry, try again.
GNOME_SUDO_PASS
Sorry, try again.
sudo: 3 incorrect password attempts
GNOME_SUDO_PASS #### <- beginning of third attempt
Sorry, try again.
GNOME_SUDO_PASS
Sorry, try again.
sudo: 3 incorrect password attempts
==========

Are we going to correct the issue in comment #73?

If it is decided that the issue in comment #73 is not going to be fixed here, then perhaps a separate bug for it should be filed.

This bug was fixed in the package libgksu - 2.0.13~pre1-1ubuntu4.2

---------------
libgksu (2.0.13~pre1-1ubuntu4.2) lucid-proposed; urgency=low

  * debian/patches/29_check-newline.patch:
    - check if an empty line is really received before
      ignoring it (LP: #298217)
 -- Torsten Spindler (Canonical) <email address hidden> Wed, 14 Sep 2011 11:46:48 +0200

This bug was fixed in the package libgksu - 2.0.13~pre1-3ubuntu3.1

---------------
libgksu (2.0.13~pre1-3ubuntu3.1) natty-proposed; urgency=low

  * debian/patches/29_check_newline.patch:
    - Check if buffer is really a single newline before
      discarding it. (LP: #298217)
 -- Torsten Spindler (Canonical) <email address hidden> Tue, 13 Sep 2011 10:55:28 +0200

Resetting verification tags as maverick still needs testing.

Hi Martin, why this bug is still open?