Ubuntu

gdm crash on using login button with passwordless login enabled

Reported by AZ on 2011-02-24
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gdm
Fix Released
High
gdm (Ubuntu)
Low
Martin Pitt

Bug Description

Binary package hint: gdm

When adding a user (guest) to the nopasswdlogin group, it is permitted to login via gdm without providing credentials. In my setup, user listing at login screen is enabled and pam_mkhomedir is active every time the guest user logs in. After choosing the user guest, gdm displays a screen lacking the password input box (which is correct) and containing a cancel and a login button.
As pam_mkhomedir takes a moment to copy the full homedir (it is a little big bigger), the user has the opportunity to click on the login button ( though this would not be neccessary to login). This in turn causes gdm to crash, see the attached backtrace (recompiled the original ubuntu gdm package with DEB_BUILD_OPTIONS="nostrip debug").

After debugging I now believe that the following is happening: on clicking on the login button, an answer query dbus message is generated, which is then rejected by the receiver due to no pam authentification request is pending. The latter is correct, as no password has been asked for, so the answer query dbus message should only be generated if an pam input query is pending.
The attached patch fixes this by adding a pending_query boolean which is set on receiving an input request and unset on replying / resetting.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: gdm 2.30.5-0ubuntu4
ProcVersionSignature: Ubuntu 2.6.35-25.44-generic 2.6.35.10
Uname: Linux 2.6.35-25-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Thu Feb 24 10:12:40 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
 SHELL=/bin/bash
 LANG=de_DE.UTF-8
SourcePackage: gdm

AZ (m-dev) wrote :
Changed in gdm:
importance: Unknown → Medium
status: Unknown → New
tags: added: patch
Changed in gdm:
importance: Medium → High
Changed in gdm (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Martin Pitt (pitti) wrote :

Thanks! I updated the patch against current gnome 2.32 version, sent a newer version upstream, and committed it to our packaging branch. This will be uploaded shortly after the alpha-3 freeze.

Changed in gdm (Ubuntu):
status: Triaged → Fix Committed
AZ (m-dev) wrote :

I've created another patch that avoids introducing a new variable by making sure that the the log-in button is disabled if MODE_AUTHENTICATION is used and no queries are pending.
This debdiff is against gdm-2.30.5-0ubuntu4 (maverick), the main difference to the version proposed upstream is that the ubuntu code has a reset_dialog call in gdm_greeter_login_window_ready, which makes the set_{sensitive,focus,ready} calls in this method superflous.
I've tested this patch with timed login, password less login with user list, password less login without user list, login with password with user list, login with password without user list.

Sebastien Bacher (seb128) wrote :

There is some discussions upstream and an updated patch, assigning to pitti since he reviewed and commited the first version

Changed in gdm (Ubuntu):
status: Fix Committed → Triaged
assignee: nobody → Martin Pitt (pitti)
Changed in gdm:
status: New → Fix Released
Martin Pitt (pitti) wrote :
Changed in gdm (Ubuntu):
status: Triaged → In Progress
Martin Pitt (pitti) wrote :

I backported the upstream git fix to our 2.32 version and committed to the packaging bzr.

Changed in gdm (Ubuntu):
status: In Progress → Fix Committed
AZ (m-dev) wrote :

Will this be fixed in lucid or maverick?

Sebastien Bacher (seb128) wrote :

not likely in 10.10 since that's not something concerning the default installation nor somethings users complained about, seems rather a corner case, it could be consider for lucid though

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdm - 2.32.0-0ubuntu10

---------------
gdm (2.32.0-0ubuntu10) natty; urgency=low

  * debian/patches/01git_xdmcp_ipv6.patch:
    - git commit to fix xdmcp issue when ipv6 is used

  [ Martin Pitt ]
  * Add 00git_passwordless_login_crash.patch: Disable the login button in
    MODE_AUTHENTICATION if no query is pending. This avoids a crash when
    having passwordless logins. Original patch from Michael Braun, slightly
    changed for upstream git head, backported to 2.32. (LP: #724205)

  [ James Hunt ]
  * debian/gdm.upstart: gdm will now restart as expected if a user
    runs "telinit 2" from single-user mode (LP: #436936).
 -- Sebastien Bacher <email address hidden> Tue, 15 Mar 2011 18:45:45 +0100

Changed in gdm (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.