Ubuntu
policykit package

pkexec fails with ERROR:pkexec.c:138:pam_conversation_function: code should not be reached

Bug #875402 reported by Vreixo Formoso
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
policykit (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

pkexec fails with the error:

ERROR:pkexec.c:138:pam_conversation_function: code should not be reached

in up-to-date Ubuntu 11.10. I have taken a look to the source code and it seems related to the fake conversation function used when PAM is invoked (pkexec.c:160 in packaged sources -.orig-). In my system I have a fprint PAM module to authenticate, but it also fails after disabling it.
Policykit authentication other than pkexec seems to work properly. A look at polkitagenthelper-pam.c shows that a proper concersation function is used.
I guess a similar function could be used for pkexec, but I have not enough skills on pam/policykit to address this.

Thanks in advance
Vreixo

Revision history for this message
Vreixo Formoso (metalpain2002) wrote :

It seems only affected me, and I'm not using fprint now, so I'm not suffering this problem. No idea whether it is still an issue in new releases.

Changed in policykit (Ubuntu):
status: New → Invalid
Revision history for this message
mystercoco (mystercoco-gmail) wrote :

I had the same problem, it looks like pexec is no more working on recent Ubuntu version.
It was generating a lot of crash windows at startup.

A quick and dirty fix (no more errors at least):
# sudo mv /usr/bin/pkexec /usr/bin/pkexec.old
# sudo ln -s /usr/bin/gksudo /usr/bin/pkexec

Sincerely

Technical Details:

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Sat Nov 9 14:35:29 2013
DistroRelease: Ubuntu 13.10
ExecutablePath: /usr/bin/pkexec
ExecutableTimestamp: 1379527177
ProcCmdline: pkexec /usr/lib/update-notifier/package-system-locked
ProcCwd: /home/mystercoco
ProcEnviron:
 TERM=xterm
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=fr_FR.UTF-8
 LANGUAGE=fr_FR
 XDG_RUNTIME_DIR=<set>

Changed in policykit (Ubuntu):
status: Invalid → Fix Committed
Revision history for this message
Doudz (sebastien-ramage) wrote :

I got the same problem on Ubuntu 16.04, pkexec just doesn't work after entering password

Exemple :

pkexec gedit
**
ERROR:pkexec.c:138:pam_conversation_function: code should not be reached
Abandon

Changed in policykit (Ubuntu):
status: Fix Committed → Confirmed
Revision history for this message
Sami Kantoluoto (sami-kantoluoto) wrote :

I'm also having the problem on Ubuntu 16.04 with kerberos authentication.

Revision history for this message
Marc Neiger (marc-i) wrote :

I 'm now having this problem on 16.04 (Mint 18.1), I suspect it may be related to adding ldap and sssd caching, but it's unclear.

Revision history for this message
Dario CIPRUT (dciprut) wrote :

Same problem on 16.04 LTS (Ubuntu Xenial). No clue except i am using pam_mount.

Revision history for this message
InfoLibre (david-vantyghem) wrote :

Same error when lauching Synaptic (synaptic-pkexec), since I added my Linux Mint MATE 18.2 computer into a Windows 2003 domain with realm (kerberos, sssd).

Revision history for this message
InfoLibre (david-vantyghem) wrote :

In fact, the problem doesn't appear since I added my Linux Mint MATE 18.2 computer into a Windows domain but since I added pam_mount in /etc/pam.d/common-session :

session optional pam_mount.so

If I remove this line, it works again.

Revision history for this message
InfoLibre (david-vantyghem) wrote :

I found a (bad ?) solution. I keep pam_mount in /etc/pam.d/common-session file :

session optional pam_mount.so

and I add user="" in /etc/security/pam_mount.conf.xml file :

<volume
 fstype="cifs" server="2008-STD" path="Users/Administrateur/Desktop/Dossier partagé pour test"
 mountpoint="/home/%(USER)/Bureau/Dossier test"
 options="sec=krb5,cruid=%(USERUID),uid=%(USERUID)"
 user=""
/>

And it works !???

Revision history for this message
InfoLibre (david-vantyghem) wrote :

I posted a bug report on https://sourceforge.net/p/pam-mount/bugs/123/

Revision history for this message
InfoLibre (david-vantyghem) wrote :

Finally, I add the name of the user that can mount the shared folder and it works :

<volume
 fstype="cifs" server="2008-STD" path="Users/Administrateur/Desktop/Dossier partagé pour test"
 mountpoint="/home/%(USER)/Bureau/Dossier test"
 options="sec=krb5,cruid=%(USERUID),uid=%(USERUID)"
 user="<name>@<domain>"
/>

With <name> is the Windows user name and <domain> is the Active Directory domain name.

(I tried with user="%(USER)" but it doesn't work at all)

Revision history for this message
Marc Neiger (marc-i) wrote :

I have the very same problem using LDAP authentication (not Windows active directory.
I have a few user="*" but user="" would disable the mount, wouldn't it?

Revision history for this message
Marc Neiger (marc-i) wrote :

Each line now has user="*" or uses extended user control and the problem disappeared.
Thanks

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.