pkexec fails with ERROR:pkexec.c:138:pam_conversation_function: code should not be reached

Bug #875402 reported by Vreixo Formoso on 2011-10-16
32
This bug affects 7 people
Affects Status Importance Assigned to Milestone
policykit (Ubuntu)
Undecided
Unassigned

Bug Description

pkexec fails with the error:

ERROR:pkexec.c:138:pam_conversation_function: code should not be reached

in up-to-date Ubuntu 11.10. I have taken a look to the source code and it seems related to the fake conversation function used when PAM is invoked (pkexec.c:160 in packaged sources -.orig-). In my system I have a fprint PAM module to authenticate, but it also fails after disabling it.
Policykit authentication other than pkexec seems to work properly. A look at polkitagenthelper-pam.c shows that a proper concersation function is used.
I guess a similar function could be used for pkexec, but I have not enough skills on pam/policykit to address this.

Thanks in advance
Vreixo

Vreixo Formoso (metalpain2002) wrote :

It seems only affected me, and I'm not using fprint now, so I'm not suffering this problem. No idea whether it is still an issue in new releases.

Changed in policykit (Ubuntu):
status: New → Invalid
mystercoco (mystercoco-gmail) wrote :

I had the same problem, it looks like pexec is no more working on recent Ubuntu version.
It was generating a lot of crash windows at startup.

A quick and dirty fix (no more errors at least):
# sudo mv /usr/bin/pkexec /usr/bin/pkexec.old
# sudo ln -s /usr/bin/gksudo /usr/bin/pkexec

Sincerely

Technical Details:

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Sat Nov 9 14:35:29 2013
DistroRelease: Ubuntu 13.10
ExecutablePath: /usr/bin/pkexec
ExecutableTimestamp: 1379527177
ProcCmdline: pkexec /usr/lib/update-notifier/package-system-locked
ProcCwd: /home/mystercoco
ProcEnviron:
 TERM=xterm
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=fr_FR.UTF-8
 LANGUAGE=fr_FR
 XDG_RUNTIME_DIR=<set>

Changed in policykit (Ubuntu):
status: Invalid → Fix Committed
Doudz (sebastien-ramage) wrote :

I got the same problem on Ubuntu 16.04, pkexec just doesn't work after entering password

Exemple :

pkexec gedit
**
ERROR:pkexec.c:138:pam_conversation_function: code should not be reached
Abandon

Changed in policykit (Ubuntu):
status: Fix Committed → Confirmed

I'm also having the problem on Ubuntu 16.04 with kerberos authentication.

Marc Neiger (marc-i) wrote :

I 'm now having this problem on 16.04 (Mint 18.1), I suspect it may be related to adding ldap and sssd caching, but it's unclear.

Dario CIPRUT (dciprut) wrote :

Same problem on 16.04 LTS (Ubuntu Xenial). No clue except i am using pam_mount.

Same error when lauching Synaptic (synaptic-pkexec), since I added my Linux Mint MATE 18.2 computer into a Windows 2003 domain with realm (kerberos, sssd).

In fact, the problem doesn't appear since I added my Linux Mint MATE 18.2 computer into a Windows domain but since I added pam_mount in /etc/pam.d/common-session :

session optional pam_mount.so

If I remove this line, it works again.

I found a (bad ?) solution. I keep pam_mount in /etc/pam.d/common-session file :

session optional pam_mount.so

and I add user="" in /etc/security/pam_mount.conf.xml file :

<volume
 fstype="cifs" server="2008-STD" path="Users/Administrateur/Desktop/Dossier partagé pour test"
 mountpoint="/home/%(USER)/Bureau/Dossier test"
 options="sec=krb5,cruid=%(USERUID),uid=%(USERUID)"
 user=""
/>

And it works !???

Finally, I add the name of the user that can mount the shared folder and it works :

<volume
 fstype="cifs" server="2008-STD" path="Users/Administrateur/Desktop/Dossier partagé pour test"
 mountpoint="/home/%(USER)/Bureau/Dossier test"
 options="sec=krb5,cruid=%(USERUID),uid=%(USERUID)"
 user="<name>@<domain>"
/>

With <name> is the Windows user name and <domain> is the Active Directory domain name.

(I tried with user="%(USER)" but it doesn't work at all)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers