lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password is expiring
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| samba (Ubuntu) |
High
|
Bryan Quigley | ||
| Precise |
High
|
Unassigned | ||
| Quantal |
Undecided
|
Unassigned |
Bug Description
My precise client is member of a Windows Domain. A domain user can login using samba/winbind without problem in tty and via lightdm if the user password is ok.
If the password is expiring a domain user logs in correctly via TTY, with a message "Your password is expiring in 10 days". if tries with lightdm the user gets the message "Your password is expiring in 10 days", but then returns to the username request.
On /var/log/syslog i get:
May 23 08:50:52 tv52605 kernel: [ 1046.645230] lightdm[2415]: segfault at 0 ip b73d976a sp bfd66fa8 error 4 in libc-2.
for each time the user tries to login with the domain user credentials.
Expected behaviour:
the user sees the message "Your password is expiring in 10 days", then logs in (like gdm in ubuntu 10.04 does).
I attach the crash file i found in /var/crash/ (that i'm unable to send via apport-bug tue to same strange bug)
[Impact]
* This bug makes users unable to login via the LightDM interface when their password is close to expiring.
* This upload just checks for a null reference so that LightDM won't crash on it.
[Test Case]
* Set up Active Directory (not tested with Samba AD)
* Have user passwords to expire after a certain time
* Wait until they would be alerted for this, note crash on login
[Regression Potential]
* It is has been upstream for a while now and has been tested by several users. It is also already fixing in Ubuntu Raring+
* There might be a better way to handle the null pointer?
Luca Lorenzetto (lorenzetto-luca) wrote : | #1 |
affects: | launchpad → lightdm (Ubuntu) |
Luca Lorenzetto (lorenzetto-luca) wrote : | #2 |
Luca Lorenzetto (lorenzetto-luca) wrote : | #3 |
Another crash file. I'm installing now more debug symbols (there are some symbol table missing)
summary: |
- lightdm crashed with SIGSEGV when password is expiring + lightdm crashed with SIGSEGV in pam_sm_authenticate() when password is + expiring |
summary: |
- lightdm crashed with SIGSEGV in pam_sm_authenticate() when password is - expiring + lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password + is expiring |
security vulnerability: | no → yes |
visibility: | public → private |
Luca Lorenzetto (lorenzetto-luca) wrote : | #4 |
This is the unpacked crash file with latest ddebs. I removed my plain password both in file and in crash dump (it has been replaced with **********)
Tyler Hicks (tyhicks) wrote : | #5 |
Hi Luca - Any specific reason that you marked this as private? It severely limits the number of people that can view the bug report. If you are ok with the crash files being public, please mark the bug as public so that more eyes can see this bug. Thanks!
Luca Lorenzetto (lorenzetto-luca) wrote : Re: [Bug 1003296] Re: lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password is expiring | #6 |
On Sat, Jun 2, 2012 at 1:14 AM, Tyler Hicks <email address hidden> wrote:
> Hi Luca - Any specific reason that you marked this as private? It
> severely limits the number of people that can view the bug report. If
> you are ok with the crash files being public, please mark the bug as
> public so that more eyes can see this bug. Thanks!
It has been marked as private by Luca Falavigna, maybe because i said
him there was my password in the crash file. But i edited the crash
informations to remove my password (replaced with stars).
FYI i can still reproduce this bug for at most one week (my password
will expire completely in no more than 7 days), then you've to wait
another month :-(
So if you want me to install some other debug things and reproduce
the bug, i'm here this week to help you.
You can find me in #ubuntu-it-dev on freenode with the nick name
"remix_tj" if you want to ask things to me directly.
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://
Luca Lorenzetto (lorenzetto-luca) wrote : | #7 |
On Sat, Jun 2, 2012 at 12:14 PM, Luca 'remix_tj' Lorenzetto
<email address hidden> wrote:
[cut]
> FYI i can still reproduce this bug for at most one week (my password
> will expire completely in no more than 7 days), then you've to wait
> another month :-(
Today is completely expired the password.
I tried to login, lightdm said me that the password is expired and
allowed me to login, but did not crash.
So the problem is related to the expiring status of the password.
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://
<email address hidden>
Luca Lorenzetto (lorenzetto-luca) wrote : | #8 |
Another user reported me that he had the same problem.
The user is <email address hidden>
Jamie Strandboge (jdstrand) wrote : | #9 |
Based on user's feedback, marking this public again. Also, this seems to be a regular bug.
security vulnerability: | yes → no |
visibility: | private → public |
Luca Lorenzetto (lorenzetto-luca) wrote : | #10 |
Today the bug is back, my password is now returned in the "expiring" period
Luca Lorenzetto (lorenzetto-luca) wrote : | #11 |
Same problem on a fresh install on a samsung nc10 notebook, precise 32bit. Now i'll test on 64bits
Luca Lorenzetto (lorenzetto-luca) wrote : | #12 |
the problem seems to be related only to pam_winbind not directly to lightdm. Also gdm does not allows the login. I attached a grep of syslog file kept after inserting username and password on gdm. Gdm hangs showing me "your password will expire in 12 days".
Sebastien Bacher (seb128) wrote : | #13 |
Thank you for your comment, do you think you could get a stacktrace of the lightdm issue with libpam-
affects: | lightdm (Ubuntu) → samba (Ubuntu) |
Changed in samba (Ubuntu): | |
importance: | Undecided → High |
Changed in samba (Ubuntu Precise): | |
importance: | Undecided → High |
Sebastien Bacher (seb128) wrote : | #14 |
reassigning to samba since the issue seems in libpam-winbind
Luca Lorenzetto (lorenzetto-luca) wrote : | #15 |
I've already installed dmbsym for libpam-winbind (2:3.6.
Luca Lorenzetto (lorenzetto-luca) wrote : | #16 |
the problem is affecting also ubuntu 64bit
Luca Lorenzetto (lorenzetto-luca) wrote : | #17 |
Luca Lorenzetto (lorenzetto-luca) wrote : | #18 |
Another detail I noticed is that if i log in from tty i get the message
"erroneous conversation (5)" after the message of expired password.
I report also that i found the problem also with debian stable.
Luca Lorenzetto (lorenzetto-luca) wrote : | #19 |
I tested also on fedora, the problem is related to samba main distribution.
Ubuntu 10.04 with winbind 3.4.7 is not affected by this bug
I reported also bug on the samba-bugzilla
Luca Lorenzetto (lorenzetto-luca) wrote : | #20 |
The problem is back. Nothing is changed in this month
Launchpad Janitor (janitor) wrote : | #21 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in samba (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in samba (Ubuntu): | |
status: | New → Confirmed |
Johan Ramm-Ericson (johanre) wrote : | #23 |
I can confimr that this bug also affects me. Is there any information I can provide to help unearth the cause?
Luca Lorenzetto (lorenzetto-luca) wrote : | #24 |
Johan,
what version of windows server is installed on your domain controllers?
Johan Ramm-Ericson (johanre) wrote : | #25 |
Sorry about the delayed response, took a while to get hold of the info: our domain controllers are Win 2008 R2
Luca Lorenzetto (lorenzetto-luca) wrote : | #26 |
Same here... maybe is a problem of integration between windows 2008 R2 and samba?
Johan Ramm-Ericson (johanre) wrote : | #27 |
Actually, this is not the first time we see a similar issue. We ran into it with 10.04 / Lucid + samba + gdm and this was before our domain controllers were 2008 R2. I can't quite remeber what fixed it then (I'm still digging through old emails) but I have a vague memory of it being fixed by a samba / winbind patch.
Luca Lorenzetto (lorenzetto-luca) wrote : | #28 |
I wrote and tested a patch that fixes the bug. Reading the source code i found that this:
_pam_log(ctx, LOG_CRIT, "Received [%s] reply from application.\n", resp->resp);
So i searched on the auth.log logfile for this log entry and found:
pam_winbind(
Then i found on a the crashfile stackthread:
#0 __strcasecmp_
No locals.
#1 0xb7221398 in _pam_winbind_
msg = {msg_style = 5, msg = 0xb7228f90 "Do you want to change your password now?"}
pmsg = 0xbfc39810
resp = 0x85831a8
prompt = <optimized out>
ret = <optimized out>
retval = false
So the problem is on the call of strcasecmp with null as first parameter.
Attached the patch that fixes the issue.
I tested against the latest sources for precise that can be downloaded with:
apt-get source samba
The attachment "Fixes bug adding a check for a null value before calling strcasecmp" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]
tags: | added: patch |
Luca Lorenzetto (lorenzetto-luca) wrote : | #30 |
https:/
patch has been accepted on master source of samba
Johan Ramm-Ericson (johanre) wrote : | #31 |
Excellent work, Luca! Will test your patch as soon as I can.
Luca Lorenzetto (lorenzetto-luca) wrote : | #32 |
Does my patch has been tested? This patch is already in samba 3.6.9 but is not in ubuntu package that i have to fix manually.
Johan Ramm-Ericson (johanre) wrote : | #33 |
Sorry, Luca, yes - we have tested your patch and it worked fine for one user! We are just waiting for other user accounts to expire...
Bryan Quigley (bryanquigley) wrote : | #34 |
Has this been confirmed to be fixed via this patch with other user accounts at this point? If so, we should start the SRU process..
Johan Ramm-Ericson (johanre) wrote : Re: [Bug 1003296] Re: lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password is expiring | #35 |
On 26 June 2013 20:30, Bryan Quigley <email address hidden> wrote:
> Has this been confirmed to be fixed via this patch with other user
> accounts at this point? If so, we should start the SRU process..
Yes, it works for all user accounts.
Luca Lorenzetto (lorenzetto-luca) wrote : | #36 |
AFAIK is already merged in samba main tree:
ftp://ftp.
http://
So newer ubuntu versions like raring does already include this patch.
On Wed, Jun 26, 2013 at 8:30 PM, Bryan Quigley <email address hidden> wrote:
> Has this been confirmed to be fixed via this patch with other user
> accounts at this point? If so, we should start the SRU process..
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> lightdm crashed with SIGSEGV in _pam_winbind_
> password is expiring
>
> To manage notifications about this bug go to:
> https:/
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://
description: | updated |
Changed in samba (Ubuntu): | |
assignee: | nobody → Bryan Quigley (bryanquigley) |
Bryan Quigley (bryanquigley) wrote : | #38 |
Bryan Quigley (bryanquigley) wrote : | #40 |
Changed in samba (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in samba (Ubuntu Precise): | |
status: | Confirmed → In Progress |
Changed in samba (Ubuntu Quantal): | |
status: | New → In Progress |
Iain Lane (laney) wrote : | #41 |
Uploaded, thank you
Jamie Strandboge (jdstrand) wrote : | #42 |
Since these are uploaded, unsubscribing ubuntu-sponsors.
Hello Luca, or anyone else affected,
Accepted samba into quantal-proposed. The package will build now and be available at http://
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
Changed in samba (Ubuntu Quantal): | |
status: | In Progress → Fix Committed |
tags: | added: verification-needed |
Changed in samba (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Brian Murray (brian-murray) wrote : | #44 |
Hello Luca, or anyone else affected,
Accepted samba into precise-proposed. The package will build now and be available at http://
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
Marc Deslauriers (mdeslaur) wrote : | #45 |
Can someone please verify the samba packages in precise-proposed and quantal-proposed please?
A samba security update is pending, and these packages will be superseded if they don't get tested soon.
Luca Lorenzetto (lorenzetto-luca) wrote : Re: [Bug 1003296] Re: lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password is expiring | #46 |
On Mon, Aug 19, 2013 at 3:55 PM, Marc Deslauriers
<email address hidden> wrote:
> Can someone please verify the samba packages in precise-proposed and quantal-proposed please?
> A samba security update is pending, and these packages will be superseded if they don't get tested soon.
Sorry, i cannot test these packages since i've no accounts in
expiration for the next 30 days. But looking at the diff from the
previous version i see that modifications are exactly like the package
i built by myself to avoid this bug and used for months.
So for me is ok.
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://
tags: |
added: verification-done removed: verification-needed |
Brian Murray (brian-murray) wrote : | #47 |
Luca - that don't doesn't really qualify as verification of the bug as detailed on the SRU wiki page.
tags: |
added: verification-needed removed: verification-done |
Johan Ramm-Ericson (johanre) wrote : | #48 |
I'm not either on an account that is close to expiration, will talk to colleagues next week and see if someones account is close to expiring (I'm on vacation right now).
Bryan Quigley (bryanquigley) wrote : | #49 |
I understand that this is relatively difficult to reproduce. Is anyone in a better position to test it now?
Johan Ramm-Ericson (johanre) wrote : | #50 |
My apologies; in the rush of things to do, I'd forgotten about this.
Yes, my account is actually currently in the expiration cycle. I will
test in a few hours time and report back.
Johan Ramm-Ericson (johanre) wrote : | #51 |
Ran into dependancy issues. There was a conflict between the existing samba-common (2:3.6.
Bryan Quigley (bryanquigley) wrote : | #52 |
Both samba-common and -bin should have been upgrades to ...ubuntu2.7. Let me know the details of the conflict when you can.
Thanks again for testing. Sorry it's not going well.
Luca Lorenzetto (lorenzetto-luca) wrote : | #53 |
Very strange, i installed it without problems with a simple:
apt-get upgrade winbind libpam-winbind samba
lorenzettoluca@
libpam-winbind | grep ubuntu | cut -f 2 -d ":" | cut -f 1 -d " "
3.6.3-2ubuntu2.7
3.6.3-2ubuntu2.7
3.6.3-2ubuntu2.7
3.6.3-2ubuntu2.7
On Mon, Sep 9, 2013 at 9:49 PM, Johan Ramm-Ericson
<email address hidden> wrote:
> Ran into dependancy issues. There was a conflict between the existing
> samba-common (2:3.6.
> (2:3.6.
> can't login anymore. WIll try to do further tests tomorrow when I'm back
> in the office (given that I can recover my system).
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> lightdm crashed with SIGSEGV in _pam_winbind_
> password is expiring
>
> To manage notifications about this bug go to:
> https:/
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://
Bryan Quigley (bryanquigley) wrote : | #54 |
Confirmed by customer to be fixed on Ubuntu 12.04. I'm not sure we have anyone affected using 12.10 though, anybody?
tags: |
added: verification-done-precise verification-needed-quantal removed: verification-needed |
Luca Lorenzetto (lorenzetto-luca) wrote : | #55 |
On Mon, Sep 16, 2013 at 10:11 PM, Bryan Quigley <email address hidden> wrote:
> Confirmed by customer to be fixed on Ubuntu 12.04. I'm not sure we have
> anyone affected using 12.10 though, anybody?
I Don't remember but AFAIR the bug was in all recent versions
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://
Bryan Quigley (bryanquigley) wrote : | #56 |
@Luca,
Sorry for not being clearer. Quantal is definitely affected, hence the debdiff. However, I'm not sure we still have anyone actually using 12.10 on an Domain at this point; so I'm not sure if there will be any testers.
Luca Lorenzetto (lorenzetto-luca) wrote : | #57 |
Right. Since in few months support will be dropped i'll leave there the
patch
Il giorno 17/set/2013 15:11, "Bryan Quigley" <email address hidden> ha scritto:
> @Luca,
>
> Sorry for not being clearer. Quantal is definitely affected, hence the
> debdiff. However, I'm not sure we still have anyone actually using
> 12.10 on an Domain at this point; so I'm not sure if there will be any
> testers.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> lightdm crashed with SIGSEGV in _pam_winbind_
> password is expiring
>
> To manage notifications about this bug go to:
> https:/
>
Launchpad Janitor (janitor) wrote : | #58 |
This bug was fixed in the package samba - 2:3.6.3-2ubuntu2.7
---------------
samba (2:3.6.
* Fix login with expiring user passwords (LP: #1003296)
- Fixed in Samba 3.6.9 (Samba bug: 9013)
-- Bryan Quigley <email address hidden> Wed, 10 Jul 2013 12:25:17 -0400
Changed in samba (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.
Rolf Leggewie (r0lf) wrote : | #60 |
quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".
Changed in samba (Ubuntu Quantal): | |
status: | Fix Committed → Won't Fix |
Seems to be a problem only with active directory users (so related to the usage of pam_winbind.so).
I tried this on a new installed machine:
created a user newuser
chage -M 5 newuser (set expiring password to 5 days)
lightdm logs in showing a warning for the expiring password (disappears very quickly because lightdm closes)
I'll try this also on my client machine (in few days) and i'll test also with another expiring Active Directory user.