lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password is expiring

Seems to be a problem only with active directory users (so related to the usage of pam_winbind.so).

I tried this on a new installed machine:

created a user newuser

chage -M 5 newuser (set expiring password to 5 days)

lightdm logs in showing a warning for the expiring password (disappears very quickly because lightdm closes)

I'll try this also on my client machine (in few days) and i'll test also with another expiring Active Directory user.

Another crash file. I'm installing now more debug symbols (there are some symbol table missing)

This is the unpacked crash file with latest ddebs. I removed my plain password both in file and in crash dump (it has been replaced with **********)

Hi Luca - Any specific reason that you marked this as private? It severely limits the number of people that can view the bug report. If you are ok with the crash files being public, please mark the bug as public so that more eyes can see this bug. Thanks!

On Sat, Jun 2, 2012 at 1:14 AM, Tyler Hicks <email address hidden> wrote:
> Hi Luca - Any specific reason that you marked this as private? It
> severely limits the number of people that can view the bug report. If
> you are ok with the crash files being public, please mark the bug as
> public so that more eyes can see this bug. Thanks!

It has been marked as private by Luca Falavigna, maybe because i said
him there was my password in the crash file. But i edited the crash
informations to remove my password (replaced with stars).

FYI i can still reproduce this bug for at most one week (my password
will expire completely in no more than 7 days), then you've to wait
another month :-(

So if you want me to install some other debug things and reproduce
the bug, i'm here this week to help you.

You can find me in #ubuntu-it-dev on freenode with the nick name
"remix_tj" if you want to ask things to me directly.

--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <email address hidden>

On Sat, Jun 2, 2012 at 12:14 PM, Luca 'remix_tj' Lorenzetto
<email address hidden> wrote:
[cut]
> FYI i can still reproduce this bug for at most one week (my password
> will expire completely in no more than 7 days), then you've to wait
> another month :-(

Today is completely expired the password.

I tried to login, lightdm said me that the password is expired and
allowed me to login, but did not crash.

So the problem is related to the expiring status of the password.

--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net ,
<email address hidden>

Another user reported me that he had the same problem.

The user is <email address hidden>

Based on user's feedback, marking this public again. Also, this seems to be a regular bug.

Today the bug is back, my password is now returned in the "expiring" period

Same problem on a fresh install on a samsung nc10 notebook, precise 32bit. Now i'll test on 64bits

the problem seems to be related only to pam_winbind not directly to lightdm. Also gdm does not allows the login. I attached a grep of syslog file kept after inserting username and password on gdm. Gdm hangs showing me "your password will expire in 12 days".

Thank you for your comment, do you think you could get a stacktrace of the lightdm issue with libpam-winbind-dbgsym (http://ddebs.ubuntu.com/pool/main/s/samba/) installed?

reassigning to samba since the issue seems in libpam-winbind

I've already installed dmbsym for libpam-winbind (2:3.6.3-2ubuntu2.3) do you need another crash file?

the problem is affecting also ubuntu 64bit

Another detail I noticed is that if i log in from tty i get the message

"erroneous conversation (5)" after the message of expired password.

I report also that i found the problem also with debian stable.

I tested also on fedora, the problem is related to samba main distribution.

Ubuntu 10.04 with winbind 3.4.7 is not affected by this bug

I reported also bug on the samba-bugzilla

https://bugzilla.samba.org/show_bug.cgi?id=9013

The problem is back. Nothing is changed in this month

Status changed to 'Confirmed' because the bug affects multiple users.

I can confimr that this bug also affects me. Is there any information I can provide to help unearth the cause?

Johan,

what version of windows server is installed on your domain controllers?

Sorry about the delayed response, took a while to get hold of the info: our domain controllers are Win 2008 R2

Same here... maybe is a problem of integration between windows 2008 R2 and samba?

Actually, this is not the first time we see a similar issue. We ran into it with 10.04 / Lucid + samba + gdm and this was before our domain controllers were 2008 R2. I can't quite remeber what fixed it then (I'm still digging through old emails) but I have a vague memory of it being fixed by a samba / winbind patch.

I wrote and tested a patch that fixes the bug. Reading the source code i found that this:

 _pam_log(ctx, LOG_CRIT, "Received [%s] reply from application.\n", resp->resp);

So i searched on the auth.log logfile for this log entry and found:

pam_winbind(lightdm:auth): Received [(null)] reply from application

Then i found on a the crashfile stackthread:

#0 __strcasecmp_l_ssse3 () at ../sysdeps/i386/i686/multiarch/strcmp-ssse3.S:293
 No locals.
 #1 0xb7221398 in _pam_winbind_change_pwd (ctx=<optimized out>) at ../nsswitch/pam_winbind.c:834
         msg = {msg_style = 5, msg = 0xb7228f90 "Do you want to change your password now?"}
         pmsg = 0xbfc39810
         resp = 0x85831a8
         prompt = <optimized out>
         ret = <optimized out>
         retval = false

So the problem is on the call of strcasecmp with null as first parameter.

Attached the patch that fixes the issue.

I tested against the latest sources for precise that can be downloaded with:

apt-get source samba

The attachment "Fixes bug adding a check for a null value before calling strcasecmp" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

https://bugzilla.samba.org/show_bug.cgi?id=9013#c8

patch has been accepted on master source of samba

Excellent work, Luca! Will test your patch as soon as I can.

Does my patch has been tested? This patch is already in samba 3.6.9 but is not in ubuntu package that i have to fix manually.

Sorry, Luca, yes - we have tested your patch and it worked fine for one user! We are just waiting for other user accounts to expire...

Has this been confirmed to be fixed via this patch with other user accounts at this point? If so, we should start the SRU process..

On 26 June 2013 20:30, Bryan Quigley <email address hidden> wrote:

> Has this been confirmed to be fixed via this patch with other user
> accounts at this point? If so, we should start the SRU process..

Yes, it works for all user accounts.

AFAIK is already merged in samba main tree:

ftp://ftp.samba.org/pub/unpacked/samba_3_current/WHATSNEW.txt (for 3.5.x)

http://www.samba.org/samba/history/samba-3.6.9.html (for 3.6.x)

So newer ubuntu versions like raring does already include this patch.

On Wed, Jun 26, 2013 at 8:30 PM, Bryan Quigley <email address hidden> wrote:
> Has this been confirmed to be fixed via this patch with other user
> accounts at this point? If so, we should start the SRU process..
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1003296
>
> Title:
> lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when
> password is expiring
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1003296/+subscriptions

--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <email address hidden>

Uploaded, thank you

Since these are uploaded, unsubscribing ubuntu-sponsors.

Hello Luca, or anyone else affected,

Accepted samba into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/samba/2:3.6.6-3ubuntu5.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Luca, or anyone else affected,

Accepted samba into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/samba/2:3.6.3-2ubuntu2.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Can someone please verify the samba packages in precise-proposed and quantal-proposed please?
A samba security update is pending, and these packages will be superseded if they don't get tested soon.

On Mon, Aug 19, 2013 at 3:55 PM, Marc Deslauriers
<email address hidden> wrote:
> Can someone please verify the samba packages in precise-proposed and quantal-proposed please?
> A samba security update is pending, and these packages will be superseded if they don't get tested soon.

Sorry, i cannot test these packages since i've no accounts in
expiration for the next 30 days. But looking at the diff from the
previous version i see that modifications are exactly like the package
i built by myself to avoid this bug and used for months.

So for me is ok.

--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <email address hidden>

Luca - that don't doesn't really qualify as verification of the bug as detailed on the SRU wiki page.

I'm not either on an account that is close to expiration, will talk to colleagues next week and see if someones account is close to expiring (I'm on vacation right now).

I understand that this is relatively difficult to reproduce. Is anyone in a better position to test it now?

My apologies; in the rush of things to do, I'd forgotten about this.
Yes, my account is actually currently in the expiration cycle. I will
test in a few hours time and report back.

Ran into dependancy issues. There was a conflict between the existing samba-common (2:3.6.3-2ubuntu2.6) package and the samba-common-bin (2:3.6.3-2ubuntu2.7) package that has blocked me from further work - I can't login anymore. WIll try to do further tests tomorrow when I'm back in the office (given that I can recover my system).

Both samba-common and -bin should have been upgrades to ...ubuntu2.7. Let me know the details of the conflict when you can.

Thanks again for testing. Sorry it's not going well.

Very strange, i installed it without problems with a simple:

 apt-get upgrade winbind libpam-winbind samba

lorenzettoluca@tv52605:~$ dpkg -l samba samba-common winbind
libpam-winbind | grep ubuntu | cut -f 2 -d ":" | cut -f 1 -d " "
3.6.3-2ubuntu2.7
3.6.3-2ubuntu2.7
3.6.3-2ubuntu2.7
3.6.3-2ubuntu2.7

On Mon, Sep 9, 2013 at 9:49 PM, Johan Ramm-Ericson
<email address hidden> wrote:
> Ran into dependancy issues. There was a conflict between the existing
> samba-common (2:3.6.3-2ubuntu2.6) package and the samba-common-bin
> (2:3.6.3-2ubuntu2.7) package that has blocked me from further work - I
> can't login anymore. WIll try to do further tests tomorrow when I'm back
> in the office (given that I can recover my system).
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1003296
>
> Title:
> lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when
> password is expiring
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1003296/+subscriptions

--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <email address hidden>

Confirmed by customer to be fixed on Ubuntu 12.04. I'm not sure we have anyone affected using 12.10 though, anybody?

On Mon, Sep 16, 2013 at 10:11 PM, Bryan Quigley <email address hidden> wrote:
> Confirmed by customer to be fixed on Ubuntu 12.04. I'm not sure we have
> anyone affected using 12.10 though, anybody?

I Don't remember but AFAIR the bug was in all recent versions

--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <email address hidden>

@Luca,

Sorry for not being clearer. Quantal is definitely affected, hence the debdiff. However, I'm not sure we still have anyone actually using 12.10 on an Domain at this point; so I'm not sure if there will be any testers.

Right. Since in few months support will be dropped i'll leave there the
patch
Il giorno 17/set/2013 15:11, "Bryan Quigley" <email address hidden> ha scritto:

> @Luca,
>
> Sorry for not being clearer. Quantal is definitely affected, hence the
> debdiff. However, I'm not sure we still have anyone actually using
> 12.10 on an Domain at this point; so I'm not sure if there will be any
> testers.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1003296
>
> Title:
> lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when
> password is expiring
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1003296/+subscriptions
>

This bug was fixed in the package samba - 2:3.6.3-2ubuntu2.7

---------------
samba (2:3.6.3-2ubuntu2.7) precise-proposed; urgency=low

  * Fix login with expiring user passwords (LP: #1003296)
    - Fixed in Samba 3.6.9 (Samba bug: 9013)
 -- Bryan Quigley <email address hidden> Wed, 10 Jul 2013 12:25:17 -0400

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".