segfault in pam_smbpass.so

Bug #303458 reported by Guillaume Hain on 2008-11-29
98
This bug affects 8 people
Affects Status Importance Assigned to Milestone
Baltix
Undecided
Unassigned
samba (Ubuntu)
High
Unassigned

Bug Description

Hi,

lsb_release -rd:
Description: Ubuntu 8.10
Release: 8.10

I'm using Ubuntu Intreprid Ibex AMD64, and have all updates installed.
I have samba and libpam-smbpass installed with the last version.

But, If I try to use sudo in a terminal, it ask me my password ans then crash with a segmentation fault.
All is similar to the bug #260687, but I have the folder /var/lib/samba

So, I habe open a terminal with 2 tabs :
1: executing tail -f /var/log/*.log
2: executing sudo apt-get update

I got this in the first tab :
Nov 29 15:45:44 zUbuntu kernel: [14002.485973] sudo[8365]: segfault at 0 ip 00007f619a412d6c sp 00007fffa434aa50 error 4 in pam_smbpass.so[7f619a3ab000+149000]

( ip and sp value changed each time ).

If I remove the libpam-smbpass package, all work fine ( else I have no shares ).
I have try to remove with --purge and re-install, but same result.

Thierry Carrez (ttx) wrote :

Could you try the workaround in:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/302092/comments/4

Is it a 8.04 box that was upgraded to 8.10 ? Did sudo start to fail as soon as you upgraded, or did it start to fail some time after ?

Changed in samba:
status: New → Incomplete
Guillaume Hain (zedtux) wrote :

I have already done the workaround of the comment ( I tell that at the end of my ticket ).

No, it's a fresh new installation. ( and new hard drive ! ).

Thierry Carrez (ttx) wrote :

About the workaround: could you confirm that /var/lib/samba is removed after you purged libpam-smbpass and samba-common ?

Guillaume Hain (zedtux) wrote :

So, I have back in rescue mode and do all possible updates.

After that, I did an ls /var/lib/samba and saw many files.
So did the apt-get remove --purge libpam-sbmpass and then, execute again an ls /var/lib/samba.
Files still there !

So, I did a rm -rf /var/lib/samba, and then apt-get install libpam-sbmpass.

Next step, I continue boot process and try, in a terminal to do sudo apt-get update and again segmentation fault !

Tail told me, during the sudo apt-get update :
Dec 5 17:07:09 zUbuntu kernel: [ 370.131994] sudo[11276]: segfault at 0 ip 00007fd92f278dbc sp 00007fff391b2e30 error 4 in pam_smbpass.so[7fd92f211000+149000]

Thierry Carrez (ttx) wrote :

zedtux:
OK, then we can try to cleanup by hand:
$ sudo rm -rf /var/lib/samba
$ sudo mkdir /var/lib/samba

pam_smbpass.so is known to segfault if the /var/lib/samba directory doesn't exist, or if it is non-empty, filled by something it doesn't like. I never saw it segfault when using an existing, but empty /var/lib/samba... yet :)

(As I said in comment 3, to clean up, you should have purged *both* samba-common and libpam-smbpass, ensure that /var/lib/samba has been removed, and then reinstall libpam-smbpass (which will reinstall samba-common in the process). That's because the /var/lib/samba directory is installed by the samba-common package, not the libpam-smbpass one.)

Guillaume Hain (zedtux) wrote :

Thanks for your help !

I said, in my comment 4, that I have try to rm -rf /var/lib/samba and re-intall package.
But, I have not try to uninstall every samba packages... :(

And now, as I need a working computer ( working on a project ), I have re-install everything and now, no errors.

Thierry Carrez (ttx) wrote :

There was probably a problem with corrupted contents in /var/lib/samba... this tends to occur a little too often in my taste and pam_smbpass integration makes it fail quite badly. I'm not exactly sure what we can do to avoid it though.

Changed in samba:
status: Incomplete → New
Dim Zoom (dimzoom) wrote :

i have the same probleme with my 32bits processor.

Guillaume Hain (zedtux) wrote :

Is this a good idea to use gdb during a sudo command to check what happen ?

( I just hear that gdb is a debugger... but I don't know how to use it and how it work ! )

Derek Morton (derek-morton) wrote :

Could this error be related to this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478752, namely the last message, which lists CUPS as the offender. I've recently uncommented the line listed in this message and haven't seen any more errors, however it did take about 10 hours for it to manifest itself the second time.

Paul Dixon (lordelph) wrote :

I had the same problem on a fresh install of Ubuntu 8.10 amd64.

I followed the instructions given by Thierry Carrez above, and removed samba and libpam-smbpass, deleted /var/lib/samba, created a new empty directory to replace it, and reinstalled samba and libpam-smbpass. Rebooted and all was well.

Sam Morris (yrro) wrote :

Should this be merged with #302092?

Thierry Carrez (ttx) wrote :

So we still have a problem with a corrupted file inside /var/lib/samba causing libpam-smbpass segfault. The file might well be secrets.tdb since deleting it often fixes the issue...

Today I also had a problem with libpam-smbpass. I couldn't login (in GDM and on console). This is from my /var/log/messages:

Jan 21 20:13:35 bender kernel: [ 66.228600] gdm[6571]: segfault at 0 ip 00007f
78559f6dbc sp 00007fff65d7c3e0 error 4 in pam_smbpass.so[7f785598f000+149000]
Jan 21 20:13:48 bender kernel: [ 79.569333] login[4439]: segfault at 0 ip 0000
7fed09b9cdbc sp 00007fff13ec7db0 error 4 in pam_smbpass.so[7fed09b35000+149000]

I have nothing done to my system yesterday (didn't install, remove or update any packets).
But when I read, that it could be cups related: yesterday the cups server crashed for some reason. Maybe it has corrupted the /var/lib/samba directory?

This is a nasty bug.

Keith Constable (kccricket) wrote :

I encountered this bug today. For me, the problem was the /var/lib/secrets.tdb file. It appears that a portion of the file was clobbered by some log messages:

^@^@^@ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'

It's primarily a binary file, so I was surprised to discover this. After (re)moving the file, everything was peachy. Perhaps some output in a script is being redirected improperly somewhere?

Sam Morris (yrro) wrote :

I see the same log messages in secrets.tdb on my affected machines as well.

I encountered this bug today, and the only strange thing I did was installing a new printer through the CUPS web interface. I just removed the pam_smbpass package and everything was ok.

Michael Gefen (gefenm11) wrote :

i had this issue, and resolved it by reinstalling libpam-smbpass.
now it came back.

i guess i'll have to remove that library. what are the ipacts on the system in doing so?

Josh Matthews (shazburg) wrote :

Came across this issue just last night and found the cause to be less than insidious.

Seems that after I finished editing smb.conf, the daemon reloaded the new file automagically. This is when the trouble started.

As it turns out, my new config had a typo and was specifying a directory that did not exist. I believe this is what was causing samba to go tango-uniform and thus causing pam to segfault.

One boot into recovery mode and a restore to the default smb.conf later, and all is well again. I will be editing my smb.conf under a different name until it has passed testparm. I will report back should another fail occur.

Josh Matthews (shazburg) wrote :

Correction, it wasn't a typo for the directory, it was a typo for the line. Here is the line at issue:

    path /data/apps

Which is missing the '=' operator. This is what caused samba to choke, and pam to follow suit.

Josh Matthews (shazburg) wrote :

And now I'm just muddying the water. Even with my corrected (and testparm approved) smb.conf and samba daemons stopped, I get the pam segfault because of pam_smbpass.so.

It should be noted that by returning to the default smb.conf, pam is happy once more. I have attached the smb.conf that makes pam go boom.

Josh Matthews (shazburg) wrote :

Corrected the misspelling of 'tdbsam' on line 6 of the above posted smb.conf. New config is working fine and pam hasn't segfaulted as of yet.

Sam Morris (yrro) wrote :

Can we *please* get some triage on this bug? It has now made three laptops where I work inoperable to those who do not know to disable the pam_smpass module.

Thierry Carrez (ttx) wrote :

I was wondering if this wasn't Ubuntu-specific since I couldn't find any report elsewhere of a similar problem. It's also introduced in 8.10, and we didn't have any report of it persisting in 9.04 alpha (so far).

The tdb file corruption mentioned in comment 15 and comment 16 is interesting. Since it's logfile-related and we maintain a pam_smbpass.so delta that relates to logfiles, i was wondering if there wasn't a connection here. Specifically, smbpasswd-syslog.patch bypasses setup_logging...

Changed in samba:
importance: Undecided → High
status: New → Confirmed
Thierry Carrez (ttx) wrote :

In duplicate bug 346571, reporter is using the Jaunty version so we can assume it's still present in jaunty.

Reporter confirms the secrets.tdb file contains text that should rather appear in a log file:
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mappin$
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb

Thierry Carrez (ttx) wrote :

Steve,
The smbpasswd-syslog.patch you submitted to Samba [1] as a fix to Debian bug 434372 never made it to a Samba release. Since this sudo segfault issue seems to only affect our build (and only since Intrepid) I was wondering if the patch was not introducing an issue when run against the 3.2 or 3.3 line... It looks alright to me, but...

[1] https://bugzilla.samba.org/show_bug.cgi?id=4831

Thierry Carrez (ttx) wrote :

This is probably a duplicate to bug 292791, though nobody there explicitly reported secrets.tdb corruption.

Peter Antoniac (pan1nx) on 2009-03-24
tags: added: likely-dup

On Tue, Mar 24, 2009 at 12:58:40PM -0000, Thierry Carrez wrote:
> Steve,
> The smbpasswd-syslog.patch you submitted to Samba [1] as a fix to Debian
> bug 434372 never made it to a Samba release. Since this sudo segfault
> issue seems to only affect our build (and only since Intrepid) I was
> wondering if the patch was not introducing an issue when run against the
> 3.2 or 3.3 line... It looks alright to me, but...

It's possible, but I can't see any bugs in the patch and there are no
warnings in the build log related to this code.

And it's still not reproducible for me. :/

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

Sam Morris (yrro) wrote :

I found that the corrupted secrets.tdb prevented samba from starting:

[2009/03/27 12:16:44, 0] smbd/server.c:main(1213)
  smbd version 3.2.3 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/03/27 12:16:44, 0] lib/util_tdb.c:tdb_wrap_log(886)
  tdb(/var/lib/samba/secrets.tdb): transaction_read: failed at off=1601070448 len=24
[2009/03/27 12:16:44, 0] lib/util_tdb.c:tdb_wrap_log(886)
  tdb(/var/lib/samba/secrets.tdb): transaction_read: failed at off=1601070448 len=24
[2009/03/27 12:16:44, 0] lib/util_tdb.c:tdb_wrap_log(886)
  tdb(/var/lib/samba/secrets.tdb): transaction_read: failed at off=1601070448 len=24
[2009/03/27 12:16:44, 0] lib/util_tdb.c:tdb_wrap_log(886)
  tdb(/var/lib/samba/secrets.tdb): transaction_read: failed at off=1601070448 len=24
[2009/03/27 12:16:44, 0] lib/util_tdb.c:tdb_wrap_log(886)
  tdb(/var/lib/samba/secrets.tdb): transaction_read: failed at off=1650750572 len=24
[2009/03/27 12:16:44, 0] passdb/machine_sid.c:pdb_generate_sam_sid(166)
  pdb_generate_sam_sid: Failed to store generated machine SID.
[2009/03/27 12:16:44, 0] lib/util.c:smb_panic(1663)
  PANIC (pid 28036): could not generate a machine SID
[2009/03/27 12:16:44, 0] lib/util.c:log_stack_trace(1767)
  BACKTRACE: 6 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7bc542c]
   #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7bc5589]
   #2 /usr/sbin/smbd(get_global_sam_sid+0x6f3) [0xb7acc257]
   #3 /usr/sbin/smbd(main+0x9f7) [0xb7a65530]
   #4 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb757f685]
   #5 /usr/sbin/smbd [0xb7a62af1]
[2009/03/27 12:16:44, 0] lib/util.c:smb_panic(1668)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 28036]
[2009/03/27 12:16:44, 0] lib/util.c:smb_panic(1676)
  smb_panic(): action returned status 0
[2009/03/27 12:16:44, 0] lib/fault.c:dump_core(201)
  dumping core in /var/log/samba/cores/smbd

I deleted secrets.tdb and the segfault went away. That was OK for me because I had also purged libpam-smbpass and I am using security = share for now anyway. :)

I have just suffered this bug too, and it was after installing cups.
I removed libpam-smbpass, then I renamed secrets.tbd and installed libpam-smbpass again.
Now I can login again, and I have Samba, but I don't have CUPS. Is there any way to install cups and work this bug around?

Rafael Soares (rafaelsoaresbr) wrote :

"
Release: Jaunty

Since a recent upgrade (around the 16th of March), sudo has been broken. Entering the correct password causes sudo to simply exit and not run the command, it was found that this could be fixed by commenting/removing the line

"auth optional pam_smbpass.so migrate"

in /etc/pam.d/common-auth

If the above line is present and not commented out, sudo or even su, will not work.
"

Changed in samba (Ubuntu):
assignee: nobody → rafaelsoaresbr
status: Confirmed → Fix Committed
Changed in samba (Ubuntu):
status: Fix Committed → Confirmed
Steve Langasek (vorlon) on 2009-04-02
Changed in samba (Ubuntu):
assignee: rafaelsoaresbr → nobody
Thierry Carrez (ttx) wrote :

Still struggling to reproduce this.

There seems to be something CUPS-related that results in secrets.tdb corruption with "Unable to open tdb '/var/lib/samba/group_mapping.ldb'" error messages. Once corrupted, this file seems to trigger libpam-smbpass segfaults.

Following the error message lead, it might come from CUPS apparmor profile, preventing access to LDB. Bug 217787 created an abstractions/smbpass that is noticeably missing /var/lib/samba/*.ldb files:

/var/lib/samba/*.tdb rwk,

Thierry Carrez (ttx) wrote :

Created bug 357581 to fix apparmor smbpass abstraction. I'm not sure it will ultimately fix this problem, but it would surely explain why the bug appeared in Samba 3.2 (LDB files weren't in use before) and why this seems to be Ubuntu-specific (our cupsd/apparmor thing is Ubuntu-specific). There would still be a bug in samba for failing so badly in this case but the root cause might be avoided.

Thierry Carrez (ttx) wrote :

This is apparently avoided in Jaunty through the apparmor fix, no sightings so far.
Closing as Fix Released, and nominating bug 357581 for Intrepid SRU.

Changed in samba (Ubuntu):
status: Confirmed → Fix Released
Sam Morris (yrro) wrote :

Just ran into this *again*. It needs to be fixed in *all* currently supported Ubuntu releases, not just the current one...

mintaka (mintaka) wrote :

Probably same behavior.

After upgrading from Ubuntu 9 to Ubuntu 10.04 LTS - Lucid Lynx
vsftpd server failed to login users.

Problem was solved after libpam-smbpass was ununstalled.

From log files:
[auth-log]:
Oct 22 10:33:53 HP6720s1 vsftpd: pam_winbind(vsftpd:auth): pam_get_item returned a password
Oct 22 10:33:53 HP6720s1 vsftpd: pam_winbind(vsftpd:auth): internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'mintaka')
Oct 22 10:36:12 HP6720s1 vsftpd: pam_listfile(vsftpd:auth): Refused user mintaka for service vsftpd
Oct 22 10:36:12 HP6720s1 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user334 rhost=192.168.1.1 user=user334
Oct 22 10:36:12 HP6720s1 vsftpd: pam_winbind(vsftpd:auth): getting password (0x00000388)

[kern-log]:
Oct 22 10:09:09 HP6720s1 kernel: [30161.017119] lo: Disabled Privacy Extensions
Oct 22 10:09:13 HP6720s1 kernel: [30164.999934] vsftpd[3389]: segfault at 0 ip 00007faf4012afa1 sp 00007fffd477b810 error 6 in pam_smbpass.so[7faf400a9000+1
6f000]

[vsftpd-log]:
Fri Oct 22 10:10:45 2010 [pid 1] [user334] FAIL LOGIN: Client "192.168.1.1"
Fri Oct 22 10:10:51 2010 [pid 2] CONNECT: Client "192.168.1.1"

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.