Sharing cups disables entire system with segmentation faults

Bug #356851 reported by Feanor's Curse on 2009-04-07
This bug report is a duplicate of:  Bug #303458: segfault in pam_smbpass.so. Edit Remove
2
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Second time I encountered this bug, last time had to completely reinstall the system. Bug is described here:
http://ubuntuforums.org/showthread.php?t=1033190

Basically, I shared a printer via the cups browser interface, it restarted, and since then, everything with login is segfaulting. Now I'm making a backup and then trying the workaround described in the ubuntu-thread:
got it, hit 'esc' during boot, fired up a recovery console, "apt-get remove libpam-smbpass" and it's all good.

Also not sure if this is a bug of cups or libpam-smbpass, but not being able to boot into your system is a pretty big deal imho.

This is my first bug report, so tell me if you need more info.

Some additional info:
- Ubuntu 8.10
- libpam-smbpass: Installed: 2:3.2.3-1ubuntu3.4

Feanor's Curse (suepke) wrote :

Update: The workaround with recovery console and removing libpam-smbpass worked, I was able to boot normally again.

Thierry Carrez (ttx) wrote :

Could you describe the exact steps you followed to "share a printer via the cups browser interface" ?

Also could you have a look into /var/lib/samba/secrets.tdb and tell me if there are some error messages written *inside* that binary file.

This is probably a duplicate of bug 292791 and bug 303458, which so far we were unable to reproduce.

Changed in samba (Ubuntu):
status: New → Incomplete
Feanor's Curse (suepke) wrote :

Hi, thanks for the answer.
Yes, this seems to be a duplicate, sry about that. Made a quick search, but didn't find the other bugs back then.

Anyway, I purged samba and cups, without any result. I can reproduce the bug by installing libpam-smbpass again.

Messages inside secrets.tdb:
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'

The steps I did inside cups (iirc):
- opened http://localhost:631
- open administration tab
- pressed "edit configuration file" and added "listen 10.0.2.15"
- checked "Share published printers connected to this system"
- pressed "Change Settings" and gave my user password
After that, it crashed and segfaulting started.

Hope this helps

Feanor's Curse (suepke) wrote :

Ah something else (sry for double post):
I tried to connect to the printer inside my Windows VM (Virtualbox), but no avail. So I tried to have a look at cups again and noticed it would'nt work anymore. And I have a 64bit version of ubuntu.

But don't know if these are in any way related.

Thierry Carrez (ttx) wrote :

Could you post your kern.log(s) from the dates the problem occured ?
I am interested in all "audit" entries you might find.
Thanks !

Feanor's Curse (suepke) wrote :
Download full text (31.4 KiB)

/var/log# grep audit *

dmesg:[ 1.543201] audit: initializing netlink socket (disabled)
dmesg:[ 1.543268] type=2000 audit(1239092463.540:1): initialized
dmesg:[ 15.156374] type=1505 audit(1239092477.558:2): operation="profile_load" name="/usr/share/gdm/guest-session/Xsession" name2="default" pid=4119
dmesg:[ 15.329942] type=1505 audit(1239092477.734:3): operation="profile_load" name="/usr/lib/cups/backend/cups-pdf" name2="default" pid=4124
dmesg:[ 15.330168] type=1505 audit(1239092477.734:4): operation="profile_load" name="/usr/sbin/cupsd" name2="default" pid=4124
dmesg:[ 15.381090] type=1505 audit(1239092477.786:5): operation="profile_load" name="/usr/sbin/mysqld" name2="default" pid=4128
dmesg.0:[ 1.518396] audit: initializing netlink socket (disabled)
dmesg.0:[ 1.518413] type=2000 audit(1239092367.516:1): initialized
dmesg.0:[ 16.153313] type=1505 audit(1239092382.955:2): operation="profile_load" name="/usr/share/gdm/guest-session/Xsession" name2="default" pid=4156
dmesg.0:[ 16.328884] type=1505 audit(1239092383.131:3): operation="profile_load" name="/usr/lib/cups/backend/cups-pdf" name2="default" pid=4161
dmesg.0:[ 16.329130] type=1505 audit(1239092383.131:4): operation="profile_load" name="/usr/sbin/cupsd" name2="default" pid=4161
dmesg.0:[ 16.378202] type=1505 audit(1239092383.179:5): operation="profile_load" name="/usr/sbin/mysqld" name2="default" pid=4165

kern.log:Apr 7 09:01:08 computername kernel: [325343.343568] type=1503 audit(1239087668.380:6): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:01:08 computername kernel: [325343.347040] type=1503 audit(1239087668.384:7): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:01:13 computername kernel: [325348.724330] type=1503 audit(1239087673.764:8): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:01:13 computername kernel: [325348.727478] type=1503 audit(1239087673.764:9): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:44 computername kernel: [325739.403037] type=1503 audit(1239088064.440:10): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:44 computername kernel: [325739.406543] type=1503 audit(1239088064.444:11): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:49 computername kernel: [325744.865652] type=1503 audit(1239088069.904:12): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:49 compute...

Thierry Carrez (ttx) wrote :

Many thanks, I think we may have identified the root cause of bug 292791 and bug 303458.

The cupsd apparmor profile prevents access to /var/lib/samba/group_mapping.ldb and this may result in cupsd/samba failing very badly in that specific case (corrupting secrets.tdb, then segfaulting on every pam_smbpass.so call).

I created bug 357581 to authorize *.ldb access. I'll close this one as a duplicate of bug 303458.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers