Ubuntu
samba package

Sharing cups disables entire system with segmentation faults

Bug #356851 reported by Feanor's Curse
This bug report is a duplicate of:  Bug #303458: segfault in pam_smbpass.so. Edit Remove
2
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

Second time I encountered this bug, last time had to completely reinstall the system. Bug is described here:
http://ubuntuforums.org/showthread.php?t=1033190

Basically, I shared a printer via the cups browser interface, it restarted, and since then, everything with login is segfaulting. Now I'm making a backup and then trying the workaround described in the ubuntu-thread:
got it, hit 'esc' during boot, fired up a recovery console, "apt-get remove libpam-smbpass" and it's all good.

Also not sure if this is a bug of cups or libpam-smbpass, but not being able to boot into your system is a pretty big deal imho.

This is my first bug report, so tell me if you need more info.

Some additional info:
- Ubuntu 8.10
- libpam-smbpass: Installed: 2:3.2.3-1ubuntu3.4

Revision history for this message
Feanor's Curse (suepke) wrote :

Update: The workaround with recovery console and removing libpam-smbpass worked, I was able to boot normally again.

Revision history for this message
Thierry Carrez (ttx) wrote :

Could you describe the exact steps you followed to "share a printer via the cups browser interface" ?

Also could you have a look into /var/lib/samba/secrets.tdb and tell me if there are some error messages written *inside* that binary file.

This is probably a duplicate of bug 292791 and bug 303458, which so far we were unable to reproduce.

Changed in samba (Ubuntu):
status: New → Incomplete
Revision history for this message
Feanor's Curse (suepke) wrote :

Hi, thanks for the answer.
Yes, this seems to be a duplicate, sry about that. Made a quick search, but didn't find the other bugs back then.

Anyway, I purged samba and cups, without any result. I can reproduce the bug by installing libpam-smbpass again.

Messages inside secrets.tdb:
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'
ltdb: tdb((null)): tdb_open_ex: could not open file /var/lib/samba/group_mapping.ldb: Permission denied
Unable to open tdb '/var/lib/samba/group_mapping.ldb'
Failed to connect to '/var/lib/samba/group_mapping.ldb'

The steps I did inside cups (iirc):
- opened http://localhost:631
- open administration tab
- pressed "edit configuration file" and added "listen 10.0.2.15"
- checked "Share published printers connected to this system"
- pressed "Change Settings" and gave my user password
After that, it crashed and segfaulting started.

Hope this helps

Revision history for this message
Feanor's Curse (suepke) wrote :

Ah something else (sry for double post):
I tried to connect to the printer inside my Windows VM (Virtualbox), but no avail. So I tried to have a look at cups again and noticed it would'nt work anymore. And I have a 64bit version of ubuntu.

But don't know if these are in any way related.

Revision history for this message
Thierry Carrez (ttx) wrote :

Could you post your kern.log(s) from the dates the problem occured ?
I am interested in all "audit" entries you might find.
Thanks !

Revision history for this message
Feanor's Curse (suepke) wrote :
Download full text (31.4 KiB)

/var/log# grep audit *

dmesg:[ 1.543201] audit: initializing netlink socket (disabled)
dmesg:[ 1.543268] type=2000 audit(1239092463.540:1): initialized
dmesg:[ 15.156374] type=1505 audit(1239092477.558:2): operation="profile_load" name="/usr/share/gdm/guest-session/Xsession" name2="default" pid=4119
dmesg:[ 15.329942] type=1505 audit(1239092477.734:3): operation="profile_load" name="/usr/lib/cups/backend/cups-pdf" name2="default" pid=4124
dmesg:[ 15.330168] type=1505 audit(1239092477.734:4): operation="profile_load" name="/usr/sbin/cupsd" name2="default" pid=4124
dmesg:[ 15.381090] type=1505 audit(1239092477.786:5): operation="profile_load" name="/usr/sbin/mysqld" name2="default" pid=4128
dmesg.0:[ 1.518396] audit: initializing netlink socket (disabled)
dmesg.0:[ 1.518413] type=2000 audit(1239092367.516:1): initialized
dmesg.0:[ 16.153313] type=1505 audit(1239092382.955:2): operation="profile_load" name="/usr/share/gdm/guest-session/Xsession" name2="default" pid=4156
dmesg.0:[ 16.328884] type=1505 audit(1239092383.131:3): operation="profile_load" name="/usr/lib/cups/backend/cups-pdf" name2="default" pid=4161
dmesg.0:[ 16.329130] type=1505 audit(1239092383.131:4): operation="profile_load" name="/usr/sbin/cupsd" name2="default" pid=4161
dmesg.0:[ 16.378202] type=1505 audit(1239092383.179:5): operation="profile_load" name="/usr/sbin/mysqld" name2="default" pid=4165

kern.log:Apr 7 09:01:08 computername kernel: [325343.343568] type=1503 audit(1239087668.380:6): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:01:08 computername kernel: [325343.347040] type=1503 audit(1239087668.384:7): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:01:13 computername kernel: [325348.724330] type=1503 audit(1239087673.764:8): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:01:13 computername kernel: [325348.727478] type=1503 audit(1239087673.764:9): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:44 computername kernel: [325739.403037] type=1503 audit(1239088064.440:10): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:44 computername kernel: [325739.406543] type=1503 audit(1239088064.444:11): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:49 computername kernel: [325744.865652] type=1503 audit(1239088069.904:12): operation="inode_permission" requested_mask="rw::" denied_mask="rw::" fsuid=0 name="/var/lib/samba/group_mapping.ldb" pid=8300 profile="/usr/sbin/cupsd"
kern.log:Apr 7 09:07:49 compute...

Revision history for this message
Thierry Carrez (ttx) wrote :

Many thanks, I think we may have identified the root cause of bug 292791 and bug 303458.

The cupsd apparmor profile prevents access to /var/lib/samba/group_mapping.ldb and this may result in cupsd/samba failing very badly in that specific case (corrupting secrets.tdb, then segfaulting on every pam_smbpass.so call).

I created bug 357581 to authorize *.ldb access. I'll close this one as a duplicate of bug 303458.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.