lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password is expiring
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
High
|
Bryan Quigley | ||
Precise |
Fix Released
|
High
|
Unassigned | ||
Quantal |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
My precise client is member of a Windows Domain. A domain user can login using samba/winbind without problem in tty and via lightdm if the user password is ok.
If the password is expiring a domain user logs in correctly via TTY, with a message "Your password is expiring in 10 days". if tries with lightdm the user gets the message "Your password is expiring in 10 days", but then returns to the username request.
On /var/log/syslog i get:
May 23 08:50:52 tv52605 kernel: [ 1046.645230] lightdm[2415]: segfault at 0 ip b73d976a sp bfd66fa8 error 4 in libc-2.
for each time the user tries to login with the domain user credentials.
Expected behaviour:
the user sees the message "Your password is expiring in 10 days", then logs in (like gdm in ubuntu 10.04 does).
I attach the crash file i found in /var/crash/ (that i'm unable to send via apport-bug tue to same strange bug)
[Impact]
* This bug makes users unable to login via the LightDM interface when their password is close to expiring.
* This upload just checks for a null reference so that LightDM won't crash on it.
[Test Case]
* Set up Active Directory (not tested with Samba AD)
* Have user passwords to expire after a certain time
* Wait until they would be alerted for this, note crash on login
[Regression Potential]
* It is has been upstream for a while now and has been tested by several users. It is also already fixing in Ubuntu Raring+
* There might be a better way to handle the null pointer?
affects: | launchpad → lightdm (Ubuntu) |
summary: |
- lightdm crashed with SIGSEGV in pam_sm_authenticate() when password is - expiring + lightdm crashed with SIGSEGV in _pam_winbind_change_pwd() when password + is expiring |
security vulnerability: | no → yes |
visibility: | public → private |
description: | updated |
Changed in samba (Ubuntu): | |
assignee: | nobody → Bryan Quigley (bryanquigley) |
Changed in samba (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in samba (Ubuntu Precise): | |
status: | Confirmed → In Progress |
Changed in samba (Ubuntu Quantal): | |
status: | New → In Progress |
tags: |
added: verification-done removed: verification-needed |
Seems to be a problem only with active directory users (so related to the usage of pam_winbind.so).
I tried this on a new installed machine:
created a user newuser
chage -M 5 newuser (set expiring password to 5 days)
lightdm logs in showing a warning for the expiring password (disappears very quickly because lightdm closes)
I'll try this also on my client machine (in few days) and i'll test also with another expiring Active Directory user.