Bug#760496: libpam-mklocaluser: Unable to send messages back to kdm

[Mike Gabriel]

Hi all,
(Cc:ing Russel Stuart, the maintainer and upstream author of libpam-python)

On  Do 04 Sep 2014 20:24:43 CEST, Petter Reinholdtsen wrote:

Package: libpam-mklocaluser
Version: 0.10
Severity: important
User: debian-edu@lists.debian.org
Usertags: debian-edu

When logging in a LDAP user into kdm for the first time on a freshly
installed Roaming Workstation based on Debian Edu Jessie, the login went
fine but instead of being told that a local user was created, I was told
that the user had no home directory and the login failed.

These are the related messages in /var/log/auth.log:


=0 tty=:0 ruser= rhost=  user=pere

0 tty=:0 ruser= rhost= user=pere

0)

000(pere) gecos='Petter Reinholdtsen' home=/home/pere

_TTY :0

e display-device

Sep  4 19:33:17 thinkpadx200 systemd-logind[1735]: Removed session 1.

The new user is present in /etc/passwd and /etc/shadow, so I expect the
python script crashed when trying to send a message back to kdm, but it
could have happend earlier too.  The mklocaluser.d/ fragment in place
seem to have executed as it should (~pere/.local/share/user-places.xbel
is correct).

      syslog.syslog("Creating local home directory for user '%s'" % user)
      # Copy content of /etc/skel
      shutil.copytree("/etc/skel/.", newhomedir, True)

      # Change perm of new home dir
      os.chmod(newhomedir, dirmode)
      chown_recursive(newhomedir, uid, gid)

      # Flush nscd cache to get rid of original user entry
      if os.access("/usr/sbin/nscd", os.X_OK):
        runcmd(pamh, "/usr/sbin/nscd -i passwd")

      # Hook for adjusting the freshly created home directory
      # FIXME Should be rewritten in python, I guess


      # Let the user know what is going on
      msg = pamh.Message(pamh.PAM_TEXT_INFO,

      pamh.conversation(msg)

      # Throw out user, as the log process cached the home directory
      # and need to be restarted.
      return pamh.PAM_TRY_AGAIN

No idea what could go wrong here.

Sep 4 19:32:08 thinkpadx200 kdm: :0[2256]: pam_unix(kdm:auth): authentication failure; logname= uid=0 euid Sep 4 19:32:08 thinkpadx200 kdm: :0[2256]: pam_sss(kdm:auth): authentication success; logname= uid=0 euid= Sep 4 19:32:08 thinkpadx200 kdm: :0[2256]: pam_unix(kdm:session): session opened for user pere by (uid=0) Sep 4 19:32:08 thinkpadx200 systemd-logind[1735]: New session 1 of user pere. Sep 4 19:32:08 thinkpadx200 systemd-logind[1735]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display. Sep 4 19:32:08 thinkpadx200 systemd: pam_unix(systemd-user:session): session opened for user pere by (uid= Sep 4 19:32:08 thinkpadx200 pam_mklocaluser[3283]: Creating local passwd/shadow entry uid=1000(pere) gid=1 Sep 4 19:32:08 thinkpadx200 pam_mklocaluser[3283]: Creating local home directory for user 'pere' Sep 4 19:32:08 thinkpadx200 pam_mklocaluser[2256]: pam_ck_connector(kdm:session): nox11 mode, ignoring PAM Sep 4 19:32:08 thinkpadx200 pam_mklocaluser[3283]: Failure while creating local user: Conversation error Sep 4 19:32:08 thinkpadx200 pam_mklocaluser[3283]: pam_ck_connector(systemd-user:session): cannot determin Sep 4 19:33:11 thinkpadx200 kdm: :0[2256]: pam_unix(kdm:session): session closed for user pere runcmd(pamh, "if [ -d /etc/mklocaluser.d ]; then ORIGHOMEDIR='%s' USER='%s' /bin/run-parts /etc/mklocaluser.d ; fi" % (homedir, user)) "Local user created in /home/, please log in again to start using it.")

```

```

This happens during the pamh.conversation() call:

```
    msg = pamh.Message(pamh.PAM_TEXT_INFO,

    pamh.conversation(msg)
```





```
Thread 1 "lightdm" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f7110741880 (LWP 20800)]

1899    pam_python.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt full

        err = <optimized out>
        pamHandle = 0x7f710dcb37a0
        prompts = 0x7f710d863a50
        result_tuple = 0x0
        message_array = 0x563f19187850
        message_vector = 0x563f191afa00
        response_array = 0x0
        result = 0x0
        response = 0x0
        conv = 0x563f190fd430
        prompt_count = <optimized out>
        i = <optimized out>
        pam_result = <optimized out>
        prompts_is_sequence = 0
        py_result = <optimized out>
        kwlist = {0x7f711045d42a "prompts", 0x0}

#4  0x00007f711022747c in  () at /lib/x86_64-linux-gnu/libpython2.7.so.1.0

#7  0x00007f711045bb70 in call_python_handler

        arg_object = 0x0
        argv_object = 0x7f710d96a6c8
        flags_object = 0x563f19151ca0
        handler_args = 0x7f710d8bfeb0
        py_resultobj = 0x0
        i = <optimized out>
        pam_result = <optimized out>

    at pam_python.c:2803
        handler_function = 0x7f710d874668
        pamHandle = 0x7f710dcb37a0
        py_resultobj = 0x0
        pam_result = 0

    at pam_dispatch.c:110
        retval = <optimized out>
        cached_retval = <optimized out>
        action = <optimized out>
        depth = <optimized out>
        status = 0
        prev_level = <optimized out>
        stack_level = <optimized out>
        impression = 1
        skip_depth = 0
        substates = 0x563f191343e0
        h = 0x563f19100930
        retval = <optimized out>
        use_cached_chain = <optimized out>
        resumed = <optimized out>

        h = 0x563f19100930
        retval = <optimized out>
        use_cached_chain = <optimized out>
        resumed = <optimized out>

        fd = <optimized out>
        version = 3
        service = 0x563f190fd370 "lightdm"
        username = 0x563f190fd390 "gabmik"
        unused_class = 0x0
        tty = 0x563f190fd3b0 "/dev/tty7"
        remote_host_name = 0x0
        xdisplay = 0x563f190fd3d0 ":0"
        x_authority = 0x563f191187a0

        result = <optimized out>
        authentication_result = 0
        user = 0x7f710800a700
        authentication_result_string = 0x563f19135680 "Success"
        auth_complete = 1
        log_filename = 0x563f191357e0 ".xsession-errors"
        log_mode = LOG_MODE_BACKUP_AND_TRUNCATE

        env_length = 10
        command_argc = 2
        command_argv = 0x563f19133f90
        i = <optimized out>
        error = 0x563f190fd410
        bus = <optimized out>
        login1_session_id = <optimized out>
        console_kit_cookie = <optimized out>
        uid = <optimized out>
        gid = <optimized out>
        home_directory = <optimized out>
        return_code = <optimized out>

        action =

```



Greets,
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

I tracked this issue down a bit further today. The bug still exists on Debian buster based Debian Edu Roaming Workstation systems utilizing libpam-mklocaluser (being a Python script for libpam-python). I tested this with LightDM and what I see is LightDM segfaulting in pam_python.so: Feb 19 11:58:12 test-fai-installation kernel: [ 6682.762317] lightdm[31521]: segfault at 8 ip 00007f3bf0fed5f0 sp 00007ffde4d13110 error 4 in pam_python.so[7f3bf0feb000+4000] "Local user created in /home/, please log in again to start using it.") The pam_python.so module simply crashes without emitting a Python exception or anything (I tried to wrap it into a try: ... except pamh.exception: ... block). When attaching a gdb to the correct LightDM process (one of the two "lightdm --session-child" processes), I do get the following backtrace: 0x00007f711045b5f0 in PamHandle_conversation (self=0x7f710dcb37a0, args=<optimized out>, kwds=<optimized out>) at pam_python.c:1899 #0 0x00007f711045b5f0 in PamHandle_conversation (self=0x7f710dcb37a0, args=<optimized out>, kwds=<optimized out>) at pam_python.c:1899 #1 0x00007f71101a8f80 in PyEval_EvalFrameEx () at /lib/x86_64-linux-gnu/libpython2.7.so.1.0 #2 0x00007f71101a8540 in PyEval_EvalFrameEx () at /lib/x86_64-linux-gnu/libpython2.7.so.1.0 #3 0x00007f71101a0852 in PyEval_EvalCodeEx () at /lib/x86_64-linux-gnu/libpython2.7.so.1.0 #5 0x00007f7110251dd3 in PyObject_Call () at /lib/x86_64-linux-gnu/libpython2.7.so.1.0 #6 0x00007f711019fef7 in PyEval_CallObjectWithKeywords () at /lib/x86_64-linux-gnu/libpython2.7.so.1.0 (result=result@entry=0x7ffe20a685d8, pamHandle=0x7f710dcb37a0, handler_function=handler_function@entry=0x7f710d874668, handler_name=handler_name@entry=0x7f711045d3f0 "pam_sm_open_session", flags=flags@entry=0, argc=argc@entry=2, argv=0x563f1910ac20) at pam_python.c:2752 #8 0x00007f711045c445 in call_handler (handler_name=0x7f711045d3f0 "pam_sm_open_session", pamh=<optimized out>, flags=0, argc=2, argv=0x563f1910ac20) #9 0x00007f711112ad14 in _pam_dispatch_aux (use_cached_chain=<optimized out>, resumed=<optimized out>, h=0x563f1910c8f0, flags=0, pamh=0x563f190fe860) #10 0x00007f711112ad14 in _pam_dispatch (pamh=0x563f190fe860, flags=flags@entry=0, choice=choice@entry=4) at pam_dispatch.c:411 #11 0x00007f711112f755 in pam_open_session (pamh=<optimized out>, flags=flags@entry=0) at pam_session.c:23 #12 0x0000563f18952d38 in session_child_run (argc=<optimized out>, argv=<optimized out>) at session-child.c:535 conversation = {conv = 0x563f18952300 <pam_conv_cb>, appdata_ptr = 0x0} x_authority_filename = 0x7f7108005a60 "/skole/tjener/home1/gabmik/.Xauthority" #13 0x0000563f1893c5a9 in main (argc=<optimized out>, argv=<optimized out>) at lightdm.c:562 {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 268435456, sa_restorer = 0x770000007c} messages = Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x7: However, what would be the next steps in testing further things in this segmentation fault?

pgpBqteOtFFbc.pgp
Description: Digitale PGP-Signatur