Hello guys, I am using PAM (0.82) to authenticate (samba) workgroup users and it works fine (pam_smbpass). But after joining a domain and start using pam_winbind too, pwauth (2.3.10) get a segmentation fault when trying to authenticate any workgroup or domain user. What happens is that it does authenticate the user successfully, but when it calls pam_end() to release its resources, it crashes. Maybe pam_winbind is freeing something that will be freed by pam_end or something like that - I don't really know about PAM and their modules (smbpass/winbind), but it seems that pam_winbind might be misusing libtalloc somehow. Any ideas ? I believe this is an important use case because (AFAIK) it is the recommended way of authenticating users on web servers. Although I am using Samba 4.0.9 (with symbols), I can also see this issue on Samba 4.0.7 and 4.0.0 too. The funny thing is that it works fine on samba 3.6.9, though. *pwauth backtrace:* Program received signal SIGSEGV, Segmentation fault. 0xb7e32f03 in ?? () (gdb) bt #0 0xb7e32f03 in ?? () *#1 0xb7bb26e1 in _talloc_free_internal (ptr=0x80612d0, location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:831* *#2 0xb7bb33f0 in _talloc_free_children_internal (tc=0x8060d88, ptr=0x8060db8, location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:1256* *#3 0xb7bb2830 in _talloc_free_internal (ptr=0x8060db8, location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:851* *#4 0xb7bb3742 in _talloc_free (ptr=0x8060db8, location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:1371* *#5 0xb7bb4d82 in talloc_autofree () at ../lib/talloc/talloc.c:2251* *#6 0xb7e865e8 in __cxa_finalize () from /lib/i386-linux-gnu/libc.so.6* *#7 0xb7bb1a43 in __do_global_dtors_aux () from /usr/local/samba/lib/private/libtalloc.so.2* #8 0xb7ff4e52 in ?? () from /lib/ld-linux.so.2 #9 0xb7ff5947 in ?? () from /lib/ld-linux.so.2 #10 0xb7e53cc4 in ?? () from /lib/i386-linux-gnu/libdl.so.2 #11 0xb7fefde6 in ?? () from /lib/ld-linux.so.2 #12 0xb7e540bc in ?? () from /lib/i386-linux-gnu/libdl.so.2 #13 0xb7e53cfa in dlclose () from /lib/i386-linux-gnu/libdl.so.2 #14 0xb7fadf8b in ?? () from /lib/i386-linux-gnu/libpam.so.0 #15 0xb7fab8ff in ?? () from /lib/i386-linux-gnu/libpam.so.0 *#16 0xb7fa8da0 in pam_end () from /lib/i386-linux-gnu/libpam.so.0* #17 0x08048baf in check_auth (login=0xbffff8bf "admin", passwd=0xbffff4be "soho") at auth_pam.c:186 #18 0x08048952 in main (argc=1, argv=0xbffffd84) at main.c:92 *cat /etc/nsswitch.conf * passwd: files winbind shadow: files winbind group: files winbind hosts: files wins dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus *cat /etc/pam.d/pwauth * #%PAM-1.0 auth sufficient /lib/security/pam_smbpass.so auth sufficient /lib/security/pam_winbind.so cached_login auth required /lib/security/pam_winbind.so krb5_auth account required /lib/security/pam_nologin.so account sufficient /lib/security/pam_smbpass.so account required /lib/security/pam_winbind.so password sufficient /lib/security/pam_smbpass.so password required /lib/security/pam_winbind.so session required /lib/security/pam_unix.so *cat /etc/samba/smb.conf* [Global] available= yes client signing= auto server signing= auto server string= Bla Workgroup= DISNEY netbios name= vmstore-4 realm= DISNEY.XXTEST.ASD-ABC.LOCALDOMAIN password server= * idmap backend= tdb idmap uid= 5000-9999999 idmap gid= 5000-9999999 idmap config DISNEY : backend= rid idmap config DISNEY : range= 10000000-19999999 security= ADS name resolve order= wins host bcast lmhosts client use spnego= yes dns proxy= no winbind use default domain= no winbind nested groups= yes inherit acls= yes winbind enum users= yes winbind enum groups= yes winbind separator= \\ winbind cache time= 300 winbind offline logon= true encrypt passwords= yes passdb backend= smbpasswd
As expected, if I comment out talloc_free() call, pwauth's pam_end() will
not crash and everything will work (user credentials will be verified and
access will be granted - memory will leak, though)
talloc.c:2249
static void talloc_autofree(void)
{
talloc_free(autofree_context);
}
On Wed, Aug 21, 2013 at 12:14 PM, Thiago Fernandes Crepaldi <
tognado at gmail.com> wrote:
> Hello guys,
>
> I am using PAM (0.82) to authenticate (samba) workgroup users and it works
> fine (pam_smbpass). But after joining a domain and start using pam_winbind
> too, pwauth (2.3.10) get a segmentation fault when trying to authenticate
> any workgroup or domain user. What happens is that it does authenticate the
> user successfully, but when it calls pam_end() to release its resources, it
> crashes. Maybe pam_winbind is freeing something that will be freed by
> pam_end or something like that - I don't really know about PAM and
their
> modules (smbpass/winbind), but it seems that pam_winbind might be misusing
> libtalloc somehow. Any ideas ?
>
> I believe this is an important use case because (AFAIK) it is the
> recommended way of authenticating users on web servers. Although I am using
> Samba 4.0.9 (with symbols), I can also see this issue on Samba 4.0.7 and
> 4.0.0 too. The funny thing is that it works fine on samba 3.6.9, though.
>
> *pwauth backtrace:*
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xb7e32f03 in ?? ()
> (gdb) bt
> #0 0xb7e32f03 in ?? ()
> *#1 0xb7bb26e1 in _talloc_free_internal (ptr=0x80612d0,
> location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at
> ../lib/talloc/talloc.c:831*
> *#2 0xb7bb33f0 in _talloc_free_children_internal (tc=0x8060d88,
> ptr=0x8060db8, location=0xb7bb54c7 "../lib/talloc/talloc.c:2251")
at
> ../lib/talloc/talloc.c:1256*
> *#3 0xb7bb2830 in _talloc_free_internal (ptr=0x8060db8,
> location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at
> ../lib/talloc/talloc.c:851*
> *#4 0xb7bb3742 in _talloc_free (ptr=0x8060db8, location=0xb7bb54c7
> "../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:1371*
> *#5 0xb7bb4d82 in talloc_autofree () at ../lib/talloc/talloc.c:2251*
> *#6 0xb7e865e8 in __cxa_finalize () from /lib/i386-linux-gnu/libc.so.6*
> *#7 0xb7bb1a43 in __do_global_dtors_aux () from
> /usr/local/samba/lib/private/libtalloc.so.2*
> #8 0xb7ff4e52 in ?? () from /lib/ld-linux.so.2
> #9 0xb7ff5947 in ?? () from /lib/ld-linux.so.2
> #10 0xb7e53cc4 in ?? () from /lib/i386-linux-gnu/libdl.so.2
> #11 0xb7fefde6 in ?? () from /lib/ld-linux.so.2
> #12 0xb7e540bc in ?? () from /lib/i386-linux-gnu/libdl.so.2
> #13 0xb7e53cfa in dlclose () from /lib/i386-linux-gnu/libdl.so.2
> #14 0xb7fadf8b in ?? () from /lib/i386-linux-gnu/libpam.so.0
> #15 0xb7fab8ff in ?? () from /lib/i386-linux-gnu/libpam.so.0
> *#16 0xb7fa8da0 in pam_end () from /lib/i386-linux-gnu/libpam.so.0*
> #17 0x08048baf in check_auth (login=0xbffff8bf "admin",
passwd=0xbffff4be
> "soho") at auth_pam.c:186
> #18 0x08048952 in main (argc=1, argv=0xbffffd84) at main.c:92
>
> *cat /etc/nsswitch.conf *
>
> passwd: files winbind
> shadow: files winbind
> group: files winbind
> hosts: files wins dns
> bootparams: nisplus [NOTFOUND=return] files
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files
> netgroup: nisplus
> publickey: nisplus
> automount: files nisplus
> aliases: files nisplus
>
> *cat /etc/pam.d/pwauth *
> #%PAM-1.0
> auth sufficient /lib/security/pam_smbpass.so
> auth sufficient /lib/security/pam_winbind.so cached_login
> auth required /lib/security/pam_winbind.so krb5_auth
> account required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_smbpass.so
> account required /lib/security/pam_winbind.so
> password sufficient /lib/security/pam_smbpass.so
> password required /lib/security/pam_winbind.so
> session required /lib/security/pam_unix.so
>
> *cat /etc/samba/smb.conf*
> [Global]
> available= yes
> client signing= auto
> server signing= auto
> server string= Bla
> Workgroup= DISNEY
> netbios name= vmstore-4
> realm= DISNEY.XXTEST.ASD-ABC.LOCALDOMAIN
> password server= *
> idmap backend= tdb
> idmap uid= 5000-9999999
> idmap gid= 5000-9999999
> idmap config DISNEY : backend= rid
> idmap config DISNEY : range= 10000000-19999999
> security= ADS
> name resolve order= wins host bcast lmhosts
> client use spnego= yes
> dns proxy= no
> winbind use default domain= no
> winbind nested groups= yes
> inherit acls= yes
> winbind enum users= yes
> winbind enum groups= yes
> winbind separator= \\
> winbind cache time= 300
> winbind offline logon= true
> encrypt passwords= yes
> passdb backend= smbpasswd
>
--
Thiago Fernandes Crepaldi (aka Crepaldi)
One interesting thing is that if I put pam_winbind in front of pam_smbpass on /etc/pam.d/pwauth, AD domain users will be granted access, workgroup users will NOT and the core dump does not occur. I can't really know if the problem is in pam_smbpass or pam_winbind. pwauth code is correct, though. */etc/pam.d/pwauth which does't not coredump* * * #%PAM-1.0 auth sufficient /lib/security/pam_winbind.so cached_login auth required /lib/security/pam_winbind.so krb5_auth auth sufficient /lib/security/pam_smbpass.so account required /lib/security/pam_nologin.so account required /lib/security/pam_winbind.so account sufficient /lib/security/pam_smbpass.so password required /lib/security/pam_winbind.so password sufficient /lib/security/pam_smbpass.so session required /lib/security/pam_unix.so On Wed, Aug 21, 2013 at 12:14 PM, Thiago Fernandes Crepaldi < tognado at gmail.com> wrote:> Hello guys, > > I am using PAM (0.82) to authenticate (samba) workgroup users and it works > fine (pam_smbpass). But after joining a domain and start using pam_winbind > too, pwauth (2.3.10) get a segmentation fault when trying to authenticate > any workgroup or domain user. What happens is that it does authenticate the > user successfully, but when it calls pam_end() to release its resources, it > crashes. Maybe pam_winbind is freeing something that will be freed by > pam_end or something like that - I don't really know about PAM and their > modules (smbpass/winbind), but it seems that pam_winbind might be misusing > libtalloc somehow. Any ideas ? > > I believe this is an important use case because (AFAIK) it is the > recommended way of authenticating users on web servers. Although I am using > Samba 4.0.9 (with symbols), I can also see this issue on Samba 4.0.7 and > 4.0.0 too. The funny thing is that it works fine on samba 3.6.9, though. > > *pwauth backtrace:* > > Program received signal SIGSEGV, Segmentation fault. > 0xb7e32f03 in ?? () > (gdb) bt > #0 0xb7e32f03 in ?? () > *#1 0xb7bb26e1 in _talloc_free_internal (ptr=0x80612d0, > location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at > ../lib/talloc/talloc.c:831* > *#2 0xb7bb33f0 in _talloc_free_children_internal (tc=0x8060d88, > ptr=0x8060db8, location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at > ../lib/talloc/talloc.c:1256* > *#3 0xb7bb2830 in _talloc_free_internal (ptr=0x8060db8, > location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at > ../lib/talloc/talloc.c:851* > *#4 0xb7bb3742 in _talloc_free (ptr=0x8060db8, location=0xb7bb54c7 > "../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:1371* > *#5 0xb7bb4d82 in talloc_autofree () at ../lib/talloc/talloc.c:2251* > *#6 0xb7e865e8 in __cxa_finalize () from /lib/i386-linux-gnu/libc.so.6* > *#7 0xb7bb1a43 in __do_global_dtors_aux () from > /usr/local/samba/lib/private/libtalloc.so.2* > #8 0xb7ff4e52 in ?? () from /lib/ld-linux.so.2 > #9 0xb7ff5947 in ?? () from /lib/ld-linux.so.2 > #10 0xb7e53cc4 in ?? () from /lib/i386-linux-gnu/libdl.so.2 > #11 0xb7fefde6 in ?? () from /lib/ld-linux.so.2 > #12 0xb7e540bc in ?? () from /lib/i386-linux-gnu/libdl.so.2 > #13 0xb7e53cfa in dlclose () from /lib/i386-linux-gnu/libdl.so.2 > #14 0xb7fadf8b in ?? () from /lib/i386-linux-gnu/libpam.so.0 > #15 0xb7fab8ff in ?? () from /lib/i386-linux-gnu/libpam.so.0 > *#16 0xb7fa8da0 in pam_end () from /lib/i386-linux-gnu/libpam.so.0* > #17 0x08048baf in check_auth (login=0xbffff8bf "admin", passwd=0xbffff4be > "soho") at auth_pam.c:186 > #18 0x08048952 in main (argc=1, argv=0xbffffd84) at main.c:92 > > *cat /etc/nsswitch.conf * > > passwd: files winbind > shadow: files winbind > group: files winbind > hosts: files wins dns > bootparams: nisplus [NOTFOUND=return] files > ethers: files > netmasks: files > networks: files > protocols: files > rpc: files > services: files > netgroup: nisplus > publickey: nisplus > automount: files nisplus > aliases: files nisplus > > *cat /etc/pam.d/pwauth * > #%PAM-1.0 > auth sufficient /lib/security/pam_smbpass.so > auth sufficient /lib/security/pam_winbind.so cached_login > auth required /lib/security/pam_winbind.so krb5_auth > account required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_smbpass.so > account required /lib/security/pam_winbind.so > password sufficient /lib/security/pam_smbpass.so > password required /lib/security/pam_winbind.so > session required /lib/security/pam_unix.so > > *cat /etc/samba/smb.conf* > [Global] > available= yes > client signing= auto > server signing= auto > server string= Bla > Workgroup= DISNEY > netbios name= vmstore-4 > realm= DISNEY.XXTEST.ASD-ABC.LOCALDOMAIN > password server= * > idmap backend= tdb > idmap uid= 5000-9999999 > idmap gid= 5000-9999999 > idmap config DISNEY : backend= rid > idmap config DISNEY : range= 10000000-19999999 > security= ADS > name resolve order= wins host bcast lmhosts > client use spnego= yes > dns proxy= no > winbind use default domain= no > winbind nested groups= yes > inherit acls= yes > winbind enum users= yes > winbind enum groups= yes > winbind separator= \\ > winbind cache time= 300 > winbind offline logon= true > encrypt passwords= yes > passdb backend= smbpasswd >-- Thiago Fernandes Crepaldi (aka Crepaldi)