[Samba] Bug on PAM_Winbind ?

Wed Aug 21 12:15:41 MDT 2013

As expected, if I comment out talloc_free() call, pwauth's pam_end() will
not crash and everything will work (user credentials will be verified and
access will be granted - memory will leak, though)

talloc.c:2249
static void talloc_autofree(void)
{
talloc_free(autofree_context);
}

On Wed, Aug 21, 2013 at 12:14 PM, Thiago Fernandes Crepaldi <
tognado at gmail.com> wrote:

> Hello guys,
>
> I am using PAM (0.82) to authenticate (samba) workgroup users and it works
> fine (pam_smbpass).  But after joining a domain and start using pam_winbind
> too, pwauth (2.3.10) get a segmentation fault when trying to authenticate
> any workgroup or domain user. What happens is that it does authenticate the
> user successfully, but when it calls pam_end() to release its resources, it
> crashes. Maybe pam_winbind is freeing something that will be freed by
> pam_end or something like that - I don't really know about PAM and their
> modules (smbpass/winbind), but it seems that pam_winbind might be misusing
> libtalloc somehow. Any ideas ?
>
> I believe this is an important use case because (AFAIK) it is the
> recommended way of authenticating users on web servers. Although I am using
> Samba 4.0.9 (with symbols), I can also see this issue on Samba 4.0.7 and
> 4.0.0 too. The funny thing is that it works fine on samba 3.6.9, though.
>
> *pwauth backtrace:*
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xb7e32f03 in ?? ()
> (gdb) bt
> #0  0xb7e32f03 in ?? ()
> *#1  0xb7bb26e1 in _talloc_free_internal (ptr=0x80612d0,
> location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at
> ../lib/talloc/talloc.c:831*
> *#2  0xb7bb33f0 in _talloc_free_children_internal (tc=0x8060d88,
> ptr=0x8060db8, location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at
> ../lib/talloc/talloc.c:1256*
> *#3  0xb7bb2830 in _talloc_free_internal (ptr=0x8060db8,
> location=0xb7bb54c7 "../lib/talloc/talloc.c:2251") at
> ../lib/talloc/talloc.c:851*
> *#4  0xb7bb3742 in _talloc_free (ptr=0x8060db8, location=0xb7bb54c7
> "../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:1371*
> *#5  0xb7bb4d82 in talloc_autofree () at ../lib/talloc/talloc.c:2251*
> *#6  0xb7e865e8 in __cxa_finalize () from /lib/i386-linux-gnu/libc.so.6*
> *#7  0xb7bb1a43 in __do_global_dtors_aux () from
> /usr/local/samba/lib/private/libtalloc.so.2*
> #8  0xb7ff4e52 in ?? () from /lib/ld-linux.so.2
> #9  0xb7ff5947 in ?? () from /lib/ld-linux.so.2
>  #10 0xb7e53cc4 in ?? () from /lib/i386-linux-gnu/libdl.so.2
> #11 0xb7fefde6 in ?? () from /lib/ld-linux.so.2
> #12 0xb7e540bc in ?? () from /lib/i386-linux-gnu/libdl.so.2
> #13 0xb7e53cfa in dlclose () from /lib/i386-linux-gnu/libdl.so.2
> #14 0xb7fadf8b in ?? () from /lib/i386-linux-gnu/libpam.so.0
> #15 0xb7fab8ff in ?? () from /lib/i386-linux-gnu/libpam.so.0
> *#16 0xb7fa8da0 in pam_end () from /lib/i386-linux-gnu/libpam.so.0*
> #17 0x08048baf in check_auth (login=0xbffff8bf "admin", passwd=0xbffff4be
> "soho") at auth_pam.c:186
> #18 0x08048952 in main (argc=1, argv=0xbffffd84) at main.c:92
>
> *cat /etc/nsswitch.conf *
>
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
> hosts:      files wins dns
> bootparams: nisplus [NOTFOUND=return] files
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files
> rpc:        files
> services:   files
> netgroup:   nisplus
> publickey:  nisplus
> automount:  files nisplus
> aliases:    files nisplus
>
> *cat /etc/pam.d/pwauth *
> #%PAM-1.0
> auth       sufficient   /lib/security/pam_smbpass.so
> auth       sufficient   /lib/security/pam_winbind.so   cached_login
> auth       required     /lib/security/pam_winbind.so   krb5_auth
> account    required     /lib/security/pam_nologin.so
> account    sufficient   /lib/security/pam_smbpass.so
> account    required     /lib/security/pam_winbind.so
> password   sufficient   /lib/security/pam_smbpass.so
> password   required     /lib/security/pam_winbind.so
> session    required     /lib/security/pam_unix.so
>
> *cat /etc/samba/smb.conf*
> [Global]
> available= yes
> client signing= auto
> server signing= auto
> server string= Bla
> Workgroup= DISNEY
> netbios name= vmstore-4
> realm= DISNEY.XXTEST.ASD-ABC.LOCALDOMAIN
> password server= *
> idmap backend= tdb
> idmap uid= 5000-9999999
> idmap gid= 5000-9999999
> idmap config DISNEY : backend= rid
> idmap config DISNEY : range= 10000000-19999999
> security= ADS
> name resolve order= wins host bcast lmhosts
> client use spnego= yes
> dns proxy= no
> winbind use default domain= no
> winbind nested groups= yes
> inherit acls= yes
> winbind enum users= yes
> winbind enum groups= yes
> winbind separator= \\
> winbind cache time= 300
> winbind offline logon= true
> encrypt passwords= yes
> passdb backend= smbpasswd
>

-- 
Thiago Fernandes Crepaldi (aka Crepaldi)