This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 191246 - cupsd segfaults during Internet browser authentication
cupsd segfaults during Internet browser authentication
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-09 22:19 EDT by W. Michael Petullo
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 0.99.4.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-19 12:00:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2006-05-09 22:19:47 EDT
Description of problem:
The cupsd segfaults after I connect to it using an Internet browser and provide
it my authentication credentials.  My system uses Kerberos for authentication
and LDAP for network information.

Version-Release number of selected component (if applicable):
cups-1.1.23-30.2
pam-0.99.3.0-2

How reproducible:
Every time

Steps to Reproduce:
1.  Install cups-debuginfo and pam-debuginfo.
2.  Ensure cupsd is not running
3.  gdb cupsd
4.  gdb> run -f
5.  Use a Internet browser to connect to cups (i.e.: http://localhost:631)
6.  Select "Do Administration Tasks" and authenticate
  
Actual results:
Cups crashes with the following backtrace:
#0  0x001e2e07 in pam_sm_acct_mgmt (pamh=0x81d3010, flags=32768, argc=0,
    argv=0x0) at pam_access.c:438
#1  0x004cc99f in _pam_dispatch (pamh=0x81d3010, flags=32768, choice=3)
    at pam_dispatch.c:84
#2  0x004cc0a3 in pam_acct_mgmt (pamh=0x81d3010, flags=32768)
    at pam_account.c:20
#3  0x009ee1cf in IsAuthorized (con=0xb7cb3008) at auth.c:1079
#4  0x009f52f3 in ReadClient (con=0xb7cb3008) at client.c:1224
#5  0x00a00c12 in main (argc=2, argv=0xbfed4b34) at main.c:781

Expected results:


Additional info:
My /etc/pam.d/system-auth is as follows:

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     required      /lib/security/$ISA/pam_access.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     sufficient    /lib/security/$ISA/pam_krb5.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so
Comment 1 Tim Waugh 2006-05-10 07:55:15 EDT
If you comment out this line:

account     required      /lib/security/$ISA/pam_access.so

by putting a '#' character before 'account', does that work around the problem?
Comment 2 W. Michael Petullo 2006-05-10 15:44:27 EDT
Yes, disabling pam_access fixes the symptoms.
Comment 3 Tim Waugh 2006-05-11 09:00:51 EDT
Changing component to pam and reassigning.
Comment 4 Tomas Mraz 2006-05-11 09:26:43 EDT
Already fixed in devel, I will probably update FC5 pam to 0.99.4.0 as well soon.
Comment 5 W. Michael Petullo 2006-05-20 09:47:48 EDT
I can confirm that 0.99.4.0 from Raw Hide seems to fix this problem for me.

Note You need to log in before you can comment on or make changes to this bug.