Bug 191246 - cupsd segfaults during Internet browser authentication
Summary: cupsd segfaults during Internet browser authentication
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: pam   
(Show other bugs)
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-05-10 02:19 UTC by W. Michael Petullo
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 0.99.4.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-19 16:00:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description W. Michael Petullo 2006-05-10 02:19:47 UTC
Description of problem:
The cupsd segfaults after I connect to it using an Internet browser and provide
it my authentication credentials.  My system uses Kerberos for authentication
and LDAP for network information.

Version-Release number of selected component (if applicable):
cups-1.1.23-30.2
pam-0.99.3.0-2

How reproducible:
Every time

Steps to Reproduce:
1.  Install cups-debuginfo and pam-debuginfo.
2.  Ensure cupsd is not running
3.  gdb cupsd
4.  gdb> run -f
5.  Use a Internet browser to connect to cups (i.e.: http://localhost:631)
6.  Select "Do Administration Tasks" and authenticate
  
Actual results:
Cups crashes with the following backtrace:
#0  0x001e2e07 in pam_sm_acct_mgmt (pamh=0x81d3010, flags=32768, argc=0,
    argv=0x0) at pam_access.c:438
#1  0x004cc99f in _pam_dispatch (pamh=0x81d3010, flags=32768, choice=3)
    at pam_dispatch.c:84
#2  0x004cc0a3 in pam_acct_mgmt (pamh=0x81d3010, flags=32768)
    at pam_account.c:20
#3  0x009ee1cf in IsAuthorized (con=0xb7cb3008) at auth.c:1079
#4  0x009f52f3 in ReadClient (con=0xb7cb3008) at client.c:1224
#5  0x00a00c12 in main (argc=2, argv=0xbfed4b34) at main.c:781

Expected results:


Additional info:
My /etc/pam.d/system-auth is as follows:

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     required      /lib/security/$ISA/pam_access.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     sufficient    /lib/security/$ISA/pam_krb5.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so

Comment 1 Tim Waugh 2006-05-10 11:55:15 UTC
If you comment out this line:

account     required      /lib/security/$ISA/pam_access.so

by putting a '#' character before 'account', does that work around the problem?

Comment 2 W. Michael Petullo 2006-05-10 19:44:27 UTC
Yes, disabling pam_access fixes the symptoms.

Comment 3 Tim Waugh 2006-05-11 13:00:51 UTC
Changing component to pam and reassigning.

Comment 4 Tomas Mraz 2006-05-11 13:26:43 UTC
Already fixed in devel, I will probably update FC5 pam to 0.99.4.0 as well soon.


Comment 5 W. Michael Petullo 2006-05-20 13:47:48 UTC
I can confirm that 0.99.4.0 from Raw Hide seems to fix this problem for me.


Note You need to log in before you can comment on or make changes to this bug.