** Changed in: pam (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1666203
Title:
pam_tty_audit failed in pam_open_session
Status in pam package in Ubuntu:
Triaged
Status in pam package in Debian:
New
Bug description:
Dear Maintainer.
I found a bug in pam_tty_audit.
When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed
in pam_open_session.
It was triggared by use uninitialized variable in
pam_tty_audit.c::pam_open_session.
* Enviroments
Ubuntu 14.04.4 LTS
linux-image-3.16.0-71-generic 3.16.0-71.92~14.04.1
libpam-ldap:amd64 184-8.5ubuntu3
libpam-modules:amd64 1.1.8-1ubuntu2.2
Ubuntu 16.04.2 TLS
linux-image-4.4.0-62-generic 4.4.0-62.83
libpam-ldap:amd64 184-8.7ubuntu1
libpam-modules:amd64 1.1.8-3.2ubuntu2
* Reproduction method
1. Install libpam-ldap.
2. Add the following to the end of /etc/pam.d/common-sessions
--------
session required pam_tty_audit.so enable=* open_only
--------
3. When logging in with ssh etc., pam_tty_audit will fail and login fails
* Solution (== 2018/04/16 Link updated ==)
apply upstream patch
https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee
* Logs (on Ubuntu14.04)
-- auth.log --
May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1
port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8
May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for
user test by (uid=0)
May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting
current audit status: Invalid argument
May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot
make/remove an entry for the specified session
May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11:
disconnected by user
-- syslog --
May 18 14:47:03 vm audispd: node=vm type=USER_ACCT
msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1
addr=10.99.0.1 terminal=ssh res=success'
May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ
msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1
addr=10.99.0.1 terminal=ssh res=success'
May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60):
pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1
May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE
msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set
old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0
May 18 14:47:03 vm audispd: node=vm type=USER_START
msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3
msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1
addr=10.99.0.1 terminal=ssh res=failed'
May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ
msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1
addr=10.99.0.1 terminal=ssh res=success'
May 18 14:47:03 vm audispd: node=vm type=CRED_DISP
msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1
addr=10.99.0.1 terminal=ssh res=success'
Thanks regards.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
