[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
This bug was fixed in the package pam - 1.1.8-3.2ubuntu2.3 --- pam (1.1.8-3.2ubuntu2.3) xenial; urgency=medium * Move patch fixing LP: #1666203 from debian/patches to debian/patches-applied so it actually gets applied. * debian/libpam-modules.postinst: Add /snap/bin to $PATH in /etc/environment. (LP: #1659719) pam (1.1.8-3.2ubuntu2.2) xenial; urgency=medium * Fix: pam_tty_audit failed in pam_open_session (LP: #1666203) -- Michael Hudson-Doyle Thu, 01 Oct 2020 10:03:21 +1300 ** Changed in: pam (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Verified the new upload on xenial: root@xenial-pam-play:~# dpkg -l libpam-modules Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version ArchitectureDescription +++--===-===-== ii libpam-modules:amd64 1.1.8-3.2ubuntu2.1 amd64 Pluggable Authentication Modules for PAM root@xenial-pam-play:~# sudo -u ubuntu bash sudo: policy plugin failed session initialization root@xenial-pam-play:~# apt install libpam-modules/xenial-proposed libpam-modules-bin/xenial-proposed Reading package lists... Done Building dependency tree Reading state information... Done Selected version '1.1.8-3.2ubuntu2.3' (Ubuntu:16.04/xenial-proposed [amd64]) for 'libpam-modules' Selected version '1.1.8-3.2ubuntu2.3' (Ubuntu:16.04/xenial-proposed [amd64]) for 'libpam-modules-bin' Recommended packages: update-motd The following packages will be upgraded: libpam-modules libpam-modules-bin 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 281 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 libpam-modules-bin amd64 1.1.8-3.2ubuntu2.3 [36.9 kB] Get:2 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 libpam-modules amd64 1.1.8-3.2ubuntu2.3 [244 kB] Fetched 281 kB in 2s (111 kB/s) Preconfiguring packages ... (Reading database ... 47120 files and directories currently installed.) Preparing to unpack .../libpam-modules-bin_1.1.8-3.2ubuntu2.3_amd64.deb ... Unpacking libpam-modules-bin (1.1.8-3.2ubuntu2.3) over (1.1.8-3.2ubuntu2.1) ... Setting up libpam-modules-bin (1.1.8-3.2ubuntu2.3) ... (Reading database ... 47120 files and directories currently installed.) Preparing to unpack .../libpam-modules_1.1.8-3.2ubuntu2.3_amd64.deb ... Unpacking libpam-modules:amd64 (1.1.8-3.2ubuntu2.3) over (1.1.8-3.2ubuntu2.1) ... Setting up libpam-modules:amd64 (1.1.8-3.2ubuntu2.3) ... root@xenial-pam-play:~# sudo -u ubuntu bash To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details. bash: /root/.bashrc: Permission denied ubuntu@xenial-pam-play:~$ ls ls: cannot open directory '.': Permission denied ubuntu@xenial-pam-play:~$ exit root@xenial-pam-play:~# aureport --tty -i TTY Report === # date time event auid term sess comm data === 1. 10/01/20 08:21:14 132 unset ? 4294967295 bash "ls",,<^D> ** Tags removed: verification-needed verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Hello Toru, or anyone else affected, Accepted pam into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/pam/1.1.8-3.2ubuntu2.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: pam (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Changed in: pam (Ubuntu Xenial) Status: Won't Fix => In Progress ** Changed in: pam (Ubuntu Xenial) Assignee: Don van der Haghen (donvdh) => Michael Hudson-Doyle (mwhudson) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
The version of pam in the proposed pocket of Xenial that was purported to fix this bug report has been removed because the bugs that were to be fixed by the upload were not verified in a timely (105 days) fashion. ** Tags removed: verification-needed-xenial ** Changed in: pam (Ubuntu Xenial) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
@David have you tested the version of the package in -proposed and does it work for you? If so could you please provide testing details so that we can release the package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Hello! Thanks for your work with creating and testing the patch. When Xenial Fix will be released? I'd love to see it, because activation of Proposed repo on dozens hosts does not looks very good. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Hi Don-san. I tried test, but it not fixed. I tried building by source code of version 1.1.8-3.2ubuntu 2.2, it looks like the patch has not been applied. Can you check again? [VERIFICATION XENIAL] 1) Used vagrant init ubuntu/xenial64 to create new instance. 2) Used vagrant ssh to login. 3) Added "session required pam_tty_audit.so enable=*" at the top of /etc/pam.d/common-session 4) Tried to use in with new vagrant ssh session (package 1.1.8-3.2ubuntu2.1): DOES NOT WORK/SESSION CLOSES 5) Installed 1.1.8-3.2ubuntu2.2 from xenial-proposed 6) Tried to use in with new vagrant ssh session: DOES NOT WORK/SESSION CLOSES -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Thanks! [VERIFICATION XENIAL] 1) Used vagrant init ubuntu/xenial64 to create new instance. 2) Used vagrant ssh to login. 3) Added "session required pam_tty_audit.so enable=*" at the top of /etc/pam.d/common-session 5) Installed 1.1.8-3.2ubuntu2.2 from xenial-proposed 6) Tried to use in with new vagrant ssh session: WORKS 7) Ran "aureport --tty": shows expected output @Toru: Could you verify this also? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Hello Toru, or anyone else affected, Accepted pam into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/pam/1.1.8-3.2ubuntu2.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: pam (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Uploaded to Xenial. For future reference, the patches directory goes inside debian/ Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
This bug was fixed in the package pam - 1.1.8-3.6ubuntu3 --- pam (1.1.8-3.6ubuntu3) cosmic; urgency=medium * debian/patches-applied/fix-pam_tty_audit.patch: (LP: #1666203) Fix pam_tty_audit log_passwd support and regression. -- Eric Desrochers Thu, 28 Feb 2019 01:20:35 + ** Changed in: pam (Ubuntu Cosmic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
This bug was fixed in the package pam - 1.1.8-3.6ubuntu2.18.04.1 --- pam (1.1.8-3.6ubuntu2.18.04.1) bionic; urgency=medium * debian/patches-applied/fix-pam_tty_audit.patch: (LP: #1666203) Fix pam_tty_audit log_passwd support and regression. -- Eric Desrochers Wed, 27 Feb 2019 14:26:50 + ** Changed in: pam (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Description changed: [Impact] * Kernel keystroke auditing via pam_tty_audit.so not working * When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. [Test Case] 1) Open a shell & escalate to root 2) Update /etc/pam.d/common-session & /etc/pam.d/common-session-noninteractive and add the following line directly after the line: "session required pam_unix.so": "session required pam_tty_audit.so enable=*" 3) Start a second new shell session on the box and type a variety of commands 4) Exit the second shell session to flush the buffer? 5) In the root shell run "aureport -tty -i". The output should show the commands run in the other shell. [Regression Potential] * Low, we are simply including the missing header file and copy the old status as initialization of new. The fix is already found/part of Debian and Disco. + + [Pending SRU] + + All regressions found in Bionic and Cosmic looks like long standing ADT + failure. Nothing has been introduce by this particular SRU. [Other Info] # Upstream fix: https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee # git describe --contains c5f829931a22c65feffee16570efdae036524bee Linux-PAM-1_2_0~75 # rmadision pam => pam | 1.1.8-1ubuntu2.2 | trusty-updates | source => pam | 1.1.8-3.2ubuntu2 | xenial | source => pam | 1.1.8-3.2ubuntu2.1 | xenial-updates | source => pam | 1.1.8-3.6ubuntu2 | bionic | source => pam | 1.1.8-3.6ubuntu2 | cosmic | source pam | 1.3.1-5ubuntu1 | disco| source [Original Description] Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
@Donvdh, Thanks I'll have a look at it probably next week. Thanks ! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
[VERIFICATION COSMIC] 1) Used vagrant init ubuntu/cosmic64 to create new instance. 2) Used vagrant ssh to login. 3) Added "session required pam_tty_audit.so enable=*" at the top of /etc/pam.d/common-session 4) Tried to use in with new vagrant ssh session (package 1.1.8-3.6ubuntu2): DOES NOT WORK/SESSION CLOSES 5) Installed 1.1.8-3.6ubuntu3 from cosmic-proposed 6) Tried to use in with new vagrant ssh session (package 1.1.8-3.6ubuntu3): WORKS 7) Ran "aureport --tty": shows expected output ** Tags removed: verification-needed-cosmic ** Tags added: verification-done-cosmic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Sorry for the delay and thanks for the feedback and effort Eric! Please find the new Xenial debdiff (xenial-fix-for-lp-1666203-v2.debdiff) attached. I tested the update and verified that it works. I also tested the Bionic update and verified that it works as intended. ** Patch added: "xenial-fix-for-lp-1666203-v2.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+attachment/5242562/+files/xenial-fix-for-lp-1666203-v2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
[VERIFICATION BIONIC] It has been brought to my attention the following (by an impacted user): I have enabled the "-proposed" pocket and done the following: 1) Logged into workstation, elevated to root 2) Installed packages from "-proposed": libpam0g libpam-modules libpam-modules-bin libpam-runtime 3) Updated /etc/pam.d/common-session and common-session-interactive 4) Started a second session as a regular user and performed a number of console commands, then exited session 5) From the first (root) session, executed "aureport --tty -i". - The output of the audit report looks good. If I attempt to perform the same test on another workstation, using the original libpam packages (e.g. skipping step 2) then the test fails at step 4, as the user cannot login. In the logs PAM complains about an invalid parameter on the pam_tty_audit.so line (enable=*). ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Hello Toru, or anyone else affected, Accepted pam into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/pam/1.1.8-3.6ubuntu3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: pam (Ubuntu Cosmic) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-cosmic ** Changed in: pam (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Uploaded for Bionic and Cosmic. ** Description changed: [Impact] - * Kernel keystroke auditing via pam_tty_audit.so not working - - * When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. -It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. + * Kernel keystroke auditing via pam_tty_audit.so not working + + * When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. + It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. [Test Case] - 1. Install libpam-ldap - 2. Add the following to the end of /etc/pam.d/common-sessions - - session required pam_tty_audit.so enable=* open_only - - 3. When logging in with ssh etc., pam_tty_audit will fail and login fails + 1) Open a shell & escalate to root + 2) Update /etc/pam.d/common-session & /etc/pam.d/common-session-noninteractive and add the following line directly after the line: "session required pam_unix.so": + "session required pam_tty_audit.so enable=*" + + 3) Start a second new shell session on the box and type a variety of commands + 4) Exit the second shell session to flush the buffer? + 5) In the root shell run "aureport -tty -i". The output should show the commands run in the other shell. [Regression Potential] - * Low, we are simply including the missing header files and copy the old status as initialization of new. -It's already part of Debian and Disco. + * Low, we are simply including the missing header files and copy the old status as initialization of new. + It's already part of Debian and Disco. [Other Info] # Upstream fix: https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee # git describe --contains c5f829931a22c65feffee16570efdae036524bee Linux-PAM-1_2_0~75 # rmadision pam => pam | 1.1.8-1ubuntu2.2 | trusty-updates | source => pam | 1.1.8-3.2ubuntu2 | xenial | source => pam | 1.1.8-3.2ubuntu2.1 | xenial-updates | source => pam | 1.1.8-3.6ubuntu2 | bionic | source => pam | 1.1.8-3.6ubuntu2 | cosmic | source - pam | 1.3.1-5ubuntu1 | disco| source + pam | 1.3.1-5ubuntu1 | disco| source [Original Description] Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Don, I'll take care of patching Bionic and Cosmic, and I will let you handle Xenial, if you don't mind through the Ubuntu sponsorship. I have reviewed your Xenial debdiff, and it will need some rework. The patch requires to be in quilt (debian/patches-applied), and not file manipulate directly like you did. - Eric -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Changed in: pam (Ubuntu Bionic) Assignee: Don van der Haghen (donvdh) => Eric Desrochers (slashd) ** Changed in: pam (Ubuntu Bionic) Importance: High => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
I have provided a test package to an impacted user for Bionic/18.04LTS. Here's what has been brought to my attention after this user tried the test package: "Test results look good. Keystroke logging audit messages are coming through." -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Changed in: pam (Ubuntu Cosmic) Status: New => In Progress ** Changed in: pam (Ubuntu Cosmic) Importance: Undecided => Medium ** Changed in: pam (Ubuntu Cosmic) Assignee: (unassigned) => Eric Desrochers (slashd) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Description changed: + [Impact] + + * Kernel keystroke auditing via pam_tty_audit.so not working + + * When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. +It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. + + [Test Case] + + 1. Install libpam-ldap + 2. Add the following to the end of /etc/pam.d/common-sessions + + session required pam_tty_audit.so enable=* open_only + + 3. When logging in with ssh etc., pam_tty_audit will fail and login fails + + [Regression Potential] + + * Low, we are simply including the missing header files and copy the old status as initialization of new. +It's already part of Debian and Disco. + + [Other Info] + + # Upstream fix: + https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee + + # git describe --contains c5f829931a22c65feffee16570efdae036524bee + Linux-PAM-1_2_0~75 + + # rmadision pam + => pam | 1.1.8-1ubuntu2.2 | trusty-updates | source + => pam | 1.1.8-3.2ubuntu2 | xenial | source + => pam | 1.1.8-3.2ubuntu2.1 | xenial-updates | source + => pam | 1.1.8-3.6ubuntu2 | bionic | source + => pam | 1.1.8-3.6ubuntu2 | cosmic | source + pam | 1.3.1-5ubuntu1 | disco| source + + [Original Description] + Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' Thanks regards. ** Also affects: pam (Ubuntu Cosmic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Don van der Haghen (donvdh), Seems like you need a sponsor. If I sponsor the patch for you, will you be amenable to test the packages once found in $RELEASE-proposed ? If cosmic is impacted, could you also please provide a debdiff for it, before I proceed. Regards, Eric ** Tags added: sts ** Changed in: pam (Ubuntu Bionic) Assignee: (unassigned) => Don van der Haghen (donvdh) ** Changed in: pam (Ubuntu Xenial) Assignee: (unassigned) => Don van der Haghen (donvdh) ** Changed in: pam (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: pam (Ubuntu Bionic) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
and could you please fill the SRU template ? https://wiki.ubuntu.com/StableReleaseUpdates -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Changed in: pam (Ubuntu Xenial) Importance: Undecided => High ** Changed in: pam (Ubuntu Bionic) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: pam (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: pam (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
I have opened bug tasks for the bionic and xenial releases. Your patches are in the queue for the ubuntu-sponsors team to review. ** Also affects: pam (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: pam (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Thanks Steve! However, what is the status for Xenial and Bionic? The bug seems closed now (status: fix released), can someone reopen it? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Description changed: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch - https://bit.ly/2BtN52W + https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' - Thanks regards. https://bit.ly/2BtN52W + Thanks regards. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Description changed: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch - https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee + https://bit.ly/2BtN52W * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' - Thanks regards. + Thanks regards. https://bit.ly/2BtN52W -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Changed in: pam (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
This has been fixed for disco with the upload of pam 1.3.1-2ubuntu1. ** Changed in: pam (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Please see attached patch for Ubuntu 16.04/Xenial. I have tested and verified that the patch works as intended. ** Patch added: "xenial-fix-for-lp-1666203.debdiff" https://bugs.launchpad.net/debian/+source/pam/+bug/1666203/+attachment/5236239/+files/xenial-fix-for-lp-1666203.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Thank you all very much for the responses. I added the description, origin and bug headers to the bionical debdiff, new debdiff is attached. I was able to reproduce the issue on xenial using vagrant, I will create and test a patch. ** Patch added: "bionic-fix-for-lp-1666203-v2.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+attachment/5236226/+files/bionic-fix-for-lp-1666203-v2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Don, I've looked closer at the code and I agree with you. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Hi Don-san. I am able to reproduce with the following procedure. - vagrant init ubuntu/xenial64 vagrant ssh # at xenial64 on VM echo 'session required pam_tty_audit.so enable=*' | sudo tee -a /etc/pam.d/common-session - When 'vagrant ssh' from other terminal, it is fail. I tested below environment. - vagrant@ubuntu-xenial:~$ uname -a Linux ubuntu-xenial 4.4.0-142-generic #168-Ubuntu SMP Wed Jan 16 21:00:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux vagrant@ubuntu-xenial:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 16.04.5 LTS Release:16.04 Codename: xenial vagrant@ubuntu-xenial:~$ dpkg -l | grep -E 'libpam|linux-image' ii libpam-modules:amd64 1.1.8-3.2ubuntu2.1 amd64Pluggable Authentication Modules for PAM ii libpam-modules-bin 1.1.8-3.2ubuntu2.1 amd64Pluggable Authentication Modules for PAM - helper binaries ii libpam-runtime 1.1.8-3.2ubuntu2.1 all Runtime support for the PAM library ii libpam-systemd:amd64 229-4ubuntu21.15 amd64system and service manager - PAM module ii libpam0g:amd64 1.1.8-3.2ubuntu2.1 amd64Pluggable Authentication Modules library ii linux-image-4.4.0-142-generic4.4.0-142.168 amd64Linux kernel image for version 4.4.0 on 64 bit x86 SMP ii linux-image-virtual 4.4.0.142.148 amd64This package will always depend on the latest minimal generic kernel image. vagrant@ubuntu-xenial:~$ - If you cannot reproduce this issue above procedure, you try to enable/disable other pam module. This problem is caused by an uninitialized stack variable, so it is important to manipulate the state of the stack to reproduce it. For example, it is good to activate pam_ldap. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Hello Don, probably an SRU sponsor would like the debdiff to include references where to find the patch that you applied in upstream sources or other bug reports. The usual way to do so is via a Description: and Origin: header in the patch, see https://dep- team.pages.debian.net/deps/dep3/ for more information. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Thank you both very much for the responses. Toru: I just tested this on another 16.04 system (now with kernel 4.4.0-142-generic) and was unable to reproduce the issue there also. I was able to reproduce the issue on both Bionic systems I tested however. So there seems to be a difference between Xenial and Bionic. Patrik: I believe LTS patches are required to be as minimal as possible to minimize regression risk. It appears that the bug is resolved without the change you mentioned. I looked at the code quickly and couldn't determine whether this change is strictly necessary as the variable that is initialized doesn't seem to be used within the module itself. Should you disagree, then please report back. I would like to ask a sponsor to review the debdiff and give feedback about what changes are desired to get the patch accepted. I will then also test the disco release. Any feedback or additional information is more than welcome, I'm just trying to move this issue forward as well as I can. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
I also tested with commit https://github.com/linux-pam/linux- pam/commit/05a1ccc0df92d0ca031699124ddf7ec3ce12f78f#diff- c5b734a338a8a0460af7f0c08a7b138a which fixes yet another uninitialized use. Resulting pam_tty_audit.so with both mentioned upstream commits tested and works on bionic, cosmic, and disco. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Thank you for your response. I tested on 16.04/xenial with below packages, but this issue still exists. libpam-modules-bin 1.1.8-3.2ubuntu2.1 linux-image-4.4.0-137-generic 4.4.0-137.163 This issue has been fixed on the PAM 1.2.0, but 16.04/xenial and 18.04/bionic used the PAM 1.1.8 and the current package is not include a patche for this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
I am unable to reproduce this issue on Ubuntu 16.04/Xenial with: libpam-modules 1.1.8-3.2ubuntu2.1 kernel 4.4.0-112-generic Toru Ikezoe: Could you verify whether this issue still exists on 16.04? I currently have no plans on testing with Ubuntu 14.04 because of end of support on april 2019. ** Changed in: pam (Ubuntu) Assignee: (unassigned) => Don van der Haghen (donvdh) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
The attachment "bionic-fix-for-lp-1666203.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Attached patch (which is based on pam_1.1.8-3.6ubuntu2) fixes the issue for Ubuntu 18.04/Bionic Following fix was implemented as mentioned by the reporter of the LP bug: https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee I tested the patch and it indeed resolves the issue: pam_tty_audit now works as expected and users are still able to login after adding: session required pam_tty_audit.so enable=root to /etc/pam.d/common-session "aureport --tty" shows the expected output. * Fix: pam_tty_audit failed in pam_open_session (LP: #1666203) The patch has also been submitted to Debian. ** Patch added: "bionic-fix-for-lp-1666203.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+attachment/5235473/+files/bionic-fix-for-lp-1666203.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Tags added: trusty xen ** Tags removed: xen ** Tags added: cosmic disco xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Changed in: pam (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Bug watch added: Debian Bug tracker #778664 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778664 ** Also affects: pam (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778664 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Tags added: bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Please see https://wiki.ubuntu.com/SponsorshipProcess and https://wiki.ubuntu.com/StableReleaseUpdates#Procedure if you can volunteer to get the fix landed. Note that I don't expect anyone to work on this any time soon. It needs volunteers. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Changed in: pam (Ubuntu) Status: Confirmed => Triaged ** Changed in: pam (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Description changed: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails - * Solution + * Solution (== 2018/04/16 Link updated ==) apply upstream patch - https://git.fedorahosted.org/cgit/linux-pam.git/commit/modules/pam_tty_audit/pam_tty_audit.c?id=c5f829931a22c65feffee16570efdae036524bee + https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' - Thanks regards. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: pam (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
