Hi Don-san.

I am able to reproduce with the following procedure.

-----------------
vagrant init ubuntu/xenial64
vagrant ssh
# at xenial64 on VM
echo 'session required pam_tty_audit.so enable=*' | sudo tee -a 
/etc/pam.d/common-session
-----------------

When 'vagrant ssh' from other terminal, it is fail.
I tested below environment.
-----------------
vagrant@ubuntu-xenial:~$ uname -a
Linux ubuntu-xenial 4.4.0-142-generic #168-Ubuntu SMP Wed Jan 16 21:00:45 UTC 
2019 x86_64 x86_64 x86_64 GNU/Linux
vagrant@ubuntu-xenial:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenial
vagrant@ubuntu-xenial:~$ dpkg -l | grep -E 'libpam|linux-image'
ii  libpam-modules:amd64             1.1.8-3.2ubuntu2.1                         
amd64        Pluggable Authentication Modules for PAM
ii  libpam-modules-bin               1.1.8-3.2ubuntu2.1                         
amd64        Pluggable Authentication Modules for PAM - helper binaries
ii  libpam-runtime                   1.1.8-3.2ubuntu2.1                         
all          Runtime support for the PAM library
ii  libpam-systemd:amd64             229-4ubuntu21.15                           
amd64        system and service manager - PAM module
ii  libpam0g:amd64                   1.1.8-3.2ubuntu2.1                         
amd64        Pluggable Authentication Modules library
ii  linux-image-4.4.0-142-generic    4.4.0-142.168                              
amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-virtual              4.4.0.142.148                              
amd64        This package will always depend on the latest minimal generic 
kernel image.
vagrant@ubuntu-xenial:~$
-----------------

If you cannot reproduce this issue above procedure, you try to enable/disable 
other pam module.
This problem is caused by an uninitialized stack variable, so it is important 
to manipulate the state of the stack to reproduce it.
For example, it is good to activate pam_ldap.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1666203

Title:
  pam_tty_audit failed in pam_open_session

Status in pam package in Ubuntu:
  Triaged
Status in pam package in Debian:
  New

Bug description:
  Dear Maintainer.

  I found a bug in pam_tty_audit.
  When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed 
in pam_open_session.
  It was triggared by use uninitialized variable in 
pam_tty_audit.c::pam_open_session.

  * Enviroments
  Ubuntu 14.04.4 LTS
  linux-image-3.16.0-71-generic    3.16.0-71.92~14.04.1
  libpam-ldap:amd64    184-8.5ubuntu3
  libpam-modules:amd64    1.1.8-1ubuntu2.2

  Ubuntu 16.04.2 TLS
  linux-image-4.4.0-62-generic    4.4.0-62.83
  libpam-ldap:amd64    184-8.7ubuntu1
  libpam-modules:amd64    1.1.8-3.2ubuntu2

  * Reproduction method
  1. Install libpam-ldap.
  2. Add the following to the end of /etc/pam.d/common-sessions
  --------
  session required pam_tty_audit.so enable=* open_only
  --------
  3. When logging in with ssh etc., pam_tty_audit will fail and login fails

  * Solution (== 2018/04/16 Link updated ==)
  apply upstream patch
  
https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee

  * Logs (on Ubuntu14.04)
  -- auth.log --
  May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 
port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8
  May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for 
user test by (uid=0)
  May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting 
current audit status: Invalid argument
  May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot 
make/remove an entry for the specified session
  May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: 
disconnected by user

  -- syslog --
  May 18 14:47:03 vm audispd: node=vm type=USER_ACCT 
msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 
msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ 
msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): 
pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1
  May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE 
msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set 
old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0
  May 18 14:47:03 vm audispd: node=vm type=USER_START 
msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 
msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=failed'
  May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ 
msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=CRED_DISP 
msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'

  Thanks regards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to