search

canonical / lightdm

Display Manager
GNU General Public License v3.0
813 stars 137 forks source link

lightdm segfault when user PAM authentication fails passwordless login #331

Open thx1111 opened 7 months ago

thx1111 commented 7 months ago

Arch Linux lightdm 1:1.32.0-4 systemd 255-1 pam 1.5.3-3

This segfault is triggered when a user is specified with autologin-user=, but not authorized in /etc/group.

Modified /etc/pam.d/lightdm:

#%PAM-1.0
auth        sufficient  pam_succeed_if.so user ingroup nopasswdlogin
auth        include     system-login
...

and configured /etc/lightdm/lightdm.conf:

...
autologin-user=<unauthorized-user>
...

Started from systemd, the lightdm log begins:

 lightdm[843]: pam_succeed_if(lightdm-autologin:auth): requirement "user ingroup autologin" not met by user "<user>"
 lightdm[843]: Stopping PAM conversation, interaction requested but not supported
 lightdm[843]: pam_unix(lightdm-autologin:auth): conversation failed
 lightdm[843]: pam_unix(lightdm-autologin:auth): auth could not identify password for [<user>]
 lightdm[440]: greeter_session_get_greeter: assertion 'session != NULL' failed
 lightdm[440]: greeter_set_hint: assertion 'greeter != NULL' failed
 lightdm[440]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed
 lightdm[440]: session_set_display_server: assertion 'session != NULL' failed
 lightdm[440]: session_start: assertion 'session != NULL' failed
 lightdm[440]: greeter_session_get_greeter: assertion 'session != NULL' failed
 lightdm[440]: session_get_is_guest: assertion 'session != NULL' failed
 lightdm[440]: session_get_username: assertion 'session != NULL' failed
 lightdm[440]: greeter_set_hint: assertion 'greeter != NULL' failed
 lightdm[440]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed
 lightdm[440]: session_get_display_server: assertion 'session != NULL' failed
 lightdm[440]: display_server_get_can_share: assertion 'server != NULL' failed
 lightdm[440]: session_get_session_type: assertion 'session != NULL' failed
 lightdm[440]: session_get_session_type: assertion 'session != NULL' failed
 kernel: lightdm[440]: segfault at 0 ip 000055628bd9b889 sp 00007ffe6b7a8e90 error 4 in lightdm[55628bd8a000+29000] likely on CPU 1 (core 1, socket 0)
 kernel: Code: 44 f3 fe ff f3 0f 1e fa e9 27 f3 fe ff 0f 1f 40 00 f3 0f 1e fa 41 55 41 54 55 48 89 fd 48 89 f7 53 48 83 ec 08 e8 37 d9 ff ff <80> 38 78 48 89 c3 75 1f 80 78 01 00 75 19 48 83 c4 08 48 89 ef 5b
 systemd[1]: Created slice Slice /system/systemd-coredump.
 systemd[1]: Started Process Core Dump (PID 844/UID 0).
 systemd-coredump[845]: [🡕] Process 440 (lightdm) of user 0 dumped core.

                        Stack trace of thread 440:
                        #0  0x000055628bd9b889 n/a (lightdm + 0x18889)
                        #1  0x000055628bd9db45 n/a (lightdm + 0x1ab45)
                        #2  0x000055628bda15ff n/a (lightdm + 0x1e5ff)
                        #3  0x000055628bda162b n/a (lightdm + 0x1e62b)
                        #4  0x00007f1291156b73 n/a (libgobject-2.0.so.0 + 0x33b73)
                        #5  0x00007f1291156c77 g_signal_emit_valist (libgobject-2.0.so.0 + 0x33c77)
                        #6  0x00007f1291156d34 g_signal_emit (libgobject-2.0.so.0 + 0x33d34)
                        #7  0x000055628bd9cdcc n/a (lightdm + 0x19dcc)
                        #8  0x00007f12911def69 n/a (libglib-2.0.so.0 + 0x59f69)
                        #9  0x00007f129123d367 n/a (libglib-2.0.so.0 + 0xb8367)
                        #10 0x00007f12911dfb97 g_main_loop_run (libglib-2.0.so.0 + 0x5ab97)
                        #11 0x000055628bd8dcb4 n/a (lightdm + 0xacb4)
                        #12 0x00007f1290bb1cd0 n/a (libc.so.6 + 0x27cd0)
                        #13 0x00007f1290bb1d8a __libc_start_main (libc.so.6 + 0x27d8a)
                        #14 0x000055628bd8e765 n/a (lightdm + 0xb765)

                        Stack trace of thread 446:
                        ...
systemd[1]: lightdm.service: Main process exited, code=dumped, status=11/SEG
...

Also, as a consequence, where lightdm.service has Restart=always, the segfault will loop continuously and prevent access to any other virtual terminal.

The service file lightdm.service should be modified to avoid looping and to allow virtual terminal access when lightdm fails, with, for instance:

[Unit]
...
StartLimitIntervalSec=1hour
StartLimitBurst=3

...

Incidentally, also, where lightdm.service has Conflicts=getty@tty1.service, this is pointless and annoying, and should be removed.