Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pam_zfs_key breaks debian adduser (which passwd-prompts for the nonexistent user) and root passwd on disabled users #15765

Open
nabijaczleweli opened this issue Jan 12, 2024 · 0 comments
Open

pam_zfs_key breaks debian adduser (which passwd-prompts for the nonexistent user) and root passwd on disabled users #15765

nabijaczleweli opened this issue Jan 12, 2024 · 0 comments
Labels
Type: Defect Incorrect behavior (e.g. crash, hang)

Comments

@nabijaczleweli
Copy link
Contributor

System information

Type Version/Name
Distribution Name Debian
Distribution Version sid @ 2023-01-09
Kernel Version 6.6.9-amd64
Architecture amd64
OpenZFS Version 2.2.2-3

Describe the problem you're observing

# adduser testuser
info: Adding user `testuser' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `testuser' (1001) ...
info: Adding new user `testuser' (1001) with group `testuser (1001)' ...
info: Creating home directory `/home/testuser' ...
info: Copying files from `/etc/skel' ...
Current password:

bad start! there's no current password

If I respond with mismatched passwords then

Current password: abc
New password: def
Retype new password: def
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N]

And if with the same then:

adduser testuser
info: Adding user `testuser' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `testuser' (1001) ...
info: Adding new user `testuser' (1001) with group `testuser (1001)' ...
info: Creating home directory `/home/testuser' ...
info: Copying files from `/etc/skel' ...
urrent password: asd
New password: asd
Retype new password: asd
The password has not been changed.
New password: asd
Retype new password: asd
The password has not been changed.
New password: asd
Retype new password: asd
The password has not been changed.
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N]

And if I click through the rest, the user is disabled:

$ getent passwd testuser
testuser:x:1001:1001:test,test,test,test,test:/home/testuser:/bin/bash
# getent shadow testuser
testuser:!:19733:0:99999:7:::

If I then passwd testuser as root:

Current password:
New password:
Retype new password:
passwd: Authentication token manipulation error
passwd: password unchanged

it's asking me for a password again!

Journal says

Jan 11 20:40:14 chrust sudo[10942]: nabijaczleweli : TTY=pts/0 ; PWD=/home/nabijaczleweli ; USER=root ; COMMAND=/usr/bin/passwd testuser
Jan 11 20:40:14 chrust sudo[10942]: pam_unix(sudo:session): session opened for user root(uid=0) by nabijaczleweli(uid=1000)
Jan 11 20:40:16 chrust passwd[10944]: pam_zfs_key(passwd:chauthtok): dataset chrust-zoot/home/testuser not found
Jan 11 20:40:16 chrust passwd[10944]: pam_zfs_key(passwd:chauthtok): old token mismatch
Jan 11 20:40:33 chrust sudo[10942]: pam_unix(sudo:session): session closed for user root
Jan 11 20:40:35 chrust sudo[10946]: nabijaczleweli : TTY=pts/0 ; PWD=/home/nabijaczleweli ; USER=root ; COMMAND=/usr/bin/passwd testuser
Jan 11 20:40:35 chrust sudo[10946]: pam_unix(sudo:session): session opened for user root(uid=0) by nabijaczleweli(uid=1000)
Jan 11 20:40:35 chrust passwd[10948]: pam_zfs_key(passwd:chauthtok): dataset chrust-zoot/home/testuser not found
Jan 11 20:40:35 chrust passwd[10948]: pam_zfs_key(passwd:chauthtok): old token mismatch
Jan 11 20:40:38 chrust passwd[10948]: pam_unix(passwd:chauthtok): authentication failure; logname=nabijaczleweli uid=0 euid=0 tty= ruser= rhost=  user=testuser
Jan 11 20:40:38 chrust passwd[10948]: pam_unix(passwd:chauthtok): user password changed by another process
Jan 11 20:40:40 chrust sudo[10946]: pam_unix(sudo:session): session closed for user root

Describe how to reproduce the problem

Enable pam_zfs_key

Downstream bug: https://bugs.debian.org/1060460
@nabijaczleweli nabijaczleweli added the Type: Defect Incorrect behavior (e.g. crash, hang) label Jan 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Defect Incorrect behavior (e.g. crash, hang)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nabijaczleweli