Debian Bug report logs - #471793
ldm doesn't handle pam logouts properly

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Pascal <pascal.legrand@univ-orleans.fr>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: ldm doesn't handle pam logouts properly

Date: Thu, 20 Mar 2008 09:08:18 +0100

Package: ldm
Severity: important

when a user use ldm to connect, everything works fine and all the transaction is logged in auth.log, when he logout the session is closed 
but nothing in the auth.log and all the actions which have to be done after logout are not done as the user was not disconnected.
for exemple with pam_mount module, when the user logout the samba share mounted during loggin is not unmounted, while the session is closed.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Message #10 received at 471793@bugs.debian.org (full text, mbox, reply):

From: Pascal Legrand <Pascal.Legrand@univ-orleans.fr>

To: 471793@bugs.debian.org

Subject: auth.log

Date: Thu, 20 Mar 2008 16:48:27 +0100

*******************************************************************************************************************************************************
I follow the instructions here to make pam_mount works
http://wiki.ltsp.org/twiki/bin/view/Ltsp/WinIntegration#pam_mount_conf_and_LDM_ssh
*******************************************************************************************************************************************************
auth.log Connection/disconnection on the server directly (gdm)

Mar 18 08:36:12 ltsp gdm[2684]: (pam_unix) session opened for user  plegrand by 
(uid=0)
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(readconfig.c:197) reading options_allow...
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(readconfig.c:180) reading 
options_require...
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(pam_mount.c:439) back from global 
readconfig
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(pam_mount.c:441) per-user 
configurations not allowed by pam_mount.conf
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(pam_mount.c:459) pam_sm_open_session: 
real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(readconfig.c:418) checking sanity of 
volume record (plegrand)
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(pam_mount.c:474) about to perform 
mount operations
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:368) information for mount:
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:369) ----------------------
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:370) (defined by globalconf)
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:373) user:          plegrand
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:374) server:        192.168.39.248
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:375) volume:        plegrand
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:376) mountpoint: 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:377) options: 
dmask=0751,uid=plegrand
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:378) fs_key_cipher:
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:379) fs_key_path:
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:380) use_fstab:   0
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:381) ----------------------
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:177) realpath of volume 
"/home/users/biatoss/plegrand/plegrand_SIOUX" is 
"/home/users/biatoss/plegrand/plegrand_SIOUX"
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:182) checking to see if 
//192.168.39.248/plegrand is already mounted at 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:799) checking for encrypted 
filesystem key configuration
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:819) about to start building 
mount command
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(misc.c:264) command: /usr/bin/smbmount 
[//192.168.39.248/plegrand] [/home/users/biatoss/plegrand/plegrand_SIOUX] [-o] 
[username=plegrand,uid=534,gid
Mar 18 08:36:12 ltsp gdm[3414]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:36:12 ltsp gdm[3414]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:851) mount errors (should be 
empty):
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:100) pam_mount(misc.c:341) 
set_myuid(pre): real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:100) pam_mount(misc.c:376) 
set_myuid(post): real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(mount.c:854) waiting for mount
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(pam_mount.c:123) clean system authtok (0)
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(misc.c:264) command: /bin/true
Mar 18 08:36:12 ltsp gdm[3419]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:36:12 ltsp gdm[3419]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(pam_mount.c:360) pmvarrun says login 
count is -1
Mar 18 08:36:12 ltsp gdm[2684]: pam_mount(pam_mount.c:491) done opening session

Mar 18 08:36:46 ltsp gdm[2684]: (pam_unix) session closed for user  plegrand
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(pam_mount.c:533) received order to 
close things
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(pam_mount.c:534) real and effective 
user ID are 0 and 0.
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(misc.c:264) command: /bin/true
Mar 18 08:36:46 ltsp gdm[3547]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:0
Mar 18 08:36:46 ltsp gdm[3547]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:0
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(pam_mount.c:360) pmvarrun says login 
count is -1
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(pam_mount.c:556) going to unmount
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:368) information for mount:
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:369) ----------------------
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:370) (defined by globalconf)
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:373) user:          plegrand
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:374) server:        192.168.39.248
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:375) volume:        plegrand
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:376) mountpoint: 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:377) options: 
dmask=0751,uid=plegrand
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:378) fs_key_cipher:
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:379) fs_key_path:
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:380) use_fstab:   0
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:381) ----------------------
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(misc.c:264) command: /usr/bin/lsof 
[/home/users/biatoss/plegrand/plegrand_SIOUX]
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:131) lsof output (should be 
empty)...
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:133) waiting for lsof
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(misc.c:264) command: /usr/bin/sudo 
[/usr/bin/smbumount] [/home/users/biatoss/plegrand/plegrand_SIOUX]
Mar 18 08:36:46 ltsp gdm[3550]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:0
Mar 18 08:36:46 ltsp gdm[3550]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:0
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:487) umount errors (should be 
empty):
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:100) pam_mount(misc.c:341) 
set_myuid(pre): real uid/gid=0:2902, effective uid/gid=0:0
Mar 18 08:36:46 ltsp gdm[2684]: pam_mount(mount.c:100) pam_mount(misc.c:376) 
set_myuid(post): real uid/gid=0:2902, effective uid/gid=0:0
Mar 18 08:36:46 ltsp sudo:     root : TTY=unknown ; PWD=/ ; USER=root ; 
COMMAND=/usr/bin/smbumount /home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:36:47 ltsp gdm[2684]: pam_mount(mount.c:490) waiting for umount
Mar 18 08:36:47 ltsp gdm[2684]: pam_mount(pam_mount.c:567) pam_mount execution 
complete
Mar 18 08:36:47 ltsp gdm[2684]: pam_mount(pam_mount.c:106) Clean global config (0)
Mar 18 08:36:47 ltsp gdm[2684]: pam_mount(pam_mount.c:123) clean system authtok (0)
*******************************************************************************************************************************************************

Connection/disconnection on the server with ssh

Mar 18 08:36:47 ltsp gdm[2684]: pam_mount(pam_mount.c:123) clean system authtok (0)
Mar 18 08:38:18 ltsp sshd[3567]: Accepted password for plegrand from 
192.168.39.243 port 34203 ssh2
Mar 18 08:38:18 ltsp sshd[3569]: (pam_unix) session opened for user plegrand by 
(uid=0)
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(readconfig.c:197) reading 
options_allow...
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(readconfig.c:180) reading 
options_require...
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(pam_mount.c:439) back from global 
readconfig
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(pam_mount.c:441) per-user 
configurations not allowed by pam_mount.conf
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(pam_mount.c:459) pam_sm_open_session: 
real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(readconfig.c:418) checking sanity of 
volume record (plegrand)
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(pam_mount.c:474) about to perform 
mount operations
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:368) information for mount:
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:369) ----------------------
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:370) (defined by globalconf)
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:373) user:          plegrand
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:374) server: 
192.168.39.248
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:375) volume:        plegrand
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:376) mountpoint: 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:377) options: 
dmask=0751,uid=plegrand
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:378) fs_key_cipher:
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:379) fs_key_path:
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:380) use_fstab:   0
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:381) ----------------------
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:177) realpath of volume 
"/home/users/biatoss/plegrand/plegrand_SIOUX" is 
"/home/users/biatoss/plegrand/plegrand_SIOUX"
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:182) checking to see if 
//192.168.39.248/plegrand is already mounted at 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:799) checking for encrypted 
filesystem key configuration
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:819) about to start building 
mount command
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(misc.c:264) command: 
/usr/bin/smbmount [//192.168.39.248/plegrand] 
[/home/users/biatoss/plegrand/plegrand_SIOUX] [-o] [username=plegrand,uid=534,gid
Mar 18 08:38:18 ltsp sshd[3570]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:38:18 ltsp sshd[3570]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:851) mount errors (should be 
empty):
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:100) pam_mount(misc.c:341) 
set_myuid(pre): real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:100) pam_mount(misc.c:376) 
set_myuid(post): real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(mount.c:854) waiting for mount
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(pam_mount.c:123) clean system authtok (0)
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(misc.c:264) command: /bin/true
Mar 18 08:38:18 ltsp sshd[3575]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:38:18 ltsp sshd[3575]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(pam_mount.c:360) pmvarrun says login 
count is -1
Mar 18 08:38:18 ltsp sshd[3569]: pam_mount(pam_mount.c:491) done opening session

Mar 18 08:38:36 ltsp sshd[3569]: (pam_unix) session closed for user plegrand
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(pam_mount.c:533) received order to 
close things
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(pam_mount.c:534) real and effective 
user ID are 534 and 534.
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(misc.c:264) command: /bin/true
Mar 18 08:38:36 ltsp sshd[3597]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=534:2902, effective uid/gid=534:2902
Mar 18 08:38:36 ltsp sshd[3597]: pam_mount(misc.c:346) error setting uid to 0
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(pam_mount.c:360) pmvarrun says login 
count is -1
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(pam_mount.c:556) going to unmount
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:368) information for mount:
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:369) ----------------------
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:370) (defined by globalconf)
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:373) user:          plegrand
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:374) server: 
192.168.39.248
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:375) volume:        plegrand
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:376) mountpoint: 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:377) options: 
dmask=0751,uid=plegrand
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:378) fs_key_cipher:
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:379) fs_key_path:
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:380) use_fstab:   0
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:381) ----------------------
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(misc.c:264) command: /usr/bin/lsof 
[/home/users/biatoss/plegrand/plegrand_SIOUX]
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:131) lsof output (should be 
empty)...
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:133) waiting for lsof
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(misc.c:264) command: /usr/bin/sudo 
[/usr/bin/smbumount] [/home/users/biatoss/plegrand/plegrand_SIOUX]
Mar 18 08:38:36 ltsp sshd[3600]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=534:2902, effective uid/gid=534:2902
Mar 18 08:38:36 ltsp sshd[3600]: pam_mount(misc.c:346) error setting uid to 0
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:487) umount errors (should be 
empty):
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:100) pam_mount(misc.c:341) 
set_myuid(pre): real uid/gid=534:2902, effective uid/gid=534:2902
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:100) pam_mount(misc.c:346) 
error setting uid to 0
Mar 18 08:38:36 ltsp sudo: plegrand : TTY=unknown ; PWD=/ ; USER=root ; 
COMMAND=/usr/bin/smbumount /home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(mount.c:490) waiting for umount
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(pam_mount.c:567) pam_mount execution 
complete
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(pam_mount.c:106) Clean global config (0)
Mar 18 08:38:36 ltsp sshd[3569]: pam_mount(pam_mount.c:123) clean system authtok (0)
*******************************************************************************************************************************************************

Connection/disconnection on the server from a thin client (ldm/ssh)

Mar 18 08:43:13 ltsp sshd[3603]: Accepted password for plegrand from 
192.168.39.224 port 3067 ssh2
Mar 18 08:43:14 ltsp sshd[3605]: (pam_unix) session opened for user plegrand by 
(uid=0)
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(readconfig.c:197) reading 
options_allow...
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(readconfig.c:180) reading 
options_require...
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(pam_mount.c:439) back from global 
readconfig
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(pam_mount.c:441) per-user 
configurations not allowed by pam_mount.conf
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(pam_mount.c:459) pam_sm_open_session: 
real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(readconfig.c:418) checking sanity of 
volume record (plegrand)
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(pam_mount.c:474) about to perform 
mount operations
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:368) information for mount:
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:369) ----------------------
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:370) (defined by globalconf)
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:373) user:          plegrand
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:374) server: 
192.168.39.248
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:375) volume:        plegrand
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:376) mountpoint: 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:377) options: 
dmask=0751,uid=plegrand
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:378) fs_key_cipher:
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:379) fs_key_path:
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:380) use_fstab:   0
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:381) ----------------------
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:177) realpath of volume 
"/home/users/biatoss/plegrand/plegrand_SIOUX" is 
"/home/users/biatoss/plegrand/plegrand_SIOUX"
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:182) checking to see if 
//192.168.39.248/plegrand is already mounted at 
/home/users/biatoss/plegrand/plegrand_SIOUX
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:799) checking for encrypted 
filesystem key configuration
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:819) about to start building 
mount command
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(misc.c:264) command: 
/usr/bin/smbmount [//192.168.39.248/plegrand] 
[/home/users/biatoss/plegrand/plegrand_SIOUX] [-o] [username=plegrand,uid=534,gid
Mar 18 08:43:14 ltsp sshd[3606]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:43:14 ltsp sshd[3606]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:851) mount errors (should be 
empty):
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:100) pam_mount(misc.c:341) 
set_myuid(pre): real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:100) pam_mount(misc.c:376) 
set_myuid(post): real uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(mount.c:854) waiting for mount
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(pam_mount.c:123) clean system authtok (0)
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(misc.c:264) command: /bin/true
Mar 18 08:43:14 ltsp sshd[3611]: pam_mount(misc.c:341) set_myuid(pre): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:43:14 ltsp sshd[3611]: pam_mount(misc.c:376) set_myuid(post): real 
uid/gid=0:2902, effective uid/gid=0:2902
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(pam_mount.c:360) pmvarrun says login 
count is -1
Mar 18 08:43:14 ltsp sshd[3605]: pam_mount(pam_mount.c:491) done opening session

On logout there is nothing in auth.log and 
/home/users/biatoss/plegrand/plegrand_SIOUX is not unmounted

*******************************************************************************************************************************************************
-- 

---------------------------------------------------------------
Pascal Legrand
*IUT de Chartres* - _Service Informatique_
---------------------------------------------------------------
1, place Roger Joly
28000 Chartres
Tel : 02 37 91 83 36 - Fax: 02 37 91 83 01

Message #15 received at 471793@bugs.debian.org (full text, mbox, reply):

From: vagrant@freegeek.org

To: Pascal <pascal.legrand@univ-orleans.fr>, 471793@bugs.debian.org

Subject: Bug#471793: ldm doesn't handle pam logouts properly

Date: Fri, 25 Apr 2008 08:00:30 -0700

tags 471793 help
thanks

On Thu, Mar 20, 2008 at 09:08:18AM +0100, Pascal wrote:
> when a user use ldm to connect, everything works fine and all the
> transaction is logged in auth.log, when he logout the session is
> closed but nothing in the auth.log and all the actions which have to
> be done after logout are not done as the user was not disconnected.
> for exemple with pam_mount module, when the user logout the samba
> share mounted during loggin is not unmounted, while the session is
> closed.

i don't quite know where to go next with this, so i'm tagging it help.

for anyone watching, basically ldm uses ssh -X to log into the server.
pam session hooks don't get executed on logout when using ldm. but if
you ssh manually, the pam session hooks do get executed on logout.

live well,
  vagrant

Message #22 received at 471793@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@hungry.com>

To: vagrant@freegeek.org, 471793@bugs.debian.org

Cc: Pascal <pascal.legrand@univ-orleans.fr>

Subject: Re: [Pkg-ltsp-devel] Bug#471793: ldm doesn't handle pam logouts properly

Date: Sun, 27 Apr 2008 23:39:00 +0200

[Vagrant Cascadian]
> for anyone watching, basically ldm uses ssh -X to log into the
> server.  pam session hooks don't get executed on logout when using
> ldm. but if you ssh manually, the pam session hooks do get executed
> on logout.

Perhaps the ssh session isn't terminated when a user log out?  I
tested using pam-hooks with ssh login both interactive and
non-interactive, and the pam session hooks are executed both when the
session is opened and closed.  One thing I notice is that the open
event is executed as user root, while the close event is executed as
the non-privileged user logging in.  This might be a problem when
mounting file systems.

Happy hacking,
-- 
Petter Reinholdtsen

Message #27 received at 471793@bugs.debian.org (full text, mbox, reply):

From: vagrant@freegeek.org

To: 471793@bugs.debian.org

Cc: Pascal <pascal.legrand@univ-orleans.fr>

Subject: Re: Bug#471793: ldm doesn't handle pam logouts properly

Date: Mon, 28 Apr 2008 12:22:13 -0700

On Sun, Apr 27, 2008 at 11:39:00PM +0200, Petter Reinholdtsen wrote:
> [Vagrant Cascadian]
> > for anyone watching, basically ldm uses ssh -X to log into the
> > server.  pam session hooks don't get executed on logout when using
> > ldm. but if you ssh manually, the pam session hooks do get executed
> > on logout.
> 
> Perhaps the ssh session isn't terminated when a user log out?  I
> tested using pam-hooks with ssh login both interactive and
> non-interactive, and the pam session hooks are executed both when the
> session is opened and closed.  

in my experience, i've tested manually ssh'ing to the same server, and i
see a logs for opening and closing the session. when doing so with ldm
on the same server, it has a log entry for opening the session, but not
closing it.

my guess is that it might have to do with how ldm does "kill $PPID" (the
parent process id) at the end of every session. it would require
recompiling ldm to test this.

live well,
  vagrant

Message #32 received at 471793@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@freegeek.org>

To: 471793@bugs.debian.org, 471793-submitter@bugs.debian.org

Subject: [Ltsp-developer] properly closing ldm logins

Date: Wed, 20 Aug 2008 11:44:05 -0700

i've been working on getting pam logouts, and figured i'd forward some
of the information:

----- Forwarded message from Vagrant Cascadian <vagrant@freegeek.org> -----

 Date: Wed, 20 Aug 2008 10:23:03 -0700
 From: Vagrant Cascadian <vagrant@freegeek.org>
 To: ltsp-developer@lists.sourceforge.net
 Subject: [Ltsp-developer] properly closing ldm logins

so, the basic story is that we do an ugly hack to make sure when you log
out of an ldm session, ssh closes the connection and logs out.

this ugly hack is tacking on the end of the ssh call to Xsession,
ltspfsmounter, etc.:

  kill -1 $PPID

without it, logouts tend to hang (at least with older versions of
openssh-server, more later).

PPID is set to the pid of the sshd socket closed, so this effectively
breaks the ssh connection, but in a very unclean manner. this has a
couple drawbacks:

  * ldm's logout scripts (/usr/share/ldm/rc.d/K*) do not have access to
    the ssh tunnel
  * pam doesn't properly register the logout, so any pam hooks executed
    on logout will not work (http://bugs.debian.org/471793)

there was a patch to use "ssh -O exit", but this doesn't work with older
openssh-server versions (seems to work on debian lenny with 5.1, but not
4.7- would be good to get feedback from other distros).

it seems a little bit harsh to require openssh-server 5.1 (or even 5 or
4.8 or whatever) just to properly log out of an application server, so
i'm thinking we need some sort of conditional behavior based on the
version of openssh-server installed on the server.

figuring out the version of openssh-server in a distro-independent way
is... tricky.

my current thought about how to implement it, would be to add
distro-specific plugins to ldminfod that determine the openssh-server
version, and pass a flag onto connecting ldms, which revert to the old
behavior (kill -1 $PPID) unless a flag is set.  something like:

  ldm-force-logout: false

which sets an environment variable LDM_FORCE_LOGOUT if not already set
(thus, it could be overridden in lts.conf, though this isn't ideal).

if LDM_FORCE_LOGOUT != false, then it reverts to the old behavior 
(kill -1 $PPID), otherwise, it drops it and we can use "ssh -O exit".

does this seem like a reasonable approach?

other ideas based on suggestions from gadi and ryan52:

ideally, we could ssh to the server, do "/usr/sbin/sshd -V" and get the
version info, but sshd doesn't support -V. we could use "ssh -V", which
is *probably* going to be the same as the openssh server version, but
not definitely... so that seems kind of hackish, also.

live well,
  vagrant

_____________________________________________________________________
Ltsp-developer mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-developer
For additional LTSP help,   try #ltsp channel on irc.freenode.net

----- End forwarded message -----

Message #40 received at 471793@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@freegeek.org>

To: 471793@bugs.debian.org

Subject: ldm doesn't handle pam logouts properly

Date: Wed, 20 Aug 2008 16:20:57 -0700

tags 471793 pending
thanks

attached is a patch which should make it possible for pam logouts to be
handled properly, although it preserves the default behavior of previous
versions. setting LDM_FORCE_LOGOUT=false in lts.conf should allow pam
logouts to work properly. also requires the server having openssh-server
5.1.

=== added file 'K98-force-logout'
--- K98-force-logout	1970-01-01 00:00:00 +0000
+++ K98-force-logout	2008-08-20 22:38:10 +0000
@@ -0,0 +1,8 @@
+# handle logout cleanly, so that pam logout sessions are properly registered.
+# may only work with version openssh-server 5.1+
+# http://bugs.debian.org/471793
+
+if ! boolean_is_true "$LDM_FORCE_LOGOUT"; then
+    # request the ssh master socket to close
+    ssh -O exit -S ${LDM_SOCKET} ${LDM_SERVER} 
+fi

=== added file 'patches/force-logout.dpatch'
--- patches/force-logout.dpatch	1970-01-01 00:00:00 +0000
+++ patches/force-logout.dpatch	2008-08-20 22:33:08 +0000
@@ -0,0 +1,64 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## force-logout.dpatch by Vagrant Cascadian <vagrant@freegeek.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+
+## DP: allow cleaner process for killing X session through setting
+## DP: LDM_FORCE_LOGOUT=false. preserve previous behavior by default,
+## DP: as this requires openssh-server version 5.1.
+## DP: see: http://bugs.debian.org/471793
+
+@DPATCH@
+diff -urNad ldm-2.0.6~/screen.d/ldm ldm-2.0.6/screen.d/ldm
+--- ldm-2.0.6~/screen.d/ldm	2008-08-20 13:49:00.000000000 -0700
++++ ldm-2.0.6/screen.d/ldm	2008-08-20 13:49:51.000000000 -0700
+@@ -30,6 +30,10 @@
+     fi
+ fi
+ 
++if [ -z "$LDM_FORCE_LOGOUT" ]; then
++    export LDM_FORCE_LOGOUT=True
++fi
++
+ while :; do
+     #
+     # Server scalability.  If there exists a /usr/share/ltsp/get_hosts file, then
+diff -urNad ldm-2.0.6~/src/ldm.c ldm-2.0.6/src/ldm.c
+--- ldm-2.0.6~/src/ldm.c	2008-08-20 13:48:53.000000000 -0700
++++ ldm-2.0.6/src/ldm.c	2008-08-20 13:49:01.000000000 -0700
+@@ -312,10 +312,12 @@
+         cmd[i++] = "cleanup";
+     }
+ 
+-    cmd[i++] = ";";
+-    cmd[i++] = "kill";
+-    cmd[i++] = "-1";
+-    cmd[i++] = "$PPID";
++    if(ldminfo.force_logout) {
++        cmd[i++] = ";";
++        cmd[i++] = "kill";
++        cmd[i++] = "-1";
++        cmd[i++] = "$PPID";
++    }
+     cmd[i++] = NULL;
+ 
+     xsessionpid = ldm_spawn(cmd);
+@@ -448,6 +450,7 @@
+     scopy(ldminfo.override_port, getenv("SSH_OVERRIDE_PORT"));
+     ldminfo.directx = ldm_getenv_bool("LDM_DIRECTX");
+     ldminfo.autologin = ldm_getenv_bool("LDM_AUTOLOGIN");
++    ldminfo.force_logout = ldm_getenv_bool("LDM_FORCE_LOGOUT");
+     scopy(ldminfo.lang, getenv("LDM_LANGUAGE"));
+     scopy(ldminfo.session, getenv("LDM_SESSION"));
+     if (*ldminfo.session == '\0') {
+diff -urNad ldm-2.0.6~/src/ldm.h ldm-2.0.6/src/ldm.h
+--- ldm-2.0.6~/src/ldm.h	2008-08-20 13:48:53.000000000 -0700
++++ ldm-2.0.6/src/ldm.h	2008-08-20 13:49:01.000000000 -0700
+@@ -24,6 +24,7 @@
+     int     sshfd;
+     int     greeterrfd;
+     int     greeterwfd;
++    int     force_logout;
+     pid_t   sshpid;
+     GPid    xserverpid;
+     GPid    greeterpid;

live well,
  vagrant

Message #47 received at 471793-close@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@freegeek.org>

To: 471793-close@bugs.debian.org

Subject: Bug#471793: fixed in ldm 2:2.0.6-2

Date: Thu, 21 Aug 2008 00:17:04 +0000

Source: ldm
Source-Version: 2:2.0.6-2

We believe that the bug you reported is fixed in the latest version of
ldm, which is due to be installed in the Debian FTP archive:

ldm_2.0.6-2.diff.gz
  to pool/main/l/ldm/ldm_2.0.6-2.diff.gz
ldm_2.0.6-2.dsc
  to pool/main/l/ldm/ldm_2.0.6-2.dsc
ldm_2.0.6-2_i386.deb
  to pool/main/l/ldm/ldm_2.0.6-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 471793@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vagrant Cascadian <vagrant@freegeek.org> (supplier of updated ldm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 20 Aug 2008 16:29:22 -0700
Source: ldm
Binary: ldm
Architecture: source i386
Version: 2:2.0.6-2
Distribution: unstable
Urgency: low
Maintainer: LTSP Debian/Ubuntu Maintainers <pkg-ltsp-devel@lists.alioth.debian.org>
Changed-By: Vagrant Cascadian <vagrant@freegeek.org>
Description: 
 ldm        - LTSP display manager
Closes: 471793
Changes: 
 ldm (2:2.0.6-2) unstable; urgency=low
 .
   * apply patch to allow for cleanly disconnecting ssh session, so pam
     sessions to properly register logouts. thanks to Pascal Legrand for the
     report. (Closes: #471793)
   * updated Standards-Version to 3.8.0, no changes needed.
Checksums-Sha1: 
 967a2eab6d632a920ee708a1a611171738ed7d0d 1388 ldm_2.0.6-2.dsc
 2d6c5ec9765584bb50fabf70c3309628de99cbeb 7677 ldm_2.0.6-2.diff.gz
 16be653a79703f95154aef9f070aa93963aceb34 155112 ldm_2.0.6-2_i386.deb
Checksums-Sha256: 
 5cfcfe6e13729fdc9606a2748127cd0726093bb6c8bce3347cb4c9a599ad2272 1388 ldm_2.0.6-2.dsc
 e5ea0efb22ca7ea1fa37cc4c2fc1a1c4c661511a14e485631c9c24f76010ae5e 7677 ldm_2.0.6-2.diff.gz
 f9098cddd0465aa8d251db5af30d9374193d0965ae2504913a1ed3b6db028f61 155112 ldm_2.0.6-2_i386.deb
Files: 
 039aff964b4ae55816784a5eb1b103a6 1388 misc extra ldm_2.0.6-2.dsc
 fc142f31b70377799c41b089c51d3fec 7677 misc extra ldm_2.0.6-2.diff.gz
 8c53f62b53f30c225b454700e90937eb 155112 misc extra ldm_2.0.6-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkisr8QACgkQlPc63BPWGpl5sACfayb8cyxQ7eiGoOojyia4uMsz
gKsAn0y4YL8x5/yTgAcA2NeVmeggkzBG
=+oXi
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.