[Bug 2068729] Re: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol

Thu Jun 27 16:38:33 UTC 2024

Hello, we'll likely have to figure out what other commits we need to
bring in into the Noble patch. But first, some questions. Is this error

user at ubuntu:~$ sudo vi /etc/passwd
free(): double free detected in tcache 2
Aborted (core dumped)

due to the fact that you configured /etc/pam.d/sudo to authenticate
using radius? Does `sudo true` also crash?

It would be helpful to have a reproducer of this crash from a clean
Noble system. Ideally something on these lines:

$ lxc launch ubuntu:noble reprocontainer
$ lxc exec reprocontainer bash
# add-apt-repository ppa:lvoytek/libpam-radius-auth-ipv4-6-yes-no
# apt update && apt install ...
# vim /etc/pam.d/..., remove X, add Y
# sudo ...
[crash!]

Would you be able to come up with something like that and share it?

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/2068729

Title:
  pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not
  supported by protocol

Status in libpam-radius-auth package in Ubuntu:
  Triaged
Status in shadow package in Ubuntu:
  New

Bug description:
  New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure
  config states that IPv6 is to be disabled unless it's in use).

  lsb_release -rd:
  No LSB modules are available.
  Description:    Ubuntu 24.04 LTS
  Release:        24.04

  apt-cache policy libpam-radius-auth
  libpam-radius-auth:
    Installed: 2.0.1-1
    Candidate: 2.0.1-1
    Version table:
   *** 2.0.1-1 500
          500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
          100 /var/lib/dpkg/status

  What you expected to happen:
  Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c, the pam_radius_auth module must support ipv6 and ipv4 options.

  /etc/pam.d/sshd:
  auth       sufficient   pam_radius_auth.so  conf=/etc/pam_radius_auth.conf retry=3 ipv4=yes ipv6=no debug

  What happened instead:
  2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1, built on Aug 19 2023 at 14:08:42
  2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv4=yes'
  2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv6=no'
  2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG: conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
  2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got user name: 'test'
  2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-radius-auth/+bug/2068729/+subscriptions