wbinfo_pam_logon() calls wbcLogonUser(&error) with and expects the error pointer to be allocated on failure. nsswitch/wbinfo.c: 1748 static bool wbinfo_pam_logon(char *username) 1749 { ... 1752 struct wbcAuthErrorInfo *error; ... 1796 wbc_status = wbcLogonUser(¶ms, NULL, &error, NULL); ... 1803 if (!WBC_ERROR_IS_OK(wbc_status)) { 1804 d_fprintf(stderr, 1805 "error code was %s (0x%x)\nerror message was: %s\n", 1806 error->nt_string, 1807 (int)error->nt_status, 1808 error->display_string); It's incorrect to assume error is allocated, wbcLogonUser() only does so if the nt_status response is non-zero. nsswitch/libwbclient/wbc_pam.c: 1037 wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, 1038 struct wbcLogonUserInfo **info, 1039 struct wbcAuthErrorInfo **error, 1040 struct wbcUserPasswordPolicyInfo **policy) 1041 { ... 142 wbc_status = wbcRequestResponse(WINBINDD_PAM_AUTH, 1143 &request, 1144 &response); 1145 1146 if (response.data.auth.nt_status != 0) { 1147 if (error) { 1148 wbc_status = wbc_create_error_info(&response, 1149 error); 1150 BAIL_ON_WBC_ERROR(wbc_status); 1151 } 1152 1153 wbc_status = WBC_ERR_AUTH_ERROR; 1154 BAIL_ON_WBC_ERROR(wbc_status); 1155 } 1156 BAIL_ON_WBC_ERROR(wbc_status); ... 1170 done: 1171 winbindd_free_response(&response); 1172 1173 return wbc_status; Patch to follow.
Created attachment 8783 [details] patch for 3.6 and 4.0 branches Same change as is in master.
Comment on attachment 8783 [details] patch for 3.6 and 4.0 branches LGTM for 3.6.next and 4.0.next
Re-assigning to Karolin for inclusion in 3.6.next and 4.0.next. Jeremy.
Pushed to v3-6-test and autobuild-v4-0-test.
Pushed to v4-0-test. Closing out bug report. Thanks!