Bug 747317

Summary: yppasswdd returns success when /etc/passwd.adjunct is not writable
Product: Red Hat Enterprise Linux 5 Reporter: Honza Horak <hhorak>
Component: ypservAssignee: Honza Horak <hhorak>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.8CC: azelinka, ovasik, psklenar
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 747334 747335 (view as bug list) Environment:
Last Closed: 2012-02-21 05:53:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 747334, 747335    
Attachments:
Description Flags
proposed patch that reports failure when rename() fails none

Description Honza Horak 2011-10-19 13:25:09 UTC 
Description of problem:
If rpc.yppasswdd cannot write into /etc/passwd.adjunct (or /etc/shadow in standard configuration) because of wrong SELinux context, rpc.yppasswdd still reports success, which is wrong.

Version-Release number of selected component (if applicable):
ypserv-2.19-8.el5

How reproducible:
every-time

Steps to Reproduce:
1. change context of /etc/shadow or /etc/passwd.adjunct to wrong one
# chcon -t etc_t /etc/passwd.adjunct
2. try to change password of a user using yppasswd
3. /etc/passwd.adjunct is not updated and a message "Cannot create backup file /etc/passwd.adjunct.OLD: Permission denied" is logged into /var/log/messages
  
Actual results:
yppasswd returns success, so as rpc.yppasswdd in /var/log/messages

Expected results:
yppasswd returns failure, so as rpc.yppasswdd in /var/log/messages
Comment 1 Honza Horak 2011-10-19 14:14:06 UTC 
Created attachment 529012 [details]
proposed patch that reports failure when rename() fails
Comment 2 Honza Horak 2011-10-25 08:00:00 UTC 
Just a note that this bug is easy to test with only slightly modified /CoreOS/ypserv/Regression/rfe-yppasswdd-support-passwd-adjunct.
Comment 4 Honza Horak 2011-10-25 13:50:35 UTC 
Committed to CVS, moving to modified. 
http://post-office.corp.redhat.com/archives/cvs-commits-list/2011-October/msg05734.html
Comment 7 errata-xmlrpc 2012-02-21 05:53:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0205.html