Bug 1290689
| Summary: | util-linux: /bin/login does not retry getpwnam_r with larger buffers, leading to login failure | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | kyoneyama <kyoneyam> |
| Component: | util-linux | Assignee: | Karel Zak <kzak> |
| Status: | CLOSED ERRATA | QA Contact: | qe-baseos-daemons |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.2 | CC: | ashankar, fweimer, huzaifas, jscotka, kyoneyam, mnewsome, pfrankli |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-03 21:25:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1203710, 1289485, 1313485 | ||
How is this related to bug 1206462? I cannot reproduce this. I have this line in /etc/passwd: testuser1:x:1001:1001:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234:/home/testuser1:/bin/bash And: $ getent passwd testuser1 | wc -c 1023 And the user is able to log in after setting a password (with OpenSSH password authentication). My guess is that the customer tries to log on over a TTY or via telnetd. In this case, the system log should contain an error message like this one:
Dec 11 05:35:09 localhost login[28294]: Invalid user name "testuser1" in main:1229. Abort
This refers to login-utils/login.c in util-linux. The error reflects a failure of the get_passwd_entry function, which does this:
struct passwd *res = NULL;
size_t sz = 16384;
int x;
if (!pwdbuf || !username)
return NULL;
#ifdef _SC_GETPW_R_SIZE_MAX
{
long xsz = sysconf(_SC_GETPW_R_SIZE_MAX);
if (xsz > 0)
sz = (size_t) xsz;
}
#endif
*pwdbuf = xrealloc(*pwdbuf, sz);
x = getpwnam_r(username, pwd, *pwdbuf, sz, &res);
_SC_GETPW_R_SIZE_MAX is misnamed, it is a recommended starting value, not an upper bound. But the code in util-linux does not retry with a larger buffer, as it is reqired. See the getpwnam_r manual page for details.
> _SC_GETPW_R_SIZE_MAX is misnamed, it is a recommended starting value, not an upper bound.
Your guess might be right.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
$ rpm -q glibc
glibc-2.17-106.el7_2.1.x86_64
$ cat test_sysconf.c
#include<stdio.h>
#include<unistd.h>
int main(){
size_t sz = 16384;
long xsz = sysconf(_SC_GETPW_R_SIZE_MAX);
if(xsz > 0){
sz = (size_t)xsz;
}
printf("%d %d\n", sz, xsz );
return 0;
}
$ gcc -o test_sysconf test_sysconf.c
$ ./test_sysconf
1024 1024
Please, fix getpwnam man page, because EXAMPLE section suggests SC_GETPW_R_SIZE_MAX as optimal buffer size... Fixed by upstream commit f7ac9e71b18fa7314151f2ab65ee0bdd2ea89c07. The patch hardcodes 16K buffer size, not sure if we have something more elegant... (In reply to Karel Zak from comment #6) > Fixed by upstream commit f7ac9e71b18fa7314151f2ab65ee0bdd2ea89c07. > > The patch hardcodes 16K buffer size, not sure if we have something more > elegant... The recommended way is to keep retrying with a larger buffer size, doubling it every time. The API is somewhat on the bizarre side, but it's how it was standardized in POSIX. This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2605.html |
Description of problem: On RHEL7.2, if the line in "/etc/passwd" is 1023 or more characters(includes EOL code), the user cannot log in. Version-Release number of selected component (if applicable): - Red Hat Enterprise Linux 7.2 - glibc-2.17-106.el7_2.1 How reproducible: Always Steps to Reproduce: 1. Create text file to fill comment field. # for i in {1..97}; do echo -n "1234567890" ; done > list.txt # echo -n 1234 >> list.txt # wc list.txt 0 1 975 list.txt 2. Add new user adding -c option. # useradd -c `cat list.txt` testuser1 3. Check a result of `getent passwd`. # getent passwd testuser1 testuser1:x:1001:1001:12345678901234567890(..snip..)12345678901234:/home/testuser1:/bin/bash # getent passwd testuser1 | wc -c 1023 4. Check whether the user can log in.