1302414 – pam_krb5 not clearing errno before calling getpwnam_r()

Bug 1302414 - pam_krb5 not clearing errno before calling getpwnam_r()

Summary: pam_krb5 not clearing errno before calling getpwnam_r()

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	pam_krb5
Sub Component:
Version:	6.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Robbie Harwood
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:	https://git.fedorahosted.org/cgit/pam...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-27 19:00 UTC by Roshni
Modified:	2016-07-18 17:28 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-18 17:28:03 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Roshni 2016-01-27 19:00:49 UTC

Description of problem:
pam_krb5 not clearing errno before calling getpwnam_r(), so it can get stuck when looking up user information

Version-Release number of selected component (if applicable):
pam_krb5-2.3.11-9.el6.i686

How reproducible:
always

Steps to Reproduce:
1. Noticed during Smartcard login with kerberos user
2.
3.

Actual results:


Expected results:


Additional info:
Some debug log information

Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: debug
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flags: forwardable
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no ignore_afs
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no null_afs
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: cred_session
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: preauth_options(template): X509_user_identity=PKCS11:/usr/lib/pkcs11/libcoolkeypk11.so
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: user_check
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no krb4_convert
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: krb4_convert_524
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: krb4_use_as_req
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: will try previously set password first
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: will not let libkrb5 ask questions
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no use_shmem
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no external
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no multiple_ccaches
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: validate
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: warn
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ticket lifetime: 3600s (0d,1h,0m,0s)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: renewable lifetime: 10800s (0d,3h,0m,0s)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: banner: Kerberos 5
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ccache dir: /tmp
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: keytab: FILE:/etc/krb5.keytab
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: token strategy: v4,524,2b,rxk5
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: called to authenticate 'kdcuser2', realm 'EXAMPLE.COM'

[root@dhcp129-123 ~]# pstack 2803
#0  0x00cb1424 in __kernel_vsyscall ()
#1  0x0058f4c6 in munmap () from /lib/libc.so.6
#2  0x00525f76 in free () from /lib/libc.so.6
#3  0x00380813 in xstrfree () from /lib/security/pam_krb5.so
#4  0x003803f6 in _pam_krb5_user_info_init () from /lib/security/pam_krb5.so
#5  0x00373ffb in pam_sm_authenticate () from /lib/security/pam_krb5.so
#6  0x0046643f in ?? () from /lib/libpam.so.0
#7  0x00465c22 in pam_authenticate () from /lib/libpam.so.0
#8  0x08051be2 in ?? ()
#9  0x006f62e2 in ?? () from /lib/libglib-2.0.so.0
#10 0x006f86d5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#11 0x006fcd68 in ?? () from /lib/libglib-2.0.so.0
#12 0x006fd2af in g_main_loop_run () from /lib/libglib-2.0.so.0
#13 0x0804bf7f in ?? ()
#14 0x004c6d26 in __libc_start_main () from /lib/libc.so.6
#15 0x0804bc61 in ?? ()
[root@dhcp129-123 ~]# rpm -q pam_krb5-debuginfo
pam_krb5-debuginfo-2.3.11-9.el6.i686

Note You need to log in before you can comment on or make changes to this bug.