Bug 1302414 - pam_krb5 not clearing errno before calling getpwnam_r()
pam_krb5 not clearing errno before calling getpwnam_r()
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pam_krb5 (Show other bugs)
6.8
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Robbie Harwood
BaseOS QE Security Team
https://git.fedorahosted.org/cgit/pam...
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-27 14:00 EST by Roshni
Modified: 2016-07-18 13:28 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-18 13:28:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Roshni 2016-01-27 14:00:49 EST
Description of problem:
pam_krb5 not clearing errno before calling getpwnam_r(), so it can get stuck when looking up user information

Version-Release number of selected component (if applicable):
pam_krb5-2.3.11-9.el6.i686

How reproducible:
always

Steps to Reproduce:
1. Noticed during Smartcard login with kerberos user
2.
3.

Actual results:


Expected results:


Additional info:
Some debug log information

Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: debug
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flags: forwardable
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no ignore_afs
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no null_afs
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: cred_session
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: preauth_options(template): X509_user_identity=PKCS11:/usr/lib/pkcs11/libcoolkeypk11.so
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: user_check
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no krb4_convert
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: krb4_convert_524
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: krb4_use_as_req
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: will try previously set password first
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: will not let libkrb5 ask questions
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no use_shmem
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no external
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no multiple_ccaches
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: validate
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: warn
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ticket lifetime: 3600s (0d,1h,0m,0s)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: renewable lifetime: 10800s (0d,3h,0m,0s)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: banner: Kerberos 5
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ccache dir: /tmp
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: keytab: FILE:/etc/krb5.keytab
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: token strategy: v4,524,2b,rxk5
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: called to authenticate 'kdcuser2', realm 'EXAMPLE.COM'

[root@dhcp129-123 ~]# pstack 2803
#0  0x00cb1424 in __kernel_vsyscall ()
#1  0x0058f4c6 in munmap () from /lib/libc.so.6
#2  0x00525f76 in free () from /lib/libc.so.6
#3  0x00380813 in xstrfree () from /lib/security/pam_krb5.so
#4  0x003803f6 in _pam_krb5_user_info_init () from /lib/security/pam_krb5.so
#5  0x00373ffb in pam_sm_authenticate () from /lib/security/pam_krb5.so
#6  0x0046643f in ?? () from /lib/libpam.so.0
#7  0x00465c22 in pam_authenticate () from /lib/libpam.so.0
#8  0x08051be2 in ?? ()
#9  0x006f62e2 in ?? () from /lib/libglib-2.0.so.0
#10 0x006f86d5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#11 0x006fcd68 in ?? () from /lib/libglib-2.0.so.0
#12 0x006fd2af in g_main_loop_run () from /lib/libglib-2.0.so.0
#13 0x0804bf7f in ?? ()
#14 0x004c6d26 in __libc_start_main () from /lib/libc.so.6
#15 0x0804bc61 in ?? ()
[root@dhcp129-123 ~]# rpm -q pam_krb5-debuginfo
pam_krb5-debuginfo-2.3.11-9.el6.i686

Note You need to log in before you can comment on or make changes to this bug.