Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1302414

Summary: pam_krb5 not clearing errno before calling getpwnam_r()
Product: Red Hat Enterprise Linux 6 Reporter: Roshni <rpattath>
Component: pam_krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.8CC: jhrozek, nalin, pkis
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://git.fedorahosted.org/cgit/pam_krb5.git/commit/?id=18b4ecea4e25fd3cc17f13203c59249c6e389820
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-18 17:28:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Roshni 2016-01-27 19:00:49 UTC 
Description of problem:
pam_krb5 not clearing errno before calling getpwnam_r(), so it can get stuck when looking up user information

Version-Release number of selected component (if applicable):
pam_krb5-2.3.11-9.el6.i686

How reproducible:
always

Steps to Reproduce:
1. Noticed during Smartcard login with kerberos user
2.
3.

Actual results:


Expected results:


Additional info:
Some debug log information

Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pcscd: ifdhandler.c:1091:IFDHTransmitToICC() usb:076b/3021:libhal:/org/freedesktop/Hal/devices/usb_device_76b_3021_noserial_if0 (lun: 0)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: debug
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flags: forwardable
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no ignore_afs
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no null_afs
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: cred_session
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: preauth_options(template): X509_user_identity=PKCS11:/usr/lib/pkcs11/libcoolkeypk11.so
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: user_check
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no krb4_convert
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: krb4_convert_524
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: krb4_use_as_req
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: will try previously set password first
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: will not let libkrb5 ask questions
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no use_shmem
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no external
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: no multiple_ccaches
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: validate
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: flag: warn
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ticket lifetime: 3600s (0d,1h,0m,0s)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: renewable lifetime: 10800s (0d,3h,0m,0s)
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: banner: Kerberos 5
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ccache dir: /tmp
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: keytab: FILE:/etc/krb5.keytab
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: token strategy: v4,524,2b,rxk5
Jan 27 12:13:39 localhost pam: gdm-smartcard: pam_krb5[2803]: called to authenticate 'kdcuser2', realm 'EXAMPLE.COM'

[root@dhcp129-123 ~]# pstack 2803
#0  0x00cb1424 in __kernel_vsyscall ()
#1  0x0058f4c6 in munmap () from /lib/libc.so.6
#2  0x00525f76 in free () from /lib/libc.so.6
#3  0x00380813 in xstrfree () from /lib/security/pam_krb5.so
#4  0x003803f6 in _pam_krb5_user_info_init () from /lib/security/pam_krb5.so
#5  0x00373ffb in pam_sm_authenticate () from /lib/security/pam_krb5.so
#6  0x0046643f in ?? () from /lib/libpam.so.0
#7  0x00465c22 in pam_authenticate () from /lib/libpam.so.0
#8  0x08051be2 in ?? ()
#9  0x006f62e2 in ?? () from /lib/libglib-2.0.so.0
#10 0x006f86d5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#11 0x006fcd68 in ?? () from /lib/libglib-2.0.so.0
#12 0x006fd2af in g_main_loop_run () from /lib/libglib-2.0.so.0
#13 0x0804bf7f in ?? ()
#14 0x004c6d26 in __libc_start_main () from /lib/libc.so.6
#15 0x0804bc61 in ?? ()
[root@dhcp129-123 ~]# rpm -q pam_krb5-debuginfo
pam_krb5-debuginfo-2.3.11-9.el6.i686