141380 – gdm passes user input to sessreg, rather than pwent

Bug 141380 - gdm passes user input to sessreg, rather than pwent

Summary: gdm passes user input to sessreg, rather than pwent

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	gdm
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Ray Strode [halfline]
QA Contact:	Mike McLean
Docs Contact:
URL:	https://listman.redhat.com/archives/k...
Whiteboard:
Depends On:
Blocks:	132991
TreeView+	depends on / blocked

Reported:	2004-11-30 20:08 UTC by Mike Patnode
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-05-20 03:25:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch to daemon/slave.c (1.46 KB, patch) 2004-11-30 20:09 UTC, Mike Patnode	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2005:086	0	normal	SHIPPED_LIVE	gdm bug fix update	2005-05-19 04:00:00 UTC

Description Mike Patnode 2004-11-30 20:08:08 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; 
Maxthon; .NET CLR 1.1.4322)

Description of problem:
Many pam/nss modules (IE: winbind, ldap, etc..) allow the user to 
enter a non-Unix username at the login prompt. IE: domain+user, 
user@domain, domain\\user, etc...   Since gdm passes exactly what was 
typed to sessreg, it will often fail, or worse, create non-sensical 
wtmp entries.

All such pam modules will map the non-standard name to a standard one 
and either find or generate a correct password entry structure.

A simple change to gdm to pass the username from the pwent rather 
than what the user typed in.   The pwent name should also be used for 
environment variables as well.

Version-Release number of selected component (if applicable):
gdm-2.4.1.6-5

How reproducible:
Always

Steps to Reproduce:
1. Configure windbind, log in using the Windows username including a 
space or some other non-unix friendly character.

    

Actual Results:  User is told their session exited immediately.  
Following error in /var/log/messages:

gdm_slave_session_start: Execution of PreSession script returned > 0. 
Aborting.


Expected Results:  User should be able to log in with their unix name 
put in wtmp.

Additional info:

Patch attached...

Comment 1 Mike Patnode 2004-11-30 20:09:12 UTC

Created attachment 107647 [details]
patch to daemon/slave.c

Comment 2 Ray Strode [halfline] 2004-12-01 16:10:12 UTC

Thanks, I'll apply your patch soon.

Comment 3 Ray Strode [halfline] 2004-12-01 16:42:04 UTC

This seems like a reasonable candidate for a RHEL3 update.

Comment 4 Ray Strode [halfline] 2005-01-27 00:37:35 UTC

Marking MODIFIED while QA tests the fix for RHEL3-U5

Comment 5 Dennis Gregorovic 2005-05-20 03:25:47 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-086.html

Note You need to log in before you can comment on or make changes to this bug.