RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2093381 - Changing password to an user using yppasswd fails
Summary: Changing password to an user using yppasswd fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Deadline: 2022-10-17
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: yp-tools
Version: 8.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Ondřej Sloup
QA Contact: Vaclav Danek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-06-03 14:46 UTC by Daniel Filho
Modified: 2023-05-16 09:23 UTC (History)
6 users (show)

Fixed In Version: yp-tools-4.2.3-2.el8
Doc Type: Bug Fix
Doc Text:
Cause: If a user has an exclamation mark (!) or possibly star (*) flag in their hashed password in /etc/shadow, the yppasswd will segfault. Those symbols are not the actual hashed passwords of the user but rather flags of the account. See example: ``` $ ypcat passwd fedora:!!:1000:1000:fedora cld:/home/fedora:/bin/bash ``` Consequence: This result in a segmentation fault when the crypt() function in verifypassword() in v4.2.3/yp-tools-4.2.3/src/yppasswd.c receives previous password (salt) as a !! (or *) which is undefined behaviour, and the crypt function returns NULL. The two exclamation marks symbolize a locked account (an account with no initialized password) and a star (a locked account). ``` Changing the NIS password for fedora on XYZ. Please enter new password: Segmentation fault (core dumped) ``` Fix: Since the yppasswd does not have implemented this use case and it would be too difficult to do it now, it is proposed to just exit with an explanation of what happened. The OpenSUSE is using `--enable-call-passwd` while compiling, which deprecates the yppasswd completely, but that is not a good idea in our case due to backward compatibility. More here: https://www.suse.com/support/kb/doc/?id=000017269 Result: The patch for adding the check for the flag is added. When the program sees that there is a `!` or `*`, which should not ever happen in a generated hash that is accepted by the crypt function, it will inform the user and close the program. Workaround: The user can use passwd tool to change the account, unlock it or set an initial password. This feature is not implemented in yppasswd and will not be implemented by upstream as they deprecated the tool and replaced it with passwd.
Clone Of:
Environment:
Last Closed: 2023-05-16 08:26:43 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-124220 0 None None None 2022-06-03 14:49:14 UTC
Red Hat Product Errata RHBA-2023:2773 0 None None None 2023-05-16 08:26:44 UTC

Comment 2 Ondřej Sloup 2022-07-04 11:12:15 UTC 
Steps to Reproduce:
# Init
dnf install ypserv yp-tools ypbind gdb
domainname test
systemctl enable ypserv.service
systemctl start ypserv.service 
systemctl status ypserv.service
cd /var/yp/
make

# Config
nano /etc/sysconfig/network (127.0.0.1)
authselect select nis --force
nano /etc/yp.conf (ypserver 127.0.0.1)
systemctl start ypbind.service 
systemctl status ypbind.service 
ypwhich
yptest
ypcat passwd
which ypserv
rpm -ql ypserv

# Test password
systemctl start yppasswdd.service
systemctl status yppasswdd.service
yppasswd fedora
Comment 3 Ondřej Sloup 2022-07-08 15:58:45 UTC 
The segmentation fault occurs when the `crypt()` function in `verifypassword()` in `yp-tools/v4.2.3/yp-tools-4.2.3/src/yppasswd.c` receives previous password (salt) as a `!!` which is undefined behavior and the crypt function returns NULL. The two exclamation marks symbolize a locked account (account with no initialized password), as explained in https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/system_administration_guide/s2-redhat-config-users-process. I added a patch which checks this behaviour and informs the user. Usually, the passwords should be set, and therefore there shouldn't be any `!` or `!!`.
The patch will be listed in the pull request below.
Comment 4 Ondřej Sloup 2022-07-22 10:53:15 UTC 
There are two possibilities of how the issue can be fixed:
1. Detect the `!` in /etc/shadow, inform the user and exit the script without password change.
2. Let the user set the password if `!` is detected. This solution brings potential problems with validating users and changing unset root passwords.

Need to be discussed with upstream.

Current patch to solve the issue is here:
https://src.fedoraproject.org/fork/osloup/rpms/yp-tools/blob/rawhide/f/yp-tools-4.2.3-yppasswd-fault.patch
Comment 5 Ondřej Sloup 2022-07-22 12:32:32 UTC 
Created ticket https://github.com/thkukuk/yp-tools/issues/9
Comment 6 Ondřej Sloup 2022-07-27 14:52:45 UTC 
The same issue occurs on Fedora 34, RHEL 8.2 and 8.4 with the yppasswd (yp-tools) 4.2.3.
Comment 7 Ondřej Sloup 2022-08-03 12:13:53 UTC 
After a conversation on GitHub created a pull request with the fix.
https://src.fedoraproject.org/rpms/yp-tools/pull-request/2.
Comment 22 errata-xmlrpc 2023-05-16 08:26:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (yp-tools bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2773
Note You need to log in before you can comment on or make changes to this bug.