Bug 234513 - [LSPP] pam_namespace crashes with non-existent users in namespace.conf
[LSPP] pam_namespace crashes with non-existent users in namespace.conf
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
:
Depends On:
Blocks: RHEL5LSPPCertTracker
  Show dependency treegraph
 
Reported: 2007-03-29 15:15 EDT by Linda Knippers
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHSA-2007-0555
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 10:40:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Linda Knippers 2007-03-29 15:15:58 EDT
Description of problem:
If the namespace.conf file includes in the list of user accounts to
not polyinstantiate an account that doesn't exist, pam_namespace.so
will fail and no users can log in.

Version-Release number of selected component (if applicable):
It was seen in pam-0.99.6.2-3.14.el5 but I believe the problem
still exists in the latest code.

How reproducible:
always

Steps to Reproduce:
1.configure a system with pam_namespace.so configured as for an LSPP system.
This means pam_namespace in the /etc/pam.d/login file and the lines in
/etc/security/namespace.conf uncommented.
2.edit /etc/security/namespace.conf to add a login name for an account that
doesn't exist.
3.Try to log in 
  
Actual results:
pam_namespace.so crashes and no users can log in.
If debug is enabled for pam_namespace.so the last line in 
/var/log/secure will be that its parsing the config file.

Expected results:
Users should be able to log in.

Additional info:

This is an untested patch.  I don't know if there are other
instances of the same problem.

--- pam_namespace.c     2007-03-29 15:02:06.000000000 -0400
+++ pam_namespace.c.ljk 2007-03-29 15:08:59.000000000 -0400
@@ -302,6 +302,8 @@ static int process_line(char *line, cons
                 *tptr = '\0';

             pwd = getpwnam(ustr);
+            if (!pwd)
+               continue;
             *uidptr = pwd->pw_uid;
             if (i < count - 1) {
                 ustr = tptr + 1;
Comment 2 Tomas Mraz 2007-03-30 10:23:55 EDT
The patch isn't right but the bug is real. It is fixed in pam-0.99.6.2-3.18.el5.
Comment 3 Linda Knippers 2007-03-30 10:30:52 EDT
Well, I said untested. :-)
I'll give the updated package a try.  Thanks.
Comment 4 Linda Knippers 2007-03-30 10:44:24 EDT
The new package solves the problem.  Thanks!
Comment 8 errata-xmlrpc 2007-11-07 10:40:27 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0555.html

Note You need to log in before you can comment on or make changes to this bug.