Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 234513

Summary: [LSPP] pam_namespace crashes with non-existent users in namespace.conf
Product: Red Hat Enterprise Linux 5 Reporter: Linda Knippers <linda.knippers>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: iboverma, krisw, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2007-0555 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-07 15:40:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 224041    

Description Linda Knippers 2007-03-29 19:15:58 UTC 
Description of problem:
If the namespace.conf file includes in the list of user accounts to
not polyinstantiate an account that doesn't exist, pam_namespace.so
will fail and no users can log in.

Version-Release number of selected component (if applicable):
It was seen in pam-0.99.6.2-3.14.el5 but I believe the problem
still exists in the latest code.

How reproducible:
always

Steps to Reproduce:
1.configure a system with pam_namespace.so configured as for an LSPP system.
This means pam_namespace in the /etc/pam.d/login file and the lines in
/etc/security/namespace.conf uncommented.
2.edit /etc/security/namespace.conf to add a login name for an account that
doesn't exist.
3.Try to log in 
  
Actual results:
pam_namespace.so crashes and no users can log in.
If debug is enabled for pam_namespace.so the last line in 
/var/log/secure will be that its parsing the config file.

Expected results:
Users should be able to log in.

Additional info:

This is an untested patch.  I don't know if there are other
instances of the same problem.

--- pam_namespace.c     2007-03-29 15:02:06.000000000 -0400
+++ pam_namespace.c.ljk 2007-03-29 15:08:59.000000000 -0400
@@ -302,6 +302,8 @@ static int process_line(char *line, cons
                 *tptr = '\0';

             pwd = getpwnam(ustr);
+            if (!pwd)
+               continue;
             *uidptr = pwd->pw_uid;
             if (i < count - 1) {
                 ustr = tptr + 1;
Comment 2 Tomas Mraz 2007-03-30 14:23:55 UTC 
The patch isn't right but the bug is real. It is fixed in pam-0.99.6.2-3.18.el5.
Comment 3 Linda Knippers 2007-03-30 14:30:52 UTC 
Well, I said untested. :-)
I'll give the updated package a try.  Thanks.
Comment 4 Linda Knippers 2007-03-30 14:44:24 UTC 
The new package solves the problem.  Thanks!
Comment 8 errata-xmlrpc 2007-11-07 15:40:27 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0555.html