Bug 448485 - Problem with volume sgrp and winbind
Problem with volume sgrp and winbind
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: pam_mount (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Till Maas
Fedora Extras Quality Assurance
http://sourceforge.net/tracker/index....
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-27 04:43 EDT by Thomas Sailer
Modified: 2008-06-28 18:16 EDT (History)
0 users

See Also:
Fixed In Version: 1.18-1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-28 18:16:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to teach pam_mount to use getgrouplist (1.18 KB, patch)
2008-05-27 04:43 EDT, Thomas Sailer
no flags Details | Diff

  None (edit)
Description Thomas Sailer 2008-05-27 04:43:28 EDT
Description of problem:
I'm using pam_mount to automount some windows shares whenever a user logs in.
 
I'm using winbind with "winbind use default domain = true", so users can log 
in using "user" as user name (in addition to "DOMAIN\user"). However, getgrent 
returns only "DOMAIN\user" as member names in gr_mem.
 
The attached patch, which I'm using successfully, adds another method to 
determine user group membership in user_in_sgrp. Namely, it uses getgrouplist 
to enumerate the groups a user belongs to. This is the same method id(1) uses 
to list groups.

Version-Release number of selected component (if applicable):
pam_mount-0.32-3.fc9

How reproducible:
always

Steps to Reproduce:
1.set up winbind to authenticate against a windows domain server, and set 
winbind to use "winbind use default domain = yes"
2.set up pam_mount to mount some cifs/smb volume from the windows domain 
server, and use sgrp to constrain it to users which are member of some windows 
domain
3.log in, and watch pam_mount ignoring the volume mount.
Comment 1 Thomas Sailer 2008-05-27 04:43:28 EDT
Created attachment 306747 [details]
Patch to teach pam_mount to use getgrouplist
Comment 2 Till Maas 2008-05-27 05:10:34 EDT
I reported this to upstream:

http://sourceforge.net/mailarchive/forum.php?forum_name=pam-mount-user
Comment 3 Fedora Update System 2008-06-11 18:53:28 EDT
pam_mount-0.40-1.fc9 has been submitted as an update for Fedora 9
Comment 4 Till Maas 2008-06-11 19:03:47 EDT
There will be an update of pam_mount be in updates-testing, soon. Please test it
and report here whether this fixes your problem. According to upstream, it
should already work without your patch.
Comment 5 Fedora Update System 2008-06-12 22:21:03 EDT
pam_mount-0.40-1.fc9, libHX-1.18-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pam_mount libHX'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5269
Comment 6 Thomas Sailer 2008-06-16 18:16:55 EDT
The original bug has indeed been fixed.

Unfortunately, sgrp no longer works for me, neither using the simple nor the
extended syntax. Upstream has confirmed this and a fix is apparently in upstream
svn. So let's wait for 0.41, I guess...

See:
http://sourceforge.net/tracker/index.php?func=detail&aid=1974442&group_id=41452&http://sourceforge.net/tracker/index.php?func=detail&aid=1974442&group_id=41452&atid=430593
Comment 7 Fedora Update System 2008-06-17 06:33:32 EDT
pam_mount-0.41-1.fc9 has been submitted as an update for Fedora 9
Comment 8 Fedora Update System 2008-06-17 23:13:31 EDT
libHX-1.18-1.fc9, pam_mount-0.41-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libHX pam_mount'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5398
Comment 9 Thomas Sailer 2008-06-18 09:58:26 EDT
I've tried 0.41, and sgrp="xx" now indeed works.

I'm still having problems with <or><sgrp>XX</sgrp><sgrp>xx</sgrp></or>, as that
still matches users who are not members of xx or XX.
Comment 10 Fedora Update System 2008-06-23 09:35:19 EDT
pam_mount-0.41-2.fc9 has been submitted as an update for Fedora 9
Comment 11 Fedora Update System 2008-06-28 18:16:38 EDT
libHX-1.18-1.fc9, pam_mount-0.41-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.