Bug 819244 - functions not returning actual return codes
functions not returning actual return codes
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: PyPAM (Show other bugs)
6.4
Unspecified Linux
unspecified Severity medium
: rc
: ---
Assigned To: Tomas Mraz
Red Hat Satellite QA List
:
Depends On:
Blocks: 836169 947782 1159825
  Show dependency treegraph
 
Reported: 2012-05-05 17:47 EDT by Ted X Toth
Modified: 2016-07-21 07:23 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-21 07:23:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ted X Toth 2012-05-05 17:47:23 EDT
Description of problem:
acct_mgmt and other functions don't return the actual return code so you can't handle situations like password expiration because you never get PAM.PAM_NEW_AUTHTOK_REQD. I think all function should use PyPAM_Err to return their actual return code.

Version-Release number of selected component (if applicable):


How reproducible:
Using the System->Administration->Users and Groups set  User Properties->Password Info->'Force password change on next login' on some user then run the test code supplied. 'acct_mgmt' will throw an exception but does not supply 'code' which is needed to figure out what to do next.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Test code:

#!/usr/bin/env python

import sys
import PAM
from getpass import getpass

def pam_conv(auth, query_list):

    resp = []

    print query_list

    for i in range(len(query_list)):
        query, type = query_list[i]
        if type == PAM.PAM_PROMPT_ECHO_ON:
            val = raw_input(query)
            resp.append((val, 0))
        elif type == PAM.PAM_PROMPT_ECHO_OFF:
            val = getpass(query)
            resp.append((val, 0))
        elif type == PAM.PAM_PROMPT_ERROR_MSG or type == PAM.PAM_PROMPT_TEXT_INFO:
            print query
            resp.append(('', 0));
        else:
            return None

    return resp

service = 'passwd'

if len(sys.argv) == 2:
    user = sys.argv[1]
else:
    user = None

auth = PAM.pam()
auth.start(service)

if user != None:
    auth.set_item(PAM.PAM_USER, user)

auth.set_item(PAM.PAM_CONV, pam_conv)

try:
    auth.authenticate()
    auth.acct_mgmt()
except PAM.error, (resp, code):
    print 'Exception: (%s)' % resp

if code == PAM.PAM_NEW_AUTHTOK_REQD:
    while True:
        try:
            auth.chauthtok(PAM.PAM_CHANGE_EXPIRED_AUTHTOK)
        except PAM.error, (resp, code):
            print resp, code
        if code == PAM.PAM_AUTHTOK_ERR or code == PAM.PAM_TRY_AGAIN:
            continue
        else:
            break

auth.setcred(PAM.PAM_ESTABLISH_CRED)
Comment 6 Tomas Mraz 2016-07-21 07:23:41 EDT
This is fixed in Red Hat Enterprise Linux 7.

Note You need to log in before you can comment on or make changes to this bug.