Bug#597174: libpam-mklocaluser: Fail if primary group is unknown
Package: libpam-mklocaluser
Version: 0.1
Severity: important
Tags: patch
If the group caching fail to cache the primary group of the locally
created user, libpam-mklocaluser will block the local user from
logging in. This message show up in the syslog:
Aug 30 19:01:41 knatten pam_mklocaluser[1264]: Unknown username,
should never happen: 'getgrgid(): gid not found: 68313'
The problem is caused by getgrgid() being called even when the group
info isn't needed.
The fix is to move the code into the code block for creating the local
user. It would also be a good idea to add some exception catching
around the call. This untested patch should solve the issue:
* Make script more robust. Move group lookup into the code path where
it is used, to avoid failing if the group is missing when the user
is already available localy.
Index: debian/pam-python.py
===================================================================
--- debian/pam-python.py (revision 69412)
+++ debian/pam-python.py (working copy)
@@ -47,9 +47,6 @@
gecos = userinfo[4]
homedir = userinfo[5]
- groupinfo = grp.getgrgid(gid)
- groupname = groupinfo[0]
-
# Ignore users with uid < 1000
if userinfo[2] < minimum_uid:
return pamh.PAM_SUCCESS
@@ -67,6 +64,13 @@
newhomedir = os.path.join(topdir, user)
if not os.path.isdir(homedir) and not os.path.isdir(newhomedir):
+ try:
+ groupinfo = grp.getgrgid(gid)
+ groupname = groupinfo[0]
+ except KeyError, e:
+ syslog.syslog("Unknown primary group with gid %d" % gid)
+ groupname = "[unknown]"
+
syslog.syslog("Creating local passwd entry uid=%d(%s) gid=%d(%s) gecos='%s' home=%s" % (uid, user, gid, groupname, gecos, newhomedir))
try:
# Add user entry with overridden home directory in /etc/passwd.
Happy hacking,
--
Petter Reinholdtsen
Reply to: