[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#597174: marked as done (libpam-mklocaluser: Fail if primary group is unknown)

Your message dated Sat, 18 Sep 2010 17:53:23 +0000
with message-id <E1Ox1bH-0006qv-28@franck.debian.org>
and subject line Bug#597174: fixed in libpam-mklocaluser 0.6
has caused the Debian Bug report #597174,
regarding libpam-mklocaluser: Fail if primary group is unknown
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
597174: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597174
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libpam-mklocaluser
Version: 0.1
Severity: important
Tags: patch

If the group caching fail to cache the primary group of the locally
created user, libpam-mklocaluser will block the local user from
logging in.  This message show up in the syslog:

  Aug 30 19:01:41 knatten pam_mklocaluser[1264]: Unknown username,
  should never happen: 'getgrgid(): gid not found: 68313'

The problem is caused by getgrgid() being called even when the group
info isn't needed.

The fix is to move the code into the code block for creating the local
user.  It would also be a good idea to add some exception catching
around the call.  This untested patch should solve the issue:

  * Make script more robust.  Move group lookup into the code path where
    it is used, to avoid failing if the group is missing when the user
    is already available localy.

Index: debian/pam-python.py
===================================================================
--- debian/pam-python.py        (revision 69412)
+++ debian/pam-python.py        (working copy)
@@ -47,9 +47,6 @@
   gecos = userinfo[4]
   homedir =  userinfo[5]

-  groupinfo = grp.getgrgid(gid)
-  groupname = groupinfo[0]
-
   # Ignore users with uid < 1000
   if userinfo[2] < minimum_uid:
     return pamh.PAM_SUCCESS
@@ -67,6 +64,13 @@

   newhomedir = os.path.join(topdir, user)
   if not os.path.isdir(homedir) and not os.path.isdir(newhomedir):
+    try:
+      groupinfo = grp.getgrgid(gid)
+      groupname = groupinfo[0]
+    except KeyError, e:
+      syslog.syslog("Unknown primary group with gid %d" % gid)
+      groupname = "[unknown]"
+
     syslog.syslog("Creating local passwd entry uid=%d(%s) gid=%d(%s) gecos='%s' home=%s" % (uid, user, gid, groupname, gecos, newhomedir))
     try:
       # Add user entry with overridden home directory in /etc/passwd.

Happy hacking,
-- 
Petter Reinholdtsen

--- End Message ---
--- Begin Message --- 
Source: libpam-mklocaluser
Source-Version: 0.6

We believe that the bug you reported is fixed in the latest version of
libpam-mklocaluser, which is due to be installed in the Debian FTP archive:

libpam-mklocaluser_0.6.dsc
  to main/libp/libpam-mklocaluser/libpam-mklocaluser_0.6.dsc
libpam-mklocaluser_0.6.tar.gz
  to main/libp/libpam-mklocaluser/libpam-mklocaluser_0.6.tar.gz
libpam-mklocaluser_0.6_all.deb
  to main/libp/libpam-mklocaluser/libpam-mklocaluser_0.6_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 597174@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated libpam-mklocaluser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 18 Sep 2010 16:55:27 +0200
Source: libpam-mklocaluser
Binary: libpam-mklocaluser
Architecture: source all
Version: 0.6
Distribution: unstable
Urgency: low
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description: 
 libpam-mklocaluser - Configure PAM to create a local user if it do not exist already
Closes: 597174 597241
Changes: 
 libpam-mklocaluser (0.6) unstable; urgency=low
 .
   * Make module more robust.  Move group lookup into the code path
     where it is used, to avoid failing if the group is missing when
     the user is already available locally (Closes: #597174).
   * Add code to handle missing primary group information when creating
     the local user.
   * Change module to only run /usr/sbin/nscd if it exist (Closes: #597241).
   * Update standards-version from 3.8.4 to 3.9.1.  No changes needed.
Checksums-Sha1: 
 bae8183032682e526b9682742fa8576bdb6983d2 1056 libpam-mklocaluser_0.6.dsc
 52d2bb5b4001828b70fe5546f1fb0b9b8d48c3c3 4813 libpam-mklocaluser_0.6.tar.gz
 4773fa386d73230f26efeb5ab93642d52d1d1b41 5360 libpam-mklocaluser_0.6_all.deb
Checksums-Sha256: 
 ff425eebbab081c583a5417b180aa80bea2e3ed1c6fd3b5d71742e28e80a57f1 1056 libpam-mklocaluser_0.6.dsc
 0314bf93680afd41b8424479ccef5d1615f09ec3795df3e8e8cab398d8ed313b 4813 libpam-mklocaluser_0.6.tar.gz
 3cd62a602c9fa74d9b65adaefd92ca0a29b4a28e2f1d3c29a1195987bca5aad5 5360 libpam-mklocaluser_0.6_all.deb
Files: 
 27acab4a4974d96fb76b5fc62cad86a0 1056 misc optional libpam-mklocaluser_0.6.dsc
 156bb67f6090f847a6b1c25a95afa7bb 4813 misc optional libpam-mklocaluser_0.6.tar.gz
 6f538309d465f82ce5e415fff80e626c 5360 misc optional libpam-mklocaluser_0.6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMlNMn20zMSyow1ykRAl2PAKDGbgtwfCQtnCr60Mobljdb7Fn5ZQCcDOj5
+URjsULslFYs0NVIbLxPgFQ=
=dEna
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: