[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#706753: libpam-mklocaluser: Fail to create local user during first login

Package:  libpam-mklocaluser
Version:  0.7
Severity: serious
Tags:     patch
User:     debian-edu@lists.debian.org
Usertags: debian-edu

Yesterday it was brought to my attention that the roaming workstation
(aka laptop) profile in Debian Edu did not work in Wheezy.  Its design
is that the first time a user log in when the machine is connected to
the school network, a local user is created for the given user, and that
user can then log in on the laptop also when the machine is outside the
school network.

When trying this with the packages in wheezy, the user is not able to
log in and is thrown out when entering username and password in kdm.

This is the relevant entries in /var/log/auth.log when trying:

May  4 12:59:54 testhost kdm: :0[19878]: pam_unix(kdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=testuser
May  4 12:59:55 testhost kdm: :0[19878]: pam_sss(kdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=testuser
May  4 12:59:55 testhost kdm: :0[19878]: pam_unix(kdm:session): session opened for user testuser by (uid=0)
May  4 12:59:55 testhost pam_mklocaluser[19878]: Creating local passwd entry uid=1000(testuser) gid=1000(testuser) gecos='Petter Reinholdtsen' home=/home/testuser
May  4 12:59:55 testhost pam_mklocaluser[19878]: Unexpected exception, should never happen: must be string, not exceptions.AttributeError
May  4 12:59:55 testhost pam_mklocaluser[19878]: pam_ck_connector(kdm:session): nox11 mode, ignoring PAM_TTY :0
May  4 12:59:55 testhost kdm: :0[19878]: pam_unix(kdm:session): session closed for user testuser

I tracked down the cause, and it is triggered by changes to some python
library, possibly the subprocess library.  The following patch solve the
problem:

--- /usr/lib/libpam-mklocaluser/pam-python.py.old   2011-07-26 16:18:23.000000000 +0200
+++ /usr/lib/libpam-mklocaluser/pam-python.py  2013-05-04 12:58:29.595862692 +0200
@@ -16,13 +16,16 @@
 import syslog
 
 def runcmd(pamh, cmd):
-  proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,)
+  proc = subprocess.Popen(cmd, shell=True, \
+                            stdout=subprocess.PIPE, \
+                            stderr=subprocess.PIPE,)
   while proc.poll() == None:
     pass
-  result = proc.communicate(input=None)[0]
-  if result != 0:
-    syslog.syslog("Command %(command)s failed with %(msg)s" % ( cmd, proc.stderr.read()) )
-#  print "output: %s" % output
+  (resultstdout, resultstderr) = proc.communicate(input=None)
+  if proc.returncode != 0:
+    msg = "Command '%s' failed with %s" % ( cmd, resultstderr.strip())
+    syslog.syslog(msg)
+#    print "output: %s" % msg
 
 def check_and_create_localuser(pamh, user):
   # Location of local users

The patch is already in upstream SVN will be included in the next
upstream release soon to be uploaded to unstable.

-- 
Happy hacking
Petter Reinholdtsen
Reply to: