Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 679557
Summary: | PyPAM-0.5.0-3el5sat segfault when authenticating or registering clients on Satellite using users stored in Active Directory | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Marcelo Moreira de Mello <mmello> | ||||||||
Component: | Usability | Assignee: | Jan Pazdziora <jpazdziora> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Tomas Lestach <tlestach> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 540 | CC: | cperry, gbock, jhutar, jpazdziora, mmello, msuchy, tlestach, tmraz, xdmoon | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | All | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | PyPAM-0.5.0-11.1.el5sat | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | |||||||||||
: | 679714 (view as bug list) | Environment: | |||||||||
Last Closed: | 2011-06-17 02:45:00 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 677501 | ||||||||||
Attachments: |
|
Description
Marcelo Moreira de Mello
2011-02-22 20:45:48 UTC
Created attachment 480248 [details]
PyPAM-0.5.0-nofree.patch
Hello,
We created a **TEST** package to customer backporting 2 fixes:
* Tue Feb 22 2011 Marcelo Moreira de Mello <mmello> 0.5.0-9.SFDC.00401329.TEST
- backport fix PyPAM-0.5.0-nofree.patch
* Tue Feb 22 2011 Miroslav Suchý <msuchy> 0.5.0-8
- 658955 - fix two bugs in the PAM object deallocation
- add -fno-strict-aliasing to CFLAGS
The backport patches files are attached on the case.
Kind Regards,
Marcelo Moreira de Mello
Created attachment 480249 [details]
PyPAM-0.5.0-dealloc.patch
Including PyPAM-0.5.0-dealloc.patch backport fix.
Hello, TEST package PyPAM-0.5.0-9.SFDC.00401329.TEST.el5sat.x86_64.rpm sent to customer. We are waiting customer's feedback. In our labs, the issue were fixed. Kind Regards, Marcelo Moreira de Mello Hello, Customer confirmed that package worked: "Verified that the 0.5.0-9 build no longer segfaults for rhnreg_ks" Kind Regards, Marcelo Moreira de Mello Other test cases were failures to push configs from the rhnproxy command line installer. I currently don't have enough entitlements to retest. After a bit more digging it seems you can work around the original issue by adding an auth option that will fail (I used pam_unix in the test case): [pam.d]$ cat rhn-satellite #%PAM-1.0 auth sufficient /lib64/security/$ISA/pam_unix.so likeauth nullok auth required /lib64/security/$ISA/pam_winbind.so use_first_pass auth sufficient /lib64/security/$ISA/pam_winbind.so use_first_pass auth required /lib64/security/$ISA/pam_deny.so account required /lib64/security/$ISA/pam_winbind.so I doubt this is directly related to winbind or AD. Created attachment 480399 [details]
Correct patch with proper deallocation in the error condition
Please test with this patch. Although to test the deallocation an error in the conversation function in the response must be done.
Fixed in Fedora and Epel in BZ 679714. Will be fixed in RHEL6.1. This appears to be working properly now. Taking. We've rebased to PyPAM-0.5.0-11 from RHEL 5 EPEL which is equivalent to PyPAM-0.5.0-12 from RHEL 6.1. Tagged and built as PyPAM-0.5.0-11.1.el5sat. Any idea when this will hit GA? It is aligned to the Satellite 5.4.1 Blocker bugfix. As such, it is part of the 5.4.1 release. Release dates are not posted in public, please contact Red Hat Support or your account sales rep to verify NDA agreements for the account before information such as release dates to be provided. Regards, Clifford Setting Customer VERIFIED. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. https://rhn.redhat.com/errata/RHEA-2011-0875.html |