Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-46600

winbind NSS library returns in failure after csh shell got executed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-8.10, rhel-9.4
    • samba
    • None
    • None
    • Moderate
    • rhel-sst-idm-sssd
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      When executing the csh shell while already being a AD user, the next user resolution will fail, as shown in the example below:

      [root@winbind ~]# su - winuser@win23.local -s /bin/bash
[WIN23\winuser@winbind ~]$ csh
[WIN23\winuser@winbind ~]$ cd ~winuser@win23.local
Unknown user: winuser@win23.local.

      The reason for this is csh will initially resolve the username, which leads to starting the NSS library and have file descriptor 3 be "maintained".
      Then csh closes all file descriptors, including file descriptor 3, as its startup procedure.

      Finally once prompt is displayed and cd ~winuser@win23.local is issued, which causes the winbind NSS library to be called and use file descriptor 3, which is now dead, hence fails with EBADF.
      Due to this, next NSS method gets tried (systemd) but this fails as well, causing the "Unknown user" to be returned by csh.

      There is a bug in the NSS library, because the file descriptor is dead, poll() on line 711 returns POLLNVAL, which is not handled in the code. If it was a retry would happen and all would be good:

       674 static int winbind_write_sock(struct winbindd_context *ctx, void *buffer,
 675                               int count, int recursing, int need_priv)
 676 {
 :
 703                 ret = poll(&pfd, 1, -1);
 704                 if (ret == -1) {
 705                         winbind_close_sock(ctx);
 706                         return -1;                   /* poll error */
 707                 }
 708 
 709                 /* Write should be OK if fd not available for reading */
 710 
 711 >>>>>           if ((ret == 1) && (pfd.revents & (POLLIN|POLLHUP|POLLERR))) {
 712 
 713                         /* Pipe has closed on remote end */
 714 
 715                         winbind_close_sock(ctx);
 716                         goto restart;
 717                 }
 718 
 719                 /* Do the write */
 720 
 721                 result = write(fd, (char *)buffer + nwritten,
 722                                count - nwritten);
 723 
 724                 if ((result == -1) || (result == 0)) {
 725 
 726                         /* Write failed */
 727 
 728                         winbind_close_sock(ctx);
 729                         return -1;
 730                 }

      Please provide the package NVR for which bug is seen:

      samba-winbind-modules-4.19.4-4.el8_10.x86_64
      samba-winbind-modules on RHEL9 (untested, but reading the source code, which is similar)

      How reproducible:

      Always

      Steps to reproduce

      1. Login with bash as a AD user
      2. Execute csh
      3. Execute 
        cd ~username

      Expected results

      no error message

      Actual results

      Unknown user: username.

              anschnei@redhat.com Andreas Schneider
              rhn-support-rmetrich Renaud Métrich
              Andreas Schneider Andreas Schneider
              Denis Karpelevich Denis Karpelevich
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: