Ubuntu
accountsservice package

reload_passwd uses fgetpwent rather than getpwent, ignoring /etc/nsswitch.conf

Bug #873784 reported by Alex Rolfe
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
accountsservice
Fix Released
Wishlist
accountsservice (Ubuntu)
Confirmed
Undecided
Vibhav Pant
Nominated for Oneiric by Peter Matulis

Bug Description

In daemon.c, reload_passwd opens /etc/passwd and reads it with fgetpwent. This only finds local accounts whereas using getpwent would respect the settings in /etc/nsswitch.conf and also find accounts provided via ldap, nis, etc. This means that login screens (eg, lightdm) don't display the full list of users, only those in /etc/passwd. All users are able to login, so this is an annoyance rather than a serious problem.

accountsservice 0.6.14-1git1 in oneiric (haven't checked other versions).

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in accountsservice (Ubuntu):
status: New → Confirmed
Revision history for this message
In , Caleb Callaway (enlightened-despot) wrote :

Created attachment 54623
Use getpwent() instead of fgetpwent()

I'm one of the affected users from https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/873784 with some additional comments.

I notice a recent commit ((http://cgit.freedesktop.org/accountsservice/commit/?id=dfa1a6239b01c823ce0fec781c6c9541c988f56e) enables getpwent() for systems that don't have fgetpwent(). I think it makes sense to do the same for every OS, and remove all references to fgetpwent(). The code changes to use getpwent() are fairly trivial--a patch is attached. I've tested these changes on a VM running Ubuntu 11.10 (Oneiric), local passwd entries seem to work fine, so as far as I can tell, this change doesn't break anything.

Using the general getpwent() command doesn't completely address the use of network pw entries, though. If the accounts daemon starts before a network connection is available, it won't be able to obtain information from the network pw entry database.

I think the best way to resolve the connectivity issue is to modify the accounts daemon to regularly poll the pw entries for new users and notify interested services, in much the same way the daemon currently monitors the passwd file. It doesn't seem like a good idea to delay the start of the accounts daemon until a network connection is available (particularly for laptops). Running the accounts daemon as a service and restarting it when a network connection comes up would probably work, but seems over-weight and clunky.

Does anyone have objections or know that the polling scheme is impractical? If not, I'll get to work on a patch.

Revision history for this message
Caleb Callaway (enlightened-despot) wrote :

I've posted this upstream, with some comments on how the issue might be resolved: https://bugs.freedesktop.org/show_bug.cgi?id=43997

Revision history for this message
In , Rstrode (rstrode) wrote :

Hi,

accountsservice is supposed to list a merged list of two types of users:

1) local users
2) remote users that have logged in to this specific machine before

we approximate 1) by reading /etc/passwd and we approximate 2) by looking at wtmp.
I say approximate, because there are configurations where both 1 and 2 fall down.

getpwent() is always wrong since it's blocking and potentially very slow, and gives users that aren't in class 1 or 2 above. The commit you referenced is wrong and probably shouldn't have gone in.

Revision history for this message
In , Cedric Schieli (cschieli) wrote :

Created attachment 54700
fix-cached-remote-users.patch

"accountsservice is supposed to list a merged list of two types of users"

but it does not...

The problem is that when /etc/passwd users are (re)loaded, wtmp users missing from /etc/passwd are removed from the cached users hashtable, leading to the situation reported in the above mentioned Ubuntu bug.

With the attached patch applied, the loading order is inverted, so remote wtmp users are (re)added after the (re)loading of /etc/passwd users, and the Ubuntu greeter works as expected.

Revision history for this message
In , Rstrode (rstrode) wrote :

Hi,

Thanks for the patch! We actually fixed that a while back, though:

http://cgit.freedesktop.org/accountsservice/commit/?id=b73f539602f74271650a102d90253dc697488478
Author: Ray Strode <email address hidden>
Date: Wed Sep 21 17:20:24 2011 -0400

    daemon: load wtmp after passwd file

    The passwd file handling code clears the list of loaded
    users so we need to always do wtmp on top of it, instead of
    before it.

You probably just need to upgrade your accountsservice to a newer version.

Revision history for this message
In , Cedric Schieli (cschieli) wrote :

Indeed. I didn't look carefully enough in git before posting...
Ubuntu Oneiric is at 0.6.14, just one commit behind this one...

Revision history for this message
Cedric Schieli (cschieli) wrote :

As indicated on the upstream bug report, this is not the right solution.
The real bug is that, in Oneiric's version, remote users who already logged in are not listed as they should be.
The fix for that bug is already merged upstream (http://cgit.freedesktop.org/accountsservice/commit/?id=b73f539602f74271650a102d90253dc697488478).
I've setup a PPA with this commit backported to current Oneiric's version : ppa:cschieli/bug873784

Revision history for this message
In , Caleb Callaway (enlightened-despot) wrote :

Hi Ray, thanks for the clarification.

Do you have any more details on the situations where the wtmp lookup "falls down"? In my experimentation related to this bug report, I've found the presence and absence of remote users to be quite erratic--sometimes remote users are listed, and sometimes not. I've yet to detect any pattern.

I'm querying the DBus interface using qdbusviewer, so it seems unrelated to the logon manager (gdm). Remote logins are very definitely present at the top of the output from the 'last' command.

Revision history for this message
In , Rstrode (rstrode) wrote :

By falls down I meant the wtmp file is often log rotated so users will "drop off the map" if they log in one day and the next day the file is rotated.

The display manager does wtmp registration for the user, so if some logins aren't counting it could be a GDM (or LightDM if that's what you're using) bug.

Revision history for this message
Peter Matulis (petermatulis) wrote :

This should be fixed in Precise. I didn't test it but the code is there.

static void
reload_users (Daemon *daemon)
{
        reload_passwd (daemon);
        reload_wtmp_history (daemon);
        reload_data (daemon);
}

I created a task for an Oneiric SRU.

Bug Watch Updater (bug-watch-updater)
Changed in accountsservice:
importance: Unknown → Wishlist
status: Unknown → Fix Released
Vibhav Pant (vibhavp)
Changed in accountsservice (Ubuntu):
assignee: nobody → Vibhav Pant (vibhavp)
Vibhav Pant (vibhavp)
Changed in accountsservice (Ubuntu):
assignee: Vibhav Pant (vibhavp) → nobody
Vibhav Pant (vibhavp)
Changed in accountsservice (Ubuntu):
assignee: nobody → Vibhav Pant (vibhavp)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.