GNOME Bugzilla – Bug 685423
gnome-shell crashes when username includes '\'
Last modified: 2021-07-05 14:17:51 UTC
When using Active Directory authentication (samba winbind), users are created as 'DOMAIN\username' by default. gnome-shell 3.4 crashes to the 'Oops' screen when logging in with these accounts. These accounts logged in successfully on gnome 3.2, so this is a regression.
observed in openSUSE 12.2. Related: https://bugzilla.novell.com/show_bug.cgi?id=783392
Can reproduce.
Created attachment 226473 [details] [review] Greeter log after debug is Enable=true
Created attachment 226474 [details] [review] GDM slave log after debug is Enable=true
Created attachment 226475 [details] Updated :0-greeter.log
Created attachment 226476 [details] Updated :0-slave.log
Created attachment 226477 [details] ~/.cache/gdm/session.log ~/.cache/gdm/session.log of the user that's trying to log in.
Created attachment 226478 [details] :0-greeter.log.1 From before gdm cycles
Created attachment 226479 [details] :0-slave.log.1 From before gdm cycles
This should fix Stef's problem, but maybe not James.
Created attachment 226481 [details] [review] worker: sanity test libc passwd entries getpwnam returns a structure filled in by nsswitch modules. Those modules aren't always bug free, and can sometimes return e.g. an empty user's shell. When that happens the failure is pretty catastrophic and hard to debug. This commit does a quick sanity check of the user's home directory and shell to make sure they're not empty. If they are empty it picks defaults that are likely to at least sort of work. A better fix would probably be to fail earlier and post a message to the user explaining why login won't work, but this is good enough for now.
Ray, that patch fixed one problem for me. Thanks. James, I imagine your winbind based users have a shell? If so then that's not the same problem as Ray fixed. I ran into another problem. Perhaps it's what you experienced? * libnss_winbind.so was added to /etc/nsswitch.conf * system was not rebooted * Try to log in as winbind based user. * dbus-daemon --system, uses getpwnam() or related function, to validate user. * libc has cached /etc/nsswitch.conf in dbus-daemon process and does not know about the new winbind module addition to /etc/nsswitch.conf * getpwnam() (or related) returns failure to dbus-daemon * dbus-daemon refuses to accept connection to system bus for user session * GNOME session crashes (in various obscene ways) and quits. Does that make sense?
Stef and I talked about comment 12 on IRC and we came to the conclusion the right approach is probably to change nsswitch.conf to have sss [NOTFOUND=return] added to the passwd / shadow group lines of /etc/nsswitch.conf unconditionally. Long term we can fix glibc, but it may be a while: http://sourceware.org/bugzilla/show_bug.cgi?id=12459 (the bug has already sat there for more than a year)
regarding comment 13, this has now been done in Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=867473 It would be good if SuSE did something similar
*** Bug 691725 has been marked as a duplicate of this bug. ***
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/ Thank you for your understanding and your help.