2839 – python's pwd module doesn't distinguish between errors and no user

Bug 2839 - python's pwd module doesn't distinguish between errors and no user

Summary: python's pwd module doesn't distinguish between errors and no user

Status:	CLOSED WONTFIX

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	VSM Server (show other bugs)
Version:	pre-1.0
Hardware:	PC All

Importance:	P2 Normal
Target Milestone:	4.10.1
Assignee:	Peter Åstrand

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-07-03 12:45 CEST by Pierre Ossman
Modified:	2019-04-09 13:04 CEST (History)
CC List:	0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2008-07-03 12:45:35 CEST

I've been having problems at home with ThinLinc losing sessions because of problems with looking up users. Today I discovered it is because Python (and possibly glibc) doesn't properly handle when the connection to the user database is lost.

What happens is that the first lookup done after a lost connection returns "no such user", but any requests after that will proceed normally. This could explain some of the weird behaviours we've seen on some installations.

A careful implementation of bug 2754 could solve this. A quick and dirty solution is just to do a wrapper that does each lookup twice. We should also investigate if the problem is in Python or glibc and if we can work around it in a sane manner.

Comment 1 Peter Åstrand cendio

2008-11-04 16:38:29 CET

This bug might be related to Issue 6892. A quick inspection of Pythons Modules/pwdmodule.c indicates that it doesn't check errno, and thus cannot distinguish between "no more users" and error conditions.

Comment 2 Peter Åstrand cendio

2008-11-04 16:45:02 CET

Confirmed on Midi:

[astrand@midi ~]$ python
Python 2.4.3 (#1, Jan 14 2008, 18:32:40)
[GCC 4.1.2 20070626 (Red Hat 4.1.2-14)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pwd
>>> pwd.getpwnam("astrand")
('astrand', '*', 164, 20164, 'Peter Astrand', '/home/astrand', '/bin/bash')
>>>
>>> pwd.getpwnam("astrand")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
KeyError: 'getpwnam(): name not found: astrand'
>>>
>>> pwd.getpwnam("astrand")
('astrand', '*', 164, 20164, 'Peter Astrand', '/home/astrand', '/bin/bash')
>>>

I was restarting slapd between the first successful call and the traceback one.

Comment 3 Peter Åstrand cendio

2008-11-05 08:33:49 CET

The bug in Python is that it doesn't distinguish between no user and errors. nss_ldap is also buggy, though, see bug 2956. Need to report upstream. We should probably also change our Python code to retry getpwnam an extra time if it raises KeyError.

Comment 4 Peter Åstrand cendio

2008-11-05 09:20:00 CET

Reported upstream: http://bugs.python.org/issue4261

Comment 5 Pierre Ossman cendio

2019-04-09 13:04:30 CEST

We haven't had reports in ages, and this isn't really a bug in ThinLinc but rather in Python. Closing this.

Note You need to log in before you can comment on or make changes to this bug.