On 12/25/2016 07:40 PM, John Fawcett wrote:
> Hi Georg
> thanks for that, so at least we have consistent behaviour which is good.
> I had got the AAAAAAAA from your logging without realizing it was
> anonymized.
>
> Now the problem to solve is why the user names you are testing with give
> the invalid argument. One reason would be if they are longer than 31
> chars. But if they are not then there is something else, for example do
> they contain a dot or some other character that archlinux does not
> accept in user names?
>
> At this point I suspect that your system is providing EINVAL for any
> name that could not be a valid local username (with one exception that
> it allows uppercase which is not valid in usernames). According to the
> archlinux useradd manual:
>
> "Usernames must start with a lower case letter or an underscore,
> followed by lower case letters, digits,
> underscores, or dashes. They can end with a dollar sign. In
> regular expression terms:
> [a-z_][a-z0-9_-]*[$]?
>
> Usernames may only be up to 32 characters long."
>
> This is a problem because the getpwnam_r routine on archlinux is
> deviating from the specifications by not always returning 0 for users
> that are not found. This should be addressed in archlinux or upstream in
> glibc. Can you take it back to the archlinux list and see if you can get
> this addressed?
>
> John
>
I managed to find where this is happening. It is not in glibc but in
systemd.
If your /etc/nsswitch.conf has something like this:
passwd: compat mymachines systemd
then the routines that are being used are systemd ones.
The checks being done are here in the function valid_user_group_name:
https://github.com/systemd/systemd/blob/master/src/basic/user-util.c
and in the case that those checks fail then _nss_systemd_getpwnam_r from
systemd libraries returns EINVAL
https://github.com/systemd/systemd/blob/master/src/nss-systemd/nss-systemd.c
if (!valid_user_group_name(name)) {
r = -EINVAL;
goto fail;
}
...
fail:
*errnop = -r;
return NSS_STATUS_UNAVAIL;
So the problem is that systemd version of getpwnam_r is deviating from
the standard of returning 0 for not found users.
Either the systemd library module or the nsswitch.conf is probably what
changed during your upgrade.
John
