Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Nov 2011 20:34:28 GMT
From:      Garrett Cooper <yanegomi@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/162976: cron fails unnecessarily via setlogin(2) with sufficiently long usernames
Message-ID:  <201111302034.pAUKYSeW081121@red.freebsd.org>
Resent-Message-ID: <201111302040.pAUKeBSA087325@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         162976
>Category:       kern
>Synopsis:       cron fails unnecessarily via setlogin(2) with sufficiently long usernames
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 30 20:40:11 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Garrett Cooper
>Release:        8.2-RELEASE
>Organization:
iXsystems, Inc.
>Environment:
FreeBSD truenas.local 8.2-RELEASE-p4 FreeBSD 8.2-RELEASE-p4 #0: Mon Nov 21 18:34:29 PST 2011     root@streetfighter.ixsystems.com:/scratch/ix-projects/freenas/releng/8.0.2/obj.amd64/scratch/ix-projects/freenas/releng/8.0.2/FreeBSD/src/sys/TRUENAS.amd64  amd64
>Description:
One can use active directory usernames in crontab like so and most of the system is happy working with these long usernames:

*       *       *       *       *       STOUT\administrator     PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/root/bin true >/dev/null 2>&1

The problem is that cron gets unhappy when trying to run setlogin(2), which ends up spewing out errors in syslog and cron exits:

Nov 30 07:44:00 truenas cron[25967]: setlogin(STOUT\administrator): Invalid argument

This limitation appears to still be present in 10-CURRENT though.
>How-To-Repeat:
1. Hook machine into AD/LDAP realm (the above example uses the STOUT AD realm).
2. Create something like the following entry:

*       *       *       *       *       STOUT\administrator     PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/root/bin true >/dev/null 2>&1
>Fix:
The only fix (which would be invasive) would be to honor (and exceed) the limits set by other operating systems so that setlogin(2) wouldn't fail. According to this KB article via MS, the username limit is 104 characters (although the recommend not going over 64 characters).

Other infrastructure pieces might need to be taught to honor this limit (like utmp*).

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111302034.pAUKYSeW081121>