Package reconfigure can break NSS for unrelated modules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I recently upgraded from 20.04 to 22.04 and as a part of the upgrade, the dpkg configuration for nss-pam-ldapd prompted to configure ldap in nsswitch.conf. I selected "passwd" only, which is correct for my use case.
Upon rebooting, I discovered that dpkg had modified my nsswitch.conf file in an unexpected way, which broke login authorities until I was able to log in with a backup admin account. The module which broke is a custom NSS module which I'll refer to here as "mineldap". This is not the exact name, but my module does end with "...ldap".
Before updating, my nsswitch file:
passwd: files mineldap ldap systemd
group: files mineldap systemd
After the reconfiguration.
Note the packaging tool incorrectly deletes "ldap " from the "group:" entry, creating an invalid entry:
passwd: files mineldap ldap systemd
group: files minesystemd
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: nslcd 0.9.12-2
ProcVersionSign
Uname: Linux 5.15.0-119-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.6
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Wed Sep 4 12:59:23 2024
InstallationDate: Installed on 2020-10-28 (1407 days ago)
InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
SourcePackage: nss-pam-ldapd
UpgradeStatus: Upgraded to jammy on 2024-09-04 (0 days ago)
From package "libnss-ldapd" - postinst:
nss_is_enabled() ]]*'$name' [[:space: ]]*:.*ldap. *' /etc/nsswitch.conf
{
name="$1"
grep -q '^[[:space:
}
In the above regex, the * match on the first space will make this function incorrectly indicate that "group: mineldap" has the "ldap" module enabled. It seems that if I had selected to enable the "group" nss entry, it would've incorrectly not enabled the ldap module.
Throughout the rest of the file, "[[:space:]]*$name" is used several more times, leading to my situation above.