From nobody Thu Apr 10 15:13:22 2025
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZYNcM1KGrz5t3kj
	for <bugs@mlmmj.nyi.freebsd.org>; Thu, 10 Apr 2025 15:13:23 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZYNcM07sWz3PRf
	for <bugs@FreeBSD.org>; Thu, 10 Apr 2025 15:13:23 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1744298003;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=TZ/y8lsFcYYKXUJ0X6BDd4DwNh5g8BsjgNekjz/E7Fs=;
	b=baBW/6o3wlIFNwEr3EsII61Ls0gz7vAlZkGFgwEMQs7k97I5fljaTZ7jjGt1vErW3upLZE
	7fyKUofkiUV6fUYVAexaqLUSz9mdYd30Q5DDZ10pEyrlqkFkjD0hChBDNuXsHzwKfkfBwN
	n1Iq2/BzcVtBt2Z7kX3IIh9ugRHPANBqCBMQLNthAgs1owJhKtT+OUnBwC/r2AQJDH7HF8
	nxtr+mfQwY3jdsWPbIDZoieu8ctslSjV3RHsNFm4igOn1/o2Kqz9ObRxL/2cNRlAF+LtT8
	mQSM0zZBrJooKZDjHzdhBND8B+LxVgBJvsBm2+abHuJoDeaOzCJbOnj76jUr8g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744298003; a=rsa-sha256; cv=none;
	b=efw6vPeEA0X/6dNeJ9jDA4QhsFauX0E76+90yOfcRoGqxaqpUIgHhYWZW/stlkAI7qMDML
	WuezAfA6Plk3fgDIlWYU0WiMFni1hJUL9ZU1KMuXJEjxucOaBSkOtA8qidY+g+T8i3gywi
	bTDElYV7e+Xthxg7zGJDRJvKqaNIlt7T4IsyzTtsx6/yOgHgS2OFeGGb7rEWkH/Vd0oECW
	SS3OzPQoHnibKsRx6J4rs6eW6xscTqv6AOr0H3V/l/D1COoHVqnCi1HmBlB1+3huGhFzdA
	PTwTayxtNTHOuxJoezcESNqvVMyMCs1qKf5Q2K6AsSTCIlKQdcdOliKZtYGDeg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1744298003;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=TZ/y8lsFcYYKXUJ0X6BDd4DwNh5g8BsjgNekjz/E7Fs=;
	b=qZ18/NkWx89l/JeBTFlD29LRWrUxcbSX2Sum3a0Fhczc/2wgwYAbvd67+KI0oDIIZGagqB
	s4nQkFuJnbKXmV7+rafQb+C0tBJkRHG1+rbcl4puHZKB+1vNDF1Zq1JmuxPZjw5XBpEWcF
	qpuRD07pLW02yngZgkHStrU36cPxze4u5mHnmVzFZUYalDbGX5KBRZR4e3nEPM9NJ+pU8F
	ZfdE1tOyRFhnRIxHxG3pRNTXfLOlABgqunj23YBbpZvL4/hwLat/GiouK5bOdV6hpff/7f
	JivGaYxToWn3VNewUilddxS32wrf6TaiEX87Adtst3nllHhsC26FkcjXVCdo3w==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZYNcL6j9pz17FT
	for <bugs@FreeBSD.org>; Thu, 10 Apr 2025 15:13:22 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 53AFDM49006747
	for <bugs@FreeBSD.org>; Thu, 10 Apr 2025 15:13:22 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 53AFDMd4006746
	for bugs@FreeBSD.org; Thu, 10 Apr 2025 15:13:22 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 286014] login_access.c --  logging bug
Date: Thu, 10 Apr 2025 15:13:22 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: olli@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-286014-227@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D286014

            Bug ID: 286014
           Summary: login_access.c --  logging bug
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: olli@FreeBSD.org

Created attachment 259441
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D259441&action=
=3Dedit
Patch

By default, the PAM login_access module checks tokens in /etc/login.access
against both user names and group names.  If a token doesn't match the
current user, it tries to look for a group with that name.  If that fails,
it logs the following message:

    group not found: <FOO>

However, <FOO> is *not* the group name that hasn't been found, it's the
name of the current user.  This is confusing.  In fact, it caused me to
waste quite some time searching for a problem that didn't exist, very
much like the fellows in this forum thread:

https://forums.freebsd.org/threads/su-group-not-found-root.90682/

It can be reproduced easily:  Add a line at the beginning of the file
/etc/login.access:

    + : yedi_masters : ALL

(You can use any name that doesn't exist in /etc/group.)
Then perform a login operation, e.g. login on a virtual console,
or just use the "login" command in an existing shell, and look at
/var/log/messages.  In my case, I see:

    login[12345]: group not found: olli

which is confusing because there *is* a group named "olli" of course.
It *should* log:

    login[12345]: group not found: yedi_masters

The bug is in lib/libpam/modules/pam_login_access/login_access.c.
It was probably caused by a copy&paste oversight, because there is a
very similar syslog() line nearby in the code that logs the user name.

I've attached a trivial patch that fixes it.  The patch has been tested
with CURRENT, but it should apply cleanly as well to all other branches
that are currently supported, plus stable/12.  The code in question
hasn't been touched in more than five years.

--=20
You are receiving this mail because:
You are the assignee for the bug.=