|
Bugzilla – Full Text Bug Listing |
| Summary: | 0402-026 The specified data is not a valid identifier. | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Andre Visperas <andrev26> |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | andrev26 |
| Priority: | normal | ||
| Version: | 1.7.0 | ||
| Hardware: | IBM | ||
| OS: | AIX | ||
| Attachments: |
Syslog output for *.debug
patch to remove KRB5CCNAME from the environment patch to remove KRB5CCNAME from the environment simple program to print out the environment |
||
I'd suggest making this a proper script by adding the shebang line. ie: #!/bin/sh echo "WILDCARDS work" and see if that makes any difference If the #!/bin/sh fails, also try with #!/bin/ksh Todd, On the previous version of sudo(1.6.8p12) we did not have to add a shebang. andre@unixsvr [/home/andre] $ ls -l /usr/bin/sudo* ---s--x--x 1 root system 197063 Feb 20 15:35 /usr/bin/sudo ---s--x--x 1 root system 154883 Jan 30 2008 /usr/bin/sudo.backup andre@unixsvr [/home/andre] $ sudo.backup -V Sudo version 1.6.8p12 andre@unixsvr [/home/andre] $ sudo.backup -k andre@unixsvr [/home/andre] $ sudo.backup /var/opt/andre_test_sudo Password: Sudo works andre@unixsvr [/home/andre] $ sudo -k andre@unixsvr [/home/andre] $ sudo /var/opt/andre_test_sudo Password: ÁÈ^A: 0402-026 The specified data is not a valid identifier. andre@unixsvr [/home/andre] $ sudo -V Sudo version 1.7.0 andre@unixsvr [/home/andre] $ ls -l /var/opt/andre_test_sudo -rwx------ 1 root system 19 Feb 24 15:38 /var/opt/andre_test_sudo andre@unixsvr [/home/andre] $ Logged on as root, contents of andre_test_sudo is: root@unixsvr [/var/opt] # cat /var/opt/andre_test_sudo echo "Sudo works" root@unixsvr [/var/opt] # We have the older version of sudo deployed to a lot of servers. We might have scripts out there that may not be properly written with a shebang. Is there a work around? Maybe a sudoers file config update? Thanks for all the help. Do you have the KRB5CCNAME variable set in your environment? It seems that sometimes this error can come about from a mismatched KRB5CCNAME. It is possible that this is being set by the authentication and that is why it breaks when you are prompted for a password. Created attachment 245 [details]
patch to remove KRB5CCNAME from the environment
quick and dirty patch to test my theory
Todd, I got this error after adding the 2 lines when running the make. . . . gcc -o sudo gram.o alias.o alloc.o defaults.o error.o list.o match.o toke.o redblack.o zero_bytes.o sudo_auth.o pam.o aix.o check.o env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o interfaces.o lbuf.o logging.o parse.o pwutil.o set_perms.o sudo.o sudo_edit.o sudo_nss.o tgetpass.o glob.o fnmatch.o memrchr.o strlcpy.o strlcat.o closefrom.o snprintf.o getprogname.o -Wl,-bI:./aixcrypt.exp -lpam -ldl ld: 0711-317 ERROR: Undefined symbol: .sudo_unsetenv ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. collect2: ld returned 8 exit status make: 1254-004 The error code from the last command is 1. Stop. Did I miss anything? Thanks! Created attachment 246 [details]
patch to remove KRB5CCNAME from the environment
New version that compiles w/o LDAP or AIX auth
I was assuming AIX auth was in use and so sudo_unsetenv would be available. I've attached an updated patch that should work for you regardless. Still getting the problem after implementing the patch. andre@unixsvr [/home/andre] $ sudo /var/opt/R14562_test_sudo Password: Ã8^A: 0402-026 The specified data is not a valid identifier. andre@unixsvr [/home/andre] $ Todd, Any other options you want me to try? Do you need any information that will help us figure out what is causing this. I updated env.c and sudo.c but the issue still exists. Let me know ... Thanks again! Created attachment 248 [details]
simple program to print out the environment
Can you try compiling showenv.c (attached above) and redirect the output to a file both with and without sudo prompting for a password? ie: sudo -k sudo ./showenv > a sudo ./showenv > b diff a b The only thing I can think of is that there is something being added to the environment by the authentication process. Which authentication method are you using, BTW? We are using a Quest Software product called VAS. http://www.networkworld.com/newsletters/techexec/2005/0214techexec1.html I will send you the output of my environment shortly. OK, so you are using their custom PAM module. Todd, Your theory is correct the authentication process is adding something to the enivonment.
andre@unixsvr [/home/andre]
$ sudo -k
andre@unixsvr [/home/andre]
$ sudo /home/andre/showenv > /tmp/nopassword
andre@unixsvr [/home/andre]
$ sudo -k
andre@unixsvr [/home/andre]
$ sudo /home/andre/showenv > /tmp/withpassword
Password:
andre@unixsvr [/home/andre]
$ diff /tmp/nopassword /tmp/withpassword
34a35,36
>
> ¨
andre@unixsvr [/home/andre]
$
Thanks for your help.
Can you give this a try and see if the results are the same? ftp://ftp.sudo.ws/pub/millert/sudo/sudo-1.7.1p1.tar.gz (In reply to comment #16) > Can you give this a try and see if the results are the same? > ftp://ftp.sudo.ws/pub/millert/sudo/sudo-1.7.1p1.tar.gz Looks like the compressed archive is empty. Can you check. Thanks again! Try this one: ftp://ftp.sudo.ws/pub/millert/sudo/sudo-1.7.1b1.tar.gz It now give me this message: /var/opt/quest/vas/authcache/vas_auth.vdb: 0402-026 The specified data is not a valid identifier. instead of this: ÁÈ^A: 0402-026 The specified data is not a valid identifier. Thoughts? Can you try the following, and run configure with --enabled-env-debug to see if it errors out? I've added some checks that may help narrow down the problem. http://sudo.ws/sudo/dist/beta/sudo-1.7.1b2.tar.gz I am unable to download the file through the link you have provided. When I invoke the file command on it, it give me an international language or data format for it. Let me know how to download it. Thanks for your help. I don't know what the problem would be, but hopefully one of these will work for you: ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.1b3.tar.gz http://www.sudo.ws/sudo/dist/beta/sudo-1.7.1b3.tar.gz Todd, I am able to download properly now. Let me test and get back to you. After working with Quest support, they determined that the bug was on their side. It tooks a while but we got throught it. Thanks for all the help!!! Great, I'm closing this out then. |
Created attachment 244 [details] Syslog output for *.debug I have created a one line script owned by root and with execute privs of root alone. The name of the script is andre_sudo_test. I have created sudo rules that will allow andre to execute this one line script. logged on as root: root@unixsvr [/tmp] # ls -l /var/opt/andre_sudo_test -rwx------ 1 root system 22 Feb 25 11:21 /var/opt/andre_sudo_test root@unixsvr [/tmp] # cat /var/opt/andre_sudo_test echo "WILDCARDS work" root@unixsvr [/tmp] # Logged on as andre, I get a weird message: andre@unixsvr [/home/andre/sudo-1.7.0] $ sudo /var/opt/andre_sudo_test Password: ÁÈ^A: 0402-026 The specified data is not a valid identifier. andre@unixsvr [/home/andre/sudo-1.7.0] $ sudo /var/opt/andre_sudo_test WILDCARDS work andre@unixsvr [/home/andre/sudo-1.7.0] $ Notice that when andre executes it again, it executes as expected. I have attached the output of syslog with *.debug. Any assistance would greatly be appreciated. Thanks!