Bug in nss compat code?

From: James F. Hranicky <jfh_at_cise.ufl.edu>
Date: Tue, 12 Aug 2003 11:21:23 -0400
I think I've found a few bugs in the NSS code for FreeBSD 5.1 . I'm not
sure of the best way to split them up, so I'll list them all here.

FreeBSD version:
  % uname -a
  FreeBSD myrtle 5.1-CURRENT FreeBSD 5.1-CURRENT #1: 
  Mon Aug 11 17:15:47 EDT 2003     
  root_at_myrtle:/private/freebsd-src/obj/private/freebsd-src/src/sys/CISEKERN
  i386

 1) getnetgrent still seems to ignore the NIS netgroup maps and only uses
    /etc/netgroup. A '+' as the only entry in /etc/netgroup does not force
    an NIS netgroup map lookup. This bug has been reported in the 4.x tree
    as well.

 2) There's an odd bug in sshd/nss when the following are configured:

	- nsswitch.conf
		passwd: compat

	- sshd_config
		ChallengeResponseAuthentication yes (default)
		HostbasedAuthentication yes

    When /etc/netgroup doesn't exist, the sshd hangs when logging in with
    HostbasedAuthentication:

        <root_at_myrtle:~> # gdb /usr/sbin/sshd
        GNU gdb 5.2.1 (FreeBSD)
        (gdb) run -d -p 987

[ some debugging output deleted for readability]

        debug1: KEX done
        debug1: userauth-request for user jfh service ssh-connection method none
        debug1: attempt 0 failures 0
        debug1: PAM: initializing for "jfh"
        debug1: PAM: setting PAM_RHOST to "waterspout.cise.ufl.edu"
        Failed none for jfh from 128.227.205.52 port 47962 ssh2
        Failed none for jfh from 128.227.205.52 port 47962 ssh2
        debug1: userauth-request for user jfh service ssh-connection method hostbased
        debug1: attempt 1 failures 1
        debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen 55
        Failed hostbased for jfh from 128.227.205.52 port 47962 ssh2
        debug1: userauth-request for user jfh service ssh-connection method hostbased
        debug1: attempt 2 failures 2
        debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-rsa slen 143
        Failed hostbased for jfh from 128.227.205.52 port 47962 ssh2
        debug1: userauth-request for user jfh service ssh-connection method keyboard-interactive
        debug1: attempt 3 failures 3
        debug1: keyboard-interactive devs 
        debug1: auth2_challenge: user=jfh devs=
        debug1: kbdint_alloc: devices 'pam'
        debug1: auth2_challenge_start: trying authentication method 'pam'
        ^C
        Program received signal SIGINT, Interrupt.
        0x282e987f in read () at {standard input}:15
        15      {standard input}: No such file or directory.
                in {standard input}
        Current language:  auto; currently asm
        (gdb) Quit
        (gdb) where
        #0  0x282e987f in read () at {standard input}:15
        #1  0x281409ab in atomicio (f=0x5, fd=-1077940208, _s=0xbfbff038, n=674583073)
            at /private/freebsd-src/src/crypto/openssh/atomicio.c:45
        #2  0x281286a9 in ssh_msg_recv (fd=5, m=0xbfbff010) at /private/freebsd-src/src/crypto/openssh/msg.c:58
        #3  0x08062bb5 in pam_query (ctx=0x807a870, name=0x7, info=0x7, num=0xbfbff064, prompts=0xbfbff068, 
            echo_on=0xbfbff06c) at /private/freebsd-src/src/crypto/openssh/auth2-pam-freebsd.c:397
        #4  0x0805ef2a in mm_answer_pam_query (socket=3, m=0xbfbff0a0)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:799
        #5  0x0805e51a in monitor_read (pmonitor=0x8075580, ent=0x8070320, pent=0xbfbff0ec)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:388
        #6  0x0805e208 in monitor_child_preauth (pmonitor=0x8075580)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:301
        #7  0x0804ed1f in privsep_preauth () at /private/freebsd-src/src/crypto/openssh/sshd.c:605
        #8  0x0805087a in main (ac=47962, av=0x807a7b0) at /private/freebsd-src/src/crypto/openssh/sshd.c:1523
        #9  0x0804e1a2 in _start (ap=0xbfbffb24 "/usr/sbin/sshd")
            at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104

    With either ChallengeResponseAuthentication or HostbasedAuthentication
    disabled, I'm prompted for a password. With both enabled, sshd hangs
    here, and I'm never prompted for a password on the client side.

    However, if /etc/netgroup does exist and is populated with     netgroup info, I get a core dump in sshd:

        (gdb) run -d -p 987
[ ... ] 
        debug1: KEX done
        debug1: userauth-request for user jfh service ssh-connection method none
        debug1: attempt 0 failures 0
        debug1: PAM: initializing for "jfh"
        debug1: PAM: setting PAM_RHOST to "waterspout.cise.ufl.edu"
        Failed none for jfh from 128.227.205.52 port 47968 ssh2
        Failed none for jfh from 128.227.205.52 port 47968 ssh2
        debug1: userauth-request for user jfh service ssh-connection method hostbased
        debug1: attempt 1 failures 1
        debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen 55
        
        Program received signal SIGSEGV, Segmentation fault.
        0x2830d7d7 in getnetgrent (hostp=0x80db2b0, userp=0x80db2b0, domp=0x80db2b0)
            at /private/freebsd-src/src/lib/libc/gen/getnetgrent.c:231
        (gdb) where
        #0  0x2830d7d7 in getnetgrent (hostp=0x80db2b0, userp=0x80db2b0, domp=0x80db2b0)
            at /private/freebsd-src/src/lib/libc/gen/getnetgrent.c:231
        #1  0x2830cfdd in compat_passwd (retval=0xbfbfee28, mdata=0x2, ap=0x4 <Error reading address 0x4: Bad address>)
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:1531
        #2  0x2833091b in _nsdispatch (retval=0xbfbfee28, disp_tab=0x28362020, database=0x2835bd87 "passwd",
            method_name=0x2835bdad "getpwuid_r", defaults=0x28361ec0)
            at /private/freebsd-src/src/lib/libc/net/nsdispatch.c:601
        #3  0x2830aa95 in getpwuid_r (uid=135115440, pwd=0x28369580,
            buffer=0x80db2b0 <Error reading address 0x80db2b0: Bad address>, bufsize=135115440, result=0xbfbfee28)
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:332
        #4  0x2830ac9b in wrap_getpwuid_r (key=
              {name = 0x80db2b0 <Error reading address 0x80db2b0: Bad address>, uid = 135115440}, pwd=0x80db2b0,
            buffer=0x80db2b0 <Error reading address 0x80db2b0: Bad address>, bufsize=135115440, res=0x80db2b0)
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:406
        #5  0x2830ab9b in getpw (fn=0x2830ac60 <wrap_getpwuid_r>, key={name = 0xbfbfee28 "", uid = 3217026600})
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:377
        #6  0x2830ad49 in getpwuid (uid=135115440) at /private/freebsd-src/src/lib/libc/gen/getpwent.c:434
        #7  0x2812df7f in tilde_expand_filename (filename=0x8068d41 "/.ssh/known_hosts", my_uid=135115440)
            at /private/freebsd-src/src/crypto/openssh/tildexpand.c:48
        #8  0x08056be6 in check_key_in_hostfiles (pw=0x8079400, key=0x8089100,
            host=0x808c160 "waterspout.cise.ufl.edu",
            sysfile=0x80db2b0 <Error reading address 0x80db2b0: Bad address>, userfile=0x8068d40 "~/.ssh/known_hosts")
            at /private/freebsd-src/src/crypto/openssh/auth.c:389
        #9  0x080620df in hostbased_key_allowed (pw=0x8079400, cuser=0x80890e0 "jfh",
            chost=0x808c1c0 "waterspout.cise.ufl.edu", key=0x8089100)
            at /private/freebsd-src/src/crypto/openssh/auth2-hostbased.c:164
        #10 0x0805f410 in mm_answer_keyallowed (socket=135115440, m=0xbfbff070)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:909
        #11 0x0805e51a in monitor_read (pmonitor=0x8075580, ent=0x8070344, pent=0xbfbff0bc)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:388
        #12 0x0805e208 in monitor_child_preauth (pmonitor=0x8075580)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:301
        #13 0x0804ed1f in privsep_preauth () at /private/freebsd-src/src/crypto/openssh/sshd.c:605
        #14 0x0805087a in main (ac=47968, av=0x807a7b0) at /private/freebsd-src/src/crypto/openssh/sshd.c:1523
        #15 0x0804e1a2 in _start (ap=0xbfbffb00 "/usr/sbin/sshd")
            at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104
        
    If I switch to 

        passwd: nis files
    
    in /etc/nsswitch.conf, the following happen:

        - /etc/netgroup with netgroup info : login without password
 	  (Hostbased)
        - /etc/netgroup non-existent, 
	  empty, or containing '+'         : login with password

Let me know if I can do any further testing/debugging on my end.

----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh_at_cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
                          About politics:
                     Don't worry about results
                   It's the thought that counts
Received on Tue Aug 12 2003 - 06:21:26 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:18 UTC