Hello, recently we moved our users database to LDAP server, but after that sftp stops working on our students server. We use: - OpenLDAP 2.4.21 - nss_ldap-1.265_3 - pam_ldap-1.8.5 - FreeBSD 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Mon Jan 25 18:52:41 CET 2010 amd64 When I use sftp, it drops the connection: {volt}-{~}% sftp localhost Connecting to localhost... Connection closed {volt}-{~}% After short investigation, I've found that problem is in /usr/libexec/sftp-server program (which is our default subsystem in sshd): {volt}-{~}% /usr/libexec/sftp-server No user found for uid 5567 {volt}-{~}% what was quite weird, because sshd works perfectly with users from LDAP server (so I assume that PAM is configured correctly). After that, I've tried to make a simple test with program below: ======================= #include <sys/types.h> #include <pwd.h> #include <stdarg.h> #include <stdio.h> #include <unistd.h> int main(int argc, char **argv) { struct passwd *user_pw; user_pw = getpwuid(getuid()); if ((user_pw = getpwuid(getuid())) == NULL) { fprintf(stderr, "No user found for uid %lu\n", (u_long)getuid()); return 1; } else { fprintf(stderr, "It works %s!\nYour uid is: %lu\n", user_pw->pw_name, (u_long)getuid()); } return 0; } ======================= which is almost copy-pasted from /usr/src/crypto/openssh/sftp-server-main.c I've build it twice. Once with dynamic linking: {volt}-{~}% cc -o test test.c {volt}-{~}% ./test It works bulinskp! Your uid is: 5567 {volt}-{~}% another one with static linking: {volt}-{~}% cc -o test -static test.c {volt}-{~}% ./test No user found for uid 5567 {volt}-{~}% As you can see, it works great with dynamic linking, but if it's build with static linking it can't get user information from LDAP database. During the upgrade to OpenSSH 5.3p1 /head/secure/libexec/sftp-server/Makefile file changed a little bit: revision 181111, Fri Aug 1 02:48:36 2008 UTC ---> revision 197679, Thu Oct 1 17:12:52 2009 UTC LDADD= -lssh -lcrypt -lcrypto -lz ---> LDADD= -lcrypt -lcrypto -lz -static -lssh So I've tried to build sftp-server without -static switch, but it result in failure like below: {volt}-{/usr/src/secure/libexec/sftp-server}% sudo make Warning: Object directory not changed from original /usr/src/secure/libexec/sftp-server cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server.c cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-common.c cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server-main.c cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -o sftp-server sftp-server.o sftp-common.o sftp-server-main.o -lssh -lcrypt -lcrypto -lz /usr/lib/libssh.so: undefined reference to `ssh_add_recv_bytes' /usr/lib/libssh.so: undefined reference to `ssh_roaming_write' /usr/lib/libssh.so: undefined reference to `ssh_roaming_read' *** Error code 1 Stop in /usr/src/secure/libexec/sftp-server. {volt}-{/usr/src/secure/libexec/sftp-server}% Do you have any idea how to make it works? regards -- Piotr Buliński Informatyka na Wydziale Elektrycznym Politechnika WarszawskaReceived on Sun Jan 31 2010 - 10:55:01 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:00 UTC