From jfh@myrtle.cise.ufl.edu  Mon Aug 25 11:15:50 2003
Return-Path: <jfh@myrtle.cise.ufl.edu>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2C61B16A4BF
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 25 Aug 2003 11:15:50 -0700 (PDT)
Received: from myrtle.cise.ufl.edu (myrtle.cise.ufl.edu [128.227.205.228])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0794F43FE1
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 25 Aug 2003 11:15:49 -0700 (PDT)
	(envelope-from jfh@myrtle.cise.ufl.edu)
Received: from myrtle.cise.ufl.edu (localhost [127.0.0.1])
	by myrtle.cise.ufl.edu (8.12.9/8.12.9) with ESMTP id h7PIFmQ6092714
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 25 Aug 2003 14:15:48 -0400 (EDT)
	(envelope-from jfh@myrtle.cise.ufl.edu)
Received: (from jfh@localhost)
	by myrtle.cise.ufl.edu (8.12.9/8.12.9/Submit) id h7PIFmj2092713;
	Mon, 25 Aug 2003 14:15:48 -0400 (EDT)
Message-Id: <200308251815.h7PIFmj2092713@myrtle.cise.ufl.edu>
Date: Mon, 25 Aug 2003 14:15:48 -0400 (EDT)
From: "James F. Hranicky" <jfh@myrtle.cise.ufl.edu>
Reply-To: "James F. Hranicky" <jfh@myrtle.cise.ufl.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: sshd: problems with HostBasedAuthentication and NSS compat mode
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         55965
>Category:       bin
>Synopsis:       sshd(8) problems with HostBasedAuthentication and NSS compat mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 25 11:20:19 PDT 2003
>Closed-Date:    Fri Nov 02 20:42:58 UTC 2012
>Last-Modified:  Fri Nov 02 20:42:58 UTC 2012
>Originator:     James F. Hranicky
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
>Environment:
System: FreeBSD myrtle 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Mon Aug 11 17:15:47 EDT 2003 root@myrtle:/private/freebsd-src/obj/private/freebsd-src/src/sys/CISEKERN i386


	
>Description:
    When using HostBasedAuthentication with sshd NIS does not appear 
    to be consulted, however, when using NSS compat mode, sshd either
    hangs or coredumps, depending on the existence of /etc/netgroup.

    When /etc/netgroup is non-existent, empty, or containing a
    '+', sshd hangs forever, and the client ssh is never prompted for a 
    password. Debug info follows:

        debug1: PAM: initializing for "jfh"
        debug1: PAM: setting PAM_RHOST to "waterspout.cise.ufl.edu"
        debug2: input_userauth_request: try method none
        Failed none for jfh from 128.227.205.52 port 64421 ssh2
        debug1: userauth-request for user jfh service ssh-connection method hostbased
        debug1: attempt 1 failures 1
        debug2: input_userauth_request: try method hostbased
        debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen 55
        debug2: userauth_hostbased: chost waterspout.cise.ufl.edu. resolvedname waterspout.cise.ufl.edu ipaddr 128.2\
        27.205.52
        debug2: stripping trailing dot from chost waterspout.cise.ufl.edu.
        debug2: auth_rhosts2: clientuser jfh hostname waterspout.cise.ufl.edu ipaddr 128.227.205.52
        debug2: userauth_hostbased: authenticated 0
        Failed hostbased for jfh from 128.227.205.52 port 64421 ssh2
        debug1: userauth-request for user jfh service ssh-connection method hostbased
        debug1: attempt 2 failures 2
        debug2: input_userauth_request: try method hostbased
        debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-rsa slen 143
        debug2: userauth_hostbased: chost waterspout.cise.ufl.edu. resolvedname waterspout.cise.ufl.edu ipaddr 128.2\
        27.205.52
        debug2: stripping trailing dot from chost waterspout.cise.ufl.edu.
        debug2: auth_rhosts2: clientuser jfh hostname waterspout.cise.ufl.edu ipaddr 128.227.205.52
        debug2: userauth_hostbased: authenticated 0
        Failed hostbased for jfh from 128.227.205.52 port 64421 ssh2
        debug1: userauth-request for user jfh service ssh-connection method keyboard-interactive
        debug1: attempt 3 failures 3
        debug2: input_userauth_request: try method keyboard-interactive
        debug1: keyboard-interactive devs
        debug1: auth2_challenge: user=jfh devs=
        debug1: kbdint_alloc: devices 'pam'
        debug2: auth2_challenge_start: devices pam
        debug2: kbdint_next_device: devices <empty>
        debug1: auth2_challenge_start: trying authentication method 'pam'
        debug3: ssh_msg_recv entering
        
        Program received signal SIGINT, Interrupt.
        0x282e987f in read () at {standard input}:15
        15      {standard input}: No such file or directory.
                in {standard input}
        Current language:  auto; currently asm
        (gdb) where
        #0  0x282e987f in read () at {standard input}:15
        #1  0x281409ab in atomicio (f=0x8, fd=-1077940256, _s=0x1, n=0)
            at /private/freebsd-src/src/crypto/openssh/atomicio.c:45
        #2  0x281286a9 in ssh_msg_recv (fd=8, m=0xbfbfefe0) at /private/freebsd-src/src/crypto/openssh/msg.c:58
        #3  0x08062bb5 in pam_query (ctx=0x807a920, name=0x1f, info=0x1f, num=0x807a91c, prompts=0xbfbff038,
            echo_on=0xbfbff03c) at /private/freebsd-src/src/crypto/openssh/auth2-pam-freebsd.c:397
        #4  0x0805cc4d in send_userauth_info_request (authctxt=0x3)
            at /private/freebsd-src/src/crypto/openssh/auth2-chall.c:224
        #5  0x0805cbc6 in auth2_challenge_start (authctxt=0x8079200)
            at /private/freebsd-src/src/crypto/openssh/auth2-chall.c:204
        #6  0x0805caf8 in auth2_challenge (authctxt=0x807a910, devs=0x8079200 "")
            at /private/freebsd-src/src/crypto/openssh/auth2-chall.c:169
        #7  0x080621cd in userauth_kbdint (authctxt=0x3)
            at /private/freebsd-src/src/crypto/openssh/auth2-kbdint.c:51
        #8  0x0805802c in input_userauth_request (type=50, seq=8, ctxt=0x8079200)
            at /private/freebsd-src/src/crypto/openssh/auth2.c:219
        #9  0x2813191a in dispatch_run (mode=0, done=0x8079200, ctxt=0x8079200)
            at /private/freebsd-src/src/crypto/openssh/dispatch.c:93
        #10 0x08057b52 in do_authentication2 () at /private/freebsd-src/src/crypto/openssh/auth2.c:97
        #11 0x08050893 in main (ac=64421, av=0x807a6a0) at /private/freebsd-src/src/crypto/openssh/sshd.c:1530
        #12 0x0804e1a2 in _start (ap=0xbfbffb54 "/usr/sbin/sshd")
            at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104
        (gdb) 

    When /etc/netgroup contains valid data (i.e., "ypcat -k netgroup > /etc/netgroup"),
    sshd coredumps. Debug info follows:

        debug1: KEX done
        debug1: userauth-request for user jfh service ssh-connection method none
        debug1: attempt 0 failures 0
        debug1: PAM: initializing for "jfh"
        debug1: PAM: setting PAM_RHOST to "waterspout.cise.ufl.edu"
        Failed none for jfh from 128.227.205.52 port 47968 ssh2
        Failed none for jfh from 128.227.205.52 port 47968 ssh2
        debug1: userauth-request for user jfh service ssh-connection method hostbased
        debug1: attempt 1 failures 1
        debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen 55
        
        Program received signal SIGSEGV, Segmentation fault.
        0x2830d7d7 in getnetgrent (hostp=0x80db2b0, userp=0x80db2b0, domp=0x80db2b0)
            at /private/freebsd-src/src/lib/libc/gen/getnetgrent.c:231
        (gdb) where
        #0  0x2830d7d7 in getnetgrent (hostp=0x80db2b0, userp=0x80db2b0, domp=0x80db2b0)
            at /private/freebsd-src/src/lib/libc/gen/getnetgrent.c:231
        #1  0x2830cfdd in compat_passwd (retval=0xbfbfee28, mdata=0x2, ap=0x4 <Error reading address 0x4: Bad address>)
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:1531
        #2  0x2833091b in _nsdispatch (retval=0xbfbfee28, disp_tab=0x28362020, database=0x2835bd87 "passwd",
            method_name=0x2835bdad "getpwuid_r", defaults=0x28361ec0)
            at /private/freebsd-src/src/lib/libc/net/nsdispatch.c:601
        #3  0x2830aa95 in getpwuid_r (uid=135115440, pwd=0x28369580,
            buffer=0x80db2b0 <Error reading address 0x80db2b0: Bad address>, bufsize=135115440, result=0xbfbfee28)
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:332
        #4  0x2830ac9b in wrap_getpwuid_r (key=
              {name = 0x80db2b0 <Error reading address 0x80db2b0: Bad address>, uid = 135115440}, pwd=0x80db2b0,
            buffer=0x80db2b0 <Error reading address 0x80db2b0: Bad address>, bufsize=135115440, res=0x80db2b0)
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:406
        #5  0x2830ab9b in getpw (fn=0x2830ac60 <wrap_getpwuid_r>, key={name = 0xbfbfee28 "", uid = 3217026600})
            at /private/freebsd-src/src/lib/libc/gen/getpwent.c:377
        #6  0x2830ad49 in getpwuid (uid=135115440) at /private/freebsd-src/src/lib/libc/gen/getpwent.c:434
        #7  0x2812df7f in tilde_expand_filename (filename=0x8068d41 "/.ssh/known_hosts", my_uid=135115440)
            at /private/freebsd-src/src/crypto/openssh/tildexpand.c:48
        #8  0x08056be6 in check_key_in_hostfiles (pw=0x8079400, key=0x8089100,
            host=0x808c160 "waterspout.cise.ufl.edu",
            sysfile=0x80db2b0 <Error reading address 0x80db2b0: Bad address>, userfile=0x8068d40 "~/.ssh/known_hosts")
            at /private/freebsd-src/src/crypto/openssh/auth.c:389
        #9  0x080620df in hostbased_key_allowed (pw=0x8079400, cuser=0x80890e0 "jfh",
            chost=0x808c1c0 "waterspout.cise.ufl.edu", key=0x8089100)
            at /private/freebsd-src/src/crypto/openssh/auth2-hostbased.c:164
        #10 0x0805f410 in mm_answer_keyallowed (socket=135115440, m=0xbfbff070)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:909
        #11 0x0805e51a in monitor_read (pmonitor=0x8075580, ent=0x8070344, pent=0xbfbff0bc)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:388
        #12 0x0805e208 in monitor_child_preauth (pmonitor=0x8075580)
            at /private/freebsd-src/src/crypto/openssh/monitor.c:301
        #13 0x0804ed1f in privsep_preauth () at /private/freebsd-src/src/crypto/openssh/sshd.c:605
        #14 0x0805087a in main (ac=47968, av=0x807a7b0) at /private/freebsd-src/src/crypto/openssh/sshd.c:1523
        #15 0x0804e1a2 in _start (ap=0xbfbffb00 "/usr/sbin/sshd")
            at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104

    I have the trusted netgroup in /etc/hosts.equiv.

    I have the following in /etc/nsswitch.conf:

        passwd:         compat
        group:          compat


>How-To-Repeat:
	
>Fix:

	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Mon Aug 25 11:34:08 PDT 2003 
Responsible-Changed-Why:  
Reassign misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55965 
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Mon Jun 11 17:49:17 UTC 2007 
State-Changed-Why:  

To submitter: Do you know if this is still an issue on a more 
recent version of FreeBSD?   


http://www.freebsd.org/cgi/query-pr.cgi?pr=55965 
State-Changed-From-To: feedback->suspended 
State-Changed-By: linimon 
State-Changed-When: Fri Jun 15 11:24:13 UTC 2007 
State-Changed-Why:  
Submitter's email address bounces.  OTOH, there may be enough information 
here to be able to reproduce the problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55965 
State-Changed-From-To: suspended->closed 
State-Changed-By: eadler 
State-Changed-When: Fri Nov 2 20:42:57 UTC 2012 
State-Changed-Why:  
sshd has been updated many times since then 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55965 
>Unformatted:
