From owner-freebsd-ports  Tue Nov 24 00:39:24 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA23166
          for freebsd-ports-outgoing; Tue, 24 Nov 1998 00:39:24 -0800 (PST)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA23159
          for <freebsd-ports@FreeBSD.org>; Tue, 24 Nov 1998 00:39:23 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id AAA28184;
	Tue, 24 Nov 1998 00:40:01 -0800 (PST)
Received: from spa.kuis.kyoto-u.ac.jp (lab4imgw.kuis.kyoto-u.ac.jp [130.54.23.230])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA22604
          for <freebsd-gnats-submit@freebsd.org>; Tue, 24 Nov 1998 00:30:45 -0800 (PST)
          (envelope-from shige@kuis.kyoto-u.ac.jp)
Received: from awara.kuis.kyoto-u.ac.jp (awara.kuis.kyoto-u.ac.jp [130.54.22.170])
	by spa.kuis.kyoto-u.ac.jp (8.8.8/3.6Wspa) with ESMTP id RAA21384;
	Tue, 24 Nov 1998 17:27:51 +0900 (JST)
Received: (from shige@localhost) by awara.kuis.kyoto-u.ac.jp (8.9.1/3.4W4-lab4kuis) id RAA00670; Tue, 24 Nov 1998 17:30:39 +0900 (JST)
Message-Id: <199811240830.RAA00670@awara.kuis.kyoto-u.ac.jp>
Date: Tue, 24 Nov 1998 17:30:39 +0900 (JST)
From: shige@kuis.kyoto-u.ac.jp
Reply-To: shige@kuis.kyoto-u.ac.jp
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc: shige@kuis.kyoto-u.ac.jp
X-Send-Pr-Version: 3.2
Subject: ports/8829: Update port: security/ssh
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         8829
>Category:       ports
>Synopsis:       Fix port: security/ssh
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 24 00:40:00 PST 1998
>Last-Modified:
>Originator:     Shigeyuki FUKUSHIMA
>Organization:
Dept. of Information Science, Kyoto Univ., JAPAN
>Release:        FreeBSD 3.0-RELEASE i386
>Environment:

	FreeBSD 3.0-RELEASE i386
	FreeBSD 2.2.7-RELEASE i386

>Description:

Fix port: security/ssh

Problem: Can't lookup an entry in the netgroup(NIS). (innetgr bug?)

If innetgr function in auth-rhosts.c is called with the condition 
that `const char *domain' == NULL, we fail to look up an entry in
a NIS netgroup. 

This fix is that before calling innetgr function we set non-NULL to
domain when we can `getdomainname'.


Note that:

My environment is as follows:
  NIS server's OS:  Solaris 2.5.1 (any?!)
  sshd(serverhost): FreeBSD 2.2.7-RELEASE or 3.0-RELEASE
  ssh (clienthost): any

serverhost's /etc/hosts.equiv is as follows:

localhost
+@myhosts

And serverhost's /usr/local/etc/ssh_known_hosts includes clienthost's
ssh public key.

I can rlogin server host from client host without inputting password.
But I cannot slogin server host from client host without inputting 
password/passphrase because RSAauthentication is failed.

After, I changed serverhost's /etc/hosts.equiv as follows:

localhost
clienthost

I can rlogin and slogin server host from client host without inputting 
password.

Hence, I think that serverhost sshd fails to look up 'clienthost'
entry in 'myhosts' NIS netgroup.

# Of course, ypwhich, ypcat, ypmatch works correctly.

# By the way... In 'rlogind' source, after dommainname is set, innetgr
# function is called with the condition that its `const char *domain'
# argument is domainname.

Thank you.
--- shige

>How-To-Repeat:

This is test program.
 $ gcc -o test test.c
 $ ./test foogroup entry

If `entry' exists in NIS netgroup `foogroup', it prints "result = 1".
Otherwise "result = 0".

But, on FreeBSD, even if `entry' exists in NIS netgroup `foogroup',
it prints "result = 0".

--- test.c -------------------------------------------------------------------
#include <stdio.h>

int main(int argc, char **argv)
{
  int result;

  if (argc == 3) {
    result = innetgr(argv[1], argv[2], NULL, NULL);
    fprintf(stderr, "result = %d\n", result);
  }

  return 0;
}
------------------------------------------------------------------------------

>Fix:

diff -urN ssh.orig/patches/patch-aw ssh/patches/patch-aw
--- ssh.orig/patches/patch-aw	Thu Jan  1 09:00:00 1970
+++ ssh/patches/patch-aw	Tue Nov 24 16:27:44 1998
@@ -0,0 +1,43 @@
+--- auth-rhosts.c.orig	Thu Jul  9 01:40:35 1998
++++ auth-rhosts.c	Tue Nov 24 16:25:15 1998
+@@ -130,6 +130,7 @@
+ {
+   UserFile uf;
+   char buf[1024]; /* Must not be larger than host, user, dummy below. */
++  char *domainname;
+   
+   /* Open the .rhosts file. */
+   uf = userfile_open(uid, filename, O_RDONLY, 0);
+@@ -226,11 +227,14 @@
+ 	  
+ #ifdef HAVE_INNETGR
+ 
++      domainname = (char *)malloc(sizeof(char) * MAXHOSTNAMELEN);
++      if (getdomainname(domainname, sizeof(domainname)))
++        domainname = NULL;
+       /* Verify that host name matches. */
+       if (host[0] == '@')
+ 	{
+-	  if (!innetgr(host + 1, (char *)hostname, NULL, NULL) &&
+-	      !innetgr(host + 1, (char *)ipaddr, NULL, NULL))
++	  if (!innetgr(host + 1, (char *)hostname, NULL, domainname) &&
++	      !innetgr(host + 1, (char *)ipaddr, NULL, domainname))
+ 	    continue;
+ 	}
+       else
+@@ -240,12 +244,14 @@
+       /* Verify that user name matches. */
+       if (user[0] == '@')
+ 	{
+-	  if (!innetgr(user + 1, NULL, (char *)client_user, NULL))
++	  if (!innetgr(user + 1, NULL, (char *)client_user, domainname))
+ 	    continue;
+ 	}
+       else
+ 	if (strcmp(user, client_user) != 0)
+ 	  continue; /* Different username. */
++
++      free(domainname);
+ 
+ #else /* HAVE_INNETGR */
+ 
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message