From owner-freebsd-current@FreeBSD.ORG Sun Jan 31 11:55:01 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F1961065670 for ; Sun, 31 Jan 2010 11:55:01 +0000 (UTC) (envelope-from bulinskp@iem.pw.edu.pl) Received: from volt.iem.pw.edu.pl (volt.iem.pw.edu.pl [194.29.146.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6C1748FC21 for ; Sun, 31 Jan 2010 11:55:00 +0000 (UTC) Received: from [192.168.150.8] (aapl125.neoplus.adsl.tpnet.pl [83.5.145.125]) (Authenticated sender: bulinskp) by volt.iem.pw.edu.pl (Postfix) with ESMTPSA id EC05BA6664A; Sun, 31 Jan 2010 12:37:19 +0100 (CET) From: =?utf-8?Q?Piotr_Buli=C5=84ski?= Content-Type: multipart/signed; boundary=Apple-Mail-6-1015314247; protocol="application/pkcs7-signature"; micalg=sha1 Date: Sun, 31 Jan 2010 12:37:19 +0100 To: freebsd-current@freebsd.org Message-Id: <4D59045B-6B03-440C-BCCC-C9C171621475@iem.pw.edu.pl> Mime-Version: 1.0 (Apple Message framework v1077) X-Mailer: Apple Mail (2.1077) X-Virus-Scanned: clamav-milter devel-20100125-exp at volt.iem.pw.edu.pl X-Virus-Status: Clean X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Problem with sftp server, static linking, pam and nss_ldap. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 11:55:01 -0000 --Apple-Mail-6-1015314247 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hello, recently we moved our users database to LDAP server, but after that sftp = stops=20 working on our students server.=20 We use: - OpenLDAP 2.4.21 - nss_ldap-1.265_3 - pam_ldap-1.8.5 - FreeBSD 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Mon Jan 25 18:52:41 CET = 2010 amd64 When I use sftp, it drops the connection: {volt}-{~}% sftp localhost Connecting to localhost... Connection closed {volt}-{~}%=20 After short investigation, I've found that problem is in=20 /usr/libexec/sftp-server program (which is our default subsystem in = sshd): {volt}-{~}% /usr/libexec/sftp-server=20 No user found for uid 5567 {volt}-{~}%=20 what was quite weird, because sshd works perfectly with users from LDAP = server=20 (so I assume that PAM is configured correctly). After that, I've tried to make a simple test with program below: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D #include #include #include #include #include int main(int argc, char **argv) { struct passwd *user_pw; user_pw =3D getpwuid(getuid()); if ((user_pw =3D getpwuid(getuid())) =3D=3D NULL) { fprintf(stderr, "No user found for uid %lu\n", (u_long)getuid()); return 1; } else { fprintf(stderr, "It works %s!\nYour uid is: %lu\n", user_pw->pw_name, (u_long)getuid()); } return 0; } =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D which is almost copy-pasted from = /usr/src/crypto/openssh/sftp-server-main.c I've build it twice. Once with dynamic linking: {volt}-{~}% cc -o test test.c =20 {volt}-{~}% ./test It works bulinskp! Your uid is: 5567 {volt}-{~}%=20 another one with static linking: {volt}-{~}% cc -o test -static test.c {volt}-{~}% ./test =20 No user found for uid 5567 {volt}-{~}%=20 As you can see, it works great with dynamic linking, but if it's build = with=20 static linking it can't get user information from LDAP database. During the upgrade to OpenSSH 5.3p1 = /head/secure/libexec/sftp-server/Makefile file changed a little bit: revision 181111, Fri Aug 1 02:48:36 2008 UTC ---> revision 197679, Thu = Oct 1 17:12:52 2009 UTC LDADD=3D -lssh -lcrypt -lcrypto -lz ---> LDADD=3D -lcrypt = -lcrypto -lz -static -lssh So I've tried to build sftp-server without -static switch, but it result = in failure like below: {volt}-{/usr/src/secure/libexec/sftp-server}% sudo make Warning: Object directory not changed from original = /usr/src/secure/libexec/sftp-server cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c = /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server.c cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c = /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-common.c cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c = /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server-ma= in.c cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -o sftp-server = sftp-server.o sftp-common.o sftp-server-main.o -lssh -lcrypt -lcrypto = -lz /usr/lib/libssh.so: undefined reference to `ssh_add_recv_bytes' /usr/lib/libssh.so: undefined reference to `ssh_roaming_write' /usr/lib/libssh.so: undefined reference to `ssh_roaming_read' *** Error code 1 Stop in /usr/src/secure/libexec/sftp-server. {volt}-{/usr/src/secure/libexec/sftp-server}%=20 Do you have any idea how to make it works? regards --=20 Piotr Buli=C5=84ski Informatyka na Wydziale Elektrycznym Politechnika Warszawska= --Apple-Mail-6-1015314247--