From owner-freebsd-current Mon Jul 31 5:23:58 2000 Delivered-To: freebsd-current@freebsd.org Received: from mout1.freenet.de (mout1.freenet.de [194.97.50.132]) by hub.freebsd.org (Postfix) with ESMTP id ABB6637B620 for ; Mon, 31 Jul 2000 05:23:51 -0700 (PDT) (envelope-from netchild@leidinger.net) Received: from [194.97.50.144] (helo=mx1.freenet.de) by mout1.freenet.de with esmtp (Exim 3.16 #1) id 13JEbk-0003C0-00; Mon, 31 Jul 2000 14:23:48 +0200 Received: from a2b62.pppool.de ([213.6.43.98] helo=Magelan.Leidinger.net) by mx1.freenet.de with esmtp (Exim 3.16 #1) id 13JEbi-0000uO-00; Mon, 31 Jul 2000 14:23:47 +0200 Received: from Leidinger.net (netchild@localhost [127.0.0.1]) by Magelan.Leidinger.net (8.9.3/8.9.3) with ESMTP id OAA39940; Mon, 31 Jul 2000 14:23:08 +0200 (CEST) (envelope-from netchild@Leidinger.net) Message-Id: <200007311223.OAA39940@Magelan.Leidinger.net> Date: Mon, 31 Jul 2000 14:23:07 +0200 (CEST) From: Alexander Leidinger Subject: Re: phkmalloc & pam_ssh & xdm To: dcs@newsguy.com Cc: current@FreeBSD.ORG In-Reply-To: <3984DAC1.4ACBF964@newsguy.com> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 31 Jul, Daniel C. Sobral wrote: >> pam_ssh isn't able to start ssh-agent if you use >> ---snip--- >> xdm session sufficient pam_ssh.so >> ---snip--- >> in /etc/pam.conf. With "malloc.conf -> aj" it seems to work. >> >> grep pam /var/log/messages: >> ---snip--- >> Jul 30 00:54:04 Magelan -:0: unable to resolve symbol: pam_sm_chauthtok >> Jul 30 00:54:05 Magelan -:0: pam_ssh: could not connect to agent >> ---snip--- >> >> Is someone else able to reproduce this? > > If that's the case, you have a bug. Not one easy to trace, though... :-( I assume it's uninitialized memory, it didn't happen with "ln -sf AJZ /etc/malloc.conf". This reduces it to code after *alloc calls... or it's an unterminated string. Ok, I give it a try... It seems it isn't really something with PAM, /usr/src/crypto/openssh/pam_ssh/pam_ssh.c: ---snip--- if (!(ac = ssh_get_authentication_connection())) { syslog(LOG_ERR, "%s: could not connect to agent", MODULE_NAME); env_destroy(ssh_env); return PAM_SESSION_ERR; ---snip--- and /usr/src/crypto/openssh/authfd.c: ---snip--- int ssh_get_authentication_socket() { const char *authsocket; int sock; struct sockaddr_un sunaddr; [...] sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); [...] if (connect(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { [...] ---snip--- and /usr/include/sys/un.h: ---snip--- struct sockaddr_un { u_char sun_len; /* sockaddr len including null */ u_char sun_family; /* AF_UNIX */ char sun_path[104]; /* path name (gag) */ }; ---snip--- sunaddr.sun_len isn't set. If I understand the APUE, it should be: ---snip--- Index: authfd.c =================================================================== RCS file: /big/FreeBSD-CVS/src/crypto/openssh/authfd.c,v retrieving revision 1.4 diff -u -r1.4 authfd.c --- authfd.c 2000/07/16 05:52:23 1.4 +++ authfd.c 2000/07/31 12:03:52 @@ -33,7 +33,7 @@ ssh_get_authentication_socket() { const char *authsocket; - int sock; + int sock, len; struct sockaddr_un sunaddr; authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); @@ -42,6 +42,7 @@ sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); + sunaddr.sun_len = len = SUN_LEN(&sunaddr)+1; sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) @@ -52,7 +53,7 @@ close(sock); return -1; } - if (connect(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { + if (connect(sock, (struct sockaddr *) & sunaddr, len) < 0) { close(sock); return -1; } ---snip--- I rebuilded libssh.a and pam_ssh.so with this patch and I didn't get the error anymore. I haven't rebuilded the world or anything openssh related, but I think this should work (and because of the readability of pam_ssh.c and authfd.c it was easy to trace only by looking at the source... it seems using FreeBSD is the "Right Thing[TM]" :) ). BTW.: the "pam_sm_chauthok" error isn't "xdm session" related, it's because of "xdm account" or "xdm password" (it's not implemented in pam_ssh). Bye, Alexander. -- Loose bits sink chips. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = 7423 F3E6 3A7E B334 A9CC B10A 1F5F 130A A638 6E7E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message