Date: Sun, 13 Nov 2016 11:29:10 +0100 (CET) From: Ronny Forberger <ronnyforberger@ronnyforberger.de> To: Alan Hicks <ahicks@p-o.co.uk>, Alan Hicks via freebsd-security <freebsd-security@freebsd.org> Subject: Re: I have no name prompt and no passwords recognized Message-ID: <1398329212.417534.1479032950521.JavaMail.open-xchange@app03.ox.hosteurope.de> In-Reply-To: <0ebb4aa6-58bd-4420-42fb-ba8bc2383243@p-o.co.uk> References: <585949692.395252.1478970441730.JavaMail.open-xchange@app04.ox.hosteurope.de> <0ebb4aa6-58bd-4420-42fb-ba8bc2383243@p-o.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > Alan Hicks via freebsd-security <freebsd-security@freebsd.org> hat am 13. > November 2016 um 10:37 geschrieben: > > > > On 12/11/2016 17:07, Ronny Forberger wrote: > > Hi, > > I am using SSSD and FreeBSD to authenticate against samba4. > > I used this howto setting all up: > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd > > > > But when I want to logon using password, i.e. via dovecot I get wrong > > password. > > Neigher can I use sudo typing the correct samba4 password. > > > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I chowned > > & > > chgrped to the samba user and group only show IDs as owner. > This means the system does not know who you are. What authentication > system are you using? For example using net/nss-pam-ldap here gives the > same error when ldap goes away or upgrading ports. Restarting the > authentication service restores access here. I am using sssd but restarting sssd didn't help. Any other ideas? > > > > > Any ideas how to solve this? Can this maybe be a permission problem with > > some > > file for sssd / NSS which an unprivileged user cannot read? > > > > Best regards, > > Ronny Forberger > > ___________________________________ > > Ronny Forberger > > ronnyforberger at ronnyforberger.de > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > > Regards, > Alan > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > Best regards, Ronny ___________________________________ Ronny Forberger ronnyforberger at ronnyforberger.de PGP: http://www.ronnyforberger.de/pgp/email-encryption.html From owner-freebsd-security@freebsd.org Sun Nov 13 16:05:00 2016 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E370BC3FB72 for <freebsd-security@mailman.ysv.freebsd.org>; Sun, 13 Nov 2016 16:05:00 +0000 (UTC) (envelope-from ronnyforberger@ronnyforberger.de) Received: from wp112.webpack.hosteurope.de (wp112.webpack.hosteurope.de [80.237.132.119]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A726013DC for <freebsd-security@freebsd.org>; Sun, 13 Nov 2016 16:05:00 +0000 (UTC) (envelope-from ronnyforberger@ronnyforberger.de) Received: from app03.ox.hosteurope.de ([92.51.170.10]); authenticated by wp112.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) id 1c5xH7-0005Jm-2z; Sun, 13 Nov 2016 17:04:57 +0100 Date: Sun, 13 Nov 2016 17:04:57 +0100 (CET) From: Ronny Forberger <ronnyforberger@ronnyforberger.de> Reply-To: Ronny Forberger <ronnyforberger@ronnyforberger.de> To: Alan Hicks <ahicks@p-o.co.uk>, Alan Hicks via freebsd-security <freebsd-security@freebsd.org> Message-ID: <1803625585.420825.1479053097091.JavaMail.open-xchange@app03.ox.hosteurope.de> In-Reply-To: <1398329212.417534.1479032950521.JavaMail.open-xchange@app03.ox.hosteurope.de> References: <585949692.395252.1478970441730.JavaMail.open-xchange@app04.ox.hosteurope.de> <0ebb4aa6-58bd-4420-42fb-ba8bc2383243@p-o.co.uk> <1398329212.417534.1479032950521.JavaMail.open-xchange@app03.ox.hosteurope.de> Subject: Re: I have no name prompt and no passwords recognized MIME-Version: 1.0 X-Priority: 3 Importance: Medium X-Mailer: Open-Xchange Mailer v7.6.2-Rev61 X-Originating-Client: com.openexchange.ox.gui.dhtml X-bounce-key: webpack.hosteurope.de; ronnyforberger@ronnyforberger.de; 1479053100; ef3cf6b1; Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>; List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 13 Nov 2016 16:05:01 -0000 > Ronny Forberger <ronnyforberger@ronnyforberger.de> hat am 13. November 2016 um > 11:29 geschrieben: > > Hi, > > > Alan Hicks via freebsd-security <freebsd-security@freebsd.org> hat am 13. > > November 2016 um 10:37 geschrieben: > > > > > > > > On 12/11/2016 17:07, Ronny Forberger wrote: > > > Hi, > > > I am using SSSD and FreeBSD to authenticate against samba4. > > > I used this howto setting all up: > > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd > > > > > > But when I want to logon using password, i.e. via dovecot I get wrong > > > password. > > > Neigher can I use sudo typing the correct samba4 password. > > > > > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I > > > chowned & > > > chgrped to the samba user and group only show IDs as owner. > > This means the system does not know who you are. What authentication > > system are you using? For example using net/nss-pam-ldap here gives the > > same error when ldap goes away or upgrading ports. Restarting the > > authentication service restores access here. > > I am using sssd but restarting sssd didn't help. Any other ideas? > I found out, that /var/run/sss needed mode 0755. But I still can't use passwords. My /etc/pam.d/system looks like: # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_sss.so auth required pam_unix.so no_warn try_first_pass nullok # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so account required /usr/local/lib/pam_sss.so ignore_unknown_user # session #session optional pam_ssh.so want_agent session required pam_lastlog.so no_fail session optional /usr/local/lib/pam_sss.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_sss.so use_authtok password required pam_unix.so no_warn try_first_pass What am I doing wrong? Best regards, Ronny > > > > > > > > Any ideas how to solve this? Can this maybe be a permission problem with > > > some > > > file for sssd / NSS which an unprivileged user cannot read? > > > > > > Best regards, > > > Ronny Forberger > > > ___________________________________ > > > Ronny Forberger > > > ronnyforberger at ronnyforberger.de > > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > > > _______________________________________________ > > > freebsd-security@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > To unsubscribe, send any mail to > > > "freebsd-security-unsubscribe@freebsd.org" > > > > > > > Regards, > > Alan > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > Best regards, > Ronny > ___________________________________ > Ronny Forberger > ronnyforberger at ronnyforberger.de > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > ___________________________________ Ronny Forberger ronnyforberger at ronnyforberger.de PGP: http://www.ronnyforberger.de/pgp/email-encryption.html From owner-freebsd-security@freebsd.org Sun Nov 13 16:06:00 2016 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18EEEC3FC4D for <freebsd-security@mailman.ysv.freebsd.org>; Sun, 13 Nov 2016 16:06:00 +0000 (UTC) (envelope-from ronnyforberger@ronnyforberger.de) Received: from wp112.webpack.hosteurope.de (wp112.webpack.hosteurope.de [80.237.132.119]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D1C451598 for <freebsd-security@freebsd.org>; Sun, 13 Nov 2016 16:05:59 +0000 (UTC) (envelope-from ronnyforberger@ronnyforberger.de) Received: from app03.ox.hosteurope.de ([92.51.170.10]); authenticated by wp112.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) id 1c5xI6-0005Tc-6X; Sun, 13 Nov 2016 17:05:58 +0100 Date: Sun, 13 Nov 2016 17:05:58 +0100 (CET) From: Ronny Forberger <ronnyforberger@ronnyforberger.de> Reply-To: Ronny Forberger <ronnyforberger@ronnyforberger.de> To: Alan Hicks via freebsd-security <freebsd-security@freebsd.org> Message-ID: <1177095935.420844.1479053158201.JavaMail.open-xchange@app03.ox.hosteurope.de> In-Reply-To: <1398329212.417534.1479032950521.JavaMail.open-xchange@app03.ox.hosteurope.de> References: <585949692.395252.1478970441730.JavaMail.open-xchange@app04.ox.hosteurope.de> <0ebb4aa6-58bd-4420-42fb-ba8bc2383243@p-o.co.uk> <1398329212.417534.1479032950521.JavaMail.open-xchange@app03.ox.hosteurope.de> Subject: Re: I have no name prompt and no passwords recognized MIME-Version: 1.0 X-Priority: 3 Importance: Medium X-Mailer: Open-Xchange Mailer v7.6.2-Rev61 X-Originating-Client: com.openexchange.ox.gui.dhtml X-bounce-key: webpack.hosteurope.de; ronnyforberger@ronnyforberger.de; 1479053159; b270eb9d; Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>; List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 13 Nov 2016 16:06:00 -0000 > Ronny Forberger <ronnyforberger@ronnyforberger.de> hat am 13. November 2016 um > 11:29 geschrieben: > > Hi, > > > Alan Hicks via freebsd-security <freebsd-security@freebsd.org> hat am 13. > > November 2016 um 10:37 geschrieben: > > > > > > > > On 12/11/2016 17:07, Ronny Forberger wrote: > > > Hi, > > > I am using SSSD and FreeBSD to authenticate against samba4. > > > I used this howto setting all up: > > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd > > > > > > But when I want to logon using password, i.e. via dovecot I get wrong > > > password. > > > Neigher can I use sudo typing the correct samba4 password. > > > > > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I > > > chowned & > > > chgrped to the samba user and group only show IDs as owner. > > This means the system does not know who you are. What authentication > > system are you using? For example using net/nss-pam-ldap here gives the > > same error when ldap goes away or upgrading ports. Restarting the > > authentication service restores access here. > > I am using sssd but restarting sssd didn't help. Any other ideas? > I found out, that /var/run/sss needed mode 0755. But I still can't use passwords. My /etc/pam.d/system looks like: # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_sss.so auth required pam_unix.so no_warn try_first_pass nullok # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so account required /usr/local/lib/pam_sss.so ignore_unknown_user # session #session optional pam_ssh.so want_agent session required pam_lastlog.so no_fail session optional /usr/local/lib/pam_sss.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_sss.so use_authtok password required pam_unix.so no_warn try_first_pass What am I doing wrong? Best regards, Ronny > > > > > > > > Any ideas how to solve this? Can this maybe be a permission problem with > > > some > > > file for sssd / NSS which an unprivileged user cannot read? > > > > > > Best regards, > > > Ronny Forberger > > > ___________________________________ > > > Ronny Forberger > > > ronnyforberger at ronnyforberger.de > > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > > > _______________________________________________ > > > freebsd-security@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > To unsubscribe, send any mail to > > > "freebsd-security-unsubscribe@freebsd.org" > > > > > > > Regards, > > Alan > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > Best regards, > Ronny > ___________________________________ > Ronny Forberger > ronnyforberger at ronnyforberger.de > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > ___________________________________ Ronny Forberger ronnyforberger at ronnyforberger.de PGP: http://www.ronnyforberger.de/pgp/email-encryption.html From owner-freebsd-security@freebsd.org Sun Nov 13 22:22:51 2016 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 087B2C4078B for <freebsd-security@mailman.ysv.freebsd.org>; Sun, 13 Nov 2016 22:22:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EC7C0194F for <freebsd-security@FreeBSD.org>; Sun, 13 Nov 2016 22:22:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uADMMoUp095428 for <freebsd-security@FreeBSD.org>; Sun, 13 Nov 2016 22:22:50 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 214488] mqueuefs mq_setattr() leaks stack memory Date: Sun, 13 Nov 2016 22:22:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: vlad902+spam@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc attachments.created Message-ID: <bug-214488-5710@https.bugs.freebsd.org/bugzilla/> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Sun, 13 Nov 2016 23:13:33 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>; List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 13 Nov 2016 22:22:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214488 Bug ID: 214488 Summary: mqueuefs mq_setattr() leaks stack memory Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: vlad902+spam@gmail.com CC: freebsd-security@FreeBSD.org Created attachment 176971 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D176971&action= =3Dedit Example trigger In kern/uipc_mqueue.c, sys_kmq_setattr() calls kern_kmq_setattr() to fill o= ut a struct mq_attr before copying it back to userland; however, kern_kmq_setatt= r() does not zero the struct or clear the __reserved field, leaking 4 words wor= th of uninitialized stack memory. The same goes for freebsd32_kmq_setattr exce= pt it's mq_attr_to32() that does not clear __reserved in struct mq_attr32. The mqueuefs kernel module needs to be loaded to reach this code. Example c= ode is attached to dump leaked memory. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1398329212.417534.1479032950521.JavaMail.open-xchange>