nss_ldap causes abort in sshd when local user logs in
Guy Helmer
ghelmer at palisadesys.com
Tue Apr 11 19:48:49 UTC 2006
I have nss_ldap 249 installed on FreeBSD 5.4 and 6.1 (prerelease) from
FreeBSD's net/nss_ldap port. "passwd: files ldap winbind" & "group:
files ldap winbind" are set in /etc/nsswitch.conf. However, nss_ldap
causes an abort signal when I try to login to my local account (which
exists in /etc/master.passwd) via ssh. Removing ldap from the group line
in /etc/nsswitch.conf allows me to login but without my group
memberships from LDAP (server is OpenLDAP 2.2.29). I've filed a bug
report at padl.com in case this is truly a bug.
Any advice? Please Cc: me on any replies.
/usr/local/etc/ldap.conf contains:
base dc=palisadesys,dc=com
uri ldap://ldap.palisadesys.com/
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=People,dc=palisadesys,dc=com?one
nss_base_group ou=Group,dc=palisadesys,dc=com?one
pam_password MD5
I've rebuilt nss_ldap with --enable-debugging and DEBUG_SYSLOG set in
config.h. Here are the results of a login where nss_ldap aborts:
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:567 thread 674514248 - ==> _nss_ldap_enter
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:590 thread 674514248 - <== _nss_ldap_enter
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:1857 thread 674514248 - ==> _nss_ldap_ent_context_release
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:1895 thread 674514248 - <== _nss_ldap_ent_context_release
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:599 thread 674514248 - ==> _nss_ldap_leave
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:617 thread 674514248 - <== _nss_ldap_leave
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:567 thread 674514248 - ==> _nss_ldap_enter
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:590 thread 674514248 - <== _nss_ldap_enter
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:3182 thread 674514248 - ==> _nss_ldap_getent_ex
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:1808 thread 674514248 - ==> _nss_ldap_ent_context_init_locked
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:1845 thread 674514248 - <== _nss_ldap_ent_context_init_locked
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:2969 thread 674514248 - ==> _nss_ldap_search
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:976 thread 674514248 - ==> do_init
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: __session.ls_state=-1, __session.ls_conn=0x0, __pid=66675, pid=66677, __euid=0, euid=0
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:780 thread 674514248 - ==> do_close_no_unbind
Apr 11 12:27:31 machine sshd[66677]: nss_ldap: ldap-nss.c:785 thread 674514248 - <== do_close_no_unbind (connection was not open)
Backtrace of the sshd corefile gives this:
#0 0x282c737b in kill () from /lib/libc.so.5
#1 0x282bc422 in raise () from /lib/libc.so.5
#2 0x2832ebc3 in abort () from /lib/libc.so.5
#3 0x283099a7 in __assert () from /lib/libc.so.5
#4 0x2836448b in do_init () at ldap-nss.c:1193
#5 0x2836656f in _nss_ldap_search (args=0x0,
filterprot=0x28379400 "(&(objectclass=posixGroup))", sel=LM_GROUP,
user_attrs=0x0, sizelimit=0, msgid=0xbfbfdfa8, csd=0x80735d4)
at ldap-nss.c:2973
#6 0x28366a8e in _nss_ldap_getent_ex (args=0x0, ctx=0x28372c80,
result=0x28345b5c, buffer=0x8084400 "nobody", buflen=1024,
errnop=0xbfbfe0d0, filterprot=0x28379400 "(&(objectclass=posixGroup))",
sel=LM_GROUP, user_attrs=0x0, parser=0x28368a3c <_nss_ldap_parse_gr>)
at ldap-nss.c:3205
#7 0x283669c6 in _nss_ldap_getent (ctx=0x28372c80, result=0x28345b5c,
buffer=0x8084400 "nobody", buflen=1024, errnop=0xbfbfe0d0,
filterprot=0x28379400 "(&(objectclass=posixGroup))", sel=LM_GROUP,
parser=0x28368a3c <_nss_ldap_parse_gr>) at ldap-nss.c:3160
#8 0x283696a7 in _nss_ldap_getgrent_r (result=0x28345b5c,
buffer=0x8084400 "nobody", buflen=67044, errnop=0x5) at ldap-grp.c:1254
#9 0x282b2ed5 in __nss_compat_getgrent_r () from /lib/libc.so.5
#10 0x2830d7b1 in nsdispatch () from /lib/libc.so.5
#11 0x282ebfca in getgrent_r () from /lib/libc.so.5
#12 0x282ec25c in getgrgid_r () from /lib/libc.so.5
#13 0x282ec15a in getgrgid_r () from /lib/libc.so.5
#14 0x282ec2d5 in getgrent () from /lib/libc.so.5
#15 0x282c00f1 in getgrouplist () from /lib/libc.so.5
#16 0x282bdc9a in initgroups () from /lib/libc.so.5
#17 0x280cfb50 in setusercontext () from /lib/libutil.so.4
#18 0x08059d44 in cleanup_exit ()
In frame 4, the line in which the assert is triggered is:
assert (cfg->ldc_uris[__session.ls_current_uri] != NULL);
where __session.ls_current_uri is 0 and
cfg->ldc_uris[__session.ls_current_uri] is 0x0.
Guy
--
Guy Helmer, Ph.D.
Principal System Architect
Palisade Systems, Inc.
More information about the freebsd-ports
mailing list