I am using Openssh 3.8.1p1 on Solaris 2.8 compiled with gcc 3.2.3. I have nsswitch configured to use file and PADLs ldap module. When I use nss_ldap without SSL In can login without problem, but with SSL enabled sshd crashes. When I use openssl 0.9.8b sshd crashes in obj_name_cmp(line 101):
87 static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) 88 { 89 int ret; 90 91 ret=a->type-b->type; 92 if (ret == 0) 93 { 94 if ((name_funcs_stack != NULL) 95 && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) 96 { 97 ret=sk_NAME_FUNCS_value(name_funcs_stack,a->type) 98 ->cmp_func(a->name,b->name); 99 } 100 else 101 ret=strcmp(a->name,b->name); 102 } 103 return(ret); 104 } #0 0xff132d58 in strcmp () from /usr/lib/libc.so.1 #1 0x96660 in obj_name_cmp (a=0x121788, b=0x142290) at o_names.c:101 #2 0x950d8 in getrn (lh=0x120c50, data=0x142290, rhash=0x142278) at lhash.c:418 #3 0x94d40 in lh_insert (lh=0x120c50, data=0x142290) at lhash.c:189 #4 0x96208 in OBJ_NAME_add (name=0x0, type=2, data=0xfee7163c "") at o_names.c:175 #5 0x6d978 in EVP_add_cipher (c=0xfee7163c) at names.c:71 #6 0xfeeb4f70 in SSL_library_init () from /opt/DBssllib/lib/libssl.so.0.9.8 #7 0xff04478c in ldap_pvt_tls_init () at tls.c:169 #8 0xff046298 in ldap_int_tls_start (ld=0x12cb00, conn=0x12cb90, srv=0x12dbe8) at tls.c:1332 #9 0xff02906c in ldap_int_open_connection (ld=0x12cb00, conn=0x12cb90, srv=0x12cbf0, async=0) at open.c:365 #10 0xff038a3c in ldap_new_connection (ld=0x12cb00, srvlist=0x12cbf0, use_ldsb=1, connect=1231856, bind=0x0) at request.c:315 #11 0xff028af0 in ldap_open_defconn (ld=0x12cb00) at open.c:30 #12 0xff0385c0 in ldap_send_initial_request (ld=0x12cb00, msgtype=96, dn=0xff08c1a3 "uid=unixclient,dc=group,dc=com", ber=0x12cc20) at request.c:98 #13 0xff02ef60 in ldap_sasl_bind (ld=0x12cb00, dn=0xff08c1a3 "uid=unixclient,dc=group,dc=com", mechanism=0x0, cred=0xffbebe58, sctrls=0x0, cctrls=0x12cc20, msgidp=0xffbebe54) at sasl.c:148 #14 0xff02f720 in ldap_simple_bind (ld=0x12cb00, dn=0xff08c1a3 "uid=unixclient,dc=group,dc=com", passwd=0xff08c1f8 "dummy") at sbind.c:81 #15 0xff072c90 in do_bind (ld=0x12cb00, timelimit=5, dn=0xff08c1a3 "uid=unixclient,dc=group,dc=com", pw=0xff08c1f8 "dummy", with_sasl=0) at ldap-nss.c:1420 #16 0xff07292c in do_open () at ldap-nss.c:1277 #17 0xff073ad0 in _nss_ldap_search_s (args=0xffbec860, filterprot=0xff08e798 "(&(objectclass=posixGroup)(memberUid=%s))", sel=LM_GROUP, sizelimit=0, res=0xffbec85c) at ldap-ns.c:2285 #18 0xff074f68 in _nss_ldap_getgroupsbymember_r (be=0x12db88, args=0xffbecd5c) at ldap-grp.c:305 #19 0xff1498c4 in nss_search () from /usr/lib/libc.so.1 #20 0xff1986a0 in _getgroupsbymember () from /usr/lib/libc.so.1 #21 0xff140f08 in initgroups () from /usr/lib/libc.so.1 #22 0x30314 in temporarily_use_uid (pw=0x12b320) at uidswap.c:88 #23 0x37b54 in user_key_allowed2 (pw=0x12b320, key=0x12db70, file=0x12f280 "/home/moelma/.ssh/authorized_keys2") at auth2-pubkey.c:179 #24 0x37eb0 in user_key_allowed (pw=0x12b320, key=0x12db70) at auth2-pubkey.c:264 #25 0x37aa4 in userauth_pubkey (authctxt=0x123408) at auth2-pubkey.c:142 #26 0x320b4 in input_userauth_request (type=50, seq=6, ctxt=0x123408) at auth2.c:195 #27 0x5119c in dispatch_run (mode=0, done=0x123408, ctxt=0x123408) at dispatch.c:93 #28 0x31cf0 in do_authentication2 (authctxt=0x123408) at auth2.c:94 #29 0x2ac3c in main (ac=11, av=0x2a) at sshd.c:1481 It seems sshd calls ldap with ssl in the main process and in a forked process. And I think one process might delete the others pointers, but couldn't confirm it yet. BTW If I use an older opesnssl version I get the error in err_cmp and it has been also reported on RedHat https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=121734 for pam_ldap. and I think it is similar to the open ticket #678 Regards Markus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]