Bug 298

Summary: sshd fails to set user context, preventing all logins, also setgroups is failing
Product: Portable OpenSSH Reporter: Michael R. Wayne <sshbugs>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: major    
Priority: P2    
Version: -current   
Hardware: ix86   
OS: BSDI   

Description Michael R. Wayne 2002-06-26 06:56:21 AEST 
openssh-3.3p1
Config line:
LDFLAGS="-L. -Lopenbsd-compat/ -L/usr/local/ssl//lib -ldl" CFLAGS="-ldl" ./configure -with-ssl-dir=/usr/local/ssl/ -with-tcp-wrappers

running on an alternate port to test yields:
debug1: sshd version OpenSSH_3.3
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: setgroups() failed: Invalid argument
debug1: Bind to port 6161 on 0.0.0.0.
Server listening on 0.0.0.0 port 6161.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 148.59.19.13 port 1015
debug1: Client protocol version 1.5; client software version 1.2.27
debug1: match: 1.2.27 pat 1.2.1*,1.2.2*,1.2.3*
debug1: Local version string SSH-1.99-OpenSSH_3.3
unable to set user context: Bad file descriptor

gdb says:
#0  0x805c8c3 in do_setusercontext (pw=0x813c000) at session.c:1164
1164                    if (setusercontext(lc, pw, pw->pw_uid,

(gdb) print lc
$1 = (login_cap_t *) 0x0
(gdb) print *pw
$2 = {pw_name = 0x8141000 "sshd", pw_passwd = 0x8141005 "", pw_uid = 10658, pw_gid = 1010, pw_change = 0, pw_class = 0x8141007 "", 
  pw_gecos = 0x8141008 "SSH,,,", pw_dir = 0x814100f "/var/empty", pw_shell = 0x814101a "nologin", pw_expire = 0}

Setting "Compression no" has no effect
Setting "UsePrivilegeSeparation no" has no effect

Tried several versions of openssh (including current ssh).  All have the same problem.
Comment 1 Michael R. Wayne 2002-06-26 11:05:57 AEST 
Problem appears to be that setusercontext is being called after a chroot.
Comment 2 Michael R. Wayne 2002-06-26 12:29:29 AEST 
As the problem appears to be releated to chroot, I copied 
/etc/{master.passwd,passwd,login.conf} to /var/empty/etc.  Now it appears
to be having a problem getting a tty as the last error message seen on the 
source machine is
"Requesting pty"

The target shows:
debug1: monitor_child_preauth: wayne has been authenticated by privileged 
process
debug1: Calling cleanup 0x80758d4(0x0)

I tried making /var/empty/dev and filling it with standard devices, no luck).
Comment 3 Ben Lindstrom 2002-07-18 07:16:51 AEST 
Can you retest with either 3.4 or the -cvs?  Close it if it is fixed otherwise 
provide more information.
Comment 4 Michael R. Wayne 2002-07-18 12:37:17 AEST 
Looks like 2.4 dealt with the problem
Comment 5 Michael R. Wayne 2002-07-18 12:38:17 AEST 
Make that 3.4
Comment 6 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED