Problem with sftp server, static linking, pam and nss_ldap.

Piotr Buliński bulinskp at iem.pw.edu.pl
Sun Jan 31 11:55:01 UTC 2010 

Hello,

recently we moved our users database to LDAP server, but after that sftp stops 
working on our students server. 

We use:
 - OpenLDAP 2.4.21
 - nss_ldap-1.265_3
 - pam_ldap-1.8.5
 - FreeBSD 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Mon Jan 25 18:52:41 CET 2010 amd64

When I use sftp, it drops the connection:

{volt}-{~}% sftp localhost
Connecting to localhost...
Connection closed
{volt}-{~}% 

After short investigation, I've found that problem is in 
/usr/libexec/sftp-server program (which is our default subsystem in sshd):

{volt}-{~}% /usr/libexec/sftp-server 
No user found for uid 5567
{volt}-{~}% 

what was quite weird, because sshd works perfectly with users from LDAP server 
(so I assume that PAM is configured correctly).

After that, I've tried to make a simple test with program below:

=======================
#include <sys/types.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdio.h>
#include <unistd.h>

int
main(int argc, char **argv)
{
 struct passwd *user_pw;

 user_pw = getpwuid(getuid());

 if ((user_pw = getpwuid(getuid())) == NULL) {
   fprintf(stderr, "No user found for uid %lu\n",
       (u_long)getuid());
   return 1;
 } else {
   fprintf(stderr, "It works %s!\nYour uid is: %lu\n",
       user_pw->pw_name,
       (u_long)getuid());
 }

 return 0;
}
=======================

which is almost copy-pasted from /usr/src/crypto/openssh/sftp-server-main.c

I've build it twice. Once with dynamic linking:

{volt}-{~}% cc -o test test.c         
{volt}-{~}% ./test
It works bulinskp!
Your uid is: 5567
{volt}-{~}% 

another one with static linking:

{volt}-{~}% cc -o test -static test.c
{volt}-{~}% ./test                   
No user found for uid 5567
{volt}-{~}% 

As you can see, it works great with dynamic linking, but if it's build with 
static linking it can't get user information from LDAP database.

During the upgrade to OpenSSH 5.3p1 /head/secure/libexec/sftp-server/Makefile file changed a little bit:

revision 181111, Fri Aug 1 02:48:36 2008 UTC --->  revision 197679, Thu Oct 1 17:12:52 2009 UTC
LDADD=  -lssh -lcrypt -lcrypto -lz	     --->  LDADD=  -lcrypt -lcrypto -lz -static -lssh


So I've tried to build sftp-server without -static switch, but it result in failure like below:

{volt}-{/usr/src/secure/libexec/sftp-server}% sudo make
Warning: Object directory not changed from original /usr/src/secure/libexec/sftp-server
cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server.c
cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-common.c
cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server-main.c
cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign  -o sftp-server sftp-server.o sftp-common.o sftp-server-main.o -lssh -lcrypt -lcrypto -lz
/usr/lib/libssh.so: undefined reference to `ssh_add_recv_bytes'
/usr/lib/libssh.so: undefined reference to `ssh_roaming_write'
/usr/lib/libssh.so: undefined reference to `ssh_roaming_read'
*** Error code 1

Stop in /usr/src/secure/libexec/sftp-server.
{volt}-{/usr/src/secure/libexec/sftp-server}% 

Do you have any idea how to make it works?

regards
-- 
Piotr Buliński
Informatyka na Wydziale Elektrycznym
Politechnika Warszawska

More information about the freebsd-current mailing list