openssh bugs - Jun 2009 - [Bug 1235] [PATCH] scp does unnecessary getpwuid(), breaking chroot

https://bugzilla.mindrot.org/show_bug.cgi?id=1235


donkishoot at wanadoo.fr changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |donkishoot at wanadoo.fr




--- Comment #5 from donkishoot at wanadoo.fr  2009-06-24 23:41:20 ---
I have a bug that i think is similar.

I'm trying to make a jail for winbind sftp users who must have an only
sftp service (no shell).

This is the error i found when debugging (i replace scponlyc by bash
for the test):

ssh usersftp1 at 192.168.2.1
bash-4.0$ chroot .
bash-4.0$ ./usr/libexec/openssh/sftp-server
No user found for uid 10653

Is their a workaround ?

I had no problem with this solution on an old Fedora.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1235





--- Comment #6 from Matthijs Kooijman <matthijs at stdin.nl>  2009-06-25
00:26:33 ---
(In reply to comment #3)
> I don't think this is correct: pwd is used in toremote() too, probably
> for remote->remote copies.
I just had another peek at the code, you are actually right. When I
wrote the patch, I probably missed the fact that pwd is a global
variable, and never used remote->remote copies.

Perhaps a more proper fix is then a gepwd() function, that uses the
global variable as a cache. Something like:

struct passwd* getpwd() {
    if (pwd == NULL)
         if ((pwd = getpwuid(userid)) == NULL)
             fatal("unknown user %u", (u_int) userid);
    return pwd;
}

Replace the current pwd assignment with:

pwd = NULL;
userid = getuid()

and all the uses of pwd with getpwd().

It's not much of a patch, but I think the above would be all changes
needed. This would of course still not allow remote->remote copies on a
system without working usernames, but that's certainly a lot better
than the current situation.

As I've said, we no longer use a setup like this, so I won't be able to
provide a full and tested patch.

(In reply to comment #5)
> Is their a workaround ?
The problem is caused because winbind is not running / available inside
the chroot. The nss_winbind library is probably not available, and if
it was, the socket that it uses to connect to winbind is not available
inside the chroot. You could try to fix these things, but I don't think
that will be easy.

Another solution would be to ensure there is an /etc/passwd file inside
the chroot, that at least contains the details of the current user.
This you could probably achieve with a shell script, that should be
wrapped _around_ scponly (i.e., it should be set as the user's shell
and exec scponly at the end). This will probably generate a bunch of
passwd files lying around.

The best thing you could do to solve this problem, is to try the
changes to the code I suggested above, properly test them and submit a
proper patch back here. Then you might be able to convince the OpenSSH
developers to properly fix this issue once and for all.

Good luck!

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.