From owner-freebsd-bugs@FreeBSD.ORG Tue Oct 21 03:10:23 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8720A16A4B3 for ; Tue, 21 Oct 2003 03:10:23 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93F5543FBF for ; Tue, 21 Oct 2003 03:10:21 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h9LAALFY021600 for ; Tue, 21 Oct 2003 03:10:21 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h9LAALmT021599; Tue, 21 Oct 2003 03:10:21 -0700 (PDT) (envelope-from gnats) Resent-Date: Tue, 21 Oct 2003 03:10:21 -0700 (PDT) Resent-Message-Id: <200310211010.h9LAALmT021599@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Alex Deiter Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5ED6116A4B3 for ; Tue, 21 Oct 2003 03:07:56 -0700 (PDT) Received: from mandy.mts.ru (mandy.mts.ru [81.211.47.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76D9543F75 for ; Tue, 21 Oct 2003 03:07:54 -0700 (PDT) (envelope-from tiamat@komi.mts.ru) Received: from maeko.inside.mts.ru (maeko [192.168.10.3]) by mandy.mts.ru with SMTP id h9LA5aI16089 for ; Tue, 21 Oct 2003 14:05:36 +0400 (MSD) Received: from stella.komi.mts.ru ([10.50.1.1]) by maeko.inside.mts.ru (NAVGW 2.5.2.12) with SMTP id M2003102114075203095 for ; Tue, 21 Oct 2003 14:07:52 +0400 Received: from selma.komi.mts.ru (selma.komi.mts.ru [10.50.1.10]) by stella.komi.mts.ru (MTS Komi/Smtp) with ESMTP id h9LA7qFn084834 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 21 Oct 2003 14:07:52 +0400 (MSD) (envelope-from tiamat@selma.komi.mts.ru) Received: from selma.komi.mts.ru (localhost [127.0.0.1]) by selma.komi.mts.ru (8.12.10/8.12.10) with ESMTP id h9LA51cW008282 for ; Tue, 21 Oct 2003 14:05:01 +0400 (MSD) (envelope-from tiamat@selma.komi.mts.ru) Received: (from tiamat@localhost) by selma.komi.mts.ru (8.12.10/8.12.10/Submit) id h9LA51rA008281; Tue, 21 Oct 2003 14:05:01 +0400 (MSD) (envelope-from tiamat) Message-Id: <200310211005.h9LA51rA008281@selma.komi.mts.ru> Date: Tue, 21 Oct 2003 14:05:01 +0400 (MSD) From: Alex Deiter To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/58326: nss users cannot send mail via /usr/bin/mail or /usr/sbin/sendmail X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Alex Deiter List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2003 10:10:23 -0000 >Number: 58326 >Category: bin >Synopsis: nss users cannot send mail via /usr/bin/mail or /usr/sbin/sendmail >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 21 03:10:20 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Alex Deiter >Release: FreeBSD 5.1-CURRENT sparc64 >Organization: MTS Komi >Environment: System: FreeBSD selma.komi.mts.ru 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Wed Oct 15 13:53:52 MSD 2003 root@selma.komi.mts.ru:/home/obj/mnt/devel/ncvs/current/src/sys/MTS sparc64 >Description: After tranfer users from /etc/passwd to ldap directory my users cannot send a mail from command line via /usr/bin/mail or /usr/sbin/sendmail programs (if MSP use AUTH): ldap_user$ id uid=1000(test) gid=1000(test) groups=1000(test) ldap_user$ pw usershow test test:*:1000:1000::0:0:test:/tmp:/bin/sh ldap_user$ date | /usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 13:44:57 +0400 (MSD) >How-To-Repeat: create user in ldap directory: dn: cn=test,dc=komi,dc=mts,dc=ru cn: test objectClass: posixAccount objectClass: account uid: test userPassword: test loginShell: /bin/sh homeDirectory: /home/test gecos: test description: test uidNumber: 1000 gidNumber: 1000 install ports/net/nss_ldap create /etc/nsswitch.conf: passwd: files ldap group: files ldap check it: # id test uid=1000(test) gid=1000(test) groups=1000(test) # pw usershow test test:*:1000:1000::0:0:test:/home/test:/bin/sh install ports/security/cyrus-sasl2 create /usr/local/lib/sasl2/Sendmail.conf: pwcheck_method: auxprop auxprop_plugin: sasldb add in /etc/make.conf: SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl2 and rebuild/reinstall sendmail create /etc/mail/submit.mc: divert(-1) divert(0)dnl VERSIONID(`$Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $') define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_INIT_GROUPS', `True')dnl define(`_REC_AUTH_', `_REC_FULL_AUTH_') define(`confLOG_LEVEL', 25) FEATURE(`authinfo', `hash -o /etc/mail/msp-authinfo') FEATURE(`msp', `[127.0.0.1]')dnl create /etc/mail/sendmail.mc: divert(-1) divert(0) VERSIONID(`$FreeBSD: mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $') OSTYPE(freebsd5) FEATURE(access_db, `hash -o -T /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') define(`confLOG_LEVEL', 25) define(`_REC_AUTH_', `_REC_FULL_AUTH_') define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN') TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN') MAILER(local) MAILER(smtp) LOCAL_RULESETS SLocal_trust_auth R$* $: $&{auth_authen} Rsmmsp $# OK rebuild sendmail.cf and submit.cf and restart sendmail create /etc/mail/msp-authinfo (mode 0640, owner root, group smmsp): AuthInfo:127.0.0.1 "U:smmsp" "P:smmsp" "M:PLAIN" rebuild it with makemap: # cd /etc/mail # /usr/sbin/makemap hash msp-authinfo.db < msp-authinfo # chown root:smmsp msp-authinfo.db msp-authinfo # chmod 0640 msp-authinfo.db msp-authinfo create records in /usr/local/etc/sasldb2: # echo smmsp | saslpasswd2 -p smmsp # echo test | saslpasswd2 -p test check it: # sasldblistusers2 smmsp@server.komi.mts.ru: userPassword test@server.komi.mts.ru: userPassword send mail via /usr/bin/sendmail as any user from /etc/passwd: $ date|/usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 17:42:52 +0400 (MSD) >Fix: >Release-Note: >Audit-Trail: >Unformatted: >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection root... Deferred: Temporary AUTH failure Closing connection to [127.0.0.1] But any user from /etc/passwd can successfully send mail from command line via /usr/bin/mail or /usr/sbin/sendmail programs (if MSP use AUTH): $ id uid=70(pgsql) gid=70(pgsql) groups=70(pgsql) $ pw usershow pgsql pgsql:*:70:70::0:0:PostgreSQL Daemon:/usr/local/pgsql:/bin/sh $ date|/usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 13:51:05 +0400 (MSD) >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= 235 2.0.0 OK Authenticated >>> MAIL From: SIZE=29 AUTH=pgsql@server.komi.mts.ru 250 2.1.0 ... Sender ok >>> RCPT To: >>> DATA 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 h9L9p5XM000790 Message accepted for delivery root... Sent (h9L9p5XM000790 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= - is authinfo for user smmsp (smmsp\0smmsp\0smmsp): # perl -e 'use MIME::Base64;print decode_base64("c21tc3AAc21tc3AAc21tc3A="), "\n";' smmspsmmspsmmsp >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= 235 2.0.0 OK Authenticated >>> MAIL From: SIZE=29 AUTH=pgsql@server.komi.mts.ru 250 2.1.0 ... Sender ok >>> RCPT To: >>> DATA 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 h9LDgqRA001177 Message accepted for delivery root... Sent (h9LDgqRA001177 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection Try to send mail via SMTP with SMTP AUTH as user test: $ perl -e 'use MIME::Base64; print encode_base64("test\0test\0test");' dGVzdAB0ZXN0AHRlc3Q= $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 17:48:58 +0400 (MSD) ehlo test 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q= 235 2.0.0 OK Authenticated MAIL From:test@server.komi.mts.ru 250 2.1.0 test@server.komi.mts.ru... Sender ok RCPT To:root@server.komi.mts.ru 250 2.1.5 root@server.komi.mts.ru... Recipient ok DATA 354 Enter mail, end with "." on a line by itself test . 250 2.0.0 h9LDmwRA001214 Message accepted for delivery quit 221 2.0.0 server.komi.mts.ru closing connection Connection closed by foreign host. Work fine. Try to send mail via /usr/bin/mail or /usr/sbin/sendmail as user test: test$ id uid=1000(test) gid=1000(test) groups=1000(test) test$ date | /usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 17:52:23 +0400 (MSD) >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection root... Deferred: Temporary AUTH failure Closing connection to [127.0.0.1] Thanks for your patience!