Date: Tue, 21 Oct 2003 14:05:01 +0400 (MSD) From: Alex Deiter <tiamat@komi.mts.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/58326: nss users cannot send mail via /usr/bin/mail or /usr/sbin/sendmail Message-ID: <200310211005.h9LA51rA008281@selma.komi.mts.ru> Resent-Message-ID: <200310211010.h9LAALmT021599@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 58326 >Category: bin >Synopsis: nss users cannot send mail via /usr/bin/mail or /usr/sbin/sendmail >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 21 03:10:20 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Alex Deiter >Release: FreeBSD 5.1-CURRENT sparc64 >Organization: MTS Komi >Environment: System: FreeBSD selma.komi.mts.ru 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Wed Oct 15 13:53:52 MSD 2003 root@selma.komi.mts.ru:/home/obj/mnt/devel/ncvs/current/src/sys/MTS sparc64 >Description: After tranfer users from /etc/passwd to ldap directory my users cannot send a mail from command line via /usr/bin/mail or /usr/sbin/sendmail programs (if MSP use AUTH): ldap_user$ id uid=1000(test) gid=1000(test) groups=1000(test) ldap_user$ pw usershow test test:*:1000:1000::0:0:test:/tmp:/bin/sh ldap_user$ date | /usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 13:44:57 +0400 (MSD) >How-To-Repeat: create user in ldap directory: dn: cn=test,dc=komi,dc=mts,dc=ru cn: test objectClass: posixAccount objectClass: account uid: test userPassword: test loginShell: /bin/sh homeDirectory: /home/test gecos: test description: test uidNumber: 1000 gidNumber: 1000 install ports/net/nss_ldap create /etc/nsswitch.conf: passwd: files ldap group: files ldap check it: # id test uid=1000(test) gid=1000(test) groups=1000(test) # pw usershow test test:*:1000:1000::0:0:test:/home/test:/bin/sh install ports/security/cyrus-sasl2 create /usr/local/lib/sasl2/Sendmail.conf: pwcheck_method: auxprop auxprop_plugin: sasldb add in /etc/make.conf: SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl2 and rebuild/reinstall sendmail create /etc/mail/submit.mc: divert(-1) divert(0)dnl VERSIONID(`$Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $') define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_INIT_GROUPS', `True')dnl define(`_REC_AUTH_', `_REC_FULL_AUTH_') define(`confLOG_LEVEL', 25) FEATURE(`authinfo', `hash -o /etc/mail/msp-authinfo') FEATURE(`msp', `[127.0.0.1]')dnl create /etc/mail/sendmail.mc: divert(-1) divert(0) VERSIONID(`$FreeBSD: mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $') OSTYPE(freebsd5) FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') define(`confLOG_LEVEL', 25) define(`_REC_AUTH_', `_REC_FULL_AUTH_') define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN') TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN') MAILER(local) MAILER(smtp) LOCAL_RULESETS SLocal_trust_auth R$* $: $&{auth_authen} Rsmmsp $# OK rebuild sendmail.cf and submit.cf and restart sendmail create /etc/mail/msp-authinfo (mode 0640, owner root, group smmsp): AuthInfo:127.0.0.1 "U:smmsp" "P:smmsp" "M:PLAIN" rebuild it with makemap: # cd /etc/mail # /usr/sbin/makemap hash msp-authinfo.db < msp-authinfo # chown root:smmsp msp-authinfo.db msp-authinfo # chmod 0640 msp-authinfo.db msp-authinfo create records in /usr/local/etc/sasldb2: # echo smmsp | saslpasswd2 -p smmsp # echo test | saslpasswd2 -p test check it: # sasldblistusers2 smmsp@server.komi.mts.ru: userPassword test@server.komi.mts.ru: userPassword send mail via /usr/bin/sendmail as any user from /etc/passwd: $ date|/usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 17:42:52 +0400 (MSD) >Fix: >Release-Note: >Audit-Trail: >Unformatted: >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection root... Deferred: Temporary AUTH failure Closing connection to [127.0.0.1] But any user from /etc/passwd can successfully send mail from command line via /usr/bin/mail or /usr/sbin/sendmail programs (if MSP use AUTH): $ id uid=70(pgsql) gid=70(pgsql) groups=70(pgsql) $ pw usershow pgsql pgsql:*:70:70::0:0:PostgreSQL Daemon:/usr/local/pgsql:/bin/sh $ date|/usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 13:51:05 +0400 (MSD) >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= 235 2.0.0 OK Authenticated >>> MAIL From:<pgsql@server.komi.mts.ru> SIZE=29 AUTH=pgsql@server.komi.mts.ru 250 2.1.0 <pgsql@server.komi.mts.ru>... Sender ok >>> RCPT To:<root@server.komi.mts.ru> >>> DATA 250 2.1.5 <root@server.komi.mts.ru>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 h9L9p5XM000790 Message accepted for delivery root... Sent (h9L9p5XM000790 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= - is authinfo for user smmsp (smmsp\0smmsp\0smmsp): # perl -e 'use MIME::Base64;print decode_base64("c21tc3AAc21tc3AAc21tc3A="), "\n";' smmspsmmspsmmsp >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= 235 2.0.0 OK Authenticated >>> MAIL From:<pgsql@server.komi.mts.ru> SIZE=29 AUTH=pgsql@server.komi.mts.ru 250 2.1.0 <pgsql@server.komi.mts.ru>... Sender ok >>> RCPT To:<root@server.komi.mts.ru> >>> DATA 250 2.1.5 <root@server.komi.mts.ru>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 h9LDgqRA001177 Message accepted for delivery root... Sent (h9LDgqRA001177 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection Try to send mail via SMTP with SMTP AUTH as user test: $ perl -e 'use MIME::Base64; print encode_base64("test\0test\0test");' dGVzdAB0ZXN0AHRlc3Q= $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 17:48:58 +0400 (MSD) ehlo test 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q= 235 2.0.0 OK Authenticated MAIL From:test@server.komi.mts.ru 250 2.1.0 test@server.komi.mts.ru... Sender ok RCPT To:root@server.komi.mts.ru 250 2.1.5 root@server.komi.mts.ru... Recipient ok DATA 354 Enter mail, end with "." on a line by itself test . 250 2.0.0 h9LDmwRA001214 Message accepted for delivery quit 221 2.0.0 server.komi.mts.ru closing connection Connection closed by foreign host. Work fine. Try to send mail via /usr/bin/mail or /usr/sbin/sendmail as user test: test$ id uid=1000(test) gid=1000(test) groups=1000(test) test$ date | /usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 17:52:23 +0400 (MSD) >>> EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP >>> QUIT 221 2.0.0 server.komi.mts.ru closing connection root... Deferred: Temporary AUTH failure Closing connection to [127.0.0.1] Thanks for your patience!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310211005.h9LA51rA008281>