Bug 133501 - [patch] pthread_atfork breaks net/nss_ldap on RELENG_7
Summary: [patch] pthread_atfork breaks net/nss_ldap on RELENG_7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
Depends on:
Reported: 2009-04-09 01:30 UTC by ben
Modified: 2009-05-06 11:20 UTC (History)
0 users

See Also:

file.diff (455 bytes, patch)
2009-04-09 01:30 UTC, ben
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description ben 2009-04-09 01:30:06 UTC
pthread_atfork breaks nss_ldap on machines running RELENG_7.  I have verified this on several machines running 7.0-RELEASE and 7.1-RELEASE.  I have been unable to reproduce the issue on older versions (e.g. 6.3-RELEASE, 6.2-RELEASE).  Therefore I suspect that the defect is related to the change from libkse to libthr.

When logging into an affected machine using SSH and challenge-response authentication, several nss_ldap calls fail and cause a variety of problems.  One of these problems is that the call to initgroups(3) fails (the only group in `groups` output is the user's gid).

The following messages are logged to /var/log/auth.log:

Apr  8 17:22:51 *** sshd[14259]: Accepted keyboard-interactive/pam for blee from *** port 63880 ssh2
Apr  8 17:22:51 *** sshd[14262]: nss_ldap: could not get LDAP result - Can't contact LDAP server
Apr  8 17:22:51 *** sshd[14262]: nss_ldap: could not get LDAP result - Can't contact LDAP server

The problem does *NOT* occur when using public key authentication (i.e. SSH keys).

Fix: Workaround:

Update the configure.in patch to disable pthread_atfork support by applying attached the diff against files/patch-configure.in.

Patch attached with submission follows:
How-To-Repeat: Login to a machine running RELENG_7 and nss_ldap using SSH and challenge-response authentication.
Comment 1 dfilter service freebsd_committer 2009-05-06 11:10:14 UTC
flz         2009-05-06 10:09:55 UTC

  FreeBSD ports repository

  Modified files:
    net/nss_ldap         Makefile 
    net/nss_ldap/files   patch-configure.in 
  Disable pthread_atfork detection. This fixes login issues on FreeBSD
  7.2-RELEASE and possibly previous versions.
  PR:             ports/133501
  Submitted by:   Benjamin Lee <ben@b1c1l1.com>
  Approved by:    maintainer timeout (4 weeks)
  Revision  Changes    Path
  1.28      +1 -1      ports/net/nss_ldap/Makefile
  1.2       +8 -0      ports/net/nss_ldap/files/patch-configure.in
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 2 Florent Thoumie freebsd_committer 2009-05-06 11:12:17 UTC
State Changed
From-To: open->closed

Committed. Thanks!