sshd dumps core in pam_sm_open_session

[Ed Phillips]

(I vaguely remember talk about PAM session stuff recently... please excuse
me if this is the same problem.)

I compiled v2.9.9p2 on Solaris 8 with the following configuration and the
Sun Workshop v5 compiler:

OpenSSH has been configured with the following options:
                 User binaries: /opt/openssh-2.9.9p2/bin
               System binaries: /opt/openssh-2.9.9p2/sbin
           Configuration files: /opt/openssh-2.9.9p2/etc
               Askpass program: /opt/openssh-2.9.9p2/libexec/ssh-askpass
                  Manual pages: /opt/openssh-2.9.9p2/man/manX
                      PID file: /var/run
        sshd default user PATH:
/usr/bin:/bin:/usr/sbin:/sbin:/opt/openssh-2.9.9
p2/bin
      Random number collection: Builtin (timeout 200)
                Manpage format: man
                   PAM support: yes
            KerberosIV support: no
             Smartcard support: no
                   AFS support: no
                 S/KEY support: no
          TCP Wrappers support: yes
          MD5 password support: no
   IP address in $DISPLAY hack: no
      Use IPv4 by default hack: no
       Translate v4 in v6 hack: no

              Host: sparc-sun-solaris2.8
          Compiler: cc
    Compiler flags: -g
Preprocessor flags: -I/opt/openssl-0.9.6b/include -I. -I/usr/local/include
      Linker flags: -R/opt/openssl-0.9.6b/lib -L/opt/openssl-0.9.6b/lib
-L. -lwr
ap -L/usr/local/lib -R/usr/local/lib
         Libraries: -lpam -ldl -lwrap -lz -lsocket -lnsl  -lgen -lcrypto

PAM is enabled. You may need to install a PAM control file for sshd,
otherwise password authentication may fail. Example PAM control files
can be found in the contrib/ subdirectory

WARNING: you are using the builtin random number collection service.
Please read WARNING.RNG and request that your OS vendor includes
/dev/random in future versions of their OS.

The system is not actually set up to use PAM for sshd specifically (does
that really matter?).

sshd seems to work okay if I just do an interactive session, but if I use
scp or try to run a command, it dumps core.

Here's the traceback for sshd:

(/opt/SUNWspro/bin/../WS5.0/bin/sparcv9/dbx) where
=>[1] strncpy(0xffbee4cc, 0x5, 0x7, 0x0, 0x21aa4, 0xffbee4cc), at 0xff133abc
  [2] pam_sm_open_session(0x6, 0x0, 0x70a10, 0x0, 0xff0f6000, 0x0), at 0xff0d61d8
  [3] pam_open_session(0xff3865c8, 0x0, 0xff386000, 0x13, 0x13, 0x0), at 0xff372c50
  [4] do_pam_session(0x147338, 0x0, 0x6, 0x2, 0x1, 0xffbeee44), at 0x34ac0
  [5] do_exec_no_pty(0x13b364, 0x14cc80, 0xffbeef00, 0x0, 0x0, 0xffbeef23), at 0x3e5d0
  [6] do_exec(0x13b364, 0x14cc80, 0xffbeef70, 0xffffffff, 0xfffffff8, 0xffbeef04), at 0x3edcc
  [7] 0x4183c(0x13b364, 0x10ec54, 0x0, 0x0, 0x6f6e00, 0x0), at 0x4183b
  [8] session_input_channel_req(0x0, 0x0, 0x0, 0x4, 0xeb, 0x145918), at 0x41ac8
  [9] channel_input_channel_request(0x62, 0x19, 0x145498, 0x0, 0x0, 0x0), at 0x4e9a0
  [10] dispatch_run(0x1, 0x0, 0x145498, 0x147348, 0x21a54, 0x3bb78), at 0x53790
  [11] 0x3c2c4(0x147348, 0x147348, 0xffbef160, 0xffbef158, 0x0, 0x0), at 0x3c2c3
  [12] server_loop2(0x1456a8, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x3cc54
  [13] 0x4284c(0x1456a8, 0x0, 0x0, 0x0, 0x21b6c, 0x3de34), at 0x4284b
  [14] do_authenticated(0x1456a8, 0x1456a8, 0x1456a8, 0x80, 0x8, 0x5e27c), at 0x3de90
  [15] do_authentication2(0x109df0, 0x8, 0xd144, 0x8, 0x2152c, 0x2c38c), at 0x2eef0
  [16] main(0x3, 0xffbefc34, 0xffbefc44, 0x12cc00, 0x0, 0x0), at 0x2c404

Please let me know if you need more info.

Thanks,

	Ed

Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key