Mailing List Archive

Problems with OpenBSD 6.7
The password list seems even less active than this one, so I hope you
will forgive double-posting.

I have been running qmail without problems on OpenBSD, every version
from 2.3 through 6.6. After upgrading from 6.6 to 6.7 all of DJB's
software had to be recompiled. This had happened several times with
upgrades, so did not seem worrying. Upgraded a test server, recompiled
and everything seemed fine. Unfortunately, I did not test checkpassword.

*----------------------------------------------------------------------*
foo:~
{12} % /var/qmail/bin/qmail-popup foo.bar.perea.net /bin/checkpassword pwd
+OK <10231.1596238694@foo.bar.perea.net>
user frodo
+OK
pass friend
-ERR aack, child crashed
foo:~
{13} % ls *.core
checkpassword.core
foo:~
{14} %
*----------------------------------------------------------------------*

Life with qmail suggests looking for other password checking programs at
qmail.org, but that, of course, is no longer available.

I would greatly appreciate any suggestions.
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Fri, Jul 31, 2020 at 07:56:31PM -0500, Emilio Perea wrote:
> The password list seems even less active than this one, so I hope you
> will forgive double-posting.
>
> I have been running qmail without problems on OpenBSD, every version
> from 2.3 through 6.6. After upgrading from 6.6 to 6.7 all of DJB's
> software had to be recompiled. This had happened several times with
> upgrades, so did not seem worrying. Upgraded a test server, recompiled
> and everything seemed fine. Unfortunately, I did not test checkpassword.
>
> *----------------------------------------------------------------------*
> foo:~
> {12} % /var/qmail/bin/qmail-popup foo.bar.perea.net /bin/checkpassword pwd
> +OK <10231.1596238694@foo.bar.perea.net>
> user frodo
> +OK
> pass friend
> -ERR aack, child crashed
> foo:~
> {13} % ls *.core
> checkpassword.core
> foo:~
> {14} %
> *----------------------------------------------------------------------*
>
> Life with qmail suggests looking for other password checking programs at
> qmail.org, but that, of course, is no longer available.
>
> I would greatly appreciate any suggestions.

Make sure that checkpassword is compiled with -g and is not stripped
when linked. After that, rerun your test to produce a core file,
and load it up in gdb:

$ gdb /bin/checkpassword checkpassword.core

Once in gdb, type 'where' and 'backtrace' and report back with the
result of both commands. It should show you the line you crashed at
and the stack leading up to it.

-A
--
Alan Post | Xen VPS hosting for the technically adept
PO Box 61688 | Sunnyvale, CA 94088-1681 | https://prgmr.com/
email: adp@prgmr.com
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Fri, Jul 31, 2020 at 07:39:53PM -0600, Alan Post wrote:
>
> Make sure that checkpassword is compiled with -g and is not stripped
> when linked. After that, rerun your test to produce a core file,
> and load it up in gdb:
>
> $ gdb /bin/checkpassword checkpassword.core
>
> Once in gdb, type 'where' and 'backtrace' and report back with the
> result of both commands. It should show you the line you crashed at
> and the stack leading up to it.
>

Thanks for your quick reply. I'm not sure if I'm making another mistake,
but this is what I get:

*----------------------------------------------------------------------*
eperea@diana:~{32} % gdb /bin/checkpassword checkpassword.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd6.7"...
Core was generated by `checkpassword'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /bin/checkpassword
Reading symbols from /usr/lib/libc.so.96.0...done.
Loaded symbols for /usr/lib/libc.so.96.0
Reading symbols from /usr/libexec/ld.so...Error while reading shared library symbols:
Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so]
#0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
59 movb (%rdi),%al
(gdb) where
#0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
#1 0x0000072ac16045a3 in main (argc=3, argv=0x7f7ffffca618) at checkpassword.c:81
Current language: auto; currently asm
(gdb) backtrace
#0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
#1 0x0000072ac16045a3 in main (argc=3, argv=0x7f7ffffca618) at checkpassword.c:81
(gdb)
*----------------------------------------------------------------------*
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Fri, Jul 31, 2020 at 10:32:52PM -0500, Emilio Perea wrote:
> Thanks for your quick reply. I'm not sure if I'm making another mistake,
> but this is what I get:
>

remove the -s flag to gcc in conf-ld and recompile. After that run the
below where/backtrace commands again, along with the others below.


> *----------------------------------------------------------------------*
> eperea@diana:~{32} % gdb /bin/checkpassword checkpassword.core
> GNU gdb 6.3
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "amd64-unknown-openbsd6.7"...
> Core was generated by `checkpassword'.
> Program terminated with signal 11, Segmentation fault.
> Loaded symbols for /bin/checkpassword
> Reading symbols from /usr/lib/libc.so.96.0...done.
> Loaded symbols for /usr/lib/libc.so.96.0
> Reading symbols from /usr/libexec/ld.so...Error while reading shared library symbols:
> Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so]
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> 59 movb (%rdi),%al
> (gdb) where
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> #1 0x0000072ac16045a3 in main (argc=3, argv=0x7f7ffffca618) at checkpassword.c:81
> Current language: auto; currently asm
> (gdb) backtrace
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> #1 0x0000072ac16045a3 in main (argc=3, argv=0x7f7ffffca618) at checkpassword.c:81
> (gdb)
> *----------------------------------------------------------------------*

strcmp.S line, 59:

https://github.com/openbsd/src/blob/master/lib/libc/arch/amd64/string/strcmp.S#L59

and checkpassword.c line 81:

https://github.com/TobyGoodwin/checkpassword/blob/master/checkpassword.c#L81

Neither the crypt call on line 78 nor the strcmp call on line 81 have changed
in OpenBSD 6.7.

With a debug build, type (don't use production data here):

(gdb) p encrypted
(gdb) p stored

I wonder if encrypted is NULL and stored is "*"?

What are the contents of hasspnam.h and hasuserpw.h?

-A
--
Alan Post | Xen VPS hosting for the technically adept
PO Box 61688 | Sunnyvale, CA 94088-1681 | https://prgmr.com/
email: adp@prgmr.com
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Fri, Jul 31, 2020 at 11:21:26PM -0600, Alan Post wrote:
> remove the -s flag to gcc in conf-ld and recompile. After that run the
> below where/backtrace commands again, along with the others below.
>
*----------------------------------------------------------------------*
eperea@diana:~{45} % gdb /bin/checkpassword checkpassword.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd6.7"...
Core was generated by `checkpassword'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /bin/checkpassword
Reading symbols from /usr/lib/libc.so.96.0...done.
Loaded symbols for /usr/lib/libc.so.96.0
Reading symbols from /usr/libexec/ld.so...Error while reading shared library symbols:
Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so]
#0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
59 movb (%rdi),%al
(gdb) where
#0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
#1 0x00000b0040ee75a3 in main (argc=3, argv=0x7f7ffffc4d18) at checkpassword.c:81
Current language: auto; currently asm
(gdb) backtrace
#0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
#1 0x00000b0040ee75a3 in main (argc=3, argv=0x7f7ffffc4d18) at checkpassword.c:81
(gdb) p encrypted
No symbol "encrypted" in current context.
(gdb) p stored
No symbol "stored" in current context.
(gdb)
*----------------------------------------------------------------------*
>
> strcmp.S line, 59:
>
> https://github.com/openbsd/src/blob/master/lib/libc/arch/amd64/string/strcmp.S#L59
>
> and checkpassword.c line 81:
>
> https://github.com/TobyGoodwin/checkpassword/blob/master/checkpassword.c#L81
>
> Neither the crypt call on line 78 nor the strcmp call on line 81 have changed
> in OpenBSD 6.7.

I saw that after the first gdb run.

> With a debug build, type (don't use production data here):
>
> (gdb) p encrypted
> (gdb) p stored
>
> I wonder if encrypted is NULL and stored is "*"?
>
> What are the contents of hasspnam.h and hasuserpw.h?

They are both empty! And not only those...

-rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 crypt.lib
-rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 hasspnam.h
-rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 hasuserpw.h
-rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 s.lib
-rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 shadow.lib
Re: Problems with OpenBSD 6.7 [ In reply to ]
Hi,

within my s/qmail solution, a 'qmail-authuser' module is available, which
also can be used as 'checkpassword' replacement, so it is much more powerful.

https://www.fehcom.de/sqmail/sqmail.html

https://www.fehcom.de/sqmail/man/qmail-authuser.html

As already proven here, you can simply use the module after compilation
within your standard qmail installation; thus don't need to install anything
else.

Since s/qmail depends on ucspi-ssl and fehQlibs, you need to install them as
well. Sorry for the dependency.

As other workaround, you make wanna try 'cmd5checkpw':

https://www.fehcom.de/qmail/smtpauth.html

But the version 0.30 is not written in the DJB C slang and I did not touch it
for at least a decade.


Though I can't guarantee that it works with OpenBSD 6.7, it would be worth a
try.

Within s/qmail 4.0.08, several fixes are included which should also make
their way into any other qmail forks/clones/patchsets.

Time to change!

regards.
--eh.



On Fri, 31 Jul 2020 19:56:31 -0500, Emilio Perea <eperea@walkereng.com> wrote
:

> The password list seems even less active than this one, so I hope you
> will forgive double-posting.
>
> I have been running qmail without problems on OpenBSD, every version
> from 2.3 through 6.6. After upgrading from 6.6 to 6.7 all of DJB's
> software had to be recompiled. This had happened several times with
> upgrades, so did not seem worrying. Upgraded a test server, recompiled
> and everything seemed fine. Unfortunately, I did not test checkpassword.
>
> *----------------------------------------------------------------------*
> foo:~
> {12} % /var/qmail/bin/qmail-popup foo.bar.perea.net /bin/checkpassword pwd
> +OK <10231.1596238694@foo.bar.perea.net>
> user frodo
> +OK
> pass friend
> -ERR aack, child crashed
> foo:~
> {13} % ls *.core
> checkpassword.core
> foo:~
> {14} %
> *----------------------------------------------------------------------*
>
> Life with qmail suggests looking for other password checking programs at
> qmail.org, but that, of course, is no longer available.
>
> I would greatly appreciate any suggestions.
>
>
>

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Re: Problems with OpenBSD 6.7 [ In reply to ]
Hi,

within my s/qmail solution, a 'qmail-authuser' module is available, which
also can be used as 'checkpassword' replacement, so it is much more powerful.

https://www.fehcom.de/sqmail/sqmail.html

https://www.fehcom.de/sqmail/man/qmail-authuser.html

As already proven here, you can simply use the module after compilation
within your standard qmail installation; thus don't need to install anything
else.

Since s/qmail depends on ucspi-ssl and fehQlibs, you need to install them as
well. Sorry for the dependency.

As other workaround, you make wanna try 'cmd5checkpw':

https://www.fehcom.de/qmail/smtpauth.html

But the version 0.30 is not written in the DJB C slang and I did not touch it
for at least a decade.


Though I can't guarantee that it works with OpenBSD 6.7, it would be worth a
try.

Within s/qmail 4.0.08, several fixes are included which should also make
their way into any other qmail forks/clones/patchsets.

Time to change!

regards.
--eh.



On Fri, 31 Jul 2020 19:56:31 -0500, Emilio Perea <eperea@walkereng.com> wrote
:

> The password list seems even less active than this one, so I hope you
> will forgive double-posting.
>
> I have been running qmail without problems on OpenBSD, every version
> from 2.3 through 6.6. After upgrading from 6.6 to 6.7 all of DJB's
> software had to be recompiled. This had happened several times with
> upgrades, so did not seem worrying. Upgraded a test server, recompiled
> and everything seemed fine. Unfortunately, I did not test checkpassword.
>
> *----------------------------------------------------------------------*
> foo:~
> {12} % /var/qmail/bin/qmail-popup foo.bar.perea.net /bin/checkpassword pwd
> +OK <10231.1596238694@foo.bar.perea.net>
> user frodo
> +OK
> pass friend
> -ERR aack, child crashed
> foo:~
> {13} % ls *.core
> checkpassword.core
> foo:~
> {14} %
> *----------------------------------------------------------------------*
>
> Life with qmail suggests looking for other password checking programs at
> qmail.org, but that, of course, is no longer available.
>
> I would greatly appreciate any suggestions.
>
>
>

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Sat, Aug 01, 2020 at 01:40:38AM -0500, Emilio Perea wrote:
> On Fri, Jul 31, 2020 at 11:21:26PM -0600, Alan Post wrote:
> > remove the -s flag to gcc in conf-ld and recompile. After that run the
> > below where/backtrace commands again, along with the others below.
> >
> *----------------------------------------------------------------------*
> eperea@diana:~{45} % gdb /bin/checkpassword checkpassword.core
> GNU gdb 6.3
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "amd64-unknown-openbsd6.7"...
> Core was generated by `checkpassword'.
> Program terminated with signal 11, Segmentation fault.
> Loaded symbols for /bin/checkpassword
> Reading symbols from /usr/lib/libc.so.96.0...done.
> Loaded symbols for /usr/lib/libc.so.96.0
> Reading symbols from /usr/libexec/ld.so...Error while reading shared library symbols:
> Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so]
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> 59 movb (%rdi),%al
> (gdb) where
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> #1 0x00000b0040ee75a3 in main (argc=3, argv=0x7f7ffffc4d18) at checkpassword.c:81
> Current language: auto; currently asm
> (gdb) backtrace
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> #1 0x00000b0040ee75a3 in main (argc=3, argv=0x7f7ffffc4d18) at checkpassword.c:81
> (gdb) p encrypted
> No symbol "encrypted" in current context.
> (gdb) p stored
> No symbol "stored" in current context.
> (gdb)
> *----------------------------------------------------------------------*

It still looks like there are no debug symbols, plus I made a misake.
edit conf-cc to replace the -O2 with -g, along with the previous
change of removing -s from conf-ld. Rebuild checkpassword.

when the crash occurs, you're in strcmp, and need to move up the
stack frame (with the "up" command) before you can print the value
of encrypted and stored in the main routine.

> >
> > strcmp.S line, 59:
> >
> > https://github.com/openbsd/src/blob/master/lib/libc/arch/amd64/string/strcmp.S#L59
> >
> > and checkpassword.c line 81:
> >
> > https://github.com/TobyGoodwin/checkpassword/blob/master/checkpassword.c#L81
> >
> > Neither the crypt call on line 78 nor the strcmp call on line 81 have changed
> > in OpenBSD 6.7.
>
> I saw that after the first gdb run.
>
> > With a debug build, type (don't use production data here):
> >
> > (gdb) p encrypted
> > (gdb) p stored
> >
> > I wonder if encrypted is NULL and stored is "*"?
> >
> > What are the contents of hasspnam.h and hasuserpw.h?
>
> They are both empty! And not only those...
>
> -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 crypt.lib
> -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 hasspnam.h
> -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 hasuserpw.h
> -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 s.lib
> -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 shadow.lib

Not a surprise, OpenBSD has neither getspnam (tryspnam.c -> hasspnam.h)
nor getuserpw (tryuserpw.c -> hasuserpw.h)

I believe what's happening is that the call to getpwnam on or about
line 55 is returning an entry without the hashed password, meaning
that stored has the value "*" on line 57.

That results in crypt returning a NULL string:

https://github.com/openbsd/src/blob/master/lib/libc/crypt/crypt.c

Which results in strcmp crashing dereferencing it.

The problem isn't the upgrade to OpenBSD 6.7, it's that your previous
checkpassword had it's setuid bit set, and your new one does not.

If you make checkpassword setuid, the pw_passwd field will return
the hashed password instead of "*" and the crypt call will then invoke
bcrypt returning a non-NULL value that is assigned to encrypted, resulting
in strcmp returning the result of the comparison rather than segfaulting.

Is that what happens?

-A
--
Alan Post | Xen VPS hosting for the technically adept
PO Box 61688 | Sunnyvale, CA 94088-1681 | https://prgmr.com/
email: adp@prgmr.com
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Sat, Aug 01, 2020 at 08:38:20AM -0600, Alan Post wrote:
> On Sat, Aug 01, 2020 at 01:40:38AM -0500, Emilio Perea wrote:
> > On Fri, Jul 31, 2020 at 11:21:26PM -0600, Alan Post wrote:
> > > remove the -s flag to gcc in conf-ld and recompile. After that run the
> > > below where/backtrace commands again, along with the others below.
> > >
> > *----------------------------------------------------------------------*
> > eperea@diana:~{45} % gdb /bin/checkpassword checkpassword.core
> > GNU gdb 6.3
> > Copyright 2004 Free Software Foundation, Inc.
> > GDB is free software, covered by the GNU General Public License, and you are
> > welcome to change it and/or distribute copies of it under certain conditions.
> > Type "show copying" to see the conditions.
> > There is absolutely no warranty for GDB. Type "show warranty" for details.
> > This GDB was configured as "amd64-unknown-openbsd6.7"...
> > Core was generated by `checkpassword'.
> > Program terminated with signal 11, Segmentation fault.
> > Loaded symbols for /bin/checkpassword
> > Reading symbols from /usr/lib/libc.so.96.0...done.
> > Loaded symbols for /usr/lib/libc.so.96.0
> > Reading symbols from /usr/libexec/ld.so...Error while reading shared library symbols:
> > Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so]
> > #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> > 59 movb (%rdi),%al
> > (gdb) where
> > #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> > #1 0x00000b0040ee75a3 in main (argc=3, argv=0x7f7ffffc4d18) at checkpassword.c:81
> > Current language: auto; currently asm
> > (gdb) backtrace
> > #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> > #1 0x00000b0040ee75a3 in main (argc=3, argv=0x7f7ffffc4d18) at checkpassword.c:81
> > (gdb) p encrypted
> > No symbol "encrypted" in current context.
> > (gdb) p stored
> > No symbol "stored" in current context.
> > (gdb)
> > *----------------------------------------------------------------------*
>
> It still looks like there are no debug symbols, plus I made a misake.
> edit conf-cc to replace the -O2 with -g, along with the previous
> change of removing -s from conf-ld. Rebuild checkpassword.

Actually you mentioned earlier to compile with -g so all the dbg runs
have been with conf-cc and all after the first with -s removed from
conf-ld.

> when the crash occurs, you're in strcmp, and need to move up the
> stack frame (with the "up" command) before you can print the value
> of encrypted and stored in the main routine.

Thanks. I'm not at all familiar with gdb. When I was in college the
choice of languages were COBOL and FORTRAN, and as a Physics mayor you
know what I worked with. Picked up a bit of C, but not enough.

> > >
> > > strcmp.S line, 59:
> > >
> > > https://github.com/openbsd/src/blob/master/lib/libc/arch/amd64/string/strcmp.S#L59
> > >
> > > and checkpassword.c line 81:
> > >
> > > https://github.com/TobyGoodwin/checkpassword/blob/master/checkpassword.c#L81
> > >
> > > Neither the crypt call on line 78 nor the strcmp call on line 81 have changed
> > > in OpenBSD 6.7.
> >
> > I saw that after the first gdb run.
> >
> > > With a debug build, type (don't use production data here):
> > >
> > > (gdb) p encrypted
> > > (gdb) p stored
> > >
> > > I wonder if encrypted is NULL and stored is "*"?
> > >
> > > What are the contents of hasspnam.h and hasuserpw.h?
> >
> > They are both empty! And not only those...
> >
> > -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 crypt.lib
> > -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 hasspnam.h
> > -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 hasuserpw.h
> > -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 s.lib
> > -rw-r--r-- 1 eperea wheel 0 Aug 1 01:09 shadow.lib
>
> Not a surprise, OpenBSD has neither getspnam (tryspnam.c -> hasspnam.h)
> nor getuserpw (tryuserpw.c -> hasuserpw.h)
>
> I believe what's happening is that the call to getpwnam on or about
> line 55 is returning an entry without the hashed password, meaning
> that stored has the value "*" on line 57.
>
> That results in crypt returning a NULL string:
>
> https://github.com/openbsd/src/blob/master/lib/libc/crypt/crypt.c
>
> Which results in strcmp crashing dereferencing it.
>
> The problem isn't the upgrade to OpenBSD 6.7, it's that your previous
> checkpassword had it's setuid bit set, and your new one does not.

The checkpassword in another server running OpenBSD 6.6 (i386) is not
setuid, but have not tested it in quite a while. This one may well have
been setuid. I just changed it, so it is now.

> If you make checkpassword setuid, the pw_passwd field will return
> the hashed password instead of "*" and the crypt call will then invoke
> bcrypt returning a non-NULL value that is assigned to encrypted, resulting
> in strcmp returning the result of the comparison rather than segfaulting.
>
> Is that what happens?

With the recompiled and setuid checkpassword, DJB's test using
qmail-popup does not crash, but get '-ERR authorization failed" whether
the password is right or wrong. However, trying to retrieve mail using
one of the usual clients does cause it to crash.

Anyhow, this is the latest:

*----------------------------------------------------------------------*
eperea@diana:~{12} % gdb /bin/checkpassword checkpassword.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd6.7"...
Core was generated by `checkpassword'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /bin/checkpassword
Reading symbols from /usr/lib/libc.so.96.0...done.
Loaded symbols for /usr/lib/libc.so.96.0
Reading symbols from /usr/libexec/ld.so...Error while reading shared library symbols:
Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so]
#0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
59 movb (%rdi),%al
(gdb) up
#1 0x00000d668b9bd5a3 in main (argc=3, argv=0x7f7ffffd0ac8) at checkpassword.c:81
81 if (!*stored || strcmp(encrypted,stored)) _exit(1);
(gdb) p encrypted
$1 = 0x0
(gdb) p stored
$2 = 0xd68d960c073 "*"
(gdb)
*----------------------------------------------------------------------*

Whatever the result, I'm really grateful for all your help!
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Sat, Aug 01, 2020 at 11:27:33AM -0500, Emilio Perea wrote:
> On Sat, Aug 01, 2020 at 08:38:20AM -0600, Alan Post wrote:
> > On Sat, Aug 01, 2020 at 01:40:38AM -0500, Emilio Perea wrote:
> > The problem isn't the upgrade to OpenBSD 6.7, it's that your previous
> > checkpassword had it's setuid bit set, and your new one does not.
>
> The checkpassword in another server running OpenBSD 6.6 (i386) is not
> setuid, but have not tested it in quite a while. This one may well have
> been setuid. I just changed it, so it is now.
>
> > If you make checkpassword setuid, the pw_passwd field will return
> > the hashed password instead of "*" and the crypt call will then invoke
> > bcrypt returning a non-NULL value that is assigned to encrypted, resulting
> > in strcmp returning the result of the comparison rather than segfaulting.
> >
> > Is that what happens?
>
> With the recompiled and setuid checkpassword, DJB's test using
> qmail-popup does not crash, but get '-ERR authorization failed" whether
> the password is right or wrong. However, trying to retrieve mail using
> one of the usual clients does cause it to crash.
>

The ERR authorization failed is possibly a result of prot.c being
miscompiled. That is one of the chancier try* checks in the codebase.

You might try adding correct function signatures there, much like:

https://github.com/alanpost/notqmail/blob/pr-remove-hasshsgr-h/prot.c

while also fixing the function signature in prot.h and removing the
cast to int in checkpassword.c. It's straightforward if you understand
C, but difficult to explain over email otherwise.


> Anyhow, this is the latest:
>

It's the later circumstances that produces this core file then, since
making the program setuid eliminated the crash in your test harness?


> *----------------------------------------------------------------------*
> eperea@diana:~{12} % gdb /bin/checkpassword checkpassword.core
> GNU gdb 6.3
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "amd64-unknown-openbsd6.7"...
> Core was generated by `checkpassword'.
> Program terminated with signal 11, Segmentation fault.
> Loaded symbols for /bin/checkpassword
> Reading symbols from /usr/lib/libc.so.96.0...done.
> Loaded symbols for /usr/lib/libc.so.96.0
> Reading symbols from /usr/libexec/ld.so...Error while reading shared library symbols:
> Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so]
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> 59 movb (%rdi),%al
> (gdb) up
> #1 0x00000d668b9bd5a3 in main (argc=3, argv=0x7f7ffffd0ac8) at checkpassword.c:81
> 81 if (!*stored || strcmp(encrypted,stored)) _exit(1);
> (gdb) p encrypted
> $1 = 0x0
> (gdb) p stored
> $2 = 0xd68d960c073 "*"
> (gdb)
> *----------------------------------------------------------------------*
>
> Whatever the result, I'm really grateful for all your help!

I was correct about the what failed, but did not successfully explain
why. The getpwnam manpage explains that the getpwnam_shadow method
can be invoked to retrieve the hashed password from master.passwd:

https://man.openbsd.org/getpwnam

I can't explain how OpenBSD 6.7 differs from the previous release in
this regard, but you could try replacing the call to getpwnam with
a call to getpwnam_shadow. Which should result in stored having the
entry from the master.passwd file, beginning with a dollar sign ($).

Yet without understanding the conditions this core file was generated
under, it could be using getpwnam_shadow is a waste of time.

-A
--
Alan Post | Xen VPS hosting for the technically adept
PO Box 61688 | Sunnyvale, CA 94088-1681 | https://prgmr.com/
email: adp@prgmr.com
Re: Problems with OpenBSD 6.7 [ In reply to ]
On Sat, Aug 01, 2020 at 10:52:06AM -0600, Alan Post wrote:
> I was correct about the what failed, but did not successfully explain
> why. The getpwnam manpage explains that the getpwnam_shadow method
> can be invoked to retrieve the hashed password from master.passwd:
>
> https://man.openbsd.org/getpwnam
>
> I can't explain how OpenBSD 6.7 differs from the previous release in
> this regard, but you could try replacing the call to getpwnam with
> a call to getpwnam_shadow. Which should result in stored having the
> entry from the master.passwd file, beginning with a dollar sign ($).
>
> Yet without understanding the conditions this core file was generated
> under, it could be using getpwnam_shadow is a waste of time.

Thanks, you have been very helpful.