Re: [AAFUGIT] nsswitch and hesiod (fwd)

[D. Joe Anderson]

Hi folks,

It seems libnss_hesiod from glibc-2.2 is not successfully querying for
records in the HS class, only for IN records.

Beneath the reply from Steve Langasek below which helps define the
problem, I've appended some strace results an unsuccessful query (against
a record that exists and can be successfully queried with glibc-2.1),

strace -esend,recvfrom -s 300 id deejoe 

I'm not familiar with the protocols involved, but I have noticed that the
last byte of successful (glibc-2.1) send() calls is \4, whereas the last
byte of the unsucessful send() calls is \1, and that these correspond to
the values of the C_HS and C_IN constants, respectively.  

--Joe

---------- Forwarded message ----------
Date: Wed, 3 Jan 2001 17:36:42 -0600 (CST)
From: Steve Langasek <address@hidden>
Reply-To: address@hidden
To: address@hidden, "D. Joe Anderson" <address@hidden>
Subject: Re: [AAFUGIT] nsswitch and hesiod

Hi Joe,

I haven't tried this yet with glibc 2.2.  Of course, it works just fine
under glibc 2.1.2.

On Wed, 3 Jan 2001, D. Joe Anderson wrote:

> Below, I've appended the results of 

> strace id deejoe

> in case that's of any help in diagnosing the problem to someone who knows
> better than I how to read the system calls involved.

> > Does anyone have nsswitch successfully looking up hesiod database entries
> > for linux glibc2.2/Redhat 7.0/Mandrake 7.2 ?

> > hesinfo is working fine for me, from the command line, but libnss_hesiod
> > doesn't seem to be working right.  

> > For example, this works:

> > # hesinfo deejoe passwd
> > deejoe:*:1073:101:Joe Anderson,,,,:/home/deejoe:/bin/tcsh

> > but this doesn't work:

> > # id deejoe
> > id: deejoe: No such user

> > This second command needs to succeed in order to "acropolis-enable" these
> > systems.

> > /etc/nsswitch.conf has the following lines

> > passwd:     files hesiod #nisplus nis
> > shadow:     files #hesiod nisplus nis
> > group:      files hesiod #nisplus nis

> > I'm using precompiled /lib/libnss_hesiod-2.2.so as packaged with

> > glibc-2.2-9 (RedHat 7.0)
> > glibc-2.2-12mdk (Mandrake 7.2

> > libnss_hesiod doesn't appear to rely on the hesiod package at all:

> > # ldd /lib/libnss_hesiod-2.2.so
> >         libresolv.so.2 => /lib/libresolv.so.2 (0x40022000)
> >         libnss_files.so.2 => /lib/libnss_files.so.2 (0x40034000)
> >         libc.so.6 => /lib/libc.so.6 (0x4003f000)
> >         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

> > but even so, just FYI, I've been building hesiod from source using

> > hesiod-3.0.2-1

> > modified slightly.

Yes, the libnss_hesiod module ships with the glibc sources, and doesn't
depend on any other libraries.

> execve("/usr/bin/id", ["id", "deejoe"], [/* 26 vars */]) = 0
[snip]

> open("/etc/nsswitch.conf", O_RDONLY)    = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=1782, ...}) = 0
> read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1782
> read(3, "", 4096)                       = 0
> close(3)                                = 0
[snip]

> open("/lib/libnss_hesiod.so.2", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\21\0\000"..., 1024) 
> = 1024
> fstat(3, {st_mode=S_IFREG|0755, st_size=102961, ...}) = 0
> old_mmap(NULL, 18004, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40181000
> mprotect(0x40185000, 1620, PROT_NONE)   = 0
> old_mmap(0x40185000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
> 0x3000) = 0x40185000
> close(3)                                = 0
[snip]

> open("/etc/hesiod.conf", O_RDONLY)      = 3
> fstat(3, {st_mode=S_IFREG|0755, st_size=423, ...}) = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 
> = 0x4016c000
> read(3, "# This file determines the behav"..., 4096) = 423
> read(3, "", 4096)                       = 0
> close(3)                                = 0
[snip]

> open("/etc/resolv.conf", O_RDONLY)      = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=131, ...}) = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 
> = 0x4016c000
> read(3, "search bb.iastate.edu zool.iasta"..., 4096) = 131
> read(3, "", 4096)                       = 0
> close(3)                                = 0
[snip]

Everything looks good up to here...


> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
> connect(3, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.1.200")}}, 28) = 0
> send(3, "\330\355\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IA"..., 46, 0) = 46
> gettimeofday({978548970, 701111}, NULL) = 0
> poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
> recvfrom(3, "\330\355\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7"..., 
> 1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.1.200")}}, [16]) = 46
> close(3)                                = 0
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
> connect(3, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.142.200")}}, 28) = 0
> send(3, "\330\355\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IA"..., 46, 0) = 46
> gettimeofday({978548970, 706122}, NULL) = 0
> poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 3000) = 1
> recvfrom(3, "\330\355\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7"..., 
> 1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.142.200")}}, [16]) = 46
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
> connect(4, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.140.200")}}, 28) = 0
> send(4, "\330\355\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IA"..., 46, 0) = 46
> gettimeofday({978548970, 709867}, NULL) = 0
> poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 6000) = 1
> recvfrom(4, "\330\355\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7"..., 
> 1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.140.200")}}, [16]) = 46
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
> connect(5, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.1.200")}}, 28) = 0
> send(5, "\330\355\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IA"..., 46, 0) = 46
> gettimeofday({978548970, 714320}, NULL) = 0
> poll([{fd=5, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
> recvfrom(5, "\330\355\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7"..., 
> 1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.1.200")}}, [16]) = 46
> send(3, "\330\355\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IA"..., 46, 0) = 46
> gettimeofday({978548970, 718102}, NULL) = 0
> poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 3000) = 1
> recvfrom(3, "\330\355\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7"..., 
> 1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.142.200")}}, [16]) = 46
> send(4, "\330\355\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IA"..., 46, 0) = 46
> gettimeofday({978548970, 721966}, NULL) = 0
> poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 6000) = 1
> recvfrom(4, "\330\355\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7"..., 
> 1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("129.186.140.200")}}, [16]) = 46

Here, we see the hesiod library hitting all of ISU's DNS servers (ns-1,
ns-2, ns-3, then back to ns-1) and not liking the answers that it gets.
Since the text of the packets is truncated here, and since I don't read
DNS packets that well anyway :), it's hard to tell why this doesn't work.
I had a vague notion that the ns-X nameservers didn't work for hesiod,
that you had to use vs-X instead, but I changed my resolv.conf to hit
ns-1.iastate.edu and the 'id' command still works for me.

Could you try running strace -erecvfrom -s 128 id deejoe?

Actually, scratch that.  I just realized I have a Debian box here w/ glibc
2.2 installed, and I just tested it -- I'm seeing the exact same problem
you are.  This looks like a bug in libnss_hesiod. :/  Looking more
closely, it appears that libnss_hesiod ignores the 'classes=' parameter
from /etc/hesiod.conf, instead using a value of 'IN'.  This works fine
with newer Hesiod installations, because this is now more or less the
standard, and it's the configuration recommended by MIT.  ISU, however,
still *exclusively* uses the older HS class for all of its Hesiod
information.  This already causes a problem for libhesiod and the hesinfo
tool, to the extent that one has to edit /etc/hesiod.conf to be compatible
with ISU; it now appears that this is causing a problem w/ libnss_hesiod.

Steve Langasek
postmodern programmer

> write(2, "id: ", 4id: )                     = 4
> write(2, "deejoe: No such user", 20deejoe: No such user)    = 20
> write(2, "\n", 1
> )                       = 1



-----
WEB MIRROR:  http://aafugit.org/list/aafugit
TO UNSUBSCRIBE:  mail a blank message to address@hidden




Script started on Thu Jan  4 14:43:39 2001
[I have no address@hidden deejoe]$ strace -esend,recvfrom -s 300 id deejoe
send(4, 
"\35\214\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IASTATE\3EDU\0\0\20\0\1", 46, 
0) = 46
recvfrom(4, 
"\35\214\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IASTATE\3EDU\0\0\20\0\1", 
1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("129.186.140.200")}}, [16]) = 46
send(4, 
"\35\214\1\0\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IASTATE\3EDU\0\0\20\0\1", 46, 
0) = 46
recvfrom(4, 
"\35\214\201\202\0\1\0\0\0\0\0\0\6deejoe\6passwd\2ns\7IASTATE\3EDU\0\0\20\0\1", 
1024, 0, {sin_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("129.186.140.200")}}, [16]) = 46
id: deejoe: No such user
[I have no address@hidden deejoe]$ exit
exit

Script done on Thu Jan  4 14:43:44 2001