Re: chsh corrupts /etc/pwd.db
On Wed, Aug 21, 2019 at 7:22 PM Tom Samplonius wrote: > > > > On Aug 21, 2019, at 2:55 PM, Alan Somers wrote: > > Today I tried to use chsh to change my shell from bash to fish. The > command completed successfully, but new logins continued to use bash! > Investigating, I discovered that /etc/pwd.db and /etc/spwd.db seem to > contain 3-4 entries per user. One of those still refers to my old > > > Berkeley DB files can only have a single index, so users are stored three > times, once by username, once by uid, and once by line number. So that isn’t > corruption. But why was my entry stored four times? > > > shell. Worse, if I try using chsh again, it fails with an "entry > inconsistent" error, and I have to restore the password files from > backup. Has anybody seen something like this before? This is just a > single system, with no NIS or LDAP. > > > You shouldn’t need to restore the files. You should be able to just > regenerate the *.db files from the master.passwd file: > > /usr/sbin/pwd_mkdb -p /etc/master.passwd Ok, that worked. Thanks! > > > Unless, of course your master.passwd file was damaged. But the *.db files > are really just caches for faster access to user data. The real master file > is master.passwd. > > > The ch* tools typically just change master.passwd, and then call pwd_mkdb to > rebuild the *.db files. The pwd.db file from before the snapshot only has three entries. From after, it has four, and one of them has the wrong shell. So it does seem that chsh is corrupting the file. And fortunately the problem is repeatable. Any ideas about how to debug it? -Alan P.S. I failed to mention earlier that this is happening on 12.0-RELEASE-p10 -Alan ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: chsh corrupts /etc/pwd.db
> On Aug 21, 2019, at 2:55 PM, Alan Somers wrote: > > Today I tried to use chsh to change my shell from bash to fish. The > command completed successfully, but new logins continued to use bash! > Investigating, I discovered that /etc/pwd.db and /etc/spwd.db seem to > contain 3-4 entries per user. One of those still refers to my old Berkeley DB files can only have a single index, so users are stored three times, once by username, once by uid, and once by line number. So that isn’t corruption. > shell. Worse, if I try using chsh again, it fails with an "entry > inconsistent" error, and I have to restore the password files from > backup. Has anybody seen something like this before? This is just a > single system, with no NIS or LDAP. You shouldn’t need to restore the files. You should be able to just regenerate the *.db files from the master.passwd file: /usr/sbin/pwd_mkdb -p /etc/master.passwd Unless, of course your master.passwd file was damaged. But the *.db files are really just caches for faster access to user data. The real master file is master.passwd. The ch* tools typically just change master.passwd, and then call pwd_mkdb to rebuild the *.db files. Tom ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: svn commit: r351246 - in stable: 11/sys/opencrypto 12/sys/opencrypto
On 8/21/2019 6:38 PM, John Baldwin wrote:
> On 8/21/19 9:08 AM, mike tancsa wrote:
>> On 8/21/2019 12:00 PM, John Baldwin wrote:
>>> dtrace -n 'fbt::_gone_in:entry { @counts[curthread->td_proc->p_comm] =
>>> count()'
>> Thanks, I am not familiar with dtrace at all. This command gives a
>> syntax error
>>
>> 0(cage)# dtrace -n 'fbt::_gone_in:entry {
>> @counts[curthread->td_proc->p_comm] = count()'
>> dtrace: invalid probe specifier fbt::_gone_in:entry {
>> @counts[curthread->td_proc->p_comm] = count(): syntax error near end of
>> input
>> 1(cage)#
> Oops, I forgot the closing }. First, do "dtrace -l | grep _gone_in" to make
> sure dtrace is loaded. You should see something like this:
>
> # dtrace -l | grep _gone_in
> 87003fbtkernel _gone_in entry
> 87004fbtkernel _gone_in return
> 98682fbtkernel _gone_in_dev entry
> 98683fbtkernel _gone_in_dev return
>
> Then this should work:
>
> # dtrace -n 'fbt::_gone_in:entry { @counts[curthread->td_proc->p_comm] =
> count() }'
> dtrace: description 'fbt::_gone_in:entry ' matched 1 probe
>
Thanks!
# dtrace -l | grep _gone_in
15632 fbt kernel _gone_in entry
22693 fbt kernel _gone_in_dev entry
# dtrace -n 'fbt::_gone_in:entry { @counts[curthread->td_proc->p_comm] =
count() }'
dtrace: description 'fbt::_gone_in:entry ' matched 1 probe
However, It doesnt show anything after that even as I get the
deprecation messages in dmesg
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: svn commit: r351246 - in stable: 11/sys/opencrypto 12/sys/opencrypto
On 8/21/19 9:08 AM, mike tancsa wrote:
> On 8/21/2019 12:00 PM, John Baldwin wrote:
>> dtrace -n 'fbt::_gone_in:entry { @counts[curthread->td_proc->p_comm] =
>> count()'
>
> Thanks, I am not familiar with dtrace at all. This command gives a
> syntax error
>
> 0(cage)# dtrace -n 'fbt::_gone_in:entry {
> @counts[curthread->td_proc->p_comm] = count()'
> dtrace: invalid probe specifier fbt::_gone_in:entry {
> @counts[curthread->td_proc->p_comm] = count(): syntax error near end of
> input
> 1(cage)#
Oops, I forgot the closing }. First, do "dtrace -l | grep _gone_in" to make
sure dtrace is loaded. You should see something like this:
# dtrace -l | grep _gone_in
87003fbtkernel _gone_in entry
87004fbtkernel _gone_in return
98682fbtkernel _gone_in_dev entry
98683fbtkernel _gone_in_dev return
Then this should work:
# dtrace -n 'fbt::_gone_in:entry { @counts[curthread->td_proc->p_comm] =
count() }'
dtrace: description 'fbt::_gone_in:entry ' matched 1 probe
--
John Baldwin
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
chsh corrupts /etc/pwd.db
Today I tried to use chsh to change my shell from bash to fish. The command completed successfully, but new logins continued to use bash! Investigating, I discovered that /etc/pwd.db and /etc/spwd.db seem to contain 3-4 entries per user. One of those still refers to my old shell. Worse, if I try using chsh again, it fails with an "entry inconsistent" error, and I have to restore the password files from backup. Has anybody seen something like this before? This is just a single system, with no NIS or LDAP. -Alan $ xxd /etc/pwd.db ... 3bf0: e800 0003 e800 416c 616e 2053 ..Alan S 3c00: 6f6d 6572 7300 2f68 6f6d 652f 736f 6d65 omers./home/some 3c10: 7273 002f 7573 722f 6c6f 6361 6c2f 6269 rs./usr/local/bi 3c20: 6e2f 6669 7368 0003 df41 n/fish.A ... 5c80: 0041 6c61 6e20 536f 6d65 7273 002f 686f .Alan Somers./ho 5c90: 6d65 2f73 6f6d 6572 7300 2f75 7372 2f6c me/somers./usr/l 5ca0: 6f63 616c 2f62 696e 2f62 6173 6800 ocal/bin/bash... ... 6c20: 03e8 03e8 0041 6c61 6e20 ...Alan 6c30: 536f 6d65 7273 002f 686f 6d65 2f73 6f6d Somers./home/som 6c40: 6572 7300 2f75 7372 2f6c 6f63 616c 2f62 ers./usr/local/b 6c50: 696e 2f66 6973 6800 03df in/fish. ... 7b40: 0041 6c61 6e20 536f 6d65 7273 002f 686f .Alan Somers./ho 7b50: 6d65 2f73 6f6d 6572 7300 2f75 7372 2f6c me/somers./usr/l 7b60: 6f63 616c 2f62 696e 2f66 6973 6800 ocal/bin/fish... $ chsh -s /usr/local/bin/fish Password: chsh: entry inconsistent chsh: pw_copy: Invalid argument ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: svn commit: r351246 - in stable: 11/sys/opencrypto 12/sys/opencrypto
On 8/21/2019 12:00 PM, John Baldwin wrote:
> dtrace -n 'fbt::_gone_in:entry { @counts[curthread->td_proc->p_comm] =
> count()'
Thanks, I am not familiar with dtrace at all. This command gives a
syntax error
0(cage)# dtrace -n 'fbt::_gone_in:entry {
@counts[curthread->td_proc->p_comm] = count()'
dtrace: invalid probe specifier fbt::_gone_in:entry {
@counts[curthread->td_proc->p_comm] = count(): syntax error near end of
input
1(cage)#
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: svn commit: r351246 - in stable: 11/sys/opencrypto 12/sys/opencrypto
On 8/21/19 8:21 AM, mike tancsa wrote:
> On a busy server, I am getting a lot of these spewing to dmesg
I have a change staged for MFC that lets you adjust the warning intervals
so you can tone down the spam.
> Deprecated code (to be removed in FreeBSD 13): ARC4 cipher via /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): DES cipher via /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): 3DES cipher via /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): Blowfish cipher via
> /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): CAST128 cipher via
> /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): ARC4 cipher via /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): DES cipher via /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): 3DES cipher via /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): Blowfish cipher via
> /dev/crypto
> Deprecated code (to be removed in FreeBSD 13): CAST128 cipher via
> /dev/crypto
>
>
> What is the best way to try and track down what apps are triggering that ?
One might be to use 'procstat -af' to see which processes have crypto file
descriptors open (file descriptor type 'c').
The other approach would be to use dtrace with the fbt::_gone_in:entry
trace maybe building a count of process names or some such, something like:
dtrace -n 'fbt::_gone_in:entry { @counts[curthread->td_proc->p_comm] = count()'
Let that run and then Ctrl-C after you see some warnings.
> ---Mike
>
> On 8/19/2019 9:30 PM, John Baldwin wrote:
>> Author: jhb
>> Date: Tue Aug 20 01:30:35 2019
>> New Revision: 351246
>> URL: https://svnweb.freebsd.org/changeset/base/351246
>>
>> Log:
>> MFC 348876: Add warnings to /dev/crypto for deprecated algorithms.
>>
>> These algorithms are deprecated algorithms that will have no in-kernel
>> consumers in FreeBSD 13. Specifically, deprecate the following
>> algorithms:
>> - ARC4
>> - Blowfish
>> - CAST128
>> - DES
>> - 3DES
>> - MD5-HMAC
>> - Skipjack
>>
>> Relnotes: yes
>>
>> Modified:
>> stable/11/sys/opencrypto/cryptodev.c
>> Directory Properties:
>> stable/11/ (props changed)
>>
>> Changes in other areas also in this revision:
>> Modified:
>> stable/12/sys/opencrypto/cryptodev.c
>> Directory Properties:
>> stable/12/ (props changed)
>>
>> Modified: stable/11/sys/opencrypto/cryptodev.c
>> ==
>> --- stable/11/sys/opencrypto/cryptodev.c Tue Aug 20 01:26:02 2019
>> (r351245)
>> +++ stable/11/sys/opencrypto/cryptodev.c Tue Aug 20 01:30:35 2019
>> (r351246)
>> @@ -388,6 +388,9 @@ cryptof_ioctl(
>> struct crypt_op copc;
>> struct crypt_kop kopc;
>> #endif
>> +static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
>> +static struct timeval skipwarn, tdeswarn;
>> +static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };
>>
>> switch (cmd) {
>> case CIOCGSESSION:
>> @@ -408,18 +411,28 @@ cryptof_ioctl(
>> case 0:
>> break;
>> case CRYPTO_DES_CBC:
>> +if (ratecheck(, ))
>> +gone_in(13, "DES cipher via /dev/crypto");
>> txform = _xform_des;
>> break;
>> case CRYPTO_3DES_CBC:
>> +if (ratecheck(, ))
>> +gone_in(13, "3DES cipher via /dev/crypto");
>> txform = _xform_3des;
>> break;
>> case CRYPTO_BLF_CBC:
>> +if (ratecheck(, ))
>> +gone_in(13, "Blowfish cipher via /dev/crypto");
>> txform = _xform_blf;
>> break;
>> case CRYPTO_CAST_CBC:
>> +if (ratecheck(, ))
>> +gone_in(13, "CAST128 cipher via /dev/crypto");
>> txform = _xform_cast5;
>> break;
>> case CRYPTO_SKIPJACK_CBC:
>> +if (ratecheck(, ))
>> +gone_in(13, "Skipjack cipher via /dev/crypto");
>> txform = _xform_skipjack;
>> break;
>> case CRYPTO_AES_CBC:
>> @@ -432,6 +445,8 @@ cryptof_ioctl(
>> txform = _xform_null;
>> break;
>> case CRYPTO_ARC4:
>> +if (ratecheck(, ))
>> +gone_in(13, "ARC4 cipher via /dev/crypto");
>> txform = _xform_arc4;
>> break;
>> case CRYPTO_CAMELLIA_CBC:
>> @@ -454,6 +469,9 @@ cryptof_ioctl(
>> case 0:
>> break;
>> case CRYPTO_MD5_HMAC:
>> +if (ratecheck(, ))
>> +gone_in(13,
>> +
Re: svn commit: r351246 - in stable: 11/sys/opencrypto 12/sys/opencrypto
On a busy server, I am getting a lot of these spewing to dmesg
Deprecated code (to be removed in FreeBSD 13): ARC4 cipher via /dev/crypto
Deprecated code (to be removed in FreeBSD 13): DES cipher via /dev/crypto
Deprecated code (to be removed in FreeBSD 13): 3DES cipher via /dev/crypto
Deprecated code (to be removed in FreeBSD 13): Blowfish cipher via
/dev/crypto
Deprecated code (to be removed in FreeBSD 13): CAST128 cipher via
/dev/crypto
Deprecated code (to be removed in FreeBSD 13): ARC4 cipher via /dev/crypto
Deprecated code (to be removed in FreeBSD 13): DES cipher via /dev/crypto
Deprecated code (to be removed in FreeBSD 13): 3DES cipher via /dev/crypto
Deprecated code (to be removed in FreeBSD 13): Blowfish cipher via
/dev/crypto
Deprecated code (to be removed in FreeBSD 13): CAST128 cipher via
/dev/crypto
What is the best way to try and track down what apps are triggering that ?
---Mike
On 8/19/2019 9:30 PM, John Baldwin wrote:
> Author: jhb
> Date: Tue Aug 20 01:30:35 2019
> New Revision: 351246
> URL: https://svnweb.freebsd.org/changeset/base/351246
>
> Log:
> MFC 348876: Add warnings to /dev/crypto for deprecated algorithms.
>
> These algorithms are deprecated algorithms that will have no in-kernel
> consumers in FreeBSD 13. Specifically, deprecate the following
> algorithms:
> - ARC4
> - Blowfish
> - CAST128
> - DES
> - 3DES
> - MD5-HMAC
> - Skipjack
>
> Relnotes: yes
>
> Modified:
> stable/11/sys/opencrypto/cryptodev.c
> Directory Properties:
> stable/11/ (props changed)
>
> Changes in other areas also in this revision:
> Modified:
> stable/12/sys/opencrypto/cryptodev.c
> Directory Properties:
> stable/12/ (props changed)
>
> Modified: stable/11/sys/opencrypto/cryptodev.c
> ==
> --- stable/11/sys/opencrypto/cryptodev.c Tue Aug 20 01:26:02 2019
> (r351245)
> +++ stable/11/sys/opencrypto/cryptodev.c Tue Aug 20 01:30:35 2019
> (r351246)
> @@ -388,6 +388,9 @@ cryptof_ioctl(
> struct crypt_op copc;
> struct crypt_kop kopc;
> #endif
> + static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
> + static struct timeval skipwarn, tdeswarn;
> + static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };
>
> switch (cmd) {
> case CIOCGSESSION:
> @@ -408,18 +411,28 @@ cryptof_ioctl(
> case 0:
> break;
> case CRYPTO_DES_CBC:
> + if (ratecheck(, ))
> + gone_in(13, "DES cipher via /dev/crypto");
> txform = _xform_des;
> break;
> case CRYPTO_3DES_CBC:
> + if (ratecheck(, ))
> + gone_in(13, "3DES cipher via /dev/crypto");
> txform = _xform_3des;
> break;
> case CRYPTO_BLF_CBC:
> + if (ratecheck(, ))
> + gone_in(13, "Blowfish cipher via /dev/crypto");
> txform = _xform_blf;
> break;
> case CRYPTO_CAST_CBC:
> + if (ratecheck(, ))
> + gone_in(13, "CAST128 cipher via /dev/crypto");
> txform = _xform_cast5;
> break;
> case CRYPTO_SKIPJACK_CBC:
> + if (ratecheck(, ))
> + gone_in(13, "Skipjack cipher via /dev/crypto");
> txform = _xform_skipjack;
> break;
> case CRYPTO_AES_CBC:
> @@ -432,6 +445,8 @@ cryptof_ioctl(
> txform = _xform_null;
> break;
> case CRYPTO_ARC4:
> + if (ratecheck(, ))
> + gone_in(13, "ARC4 cipher via /dev/crypto");
> txform = _xform_arc4;
> break;
> case CRYPTO_CAMELLIA_CBC:
> @@ -454,6 +469,9 @@ cryptof_ioctl(
> case 0:
> break;
> case CRYPTO_MD5_HMAC:
> + if (ratecheck(, ))
> + gone_in(13,
> + "MD5-HMAC authenticator via /dev/crypto");
> thash = _hash_hmac_md5;
> break;
> case CRYPTO_SHA1_HMAC:
> ___
> svn-src-stable...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-stable-11
> To unsubscribe, send any mail to "svn-src-stable-11-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
## [News] Request For Quote. ##
Hello, sta...@freebsd.org Could we get a quote for you to handle our project called Whitetail Springs? It is located on Provost road in Whitehall PGH PA. This is a project starting next week. The specifications have been uploaded to Adobe. Please let me know if you have any questions. Thank you. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: `uname -a' can't display revision
On Wed, 21 Aug 2019 05:49+1000, Peter Jeremy wrote: > My solution is to mount /usr/src with the option "nolockd". Thank you so much, Peter. I learned something new today. -- Trond. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Looking for Stone Machinery dealer
___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
