Bug#405495: Still not resolved
Lars Hanke
lars at lhanke.de
Sun Jan 4 18:30:24 UTC 2009
Hi there,
the bug persists in current Lenny. I'm currently discussing it on the
SASL list (thread: ldapdb auxprop configuration)
I'm running cyrus-imap to authenticate users using the ldapdb auxprop
against a remote ldaps: host. During the DIGEST-MD5 or CRAM-MD5
authentication of the user using imtest imapd SEGFAULTs. The ltrace
suggests that it happens somewhere in the SASL layer. The setup is
Debian Lenny kept current daily on an Intel Core2-Quad, i.e. amd64 build.
So what I did was to use CYRUS_VERBOSE=100 in /etc/default/cyrus2.2 and
used the 15 second delay to attach a gdb. The following happened and
produced the backtrace of the SEGFAULT:
hermod:/# imtest -u cyrus -a cyrus -v -p imap -m DIGEST-MD5 hermod.mgr
S: * OK hermod.mgr Cyrus IMAP4 v2.2.13-Debian-2.2.13-14 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS
AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S: +
bm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9IixyZWFsbT0iaGVybW9kLm1nciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
C:
dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0iaGVybW9kLm1nciIsbm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9Iixjbm9uY2U9IjluczF0dmwwMUhWU095dzlNZXRXK0ltRnVyWHRINDd4TFhyUjEvcXpNZHM9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj1yYzQsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0iaW1hcC9oZXJtb2QubWdyIixyZXNwb25zZT1lZmYxZjk2MjUyNzlmY2UyMDY3MmIxOTg1NjIzZmIwYw==
failure: prot layer failure
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fa6ca1e3700 (LWP 5409)]
0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) bt
#0 0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
#1 0x00007fa6c32b75a9 in ldap_pvt_thread_mutex_lock (mutex=0x1)
at
/home/admin/packages/openldap/openldap-2.4.11/libraries/libldap_r/thr_posix.c:296
#2 0x00007fa6c32c112b in ldap_pvt_sasl_mutex_lock (mutex=0x1) at
cyrus.c:1294
#3 0x00007fa6c4b69828 in digestmd5_client_mech_step
(conn_context=0x2094440, params=0x20960b0,
serverin=0x0, serverinlen=0, prompt_need=0x7fffd21e8760,
clientout=0x7fffd21e8748,
clientoutlen=0x7fffd21e875c, oparams=0x209a510) at digestmd5.c:3955
#4 0x00007fa6c9dc25e6 in sasl_client_step (conn=0x2099ca0,
serverin=0x0, serverinlen=0,
prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748,
clientoutlen=0x7fffd21e875c) at client.c:658
#5 0x00007fa6c9dc2445 in sasl_client_start (conn=0x2099ca0,
mechlist=0x2041d40 "DIGEST-MD5",
prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748,
clientoutlen=0x7fffd21e875c,
mech=0x7fffd21e8778) at client.c:606
#6 0x00007fa6c32bfc79 in ldap_int_sasl_bind (ld=0x2053880, dn=0x0,
mechs=0x2041d40 "DIGEST-MD5",
sctrls=0x0, cctrls=0x0, flags=2, interact=0x7fa6c34fd704
<ldapdb_interact>, defaults=0x204dce0)
at cyrus.c:689
#7 0x00007fa6c32c3b7f in ldap_sasl_interactive_bind_s (ld=0x2053880,
dn=0x0,
mechs=0x2041d40 "DIGEST-MD5", serverControls=0x0,
clientControls=0x0, flags=2,
interact=0x7fa6c34fd704 <ldapdb_interact>, defaults=0x204dce0) at
sasl.c:464
#8 0x00007fa6c34fd96c in ldapdb_connect (ctx=0x204dce0,
sparams=0x20516c0, user=0x2052f71 "cyrus",
ulen=5, cp=0x7fffd21e8910) at ldapdb.c:106
#9 0x00007fa6c34fdd45 in ldapdb_auxprop_lookup (glob_context=0x204dce0,
sparams=0x20516c0, flags=0,
user=0x2052f71 "cyrus", ulen=5) at ldapdb.c:178
#10 0x00007fa6c9dbe881 in _sasl_auxprop_lookup (sparams=0x20516c0,
flags=0, user=0x2052f71 "cyrus",
ulen=5) at auxprop.c:898
#11 0x00007fa6c9dbf309 in _sasl_canon_user (conn=0x20521d0,
user=0x2052f71 "cyrus", ulen=5, flags=1,
oparams=0x2052a40) at canonusr.c:190
#12 0x00007fa6c4b6556b in digestmd5_server_mech_step2 (stext=0x2054080,
sparams=0x20516c0,
clientin=0x7fffd21e8e10
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
clientinlen=262, serverout=0x7fffd21e8e00,
serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2301
#13 0x00007fa6c4b666cc in digestmd5_server_mech_step
(conn_context=0x2054080, sparams=0x20516c0,
clientin=0x7fffd21e8e10
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
clientinlen=262, serverout=0x7fffd21e8e00,
serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2689
#14 0x00007fa6c9dcd696 in sasl_server_step (conn=0x20521d0,
clientin=0x7fffd21e8e10
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
clientinlen=262, serverout=0x7fffd21e8e00, serveroutlen=0x7fffd21e8dfc)
at server.c:1433
#15 0x000000000044ae85 in saslserver (conn=0x20521d0, mech=0x2054010
"DIGEST-MD5", init_resp=0x0,
resp_prefix=0x473e03 "", continuation=0x473e27 "+ ",
empty_chal=0x473e03 "", pin=0x2045a20,
pout=0x2045ad0, sasl_result=0x7fffd21ee614, success_data=0x0) at
saslserver.c:134
#16 0x000000000040e617 in cmd_authenticate (tag=0x2053eb0 "A01",
authtype=0x2054010 "DIGEST-MD5",
resp=0x0) at imapd.c:1888
#17 0x000000000040ae83 in cmdloop () at imapd.c:921
#18 0x000000000040a59e in service_main (argc=1, argv=0x2041010,
envp=0x7fffd21f0f48) at imapd.c:691
#19 0x00000000004083a1 in main (argc=3, argv=0x7fffd21f0f28,
envp=0x7fffd21f0f48) at service.c:533
Versions:
hermod:~/imap# dpkg -l '*cyrus*' | grep '^ii'
ii cyrus-admin-2.2 2.2.13-14 Cyrus mail
system (administration tools)
ii cyrus-clients-2.2 2.2.13-14+b3 Cyrus mail
system (test clients)
ii cyrus-common-2.2 2.2.13-14 Cyrus mail
system (common files)
ii cyrus-imapd-2.2 2.2.13-14 Cyrus mail
system (IMAP support)
ii libcyrus-imap-perl22 2.2.13-14+b3 Interface
to Cyrus imap client imclient libr
hermod:~/imap# dpkg -l '*sasl*' | grep '^ii'
ii libsasl2-2 2.1.22.dfsg1-23 Cyrus SASL
- authentication abstraction libr
ii libsasl2-modules 2.1.22.dfsg1-23 Cyrus SASL
- pluggable authentication module
ii libsasl2-modules-gssapi-mit 2.1.22.dfsg1-23 Cyrus SASL
- pluggable authentication module
ii libsasl2-modules-ldap 2.1.22.dfsg1-23 Cyrus SASL
- pluggable authentication module
ii sasl2-bin 2.1.22.dfsg1-23 Cyrus SASL
- administration programs for SAS
hermod:~# dpkg -l '*ldap*' | grep '^ii'
ii ldap-utils 2.4.11-1 OpenLDAP
utilities
ii libldap-2.4-2 2.4.11-1 OpenLDAP
libraries
Configs:
hermod:~# cat /etc/cyrus.conf | sed 's/\s/ /g' | grep -v '^ *#' | grep
-v '^ *$'
START {
recover cmd="/usr/sbin/ctl_cyrusdb -r"
delprune cmd="/usr/sbin/cyr_expire -E 3"
tlsprune cmd="/usr/sbin/tls_prune"
}
SERVICES {
imap cmd="imapd -U 30 -D" listen="imap" prefork=0 maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0
maxchild=20
sieve cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100
notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp"
prefork=1
}
EVENTS {
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
delprune cmd="/usr/sbin/cyr_expire -E 3" at=0401
tlsprune cmd="/usr/sbin/tls_prune" at=0401
}
hermod:~# cat /etc/imapd.conf | grep -v '^#' | grep -v '^\s*$'
configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: no
lmtp_downcase_rcpt: yes
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 NTLM
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldaps://hel.mgr
sasl_ldapdb_id: mailadmin
sasl_ldapdb_pw: geheim
sasl_ldapdb_mech: DIGEST-MD5
sasl_log_level: 7
sasl_auto_transition: no
tls_cert_file: /etc/certs/imap.mgr.cert.pem
tls_key_file: /etc/certs/imap.mgr.key.pem
tls_ca_file: /etc/certs/cacert.pem
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/run/cyrus/socket/lmtp
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus
debug_command: /usr/bin/gdb -batch -cd=/tmp -x
/usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d
>/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &
hermod:~# cat /usr/lib/cyrus/get-backtrace.gdb
c
bt
quit
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list