Bug#405495: Still not resolved

Lars Hanke lars at lhanke.de
Sun Jan 4 18:30:24 UTC 2009 

Hi there,

the bug persists in current Lenny. I'm currently discussing it on the 
SASL list (thread: ldapdb auxprop configuration)

I'm running cyrus-imap to authenticate users using the ldapdb auxprop 
against a remote ldaps: host. During the DIGEST-MD5 or CRAM-MD5 
authentication of the user using imtest imapd SEGFAULTs. The ltrace 
suggests that it happens somewhere in the SASL layer. The setup is 
Debian Lenny kept current daily on an Intel Core2-Quad, i.e. amd64 build.

So what I did was to use CYRUS_VERBOSE=100 in /etc/default/cyrus2.2 and 
used the 15 second delay to attach a gdb. The following happened and 
produced the backtrace of the SEGFAULT:

hermod:/# imtest -u cyrus -a cyrus -v -p imap -m DIGEST-MD5 hermod.mgr
S: * OK hermod.mgr Cyrus IMAP4 v2.2.13-Debian-2.2.13-14 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID 
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS 
AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S: + 
bm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9IixyZWFsbT0iaGVybW9kLm1nciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
C: 
dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0iaGVybW9kLm1nciIsbm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9Iixjbm9uY2U9IjluczF0dmwwMUhWU095dzlNZXRXK0ltRnVyWHRINDd4TFhyUjEvcXpNZHM9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj1yYzQsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0iaW1hcC9oZXJtb2QubWdyIixyZXNwb25zZT1lZmYxZjk2MjUyNzlmY2UyMDY3MmIxOTg1NjIzZmIwYw==
failure: prot layer failure

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fa6ca1e3700 (LWP 5409)]
0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) bt
#0  0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
#1  0x00007fa6c32b75a9 in ldap_pvt_thread_mutex_lock (mutex=0x1)
    at 
/home/admin/packages/openldap/openldap-2.4.11/libraries/libldap_r/thr_posix.c:296
#2  0x00007fa6c32c112b in ldap_pvt_sasl_mutex_lock (mutex=0x1) at 
cyrus.c:1294
#3  0x00007fa6c4b69828 in digestmd5_client_mech_step 
(conn_context=0x2094440, params=0x20960b0,
    serverin=0x0, serverinlen=0, prompt_need=0x7fffd21e8760, 
clientout=0x7fffd21e8748,
    clientoutlen=0x7fffd21e875c, oparams=0x209a510) at digestmd5.c:3955
#4  0x00007fa6c9dc25e6 in sasl_client_step (conn=0x2099ca0, 
serverin=0x0, serverinlen=0,
    prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748, 
clientoutlen=0x7fffd21e875c) at client.c:658
#5  0x00007fa6c9dc2445 in sasl_client_start (conn=0x2099ca0, 
mechlist=0x2041d40 "DIGEST-MD5",
    prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748, 
clientoutlen=0x7fffd21e875c,
    mech=0x7fffd21e8778) at client.c:606
#6  0x00007fa6c32bfc79 in ldap_int_sasl_bind (ld=0x2053880, dn=0x0, 
mechs=0x2041d40 "DIGEST-MD5",
    sctrls=0x0, cctrls=0x0, flags=2, interact=0x7fa6c34fd704 
<ldapdb_interact>, defaults=0x204dce0)
    at cyrus.c:689
#7  0x00007fa6c32c3b7f in ldap_sasl_interactive_bind_s (ld=0x2053880, 
dn=0x0,
    mechs=0x2041d40 "DIGEST-MD5", serverControls=0x0, 
clientControls=0x0, flags=2,
    interact=0x7fa6c34fd704 <ldapdb_interact>, defaults=0x204dce0) at 
sasl.c:464
#8  0x00007fa6c34fd96c in ldapdb_connect (ctx=0x204dce0, 
sparams=0x20516c0, user=0x2052f71 "cyrus",
    ulen=5, cp=0x7fffd21e8910) at ldapdb.c:106
#9  0x00007fa6c34fdd45 in ldapdb_auxprop_lookup (glob_context=0x204dce0, 
sparams=0x20516c0, flags=0,
    user=0x2052f71 "cyrus", ulen=5) at ldapdb.c:178
#10 0x00007fa6c9dbe881 in _sasl_auxprop_lookup (sparams=0x20516c0, 
flags=0, user=0x2052f71 "cyrus",
    ulen=5) at auxprop.c:898
#11 0x00007fa6c9dbf309 in _sasl_canon_user (conn=0x20521d0, 
user=0x2052f71 "cyrus", ulen=5, flags=1,
    oparams=0x2052a40) at canonusr.c:190
#12 0x00007fa6c4b6556b in digestmd5_server_mech_step2 (stext=0x2054080, 
sparams=0x20516c0,
    clientin=0x7fffd21e8e10 
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"..., 
clientinlen=262, serverout=0x7fffd21e8e00,
    serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2301
#13 0x00007fa6c4b666cc in digestmd5_server_mech_step 
(conn_context=0x2054080, sparams=0x20516c0,
    clientin=0x7fffd21e8e10 
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"..., 
clientinlen=262, serverout=0x7fffd21e8e00,
    serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2689
#14 0x00007fa6c9dcd696 in sasl_server_step (conn=0x20521d0,
    clientin=0x7fffd21e8e10 
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"..., 
clientinlen=262, serverout=0x7fffd21e8e00, serveroutlen=0x7fffd21e8dfc)
    at server.c:1433
#15 0x000000000044ae85 in saslserver (conn=0x20521d0, mech=0x2054010 
"DIGEST-MD5", init_resp=0x0,
    resp_prefix=0x473e03 "", continuation=0x473e27 "+ ", 
empty_chal=0x473e03 "", pin=0x2045a20,
    pout=0x2045ad0, sasl_result=0x7fffd21ee614, success_data=0x0) at 
saslserver.c:134
#16 0x000000000040e617 in cmd_authenticate (tag=0x2053eb0 "A01", 
authtype=0x2054010 "DIGEST-MD5",
    resp=0x0) at imapd.c:1888
#17 0x000000000040ae83 in cmdloop () at imapd.c:921
#18 0x000000000040a59e in service_main (argc=1, argv=0x2041010, 
envp=0x7fffd21f0f48) at imapd.c:691
#19 0x00000000004083a1 in main (argc=3, argv=0x7fffd21f0f28, 
envp=0x7fffd21f0f48) at service.c:533

Versions:
hermod:~/imap# dpkg -l '*cyrus*' | grep '^ii'
ii  cyrus-admin-2.2                 2.2.13-14                 Cyrus mail 
system (administration tools)
ii  cyrus-clients-2.2               2.2.13-14+b3              Cyrus mail 
system (test clients)
ii  cyrus-common-2.2                2.2.13-14                 Cyrus mail 
system (common files)
ii  cyrus-imapd-2.2                 2.2.13-14                 Cyrus mail 
system (IMAP support)
ii  libcyrus-imap-perl22            2.2.13-14+b3              Interface 
to Cyrus imap client imclient libr
hermod:~/imap# dpkg -l '*sasl*' | grep '^ii'
ii  libsasl2-2                      2.1.22.dfsg1-23           Cyrus SASL 
- authentication abstraction libr
ii  libsasl2-modules                2.1.22.dfsg1-23           Cyrus SASL 
- pluggable authentication module
ii  libsasl2-modules-gssapi-mit     2.1.22.dfsg1-23           Cyrus SASL 
- pluggable authentication module
ii  libsasl2-modules-ldap           2.1.22.dfsg1-23           Cyrus SASL 
- pluggable authentication module
ii  sasl2-bin                       2.1.22.dfsg1-23           Cyrus SASL 
- administration programs for SAS
hermod:~# dpkg -l '*ldap*' | grep '^ii'
ii  ldap-utils                      2.4.11-1                  OpenLDAP 
utilities
ii  libldap-2.4-2                   2.4.11-1                  OpenLDAP 
libraries

Configs:
hermod:~# cat /etc/cyrus.conf | sed 's/\s/ /g' | grep -v '^ *#' | grep 
-v '^ *$'
START {
 recover  cmd="/usr/sbin/ctl_cyrusdb -r"
 delprune cmd="/usr/sbin/cyr_expire -E 3"
 tlsprune cmd="/usr/sbin/tls_prune"
}
SERVICES {
 imap  cmd="imapd -U 30 -D" listen="imap" prefork=0 maxchild=100
 imaps  cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
 pop3  cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
 nntp  cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
 lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 
maxchild=20
   sieve  cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100
 notify  cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" 
prefork=1
}
EVENTS {
 checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
 delprune cmd="/usr/sbin/cyr_expire -E 3" at=0401
 tlsprune cmd="/usr/sbin/tls_prune" at=0401
}

hermod:~# cat /etc/imapd.conf | grep -v '^#' | grep -v '^\s*$'
configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: no
lmtp_downcase_rcpt: yes
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 NTLM
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldaps://hel.mgr
sasl_ldapdb_id: mailadmin
sasl_ldapdb_pw: geheim
sasl_ldapdb_mech: DIGEST-MD5
sasl_log_level: 7
sasl_auto_transition: no
tls_cert_file: /etc/certs/imap.mgr.cert.pem
tls_key_file: /etc/certs/imap.mgr.key.pem
tls_ca_file: /etc/certs/cacert.pem
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/run/cyrus/socket/lmtp
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus
debug_command: /usr/bin/gdb -batch -cd=/tmp -x 
/usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d 
 >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &

hermod:~# cat /usr/lib/cyrus/get-backtrace.gdb
c
bt
quit

More information about the Pkg-cyrus-sasl2-debian-devel mailing list