[Pkg-openldap-devel] Bug#278471: bug now reproducible and fix being prepared

Michael Tautschnig tautschn at model.in.tum.de
Sat Mar 22 20:23:56 UTC 2008 

reopen 278471 !

thanks

While moving to an entirely new system, I've finally been able to reliable
reproduce the said error. gdb helped me getting the following trace:

autofs-ldap-auto-master: cyrus.c:468: ldap_int_sasl_open: Assertion `lc->lconn_sasl_ctx == ((void *)0)' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 47804805920096 (LWP 2491)]
0x00002b7a6b90207b in raise () from /lib/libc.so.6
(gdb) where
#0  0x00002b7a6b90207b in raise () from /lib/libc.so.6
#1  0x00002b7a6b90384e in abort () from /lib/libc.so.6
#2  0x00002b7a6b8fbaf4 in __assert_fail () from /lib/libc.so.6
#3  0x00002b7a6b69d602 in ldap_int_sasl_open () from /usr/lib/libldap_r.so.2
#4  0x00002b7a6b69855a in ldap_int_open_connection () from /usr/lib/libldap_r.so.2
#5  0x00002b7a6b6a87dc in ldap_new_connection () from /usr/lib/libldap_r.so.2
#6  0x00002b7a6b6983da in ldap_open_defconn () from /usr/lib/libldap_r.so.2
#7  0x00002b7a6b6a8e78 in ldap_send_initial_request () from /usr/lib/libldap_r.so.2
#8  0x00002b7a6b69fa34 in ldap_sasl_bind () from /usr/lib/libldap_r.so.2
#9  0x00002b7a6b69fc80 in ldap_sasl_bind_s () from /usr/lib/libldap_r.so.2
#10 0x00002b7a6b69fdb0 in ldap_simple_bind_s () from /usr/lib/libldap_r.so.2
#11 0x00000000004013db in ?? ()
#12 0x00002b7a6b8ef4ca in __libc_start_main () from /lib/libc.so.6
#13 0x0000000000400dda in ?? ()
#14 0x00007fff3f537db8 in ?? ()
#15 0x0000000000000000 in ?? ()

Therefrom I was able to trace the error down to the following situation:
Multiple hosts are listed in the URI and tls or ssl/ldaps is in effect. Then,
if opening a SASL connection works out (ldap_int_sasl_open), but the TLS/SSL
connection cannot be established to the respective server (I'm currently
debugging why this is the case), the SASL context remains alive
(lconn_sasl_ctx), but the next server is tried - and the assertion fails.

A proper fix seems to clean up the SASL context in case of failure. I will send
a patch fixing this in a few minutes. It would be cool if this could make it
into a bugfix release.

Note that all this most probably does not apply to openldap 2.4 as the
respective SASL code has seen a huge rewrite.

Best,
Michael





-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20080322/bd030f72/attachment.pgp

More information about the Pkg-openldap-devel mailing list