[Pkg-openldap-devel] Bug#781162: slapd segfaults on pass-through SASL authentication
Simon Bin
sbin at informatik.uni-leipzig.de
Wed Mar 25 13:42:35 UTC 2015
Package: slapd
Version: 2.4.31-1+nmu2
Severity: grave
Justification: renders package unusable
Dear Maintainer,
I'm trying to set up pass-through authentication against Kerberos
Realm for our LDAP Directory. For that I installed saslauthd and
confirmed the operation with sasl-sample-client/server and
testsaslauthd.
* What led up to the situation?
To pass off authentication, set the userPassword attribute to
{SASL}Username at KRBREALM
in the LDAP directory, as explained on
http://www.openldap.org/doc/admin24/security.html
* What exactly did you do (or not do) that was effective (or
ineffective)?
After doing so, slapd crashes on log-in.
* What was the outcome of this action?
I'm attaching a gdb trace as good as I was able to create
* What outcome did you expect instead?
Functioning log-in operation.
-- Syslog message
Mar 25 12:47:34 server slapd[16578]: >>> slap_listener(ldap:///)
Mar 25 12:47:34 server slapd[16578]: conn=1004 fd=21 ACCEPT from IP=139.*.*.*:51272 (IP=0.0.0.0:389)
Mar 25 12:47:34 server slapd[16578]: connection_get(21): got connid=1004
Mar 25 12:47:34 server slapd[16578]: connection_read(21): checking for input on id=1004
Mar 25 12:47:34 server slapd[16578]: op tag 0x60, time 1427284054
Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 do_bind
Mar 25 12:47:34 server slapd[16578]: >>> dnPrettyNormal: <cn=*********,ou=People,dc=****,dc=org>
Mar 25 12:47:34 server slapd[16578]: <<< dnPrettyNormal: <cn=*********,ou=People,dc=****,dc=org>, <cn=*********,ou=people,dc=****,dc=org>
Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 BIND dn="*********,ou=People,dc=****,dc=org" method=128
Mar 25 12:47:34 server slapd[16578]: do_bind: version=3 dn="cn=*********,ou=People,dc=****,dc=org" method=128
Mar 25 12:47:34 server slapd[16578]: bdb_dn2entry("cn=*********,ou=people,dc=****,dc=org")
Mar 25 12:47:34 server slapd[16578]: => hdb_dn2id("ou=people,dc=****,dc=org")
Mar 25 12:47:34 server slapd[16578]: <= hdb_dn2id: got id=0x4
Mar 25 12:47:34 server slapd[16578]: => hdb_dn2id("cn=*********,ou=people,dc=****,dc=org")
Mar 25 12:47:34 server slapd[16578]: <= hdb_dn2id: got id=0x237
Mar 25 12:47:34 server slapd[16578]: entry_decode: ""
Mar 25 12:47:34 server slapd[16578]: <= entry_decode()
Mar 25 12:47:34 server kernel: [571560.569822] slapd[16598]: segfault at 0 ip 00007f83289a735a sp 00007f8323a47db8 error 4 in libc-2.13.so[7f8328929000+181000]
-- Stack trace
#0 __strcmp_sse2 () at ../sysdeps/x86_64/multiarch/../strcmp.S:214
No locals.
#1 0x00007effc77d14ec in select_backend (dn=dn at entry=0x7effc0aa4f28, noSubs=noSubs at entry=1) at ../../../../servers/slapd/backend.c:697
j = <optimized out>
len = <optimized out>
dnlen = 0
be = 0x7effc8a79c30
#2 0x00007effc78168a3 in slap_auxprop_lookup (glob_context=<optimized out>, sparams=<optimized out>, flags=0, user=<optimized out>, ulen=<optimized out>) at ../../../../servers/slapd/sasl.c:345
cb = {sc_next = 0x0, sc_response = 0x7effc7815fb0 <sasl_ap_lookup>, sc_cleanup = 0, sc_private = 0x7effc0aa4e40}
opbuf = {ob_op = {o_hdr = 0x0, o_tag = 0, o_time = 0, o_tincr = 0, o_bd = 0x0, o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = {bv_len = 0, bv_val = 0x0}, o_request = {oq_add = {rs_modlist = 0x0, rs_e = 0x0}, oq_bind = {
rb_method = 0, rb_cred = {bv_len = 0, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x0}, rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, oq_compare = {rs_ava = 0x0}, oq_modify = {rs_mods = {rs_modlist = 0x0,
rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, bv_val = 0x0},
rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope = 0, rs_deref = 0, rs_slimit = 0, rs_tlimit = 0, rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter = 0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}},
oq_abandon = {rs_msgid = 0}, oq_cancel = {rs_msgid = 0}, oq_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0},
rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val = 0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000',
o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000',
o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x0, o_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0, bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0,
sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x0, o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {
stqe_next = 0x0}}, ob_hdr = {oh_opid = 0, oh_connid = 0, oh_conn = 0x0, oh_msgid = 0, oh_protocol = 0, oh_tid = 0, oh_threadctx = 0x0, oh_tmpmemctx = 0x0, oh_tmpmfuncs = 0x0, oh_counters = 0x0,
oh_log_prefix = '\000' <repeats 255 times>, oh_extensions = 0x0}, ob_controls = {0x0 <repeats 32 times>}}
op = 0x7effc0aa4ef0
i = <optimized out>
doit = 1
conn = <optimized out>
sl = {flags = 0, list = 0x7effc8f73bc8, sparams = 0x7effc8e63e70}
rc = 0
#3 0x00007effc66f0b49 in _sasl_auxprop_lookup (sparams=0x7effc8e63e70, flags=flags at entry=0, user=0x7effc8e63a01 "********@KDC.****.ORG", ulen=21) at ../../lib/auxprop.c:959
p = 0x7effc8f72ab5 ""
last = 1
pluginlist = 0x7effc8f72ab0 "slapd"
freeptr = 0x7effc8f72ab0 "slapd"
thisplugin = 0x7effc8f72ab0 "slapd"
getopt = 0x7effc66f5240 <_sasl_conn_getopt>
ret = <optimized out>
found = 1
context = 0x7effc8e62c60
plist = 0x7effc7851fe1 "slapd"
ptr = 0x7effc89e1b00
result = -4
#4 0x00007effc66f1905 in _sasl_auxprop_lookup_user_props (oparams=0x7effc8e634d0, flags=3, conn=0x7effc8e62c60) at ../../lib/canonusr.c:220
authz_result = <optimized out>
auxprop_lookup_flags = 0
sconn = 0x7effc8e62c60
result = 0
#5 _sasl_canon_user_lookup (conn=conn at entry=0x7effc8e62c60, user=user at entry=0x7effc8e63600 "********@KDC.****.ORG", ulen=ulen at entry=0, flags=flags at entry=3, oparams=oparams at entry=0x7effc8e634d0) at ../../lib/canonusr.c:279
result = 0
#6 0x00007effc66f21f1 in auxprop_verify_password (conn=0x7effc8e62c60, userstr=0x7effc8e63600 "********@KDC.****.ORG", passwd=0xdeadbeef1234 "*********", service=<optimized out>, user_realm=<optimized out>) at ../../lib/checkpw.c:159
ret = -1
result = 0
sconn = <optimized out>
password_request = {0x7effc6700a92 "*userPassword", 0x7effc6700aa0 "*cmusaslsecretPLAIN", 0x0}
auxprop_values = {{name = 0x0, values = 0x7effc8e635c8, nvalues = 3370530264, valsize = 32511}, {name = 0x7eff00000020 <Address 0x7eff00000020 out of bounds>, values = 0x7effc0aa54c0, nvalues = 3232388176, valsize = 32511}, {
name = 0x6425 <Address 0x6425 out of bounds>, values = 0x7effc66f12d2, nvalues = 926364211, valsize = 51}}
#7 0x00007effc66fb348 in _sasl_checkpass (conn=conn at entry=0x7effc8e62c60, user=0x7effc8e63600 "********@KDC.****.ORG", userlen=userlen at entry=21, pass=pass at entry=0xdeadbeef1234 "*********", passlen=passlen at entry=9)
at ../../lib/server.c:1918
s_conn = 0x7effc8e62c60
result = -4
getopt = 0x7effc66f5240 <_sasl_conn_getopt>
checkpass_cb = 0
context = 0x7effc8e62c60
mlist = 0x7effc6700bd7 "auxprop"
mech = 0x7effc6700bd7 "auxprop"
v = <optimized out>
service = 0x7effc8e62190 "ldap"
#8 0x00007effc66fe2e0 in sasl_checkpass (conn=0x7effc8e62c60, user=<optimized out>, userlen=21, pass=0xdeadbeef1234 "*********", passlen=9) at ../../lib/server.c:1985
result = <optimized out>
#9 0x00007effc7815f99 in chk_sasl (sc=sc at entry=0x7effc89e30f8, passwd=passwd at entry=0x7effc0aa55e0, cred=cred at entry=0x7effc8e64a30, text=text at entry=0x7effc0aa5a70) at ../../../../servers/slapd/sasl.c:870
sc = <optimized out>
i = <optimized out>
rtn = -1
ctx = <optimized out>
sconn = 0x7effc8e62c60
#10 0x00007effc784b372 in lutil_passwd (passwd=passwd at entry=0x7effc8f65800, cred=cred at entry=0x7effc8e64a30, schemes=schemes at entry=0x0, text=text at entry=0x7effc0aa5a70) at ../../../../libraries/liblutil/passwd.c:327
x = {bv_len = 21, bv_val = 0x7effc8f660f9 "********@KDC.****.ORG"}
pws = 0x7effc89e30f0
#11 0x00007effc77f774e in slap_passwd_check (op=op at entry=0x7effc8e649e0, e=e at entry=0x7effc8c7dc68, a=0x7effc8c91bb0, cred=cred at entry=0x7effc8e64a30, text=text at entry=0x7effc0aa5a70) at ../../../../servers/slapd/passwd.c:529
result = 1
bv = 0x7effc8f65800
acl_state = {as_desc = 0x7effc89df490, as_access = ACL_AUTH, as_vd_acl = 0x0, as_vd_acl_present = 0, as_vd_acl_count = 0, as_vd_mask = 1, as_result = 1, as_fe_done = 0}
credNul = 0 '\000'
old_authctx = 0x0
#12 0x00007effc1741efb in hdb_bind (op=0x7effc8e649e0, rs=0x7effc0aa5a50) at bind.c:134
bdb = 0x7effc8a79dd0
e = 0x7effc8c7dc68
a = <optimized out>
ei = 0x7effc8f650a0
password = 0x7effc89df490
rtxn = 0x7effc8f64dc0
lock = {off = 526912, ndx = 818, gen = 1, mode = DB_LOCK_READ}
__PRETTY_FUNCTION__ = "hdb_bind"
#13 0x00007effc78311c6 in overlay_op_walk (op=op at entry=0x7effc8e649e0, rs=0x7effc0aa5a50, which=op_bind, oi=0x7effc8a88ae0, on=0x0) at ../../../../servers/slapd/backover.c:671
func = <optimized out>
rc = 32768
#14 0x00007effc783131b in over_op_func (op=0x7effc8e649e0, rs=<optimized out>, which=<optimized out>) at ../../../../servers/slapd/backover.c:723
oi = <optimized out>
on = <optimized out>
be = 0x7effc8a79c30
db = {bd_info = 0x7effc1961760, bd_self = 0x7effc8a79c30, be_ctrls = "\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001", '\000' <repeats 17 times>, "\001", be_flags = 264, be_restrictops = 0, be_requires = 0,
be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x7effc8a7bf70,
be_nsuffix = 0x7effc8a7bfa0, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 23, bv_val = 0x7effc8a98a40 "cn=admin,dc=****,dc=org"}, be_rootndn = {bv_len = 23,
bv_val = 0x7effc8a982a0 "cn=admin,dc=****,dc=org"}, be_rootpw = {bv_len = 38, bv_val = 0x7effc8a98ab0 "{SSHA}********************************"}, be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0,
lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x7effc8a7a160, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn = {
bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x7effc8a37220, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0,
__next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x7effc1961080, be_private = 0x7effc8a79dd0, be_next = {stqe_next = 0x0}}
cb = {sc_next = 0x7effc8e63f80, sc_response = 0x7effc7830520 <over_back_response>, sc_cleanup = 0, sc_private = 0x7effc8a88ae0}
sc = <optimized out>
rc = 32768
__PRETTY_FUNCTION__ = "over_op_func"
#15 0x00007effc77e2482 in fe_op_bind (op=0x7effc8e649e0, rs=0x7effc0aa5a50) at ../../../../servers/slapd/bind.c:383
bd = 0x7effc7abbbc0
#16 0x00007effc77e1de7 in do_bind (op=0x7effc8e649e0, rs=0x7effc0aa5a50) at ../../../../servers/slapd/bind.c:205
ber = 0x7effc8e64710
version = 3
method = 128
mech = {bv_len = 0, bv_val = 0x0}
dn = {bv_len = 37, bv_val = 0x7effc8e6477a "cn=*********,ou=People,dc=****,dc=org"}
tag = <optimized out>
be = 0x0
#17 0x00007effc77c3961 in connection_operation (ctx=ctx at entry=0x7effc0aa5ba0, arg_v=arg_v at entry=0x7effc8e649e0) at ../../../../servers/slapd/connection.c:1150
rc = 80
cancel = <optimized out>
op = 0x7effc8e649e0
rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0,
r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0}
tag = 96
opidx = SLAP_OP_BIND
conn = 0x7effc8ac71f0
memctx = 0x7effc8e62c20
memctx_null = 0x0
memsiz = 1048576
__PRETTY_FUNCTION__ = "connection_operation"
#18 0x00007effc77c3c84 in connection_read_thread (ctx=0x7effc0aa5ba0, argv=<optimized out>) at ../../../../servers/slapd/connection.c:1286
rc = <optimized out>
cri = {op = 0x7effc8e649e0, func = 0, arg = 0x0, ctx = <optimized out>, nullop = <optimized out>}
s = <optimized out>
#19 0x00007effc7324ff3 in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
No symbol table info available.
#20 0x00007effc5516b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
__res = <optimized out>
pd = 0x7effc0aa6700
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139636914153216, -6953941169514691965, 139636922535296, 139636914153920, 139637028307008, 3, 7097991927747625603, 7098000646870188675}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0,
0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#21 0x00007effc526095d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#22 0x0000000000000000 in ?? ()
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages slapd depends on:
ii adduser 3.113+nmu3
ii coreutils 8.13-3.5
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38+deb7u8
ii libdb5.1 5.1.29-5
ii libgcrypt11 1.5.0-5+deb7u3
ii libgnutls26 2.12.20-8+deb7u3
ii libldap-2.4-2 2.4.31-1+nmu2
ii libltdl7 2.4.2-1.1
ii libodbc1 2.2.14p2-5
ii libperl5.14 5.14.2-21+deb7u2
ii libsasl2-2 2.1.25.dfsg1-6+deb7u1
ii libslp1 1.2.1-9
ii libwrap0 7.6.q-24
ii lsb-base 4.1+Debian8+deb7u1
ii multiarch-support 2.13-38+deb7u8
ii perl [libmime-base64-perl] 5.14.2-21+deb7u2
ii psmisc 22.19-1+deb7u1
Versions of packages slapd recommends:
ii libsasl2-modules 2.1.25.dfsg1-6+deb7u1
Versions of packages slapd suggests:
ii ldap-utils 2.4.31-1+nmu2
-- Configuration Files:
/etc/default/slapd changed:
SLAPD_CONF=
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLAPD_SERVICES="ldaps:/// ldap:/// ldapi:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=""
-- debconf information excluded
More information about the Pkg-openldap-devel
mailing list