openldap client GSSAPI authentication segfaults in fbsd8stablei386

Jeremy Chadwick freebsd at jdc.parodius.com
Sat Jul 17 13:41:53 UTC 2010 

On Sat, Jul 17, 2010 at 08:55:54AM +0200, Joerg Pulz wrote:
> i followed this thread so far and searched a little bit about the issue.
> I also tested on my machines and came to an interesting point.
> First my setup is pretty straight forward.
> 
> Set HEIMDAL_HOME=/usr .
> Build security/cyrus-sasl2 (OPTIONS don't matter i think).
> Build net/openldap24-sasl-client (select SASL OPTION)
> 
> If you don't have any accessible LDAP server on your net (OpenLDAP
> or Windows AD doesn't matter) you have to build and just start one
> for yourself.
> 
> Afterwards just try the following command:
> 
> ldapsearch -Ygssapi -h <LDAP server hostname>
> 
> Now the interesting point.
> On my amd64 system i get this after executing the above command:
> 
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Local error (-2)
>         additional info: SASL(-1): generic failure: GSSAPI Error:
> Miscellaneous failure (see text) (unknown mech-code 2 for mech
> unknown)
> 
> While on my i386 system i get this:
> 
> SASL/GSSAPI authentication started
> Segmentation fault (core dumped)
> 
> A quick look at the gdb bt of the core file looks like this:
> 
> #0  0x28310ef5 in free () from /lib/libc.so.7
> #1  0x283fc972 in gss_release_buffer () from /usr/lib/libgssapi.so.10
> #2  0x283fc37e in gss_release_name () from /usr/lib/libgssapi.so.10
> #3  0x283f8da9 in gss_init_sec_context () from /usr/lib/libgssapi.so.10
> #4  0x283f1a0b in gssapi_client_mech_step ()
>    from /usr/local/lib/sasl2/libgssapiv2.so.2
> #5  0x280ed4f4 in sasl_client_step () from /usr/local/lib/libsasl2.so.2
> 
> So i think i've hit the same bug all others are experiencing.
> It looks like it is a i386 speciality but it can also be pure luck
> an amd64.
> I found at least one other report on the net which looks very
> similar to what i see. i386 == Segmentation fault, amd64 == Error
> message.
>
> Jeremy, is your test system running on amd64 or i386?

The test system is amd64.  I'm not doubting the issue may be more
apparent/easier to occur on i386, but "pure luck on amd64" is a bit
surprising.

I'll build an i386 version of my testbox and start the procedure over
again.

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list