openldap client GSSAPI authentication segfaults in fbsd8stablei386

Jeremy Chadwick freebsd at jdc.parodius.com
Sun Jul 18 02:38:22 UTC 2010 

On Sun, Jul 18, 2010 at 01:37:06AM +0300, Reko Turja wrote:
> 
> >Can you try reproducing the issue on 8-STABLE?
> >
> >I recently submitted a Heimdal patch against 8.1-STABLE and
> >9.0-CURRENT that resolves some libgssapi-related issues:
> >
> >http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/147454
> >
> >The patch breaks ABI, so you'll have to rebuild libgssapi-dependent
> >applications.
> 
> When linking cyrus-sasl2 against gssapi library from either the
> 1.0.1 official port or the inofficial 1.2.1 patchset cyradm works as
> expected and it logs a message from gssapi/kerberos telling that no
> KDC's are available - which is to be expected on a system that isn't
> using gssapi/kerberos in authenticating.
> 
> So the present behaviour in 8-RELEASE and 8-PRERELASE updated Monday
> the 5th is clearly some kind of regression as system gsslib doesn't
> seem to recognize the mech used or segfaults.
> 
> Benjamin, can you clarify how to apply your patch against the source
> tree - I tried 'patch < the_patchset.diff' in /usr/src but it just
> created a bunch of files in the /usr/src which I think isn't the
> intention.

Those following this thread will be happy to hear that I'm able to
reproduce the problem on the i386 test box:

testbox# pkg_info
cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-2.1.23   RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4       The Berkeley DB package, revision 4.1
libtool-2.2.6b      Generic shared library support script
perl-5.10.1_1       Practical Extraction and Report Language
portaudit-0.5.15    Checks installed ports against a list of security vulnerabi
rsync-3.0.7         A network file distribution/synchronization utility
vim-lite-7.2.411    Vi "workalike", with many additional features (Lite package

testbox# cyradm localhost
Segmentation fault (core dumped)

Jul 17 19:35:40 testbox imap[72119]: executed
Jul 17 19:35:40 testbox imap[72119]: accepted connection
Jul 17 19:35:46 testbox kernel: pid 72118 (perl5.10.1), uid 0: exited on signal 11 (core dumped)

-rw-------  1 root  wheel  4448256 Jul 17 19:35 perl5.10.1.core

(gdb) bt
#0  free (ptr=0x280861c0) at /usr/src/lib/libc/stdlib/malloc.c:3890
#1  0x287edce2 in gss_release_buffer (minor_status=0xbfbfe698, buffer=0x280861cc) at /usr/src/lib/libgssapi/gss_release_buffer.c:41
#2  0x287ed6b2 in _gss_mg_error (m=0x28455bc0, maj=851968, min=2) at /usr/src/lib/libgssapi/gss_display_status.c:240
#3  0x287ea009 in gss_init_sec_context (minor_status=0xbfbfe7a8, initiator_cred_handle=0x0, context_handle=0x28837354,
    target_name=0x285bff60, input_mech_type=0x0, req_flags=58, time_req=0, input_chan_bindings=0x0, input_token=0x0,
    actual_mech_type=0x0, output_token=0xbfbfe790, ret_flags=0xbfbfe7a0, time_rec=0x0)
    at /usr/src/lib/libgssapi/gss_init_sec_context.c:156
#4  0x287e1aef in gssapi_client_mech_step (conn_context=0x28837350, params=0x2841e480, serverin=0x0, serverinlen=0,
    prompt_need=0xbfbfea70, clientout=0xbfbfea6c, clientoutlen=0xbfbfea68, oparams=0x2846b860) at gssapi.c:1418
#5  0x283ef591 in sasl_client_step (conn=0x2846b000, serverin=0x0, serverinlen=0, prompt_need=0xbfbfea70, clientout=0xbfbfea6c,
    clientoutlen=0xbfbfea68) at client.c:655
#6  0x283f0215 in sasl_client_start (conn=0x2846b000, mechlist=0x288878c0 "GSSAPI ", prompt_need=0xbfbfea70, clientout=0xbfbfea6c,
    clientoutlen=0xbfbfea68, mech=0xbfbfea78) at client.c:603
#7  0x2832ab1a in imclient_authenticate (imclient=0x288b4000, mechlist=0x28887880 "GSSAPI ", service=0x288877e8 "imap",
    user=0x28801754 "", minssf=0, maxssf=10000) at imclient.c:1288
#8  0x28327131 in XS_Cyrus__IMAP__authenticate () from /usr/local/lib/perl5/site_perl/5.10.1/mach/auto/Cyrus/IMAP/IMAP.so
#9  0x2811d2e5 in Perl_pp_entersub () from /usr/local/lib/perl5/5.10.1/mach/CORE/libperl.so
#10 0x2811b7e5 in Perl_runops_standard () from /usr/local/lib/perl5/5.10.1/mach/CORE/libperl.so
#11 0x280c20d4 in perl_run () from /usr/local/lib/perl5/5.10.1/mach/CORE/libperl.so
#12 0x08048944 in main ()

I'll poke more at this.

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list