ldapdb auxprop configuration

Howard Chu hyc at highlandsun.com
Sun Jan 4 13:32:18 EST 2009


Lars Hanke wrote:
> Hi all!
>
> Sorry for cross-posting, but since this appears to be SASL related, I
> switch to the SASL list and leave this message in the cyrus-imap list
> for others to follow. So when answering to this, please check that
> you're not crossposting the answer.
>
> Summary for the SASL list subscribers, who have missed the start of this
> thread:
>
> I'm running cyrus-imap to authenticate users using the ldapdb auxprop
> against a remote ldaps: host. During the DIGEST-MD5 or CRAM-MD5
> authentication of the user using imtest imapd SEGFAULTs. The ltrace
> suggests that it happens somewhere in the SASL layer. The setup is
> Debian Lenny kept current daily on an Intel Core2-Quad, i.e. amd64 build.

Based on your backtrace, pretty sure you're running into the bug that was 
discussed here

http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=8954

I reported this to the Ubuntu folks
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/280982

but looking at the Debian Changelog, I don't think the Debian guys have 
patched it yet.
http://packages.debian.org/changelogs/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.22.dfsg1-23/changelog

> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fa6ca1e3700 (LWP 5409)]
> 0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
> (gdb) bt
> #0 0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
> #1 0x00007fa6c32b75a9 in ldap_pvt_thread_mutex_lock (mutex=0x1)
> at
> /home/admin/packages/openldap/openldap-2.4.11/libraries/libldap_r/thr_posix.c:296
> #2 0x00007fa6c32c112b in ldap_pvt_sasl_mutex_lock (mutex=0x1) at
> cyrus.c:1294
> #3 0x00007fa6c4b69828 in digestmd5_client_mech_step
> (conn_context=0x2094440, params=0x20960b0,
> serverin=0x0, serverinlen=0, prompt_need=0x7fffd21e8760,
> clientout=0x7fffd21e8748,
> clientoutlen=0x7fffd21e875c, oparams=0x209a510) at digestmd5.c:3955
> #4 0x00007fa6c9dc25e6 in sasl_client_step (conn=0x2099ca0, serverin=0x0,
> serverinlen=0,
> prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748,
> clientoutlen=0x7fffd21e875c) at client.c:658
> #5 0x00007fa6c9dc2445 in sasl_client_start (conn=0x2099ca0,
> mechlist=0x2041d40 "DIGEST-MD5",
> prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748,
> clientoutlen=0x7fffd21e875c,
> mech=0x7fffd21e8778) at client.c:606
> #6 0x00007fa6c32bfc79 in ldap_int_sasl_bind (ld=0x2053880, dn=0x0,
> mechs=0x2041d40 "DIGEST-MD5",
> sctrls=0x0, cctrls=0x0, flags=2, interact=0x7fa6c34fd704
> <ldapdb_interact>, defaults=0x204dce0)
> at cyrus.c:689
> #7 0x00007fa6c32c3b7f in ldap_sasl_interactive_bind_s (ld=0x2053880, dn=0x0,
> mechs=0x2041d40 "DIGEST-MD5", serverControls=0x0, clientControls=0x0,
> flags=2,
> interact=0x7fa6c34fd704<ldapdb_interact>, defaults=0x204dce0) at sasl.c:464
> #8 0x00007fa6c34fd96c in ldapdb_connect (ctx=0x204dce0,
> sparams=0x20516c0, user=0x2052f71 "cyrus",
> ulen=5, cp=0x7fffd21e8910) at ldapdb.c:106
> #9 0x00007fa6c34fdd45 in ldapdb_auxprop_lookup (glob_context=0x204dce0,
> sparams=0x20516c0, flags=0,
> user=0x2052f71 "cyrus", ulen=5) at ldapdb.c:178
> #10 0x00007fa6c9dbe881 in _sasl_auxprop_lookup (sparams=0x20516c0,
> flags=0, user=0x2052f71 "cyrus",
> ulen=5) at auxprop.c:898
> #11 0x00007fa6c9dbf309 in _sasl_canon_user (conn=0x20521d0,
> user=0x2052f71 "cyrus", ulen=5, flags=1,
> oparams=0x2052a40) at canonusr.c:190
> #12 0x00007fa6c4b6556b in digestmd5_server_mech_step2 (stext=0x2054080,
> sparams=0x20516c0,
> clientin=0x7fffd21e8e10
> "username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
> clientinlen=262, serverout=0x7fffd21e8e00,
> serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2301
> #13 0x00007fa6c4b666cc in digestmd5_server_mech_step
> (conn_context=0x2054080, sparams=0x20516c0,
> clientin=0x7fffd21e8e10
> "username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
> clientinlen=262, serverout=0x7fffd21e8e00,
> serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2689
> #14 0x00007fa6c9dcd696 in sasl_server_step (conn=0x20521d0,
> clientin=0x7fffd21e8e10
> "username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
> clientinlen=262, serverout=0x7fffd21e8e00, serveroutlen=0x7fffd21e8dfc)
> at server.c:1433
> #15 0x000000000044ae85 in saslserver (conn=0x20521d0, mech=0x2054010
> "DIGEST-MD5", init_resp=0x0,
> resp_prefix=0x473e03 "", continuation=0x473e27 "+ ", empty_chal=0x473e03
> "", pin=0x2045a20,
> pout=0x2045ad0, sasl_result=0x7fffd21ee614, success_data=0x0) at
> saslserver.c:134
> #16 0x000000000040e617 in cmd_authenticate (tag=0x2053eb0 "A01",
> authtype=0x2054010 "DIGEST-MD5",
> resp=0x0) at imapd.c:1888
> #17 0x000000000040ae83 in cmdloop () at imapd.c:921
> #18 0x000000000040a59e in service_main (argc=1, argv=0x2041010,
> envp=0x7fffd21f0f48) at imapd.c:691
> #19 0x00000000004083a1 in main (argc=3, argv=0x7fffd21f0f28,
> envp=0x7fffd21f0f48) at service.c:533
>
> Versions:
> hermod:~/imap# dpkg -l '*cyrus*' | grep '^ii'
> ii cyrus-admin-2.2 2.2.13-14 Cyrus mail system (administration tools)
> ii cyrus-clients-2.2 2.2.13-14+b3 Cyrus mail system (test clients)
> ii cyrus-common-2.2 2.2.13-14 Cyrus mail system (common files)
> ii cyrus-imapd-2.2 2.2.13-14 Cyrus mail system (IMAP support)
> ii libcyrus-imap-perl22 2.2.13-14+b3 Interface to Cyrus imap client
> imclient libr
> hermod:~/imap# dpkg -l '*sasl*' | grep '^ii'
> ii libsasl2-2 2.1.22.dfsg1-23 Cyrus SASL - authentication abstraction libr
> ii libsasl2-modules 2.1.22.dfsg1-23 Cyrus SASL - pluggable
> authentication module
> ii libsasl2-modules-gssapi-mit 2.1.22.dfsg1-23 Cyrus SASL - pluggable
> authentication module
> ii libsasl2-modules-ldap 2.1.22.dfsg1-23 Cyrus SASL - pluggable
> authentication module
> ii sasl2-bin 2.1.22.dfsg1-23 Cyrus SASL - administration programs for SAS
> hermod:~# dpkg -l '*ldap*' | grep '^ii'
> ii ldap-utils 2.4.11-1 OpenLDAP utilities
> ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


More information about the Cyrus-sasl mailing list