BUG ALERT! - RE: Serious Bug in Cyrus/SASL: Intermittent Ldap AUTHFAIL

Thu Sep 26 21:11:52 EDT 2002

Mohan/Lee,

Thanks for the patch.  Unfortunately, this still does not fix the problem
completely.  I think that you may have created a memory leak, so you might
want to monitor the saslauthd process.  I really want to keep the
persistance in place, otherwise busy sites may create an unneccessary load
on the ldap server.

In the meaning time I'll try to locate an RH box and I'll try to duplicate
the problem.  Few questions, have you used ldap_cache_* params in
saslautd.conf?  After you installed different versions of openldap, have
you recompiled saslauthd each time?

Note, this code works fine on Solaris 8 and 9.  At least this is the
case in my environments.

-Igor

On Thu, 26 Sep 2002, Lee Hoffman wrote:

> Guys,
> This patch solved the problem I described below. I installed the patch 3
> days ago, and havent had the problem since.
>
> To reiterate for the loyal cyrus bug hunters:
>
> My system is using cyrus 2.1.5, sasl 2.1.7 on a RH7.3 box (ive tried
> this config against 4 different versions of openldap, on two completely
> different servers) and I compiled with:
>
> SASL:
> ./configure --enable-plain --disable-krb4
> --with-saslauthd=/var/run/saslauthd --with-ldap=/usr/local/lib
>
> IMAP:
> ./configure --with-sasl=/usr/local/lib --with-perl --with-auth=unix
> --with-ssl --with-dbdir=/usr/local/BerkeleyDB.4.0 --with-ucdsnmp=no
>
>
> Sincerely,
> Lee
>
>
> -----Original Message-----
> From: Mohan Khurana [mailto:mkhurana at andrew.cmu.edu]
> Sent: Thursday, September 26, 2002 7:56 PM
> To: Lee Hoffman
> Cc: info-cyrus at lists.andrew.cmu.edu; Igor Brezac
> Subject: Re: Serious Bug in Cyrus/SASL: Intermittent Ldap AUTHFAIL
>
> Lee,
>
> Below, I've included a patch, it basically removes persistance from
> saslauthd.  This has fixed the problem for me.  I'm not exactly familiar
> with all the code, so I was unable to free the lak config structure, but
> this does let you atleast get saslauthd working.  I think there's a
> problem with persistance, I'm not exactly sure what it is though.  Any
> thoughts?
>
> mohan
>
> *** ../../orig/cyrus-sasl-2.1.7/saslauthd/lak.c Thu Aug  1 15:58:24 2002
> --- lak.c       Thu Sep 26 19:42:11 2002
> ***************
> *** 816,821 ****
> --- 816,832 ----
>                 rc = lak_auth_custom(lak, user, realm, password);
>         }
>
> +       /* free the lak */
> +     if (lak->ld) {
> +         if (lak->conf->cache_ttl)
> +             ldap_destroy_cache(lak->ld);
> +         ldap_unbind_s(lak->ld);
> +         lak->ld = NULL;
> +     }
> +     //lak_free_config(&(lak->conf));
> +       free(lak);
> +       persistent_lak = NULL;
> +
>         return rc;
>   }
>
> ***************
> *** 846,851 ****
> --- 857,874 ----
>         attrs[1] = NULL;
>
>         rc = lak_retrieve(lak, user, realm, (const char **)attrs,
> &lres);
> +
> +       /* free the lak */
> +       if (lak->ld) {
> +         if (lak->conf->cache_ttl)
> +             ldap_destroy_cache(lak->ld);
> +         ldap_unbind_s(lak->ld);
> +         lak->ld = NULL;
> +     }
> +     lak_free_config(&lak->conf);
> +     free(lak);
> +     persistent_lak = NULL;
> +
>         if (rc != LAK_OK) {
>                 return rc;
>         }
>
>
>
>
>

-- 
Igor