BUG ALERT! - RE: Serious Bug in Cyrus/SASL: Intermittent Ldap AUTHFAIL

Lee Hoffman lee_hoffman at brown.edu
Thu Sep 26 20:18:53 EDT 2002 

Guys,
This patch solved the problem I described below. I installed the patch 3
days ago, and havent had the problem since. 

To reiterate for the loyal cyrus bug hunters:

My system is using cyrus 2.1.5, sasl 2.1.7 on a RH7.3 box (ive tried
this config against 4 different versions of openldap, on two completely
different servers) and I compiled with:

SASL:
./configure --enable-plain --disable-krb4
--with-saslauthd=/var/run/saslauthd --with-ldap=/usr/local/lib

IMAP:
./configure --with-sasl=/usr/local/lib --with-perl --with-auth=unix
--with-ssl --with-dbdir=/usr/local/BerkeleyDB.4.0 --with-ucdsnmp=no


Sincerely,
Lee


-----Original Message-----
From: Mohan Khurana [mailto:mkhurana at andrew.cmu.edu] 
Sent: Thursday, September 26, 2002 7:56 PM
To: Lee Hoffman
Cc: info-cyrus at lists.andrew.cmu.edu; Igor Brezac
Subject: Re: Serious Bug in Cyrus/SASL: Intermittent Ldap AUTHFAIL

Lee,

Below, I've included a patch, it basically removes persistance from
saslauthd.  This has fixed the problem for me.  I'm not exactly familiar
with all the code, so I was unable to free the lak config structure, but
this does let you atleast get saslauthd working.  I think there's a
problem with persistance, I'm not exactly sure what it is though.  Any
thoughts?

mohan

*** ../../orig/cyrus-sasl-2.1.7/saslauthd/lak.c Thu Aug  1 15:58:24 2002
--- lak.c       Thu Sep 26 19:42:11 2002
***************
*** 816,821 ****
--- 816,832 ----
                rc = lak_auth_custom(lak, user, realm, password);
        }

+       /* free the lak */
+     if (lak->ld) {
+         if (lak->conf->cache_ttl)
+             ldap_destroy_cache(lak->ld);
+         ldap_unbind_s(lak->ld);
+         lak->ld = NULL;
+     }
+     //lak_free_config(&(lak->conf));
+       free(lak);
+       persistent_lak = NULL;
+
        return rc;
  }

***************
*** 846,851 ****
--- 857,874 ----
        attrs[1] = NULL;

        rc = lak_retrieve(lak, user, realm, (const char **)attrs,
&lres);
+
+       /* free the lak */
+       if (lak->ld) {
+         if (lak->conf->cache_ttl)
+             ldap_destroy_cache(lak->ld);
+         ldap_unbind_s(lak->ld);
+         lak->ld = NULL;
+     }
+     lak_free_config(&lak->conf);
+     free(lak);
+     persistent_lak = NULL;
+
        if (rc != LAK_OK) {
                return rc;
        }

More information about the Info-cyrus mailing list