[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4180) slapd (back-sql) hangs/segfaults on SASL bind

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4180) slapd (back-sql) hangs/segfaults on SASL bind
From: ando@sys-net.it
Date: Thu, 17 Nov 2005 18:00:13 GMT

On Thu, 2005-11-17 at 16:38 +0000, nels@maei.ca wrote:
> Full_Name: Nels Lindquist
> Version: 2.3.11
> OS: Linux (CentOS 3.6)
> URL: 
> Submission from: (NULL) (66.225.146.217)

I cannot reproduce this issue, using SASL bind with DIGEST-MD5; can you
provide further details on the offending operation and on the sasl/authz
related configuration of slapd?  Do you store credentials in the
database?

> 
> 
> CentOS 3.6 (RHEL rebuild)
> OpenLDAP 2.3.11 (built from source)
> Cyrus SASL 2.1.20
> PostgreSQL 8.1.0
> unixODBC 2.2.8
> 
> Using back-sql with PostgreSQL, slapd hangs indefinitely (when running in the
> background) or segfaults (when run with -d 1) whenever a SASLv2 bind is
> attempted.  Simple bind works fine.
> 
> Here are the last few lines from the slapd debug output:
> 
> <==backsql_search()
> <==slap_sasl2dn: Converted SASL name to cn=nels lindquist,o=maei,c=ca
> slap_sasl_getdn: dn:id converted to cn=nels lindquist,o=maei,c=ca
> SASL Canonicalize [conn=7]: slapAuthcDN="cn=nels lindquist,o=maei,c=ca"
> SASL Canonicalize [conn=7]: authzid="nels"
> SASL proxy authorize [conn=7]: authcid="nels" authzid="nels"
> 
> I also managed to get a backtrace from gdb:
> 
> [Switching to Thread -1228420176 (LWP 17259)]
> 0x0018977b in strlen () from /lib/tls/libc.so.6
> (gdb) bt
> #0  0x0018977b in strlen () from /lib/tls/libc.so.6
> #1  0x00157611 in vfprintf () from /lib/tls/libc.so.6
> #2  0x00178d14 in vsnprintf () from /lib/tls/libc.so.6
> #3  0x080f4e58 in lutil_debug (debug=7, level=1191210597, 
> fmt=0x810ce5c "==>slap_sasl_authorized: can %s become %s?\n") at     
> debug.c:83  

Can you print the values of authcDN=0xb6c7c678, authzDN=0xb6c7c670
below?

> #4  0x0808fb77 in slap_sasl_authorized (op=0x9777138,     
> authcDN=0xb6c7c678, authzDN=0xb6c7c670) at saslauthz.c:2074  
> #5  0x08093889 in slap_sasl_authorize (sconn=0x9776370,     
> context=0xb7580a18, requested_user=0x9776c80 "nels", rlen=4, 
> auth_identity=0x9776d81 "nels", alen=4, def_realm=0x0, urlen=0, 
> props=0x97775f8) at sasl.c:697  
> #6  0x00b7283e in sasl_server_new () from /usr/lib/libsasl2.so.2
> #7  0x00b72e3f in sasl_server_step () from /usr/lib/libsasl2.so.2
> #8  0x0809450b in slap_sasl_bind (op=0x0, rs=0x9776370) at 
> sasl.c:1380
> #9  0x08072718 in fe_op_bind (op=0x9777138, rs=0xb6c7c870) at 
> bind.c:276
> #10 0x08071d99 in do_bind (op=0x9777138, rs=0xb6c7c870) at bind.c:200
> #11 0x0805bd4c in connection_operation (ctx=0xb6c7c8f0, 
> arg_v=0x9777138) at connection.c:1061  
> #12 0x080d71a2 in ldap_int_thread_pool_wrapper (xpool=0x97246b0) at 
> tpool.c:485
> #13 0x00960dd8 in start_thread () from /lib/tls/libpthread.so.0
> #14 0x001edd2a in clone () from /lib/tls/libc.so.6




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

Prev by Date: (ITS#4181) slapd-sql does not honor size limits correctly
Next by Date: Re: (ITS#4179) slapd-meta seg faults if a time attribute is mal formed
Index(es):
- Chronological
- Thread