[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4180) slapd (back-sql) hangs/segfaults on SASL bind



Another thing you may want to try is step with the debugger into
slap_sasl_canonicalize(), which sets the values later retrieved in
slap_sasl_authorized; the first time it's called, it's supposed to set
the slapAuthcDN, and the second time the slapAuthzDN, which is the
offending value in your issue.  You may want to take note of the values
that are being set, and compare them with those retrieved later.

In slapd/sasl.c:

619        rc = slap_sasl_getdn( conn, NULL, &bvin, (char *)user_realm, &dn,
620                (flags & SASL_CU_AUTHID) ? SLAP_GETDN_AUTHCID : SLAP_GETDN_AUTHZID );
621        if ( rc != LDAP_SUCCESS ) {
622                sasl_seterror( sconn, 0, ldap_err2string( rc ) );
623                return SASL_NOAUTHZ;
624        }
625
626        names[0] = slap_propnames[which];
627        names[1] = NULL;
628
629        prop_set( props, names[0], (char *)&dn, sizeof( dn ) );

^^^ this is where the datum is set; the value you want to see is:

(gdb) p sizeof(dn)
$33 = 16
(gdb) p ((char *)&dn)[0]@16
$34 = "\"\000\000\000\000\000\000\000 f\005\226*\000\000"

(note that "dn" has size 16 on my amd64; it should be quite different on
a 32 but architecture; actually your postings suggest a size of 8 for
the slapAuthcDN, and a puzzling size of 6 for the offending saslAuthzDN,
which I suspect being just garbage.)

The second time, same stuff: 

(gdb) p sizeof(dn)
$36 = 16
(gdb) p ((char *)&dn)[0]@16
$37 = "\"\000\000\000\000\000\000\000 @\n\226*\000\000"

Then, in slap_sasl_authorize(), after

678             prop_getnames( props, slap_propnames+1, auxvals );

(gdb) p ((struct berval*)auxvals[0].values[0])[0]
$38 = {bv_len = 34, bv_val = 0x2a960566b8 "cn=mitya kovalev,dc=example,dc=com"}
(gdb) p ((struct berval*)auxvals[1].values[0])[0]
$39 = {bv_len = 34, bv_val = 0x2a960a40e8 "cn=mitya kovalev,dc=example,dc=com"}

(authorizing self.)  Note the contents of the auxvals datum:

(gdb) p auxvals
$40 = {{name = 0x6629da "*slapAuthcDN", values = 0x97fb68, nvalues = 1, valsize = 16},
    {name = 0x6629e7 "*slapAuthzDN", values = 0x97fb88, nvalues = 1, valsize = 16},
    {name = 0x0, values = 0x0, nvalues = 0, valsize = 0}}

If I don't use any authorization:

(gdb) p auxvals
$41 = {{name = 0x6629da "*slapAuthcDN", values = 0x97fb68, nvalues = 1, valsize = 16},
    {name = 0x6629e7 "*slapAuthzDN", values = 0x0, nvalues = 0, valsize = 0},
    {name = 0x0, values = 0x0, nvalues = 0, valsize = 0}}

That's why I believe something weird is going on in your system when the
values are set, or between the time they're set and the time they're
read back into slapd.

p.


On Fri, 2005-11-18 at 16:18 +0000, Nels@maei.ca wrote:
> On 18 Nov 2005 at 9:50, Pierangelo Masarati wrote:
> 
> > To get re23, follow directions at
> > <http://www.openldap.org/software/repo.html>, get module "openldap" with
> > tag OPENLDAP_REL_ENG_2_3, which will be released shortly as 2.3.12.
> 
> Okay, I built 2.3.12 and the problem still persists:
> 
> #3  0x080f707c in lutil_debug (debug=7, level=1191210597,      
> fmt=0x811dbf4 "==>slap_sasl_authorized: can %s become %s?\n") at     
> debug.c:83 buffer = "==>slap_sasl_authorized: can cn=nels     
> lindquist,o=maei,c=ca become ze [conn=0]: authcid=\"nels\"     
> authzid=\"nels\"\n", '\0' <repeats 1527 times>,     
> "dN9\000\004³\027·�¬\027·%$-
> \000\004³\027·dN9\000\a\000\000\000\a\000\000 \000dN9", '\0' <repeats 
> 13 times>, 
> "\213÷,\000\000\000\000\000%\214\033\000\000\000\000\000è²\027·�f+\000
> \00 4³\027·%\214\033", '\0' <repeats 25 times>...  
> #4  0x08090e13 in slap_sasl_authorized (op=0x9bccfb8, authcDN=0xb717b698, 
>     authzDN=0xb717b690) at saslauthz.c:2073
>         rc = 0
> #5  0x08094b09 in slap_sasl_authorize (sconn=0x9bb41d0, context=0xb757db88, 
>     requested_user=0x9bb4ae0 "nels", rlen=4, auth_identity=0x9bb4be1 "nels", 
>     alen=4, def_realm=0x0, urlen=0, props=0x9bc6778) at sasl.c:692
>         auxvals = {{name = 0x811e3b9 "*slapAuthcDN", values = 0x9bcb114, 
>     nvalues = 1, valsize = 8}, {name = 0x811e3c6 "*slapAuthzDN", 
>     values = 0x9bcb12c, nvalues = 1, valsize = 6}, {
>     name = 0x1b8cf3 "*userPassword", values = 0x9bcb11c, nvalues = 1, 
>     valsize = 6}}
>         authcDN = {bv_len = 29, 
>   bv_val = 0xb6ca07a8 "cn=nels lindquist,o=maei,c=ca"}
>         authzDN = {bv_len = 1685217607, 
>   bv_val = 0x47006e65 <Address 0x47006e65 out of bounds>}
>         rc = 0
> 
> ----
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------