[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd crashes with Kerberos passwords (ITS#2606)

Full_Name: Samuel Moñux
Version: 2.1.20
OS: Solaris 9/SPARC
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (80.58.47.235)


I have observed that slapd dies on a Solaris 9 machine, when performing simple
binds with {Kerberos} passwords. It ever happens at the *second
attempt*. It's irrelevant if the binds are successful or not. If the first is
successful it displays the
requested data as usual, but not the second.

- How to reproduce

  * client: ldapsearch -x -D "cn=foo,ou=people,dc=xxx,dc=xxx,dc=xxx,dc=xx" -W
"(uid=xxx)"

  *  slapd executed as
${LDAP}/libexec/slapd -f /usr/local/ldap/etc/openldap/slapd.conf -d \
	255 -h ldap:/// ldaps:/// -s 256 -l local4 -4

 * Last output:
 [...]
<= check a_dn_pat: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
daemon: select timeout - yielding
=> string_expand: pattern:  uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
daemon: select: listen=7 active_threads=1 tvp=idle
=> string_expand: expanded: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
daemon: select: listen=8 active_threads=1 tvp=idle
daemon: select timeout - yielding
=> regex_matches: string:        
daemon: select: listen=7 active_threads=1 tvp=idle
=> regex_matches: rc: 1 no matches
daemon: select: listen=8 active_threads=1 tvp=idle
<= check a_dn_pat: anonymous
daemon: select timeout - yielding
<= acl_mask: [3] applying auth(=x) (stop)
daemon: select: listen=7 active_threads=1 tvp=idle
<= acl_mask: [3] mask: auth(=x)
daemon: select: listen=8 active_threads=1 tvp=idle
=> access_allowed: auth access granted by auth(=x)
daemon: select timeout - yielding
daemon: select: listen=7 active_threads=1 tvp=idle
daemon: select: listen=8 active_threads=1 tvp=idle
daemon: select timeout - yielding
daemon: select: listen=7 active_threads=1 tvp=idle
daemon: select: listen=8 active_threads=1 tvp=idle
daemon: select timeout - yielding
daemon: select: listen=7 active_threads=1 tvp=idle
ksh: 6993 Segmentation Fault(coredump)

- core

(gdb) where
#0  0xff17b0ac in profile_node_iterator ()
#1  0xff17d880 in profile_get_value ()
#2  0xff17dad4 in profile_get_integer ()
#3  0xff158b64 in init_common ()
#4  0xff158960 in krb5_init_context ()
#5  0xf5f24 in lutil_passwd_hash ()
#6  0xf5058 in lutil_passwd ()
#7  0x7f670 in slap_passwd_check ()
#8  0xd8084 in ldbm_back_bind ()
#9  0x6b8f4 in do_bind ()
#10 0x4284c in connection_done ()
#11 0xff338700 in ldap_int_thread_pool_wrapper ()
(gdb) list
warning: Source file is more recent than executable.

1       /* GSSAPI SASL plugin
2        * Leif Johansson
3        * Rob Siemborski (SASL v2 Conversion)
4        * $Id: gssapi.c,v 1.72 2003/03/31 22:07:32 rjs3 Exp $
5        */