From owner-freebsd-stable@FreeBSD.ORG Wed Jul 14 09:32:10 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E450F1065670 for ; Wed, 14 Jul 2010 09:32:10 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta09.emeryville.ca.mail.comcast.net (qmta09.emeryville.ca.mail.comcast.net [76.96.30.96]) by mx1.freebsd.org (Postfix) with ESMTP id CA5F08FC15 for ; Wed, 14 Jul 2010 09:32:10 +0000 (UTC) Received: from omta07.emeryville.ca.mail.comcast.net ([76.96.30.59]) by qmta09.emeryville.ca.mail.comcast.net with comcast id hlUy1e0011GXsucA9lYAjU; Wed, 14 Jul 2010 09:32:10 +0000 Received: from koitsu.dyndns.org ([98.248.41.155]) by omta07.emeryville.ca.mail.comcast.net with comcast id hlY81e0053LrwQ28UlY8dm; Wed, 14 Jul 2010 09:32:09 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 356359B425; Wed, 14 Jul 2010 02:32:08 -0700 (PDT) Date: Wed, 14 Jul 2010 02:32:08 -0700 From: Jeremy Chadwick To: George Mamalakis Message-ID: <20100714093208.GA29938@icarus.home.lan> References: <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan> <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> <4C3D7BD9.5020503@eng.auth.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4C3D7BD9.5020503@eng.auth.gr> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-stable@freebsd.org Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2010 09:32:11 -0000 On Wed, Jul 14, 2010 at 11:56:57AM +0300, George Mamalakis wrote: > On 14/7/2010 11:42 πμ, Reko Turja wrote: > >>>I have a problem: ldapsearch results in "Segmentation fault" under > >>>openldap-2.4.23 with cyrus-sasl-2.1.23 > >>> > >>>A thread for similar issues was started by George Mamalakis back in > >>>february: > >>>http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/055017.html > >>> > >>>but I find no solution / conclusion from this thread, hence I > >>>post here... > >>> > >>>I have installed FreeBSD 8.0-RELEASE-p2 on i386, updated with > >>>freebsd-update, and ports updated with "portsnap fetch update". > >>> > >>>Kerberos installed from packages, configured, and seems to work OK. > > > >I had similar issue with 8-RELEASE and cyrus-sasl2 with > >cyrus-saslauthd linked against system kerberos. > > > >(uname -a xxx.xxx.xxx 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #1: > >Sat Jun 12 00:39:22 EEST 2010 > >root@xxx.xxx.xxx:/usr/obj/usr/src/sys/WWW i386) > > > >The problem manifested itself with pretty much the same backtrace > >when using cyradm tool for administering cyrus mailboxes and due > >time constraints I solved my issue by removing all the gssapi > >plugin libs from /usr/local/lib/sasl2, so my solution isn't really > >applicable in your case. > > > >my /etc/hosts file for the server in question contains only > >localhost entry + entry for one IP so George's solution didnt help > >with my problem. > > > >>>/var/log/messages has: > >>>slapd[1146]: OTP unavailable because can't read/write key database > >>>/etc/opiekeys: Permission denied > >>>kernel: pid 53862 (ldapsearch), uid 1001: exited on signal 11 > >>>(core dumped) > >>> > >>>The first message is from the LDAP server. Even if it has some > >>>problem, it should not lead the client to segfault. > >> > >>I agree. > >> > >>If I was to build a test box from scratch, can you tell me how to set up > >>all the necessary software/etc. to mimic your environment so that I > >>could try to reproduce this? Reviewing the source isn't enough, I'd > >>have to actually build a debug version of libgssapi to track it down. > > > >>Alternatively I can try to step you through how to debug this using gdb, > >>but again, lack of debugging symbols makes this annoying. > > > >I'd say that based on present evidence there is something broken > >in gssapi/sasl interaction, but due my need of getting the server > >functional quickly I didn't dig much further in the issue myself, > >although I really don't know how to enable generating debugging > >symbols for ports either - Which was another reason for not > >digging deeper in the problem. > > > >I wonder if using dovecot-sasl would work with ldap and if it has > >the same issue as cyrus-sasl - athough it doesn't seem to be > >available as separate port. > > > >-Reko > > Hello guys, > > I am glad that somebody brought this issue back, since despite my > last email regarding the same issue on 25/02/2010 saying that there > must be something wrong with the function gss_release_buffer(void > *a, void *b), the issue got forgotten. The problem would not persist > in amd64, so I stopped looking it further myself. Whoever wants to > see more information on this issue, search the subject field of this > list for: openldap client GSSAPI authentication segfaults in > fbsd8stable i386 > > I hope that a remedy to this issue will be yielded this time. Like I said -- if someone can step me through setting everything up (configurations, whatever ports/packages need to be installed, etc.) to mimic their setup so that I can reproduce the problem, I'll put in the time to track it down. This would be on a dedicated/freshly installed machine (RELENG_8 running under VMware Workstation) to rule out any other oddities. It's the LDAP + any quirky GSSAPI or Cyrus stuff that I don't have experience with. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |