From owner-freebsd-stable@FreeBSD.ORG  Wed Jul 14 19:57:23 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4A0AC106566B
	for <freebsd-stable@freebsd.org>; Wed, 14 Jul 2010 19:57:23 +0000 (UTC)
	(envelope-from henrik@kaarposoft.dk)
Received: from pfepb.post.tele.dk (pfepb.post.tele.dk [195.41.46.236])
	by mx1.freebsd.org (Postfix) with ESMTP id D82F78FC12
	for <freebsd-stable@freebsd.org>; Wed, 14 Jul 2010 19:57:22 +0000 (UTC)
Received: from [192.168.99.150] (x1-6-00-00-24-cc-93-b4.k874.webspeed.dk
	[87.52.11.120])
	by pfepb.post.tele.dk (Postfix) with ESMTP id E6EB0F8401C;
	Wed, 14 Jul 2010 21:57:21 +0200 (CEST)
Message-ID: <4C3E16A1.8070909@kaarposoft.dk>
Date: Wed, 14 Jul 2010 21:57:21 +0200
From: Henrik /KaarPoSoft <henrik@kaarposoft.dk>
User-Agent: Thunderbird 2.0.0.24 (X11/20100317)
MIME-Version: 1.0
To: Joerg Pulz <Joerg.Pulz@frm2.tum.de>, freebsd-stable@freebsd.org
References: <4C3CC831.7040005@kaarposoft.dk>
	<alpine.BSF.2.00.1007141528530.27416@unqrf.nqzva.sez2>
In-Reply-To: <alpine.BSF.2.00.1007141528530.27416@unqrf.nqzva.sez2>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Cc: mamalos@eng.auth.gr
Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable
 i386
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2010 19:57:23 -0000

Joerg Pulz wrote:
> On Tue, 13 Jul 2010, Henrik /KaarPoSoft wrote:
>
>> Dear All,
>>
>> I have a problem: ldapsearch results in "Segmentation fault" under 
>> openldap-2.4.23 with cyrus-sasl-2.1.23.
>>
>> [...]
>
> Dear Henrik,
>
> just a guess from my side.
>
> You said, that you installed and configured Kerberos from packages (i 
> guess from ports or a prebuilt package).
> Did you by any chance set HEIMDAL_HOME=/usr before building and 
> installing the kerberos port?
>
> Did you set HEIMDAL_HOME to point to the place where the package/port 
> got installed (e.g. HEIMDAL_HOME=/usr/local) before building the 
> cyrus-sasl2 port?
>
> Did you set HEIMDAL_HOME to anything at all? Please take a look at 
> ${PORTSDIR}/security/cyrus-sasl2/Makefile to see the logic behind the 
> kerberos selection.
>
> The valgrind and gdb output above shows that /usr/lib/libgssapi.so.10 
> is used at runtime which comes out of the FreeBSD base system not out 
> of your installed kerberos port/package. Maybe there is something 
> messed up that kerberos from ports/package was used during build of 
> cyrus-sasl2 but the base kerberos libs are used at runtime or vice versa.
>
> In any case, this is just one thing i would double check before deeper 
> debugging.
Joerg, thank you very much for your input - most appreciated!

I simply installed heimdal with
pkg_add -r heimdal

I did not set HEIMDAL_HOME at any point.

"env" shows that HEIMDAL_HOME is not set.

So according to /usr/ports/security/cyrus-sasl2/Makefile I guess we 
would have CONFIGURE_ARGS+=--enable-gssapi but no --with-gss_impl=heimdal

To be on the safe side, I tried
cd /usr/ports/security/cyrus-sasl2/
make clean
export HEIMDAL_HOME=/usr
make

(during make I noticed a few cc ... -DKRB5_HEIMDAL ...)

ldapsarch still coredumps with gss_init_sec_context () from 
/usr/lib/libgssapi.so.10

I noticed that I have libgssapi's - no clue why:

srv02# ls /usr/lib/libgss*
/usr/lib/libgssapi.a /usr/lib/libgssapi_krb5.a 
/usr/lib/libgssapi_krb5_p.a /usr/lib/libgssapi_ntlm.so.10 
/usr/lib/libgssapi_spnego.a /usr/lib/libgssapi_spnego_p.a
/usr/lib/libgssapi.so /usr/lib/libgssapi_krb5.so 
/usr/lib/libgssapi_ntlm.a /usr/lib/libgssapi_ntlm_p.a 
/usr/lib/libgssapi_spnego.so
/usr/lib/libgssapi.so.10 /usr/lib/libgssapi_krb5.so.10 
/usr/lib/libgssapi_ntlm.so /usr/lib/libgssapi_p.a 
/usr/lib/libgssapi_spnego.so.10
srv02# ls /usr/local/lib/libgss*
/usr/local/lib/libgssapi.a /usr/local/lib/libgssapi.la 
/usr/local/lib/libgssapi.so /usr/local/lib/libgssapi.so.2

Next I tried pkg_delete heimdal-1.0.1_1

and then

srv02# ls /usr/local/bin/k*
ls: No match.
srv02# ls /usr/bin/k*
/usr/bin/kadmin /usr/bin/kdump /usr/bin/keylogout /usr/bin/killall 
/usr/bin/klist /usr/bin/krb5-config /usr/bin/ktrace
/usr/bin/kdestroy /usr/bin/keylogin /usr/bin/kgdb /usr/bin/kinit 
/usr/bin/kpasswd /usr/bin/ksu /usr/bin/ktrdump
srv02# ls /usr/lib/libgss*
/usr/lib/libgssapi.a /usr/lib/libgssapi_krb5.a 
/usr/lib/libgssapi_krb5_p.a /usr/lib/libgssapi_ntlm.so.10 
/usr/lib/libgssapi_spnego.a /usr/lib/libgssapi_spnego_p.a
/usr/lib/libgssapi.so /usr/lib/libgssapi_krb5.so 
/usr/lib/libgssapi_ntlm.a /usr/lib/libgssapi_ntlm_p.a 
/usr/lib/libgssapi_spnego.so
/usr/lib/libgssapi.so.10 /usr/lib/libgssapi_krb5.so.10 
/usr/lib/libgssapi_ntlm.so /usr/lib/libgssapi_p.a 
/usr/lib/libgssapi_spnego.so.10
srv02# ls /usr/local/lib/libgss*
ls: No match.

so it would seem that the /usr/local heimdal is now gone, but some 
heimdal is still left in /usr ?

looking at a different partition with a vanilla FreeBSD install I find 
the same files in /usr/lib and /usr/bin.
maybe I did not have to install kerberos package at all ?

I will play a bit more with this, but any more input would still be 
appreciated...

/Henrik