Date: Thu, 25 Feb 2010 16:12:45 +0200 From: George Mamalakis <mamalos@eng.auth.gr> To: Alexander Nedotsukov <bland@freebsd.org> Cc: John Baldwin <john@baldwin.cx>, Doug Rabson <dfr@freebsd.org>, Rick Macklem <rmacklem@uoguelph.ca>, freebsd-stable <freebsd-stable@freebsd.org>, freebsd-current@freebsd.org Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386 Message-ID: <4B86855D.7030705@eng.auth.gr> In-Reply-To: <4B86659B.5020005@eng.auth.gr> References: <4AB27FB6.4010806@eng.auth.gr> <20090921222241.GF1001@rwpc12.mby.riverwillow.net.au> <20091002081319.GN37304@rwpc12.mby.riverwillow.net.au> <200910020824.15488.john@baldwin.cx> <Pine.GSO.4.63.0910061856130.21826@muncher.cs.uoguelph.ca> <19306024-4C3D-41EC-A198-1652B047DF1A@FreeBSD.org> <20091007043806.GN1086@rwpc12.mby.riverwillow.net.au> <4B82B97C.8090808@eng.auth.gr> <5EF8A3A6-2E8B-44B5-BC1F-AF09A953F953@freebsd.org> <4B86623D.6010708@eng.auth.gr> <4B86659B.5020005@eng.auth.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
To sum things up.
By fixing my /etc/hosts to read as it should (this needs some work too,
the behavior with the 'wrong' /etc/hosts is unexpected), ldapwhoami
works fine IF (AND ONLY IF) someone kinits to a user principal;
otherwise it segfaults. My default binding method is GSSAPI, hence the
segfault. If I use simple bind (ldapwhoami -W -D 'blabla') it works
fine. If I LD_PRELOAD the "hacked" library lala.so, which is created
like this:
lala.c:
int gss_release_buffer(void *a, void *b) {
return 0;
}
# gcc -c -fPIC -shared lala.c -o lala.so
and if I haven't obtained any kerberos tickets, then
# ldapwhoami
SASL/GSSAPI authentication started
Segmentation fault: 11 (core dumped)
once I ldpreload the above fake-library, then:
# LD_PRELOAD=./lala.so ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown)
which is what is expected.
This, maybe implies that something is freed by gss_release_buffer that
normally shouldn't.
amd64 won't hang in the same test (so no need to ld_preload anything),
but shares the same problem with i386 when /etc/hosts is not as expected
(to recreate the /etc/hosts problem, place in your /etc/hosts file two
fqdns for the ldap server's IP, but write the ldap server's fqdn second
in turn).
Thank you all and have a nice evening.
--
George Mamalakis
IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B86855D.7030705>