From owner-freebsd-stable@FreeBSD.ORG Thu Feb 25 14:12:55 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36A011065676; Thu, 25 Feb 2010 14:12:55 +0000 (UTC) (envelope-from mamalos@eng.auth.gr) Received: from vergina.eng.auth.gr (vergina.eng.auth.gr [155.207.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id 87DA98FC0C; Thu, 25 Feb 2010 14:12:54 +0000 (UTC) Received: from mamalacation.ee.auth.gr (mamalacation.ee.auth.gr [155.207.33.29]) by vergina.eng.auth.gr (8.14.3/8.14.1) with ESMTP id o1PECoMc030957; Thu, 25 Feb 2010 16:12:50 +0200 (EET) (envelope-from mamalos@eng.auth.gr) Message-ID: <4B86855D.7030705@eng.auth.gr> Date: Thu, 25 Feb 2010 16:12:45 +0200 From: George Mamalakis User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20100115 Thunderbird/3.0 MIME-Version: 1.0 To: Alexander Nedotsukov References: <4AB27FB6.4010806@eng.auth.gr> <20090921222241.GF1001@rwpc12.mby.riverwillow.net.au> <20091002081319.GN37304@rwpc12.mby.riverwillow.net.au> <200910020824.15488.john@baldwin.cx> <19306024-4C3D-41EC-A198-1652B047DF1A@FreeBSD.org> <20091007043806.GN1086@rwpc12.mby.riverwillow.net.au> <4B82B97C.8090808@eng.auth.gr> <5EF8A3A6-2E8B-44B5-BC1F-AF09A953F953@freebsd.org> <4B86623D.6010708@eng.auth.gr> <4B86659B.5020005@eng.auth.gr> In-Reply-To: <4B86659B.5020005@eng.auth.gr> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: John Baldwin , Doug Rabson , Rick Macklem , freebsd-stable , freebsd-current@freebsd.org Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2010 14:12:55 -0000 To sum things up. By fixing my /etc/hosts to read as it should (this needs some work too, the behavior with the 'wrong' /etc/hosts is unexpected), ldapwhoami works fine IF (AND ONLY IF) someone kinits to a user principal; otherwise it segfaults. My default binding method is GSSAPI, hence the segfault. If I use simple bind (ldapwhoami -W -D 'blabla') it works fine. If I LD_PRELOAD the "hacked" library lala.so, which is created like this: lala.c: int gss_release_buffer(void *a, void *b) { return 0; } # gcc -c -fPIC -shared lala.c -o lala.so and if I haven't obtained any kerberos tickets, then # ldapwhoami SASL/GSSAPI authentication started Segmentation fault: 11 (core dumped) once I ldpreload the above fake-library, then: # LD_PRELOAD=./lala.so ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown) which is what is expected. This, maybe implies that something is freed by gss_release_buffer that normally shouldn't. amd64 won't hang in the same test (so no need to ld_preload anything), but shares the same problem with i386 when /etc/hosts is not as expected (to recreate the /etc/hosts problem, place in your /etc/hosts file two fqdns for the ldap server's IP, but write the ldap server's fqdn second in turn). Thank you all and have a nice evening. -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379