From owner-freebsd-stable@FreeBSD.ORG Sun Jul 18 02:38:22 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BA15106566C for ; Sun, 18 Jul 2010 02:38:22 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta15.emeryville.ca.mail.comcast.net (qmta15.emeryville.ca.mail.comcast.net [76.96.27.228]) by mx1.freebsd.org (Postfix) with ESMTP id 5B3878FC15 for ; Sun, 18 Jul 2010 02:38:21 +0000 (UTC) Received: from omta07.emeryville.ca.mail.comcast.net ([76.96.30.59]) by qmta15.emeryville.ca.mail.comcast.net with comcast id jDgV1e0041GXsucAFEeMum; Sun, 18 Jul 2010 02:38:21 +0000 Received: from koitsu.dyndns.org ([98.248.41.155]) by omta07.emeryville.ca.mail.comcast.net with comcast id jEeK1e0083LrwQ28UEeLGa; Sun, 18 Jul 2010 02:38:21 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id B66969B425; Sat, 17 Jul 2010 19:38:19 -0700 (PDT) Date: Sat, 17 Jul 2010 19:38:19 -0700 From: Jeremy Chadwick To: Reko Turja Message-ID: <20100718023819.GA58471@icarus.home.lan> References: <7AD0E8F6044245DEA6C218A28F08FB99@rivendell> <20100716122446.GA3241@icarus.home.lan> <20100716135102.GA5625@icarus.home.lan> <20100717134149.GA40907@icarus.home.lan> <677C8B72CF414265A0819E4824212BB5@rivendell> <20100717144120.GA42230@icarus.home.lan> <4C41F34E.2030309@b1c1l1.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Benjamin Lee , "Mikhail T." , freebsd-stable@freebsd.org, Henrik /KaarPoSoft , Joerg Pulz Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stablei386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jul 2010 02:38:22 -0000 On Sun, Jul 18, 2010 at 01:37:06AM +0300, Reko Turja wrote: > > >Can you try reproducing the issue on 8-STABLE? > > > >I recently submitted a Heimdal patch against 8.1-STABLE and > >9.0-CURRENT that resolves some libgssapi-related issues: > > > >http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/147454 > > > >The patch breaks ABI, so you'll have to rebuild libgssapi-dependent > >applications. > > When linking cyrus-sasl2 against gssapi library from either the > 1.0.1 official port or the inofficial 1.2.1 patchset cyradm works as > expected and it logs a message from gssapi/kerberos telling that no > KDC's are available - which is to be expected on a system that isn't > using gssapi/kerberos in authenticating. > > So the present behaviour in 8-RELEASE and 8-PRERELASE updated Monday > the 5th is clearly some kind of regression as system gsslib doesn't > seem to recognize the mech used or segfaults. > > Benjamin, can you clarify how to apply your patch against the source > tree - I tried 'patch < the_patchset.diff' in /usr/src but it just > created a bunch of files in the /usr/src which I think isn't the > intention. Those following this thread will be happy to hear that I'm able to reproduce the problem on the i386 test box: testbox# pkg_info cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) db41-4.1.25_4 The Berkeley DB package, revision 4.1 libtool-2.2.6b Generic shared library support script perl-5.10.1_1 Practical Extraction and Report Language portaudit-0.5.15 Checks installed ports against a list of security vulnerabi rsync-3.0.7 A network file distribution/synchronization utility vim-lite-7.2.411 Vi "workalike", with many additional features (Lite package testbox# cyradm localhost Segmentation fault (core dumped) Jul 17 19:35:40 testbox imap[72119]: executed Jul 17 19:35:40 testbox imap[72119]: accepted connection Jul 17 19:35:46 testbox kernel: pid 72118 (perl5.10.1), uid 0: exited on signal 11 (core dumped) -rw------- 1 root wheel 4448256 Jul 17 19:35 perl5.10.1.core (gdb) bt #0 free (ptr=0x280861c0) at /usr/src/lib/libc/stdlib/malloc.c:3890 #1 0x287edce2 in gss_release_buffer (minor_status=0xbfbfe698, buffer=0x280861cc) at /usr/src/lib/libgssapi/gss_release_buffer.c:41 #2 0x287ed6b2 in _gss_mg_error (m=0x28455bc0, maj=851968, min=2) at /usr/src/lib/libgssapi/gss_display_status.c:240 #3 0x287ea009 in gss_init_sec_context (minor_status=0xbfbfe7a8, initiator_cred_handle=0x0, context_handle=0x28837354, target_name=0x285bff60, input_mech_type=0x0, req_flags=58, time_req=0, input_chan_bindings=0x0, input_token=0x0, actual_mech_type=0x0, output_token=0xbfbfe790, ret_flags=0xbfbfe7a0, time_rec=0x0) at /usr/src/lib/libgssapi/gss_init_sec_context.c:156 #4 0x287e1aef in gssapi_client_mech_step (conn_context=0x28837350, params=0x2841e480, serverin=0x0, serverinlen=0, prompt_need=0xbfbfea70, clientout=0xbfbfea6c, clientoutlen=0xbfbfea68, oparams=0x2846b860) at gssapi.c:1418 #5 0x283ef591 in sasl_client_step (conn=0x2846b000, serverin=0x0, serverinlen=0, prompt_need=0xbfbfea70, clientout=0xbfbfea6c, clientoutlen=0xbfbfea68) at client.c:655 #6 0x283f0215 in sasl_client_start (conn=0x2846b000, mechlist=0x288878c0 "GSSAPI ", prompt_need=0xbfbfea70, clientout=0xbfbfea6c, clientoutlen=0xbfbfea68, mech=0xbfbfea78) at client.c:603 #7 0x2832ab1a in imclient_authenticate (imclient=0x288b4000, mechlist=0x28887880 "GSSAPI ", service=0x288877e8 "imap", user=0x28801754 "", minssf=0, maxssf=10000) at imclient.c:1288 #8 0x28327131 in XS_Cyrus__IMAP__authenticate () from /usr/local/lib/perl5/site_perl/5.10.1/mach/auto/Cyrus/IMAP/IMAP.so #9 0x2811d2e5 in Perl_pp_entersub () from /usr/local/lib/perl5/5.10.1/mach/CORE/libperl.so #10 0x2811b7e5 in Perl_runops_standard () from /usr/local/lib/perl5/5.10.1/mach/CORE/libperl.so #11 0x280c20d4 in perl_run () from /usr/local/lib/perl5/5.10.1/mach/CORE/libperl.so #12 0x08048944 in main () I'll poke more at this. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |