From owner-freebsd-ports-bugs@freebsd.org Sun Feb 11 10:11:43 2018 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1953BF083EB for ; Sun, 11 Feb 2018 10:11:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A4519706A6 for ; Sun, 11 Feb 2018 10:11:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 05B5B3F24 for ; Sun, 11 Feb 2018 10:11:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1BABfWE022328 for ; Sun, 11 Feb 2018 10:11:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1BABfbN022327 for freebsd-ports-bugs@FreeBSD.org; Sun, 11 Feb 2018 10:11:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 225818] mail/dovecot: Option GSSAPI_MIT - core dump when using PAM authentication with Kerberos credentials Date: Sun, 11 Feb 2018 10:11:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: woodsb02@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: adamw@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2018 10:11:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225818 Bug ID: 225818 Summary: mail/dovecot: Option GSSAPI_MIT - core dump when using PAM authentication with Kerberos credentials Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: adamw@FreeBSD.org Reporter: woodsb02@freebsd.org Flags: maintainer-feedback?(adamw@FreeBSD.org) Assignee: adamw@FreeBSD.org SCENARIO: - Build mail/dovecot with option GSSAPI_MIT - Configure dovecot for PAM authentication, using PAM service "imap": $ cat /usr/local/etc/dovecot/conf.d/10-auth.conf auth_mechanisms =3D plain passdb { driver =3D pam args =3D %s } userdb { driver =3D passwd } - Configure imap pam to authenticate against kerberos (and enable debugging= ): $ cat /etc/pam.d/imap auth sufficient pam_krb5.so debug account required pam_krb5.so debug RESULT: This results in a crash of the dovecot authentication worker before any kerberos messages are even exchanged. GDB BACKTRACE OF COREDUMP: $ gdb /usr/local/libexec/dovecot/auth GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD] Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/local/libexec/dovecot/auth...done. (gdb) core /tmp/auth.core [New LWP 102627] warning: Can't read pathname for load map: Unknown error: -1. warning: Can't read pathname for load map: Unknown error: -1. warning: Can't read pathname for load map: Unknown error: -1. warning: Can't read pathname for load map: Unknown error: -1. Core was generated by `dovecot/auth -w'. Program terminated with signal SIGSEGV, Segmentation fault. #0 strlen (str=3D0x0) at /usr/src/lib/libc/string/strlen.c:100 warning: Source file is more recent than executable. 100 */ (gdb) bt #0 strlen (str=3D0x0) at /usr/src/lib/libc/string/strlen.c:100 #1 0x0000000012130022 in strdup (str=3D0x0) at /usr/src/lib/libc/string/strdup.c:46 #2 0x0000000011b65e9d in krb5_appdefault_string (context=3D0x10777000, appname=3D0x106f0018 "imap", realm=3D0x0, option=3D0x13b1f403 "ticket_lifet= ime", default_value=3D0x0, ret_value=3D0x7fffffffe088) at appdefault.c:165 #3 0x0000000013af4a80 in krb5_appdefault_time (context=3D0x0, appname=3D0xffffffffaaca6003 ,=20 realm=3D0x50 , option=3D0x= 0, def_val=3D0, ret_val=3D0x7fffffffe0e0) at /usr/src/crypto/heimdal/lib/krb5/appdefault.c:130 #4 0x0000000013ae3e79 in krb5_get_init_creds_opt_set_default_flags (context=3D0x10777000, appname=3D0x106f0018 "imap", realm=3D0x0, opt=3D0x10= 70f3c0) at /usr/src/crypto/heimdal/lib/krb5/init_creds.c:171 #5 0x00000000138b738f in ?? () #6 0x0000000000000000 in ?? () LOG OUTPUT: $ cat /var/log/maillog: Feb 11 09:20:40 mail dovecot: auth: Error: auth worker: Aborted PASSV reque= st for woodsb02: Worker process died unexpectedly Feb 11 09:20:40 mail dovecot: auth-worker(34874): Fatal: master: service(auth-worker): child 34874 killed with signal 11 (core dumped) Feb 11 09:20:47 mail dovecot: imap-login: Disconnected (auth failed, 1 atte= mpts in 7 secs): user=3D, method=3DPLAIN, rip=3D192.168.1.13, lip=3D19= 2.168.1.13, TLS, session=3D $ cat /var/log/debug.log: Feb 11 09:20:35 mail dovecot: auth: Debug: auth client connected (pid=3D348= 53)=20=20=20 =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 [34/1991] Feb 11 09:20:40 mail dovecot: auth: Debug: client in: AUTH 1 PLA= IN=20=20 service=3Dimap secured session=3DGRJsRuxkf17AqAEN lip=3D192.168.1= .13=20=20=20=20=20=20=20 rip=3D192.168.1.13 lport=3D 993 rport=3D24191 resp=3DAHdvb2RzYjAyAHRlc3Q=3D (previous base64 da= ta may contain sensitive data) Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug: Loading modules fr= om directory: /usr/local/lib/dovecot/auth Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug: Module loaded: /usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug: pam(woodsb02,192.168.1.13,): lookup service=3Dimap Feb 11 09:20:40 mail auth: in openpam_dispatch(): calling pam_sm_authentica= te() in /usr/lib/pam_krb5.so.6 Feb 11 09:20:40 mail auth: in pam_get_user(): entering=20=20=20=20=20=20=20= =20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_USER=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_user(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got user: woodsb02=20= =20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RUSER=20 Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS=20=20= =20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got ruser: woodsb02 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_SERVICE=20 Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS=20=20= =20=20=20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got service: imap=20= =20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Context initialised=20= =20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done krb5_cc_register() Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'auth_as_self= '=20=20=20=20 Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Created principal: woodsb02=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done krb5_parse_name()= =20 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got principal: woodsb02@WOODS.AM Feb 11 09:20:40 mail auth: in pam_get_authtok(): entering=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RHOST=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS=20=20= =20=20=20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_HOST=20=20=20= =20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS=20=20= =20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_OLDAUTHTOK=20= =20=20=20=20=20=20=20=20=20 Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'try_first_pa= ss' Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'use_first_pa= ss' Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'authtok_prom= pt' Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL Feb 11 09:20:40 mail auth: in openpam_subst(): entering: 'Password:' Feb 11 09:20:40 mail auth: in openpam_subst(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'echo_pass' Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL Feb 11 09:20:40 mail auth: in pam_vprompt(): entering Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_CONV Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_vprompt(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_set_item(): entering: PAM_AUTHTOK Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug: pam(woodsb02,192.168.1.13,): #1/1 style=3D1 msg=3DPasswor= d: Feb 11 09:20:40 mail auth: in pam_set_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_AUTHTOK Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_get_authtok(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got password Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'no_user_chec= k' Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'no_user_chec= k' Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done getpwnam() Feb 11 09:20:40 mail dovecot: auth-worker(34875): Debug: Loading modules fr= om directory: /usr/local/lib/dovecot/auth Feb 11 09:20:40 mail dovecot: auth-worker(34875): Debug: Module loaded: /usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so --=20 You are receiving this mail because: You are the assignee for the bug.=